00000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000280)=0x8) [ 2214.215884] EXT4-fs (loop1): VFS: Can't find ext4 filesystem 20:57:24 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r2, &(0x7f0000000380)=""/87, 0x192) getdents64(r2, &(0x7f0000000080)=""/167, 0xa7) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300540000552331fe0500fac9067f13675ab4f2", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b2007369348b27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r4, 0x0) perf_event_open(0x0, 0x0, 0x3, r5, 0x2) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r6, &(0x7f0000000380)=""/87, 0x192) getdents64(r6, &(0x7f0000000080)=""/167, 0xa7) mmap$fb(&(0x7f0000ffa000/0x5000)=nil, 0x5000, 0x8, 0x10, r6, 0x9e000) syz_open_procfs(0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r7, &(0x7f0000000380)=""/87, 0x192) getdents64(r7, &(0x7f0000000080)=""/167, 0xa7) ioctl$TIOCSSOFTCAR(r7, 0x541a, &(0x7f0000000400)=0x7) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240), 0x10) ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x9d, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r3, &(0x7f0000000240)={0x6, 0x118, 0xfa00, {{0xccd, 0x7, "dc1d54e7641beb38089f0e220e5edb2656270a0adebb9653f9040bf0d60e3af6b32427b5e67c8cdf24321be0aeea1ccadcf7764dda5108ef3de9e548d063615835cb5a1be972938273709fb96c738bfe20735c851421652d688f8e4f592d0995e54dac979b265d4728f428c080e52f925ad7f01da579d10faab42de4b5aafe3c08d4751293854e5f1d25492a618ee41fd2c4d1568d54d44ebfceff8450414efaceaa9ec29fcdb8a871f512bc898e32b665ec1786c072a2121f2652d985852df3ed3daa9619cd0e39f00e8855ac0a1e2f80254b5ac0e9c2339f9b929d11117cc8579eb67af894e334a861f9272403a31398cce99035ec27d069df011fc27ef9f2", 0x6, 0x4, 0x9, 0x4e, 0x40, 0x6, 0x5c}, r8}}, 0x120) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000180)={0xb, 0x10, 0xfa00, {&(0x7f00000000c0), r8, 0x101}}, 0x18) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 20:57:24 executing program 2: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8a00, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r1, 0x4112, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r2, &(0x7f0000000380)=""/87, 0x192) getdents64(r2, &(0x7f0000000080)=""/167, 0xa7) accept$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x1c) ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000340)) 20:57:24 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53", 0x39, 0x400}], 0x4801, 0x0) 20:57:24 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x20, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4002, 0x0, 0xfffffffe, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) prlimit64(r1, 0xa, &(0x7f00000000c0)={0x7, 0x2}, 0x0) [ 2214.441504] IPVS: ftp: loaded support on port[0] = 21 20:57:24 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000380)=""/87, 0x192) getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000000)={0x4, 0x7f, [{0x80000000, 0x0, 0x11}, {0x0, 0x0, 0x1}, {0x1ff, 0x0, 0x2}, {0x5, 0x0, 0x1ad70fa0}]}) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/mISDNtimer\x00', 0x440, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000004c0)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000400)="04fd9441113b953d197911b6818dc5fe782236dd771d6fce5cc208544442a05ca6617fa7a2552b5f0fe30b923799cea8053d0d21140e67a3ca3b5aaa72b2c504be4daaeffcd877e639dd1fd9cc7c", 0x4e, r1}, 0x68) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x300, 0x70bd27, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20048000}, 0xbbe90b2949ec6b8c) r3 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r3, 0x80044325, &(0x7f0000000340)) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000140)=ANY=[@ANYBLOB="03000000000000000b0001000008000000374e00000000000001000080fdffff00ffffffff05000000000000000500bf28dec100404000000009000000f90900000300000000000000"]) 20:57:24 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x220}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) rt_tgsigqueueinfo(0x0, r1, 0x3c, &(0x7f00000000c0)={0x14, 0x80, 0x1}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) [ 2214.538376] EXT4-fs (loop1): VFS: Can't find ext4 filesystem 20:57:24 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) r2 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x800, 0x16400) ioctl$UI_SET_ABSBIT(r2, 0x40045567, 0x1) chroot(&(0x7f00000000c0)='./file0\x00') setuid(r1) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) syz_open_procfs(r3, &(0x7f0000000000)='fd\x00') 20:57:24 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53", 0x39, 0x400}], 0x4801, 0x0) 20:57:24 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) inotify_init() setuid(r1) 20:57:24 executing program 2: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000040)={0xddf, 0x5, 0x80000001}) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) write$uinput_user_dev(r1, &(0x7f0000000380)={'syz0\x00', {0x96c, 0x8, 0x1, 0x9}, 0x35, [0x1, 0xfffffffc, 0xd78, 0x9, 0x3ff, 0x8, 0x5, 0x1, 0x6, 0x7fff0000, 0x3, 0x1020, 0x0, 0xc08, 0xfffffff8, 0x4, 0xffff, 0x8, 0x5, 0x0, 0x1ff, 0x5, 0x1f, 0x0, 0x0, 0x4, 0xffff42aa, 0xe900000, 0x20, 0x1aa5, 0x1, 0x3f, 0x1f, 0x2, 0x3, 0x90, 0x0, 0xffff5dc2, 0x6, 0x8bb, 0x9, 0x1, 0x4, 0x7fff, 0x7, 0x3f, 0x6, 0x7, 0x8, 0x7f, 0x401, 0x3, 0x17a1, 0xa37, 0x0, 0x5, 0x4, 0x6, 0xfffffff8, 0x80, 0x401, 0xec6ff6c, 0x7, 0x1], [0x9, 0x7, 0x7, 0x0, 0x5, 0x94bf, 0x8, 0x8000, 0xffff17ed, 0xa41, 0x7, 0x0, 0xffff, 0x5, 0x800, 0x5, 0xabda, 0xdc, 0x3, 0x80, 0x7, 0x6, 0x8000, 0x3, 0x6, 0x7ff, 0x9, 0x8, 0x4, 0x3, 0x81, 0x234a, 0xff, 0x1, 0x2, 0x5, 0x6, 0x8, 0xfffffffd, 0xfffffffb, 0x8, 0x5, 0x4, 0x1, 0xffffff00, 0x1, 0xa1, 0x3bc, 0x2, 0x81, 0x6, 0x0, 0x28000000, 0x2, 0x0, 0x5, 0xfff, 0x4, 0x7f, 0x8, 0x9, 0xffff8000, 0x0, 0x3ff], [0x4, 0x72, 0x6, 0x7, 0x2, 0xfff, 0x70, 0x6, 0x3, 0x3, 0x7, 0x3, 0xfffffb1e, 0x2, 0x7, 0x800, 0x5, 0xb64, 0x0, 0x4b, 0x8, 0xfffffff9, 0x9, 0x7, 0x1, 0x4, 0x401, 0x101, 0x101, 0x21, 0x7ff, 0x2, 0x3f, 0x3, 0x6c, 0x4, 0x9, 0x623f, 0x0, 0x0, 0x10000, 0x8, 0x6, 0xff, 0x5, 0x2, 0x7fffffff, 0x6, 0x6c20, 0x3, 0x5, 0xfffffffd, 0x3, 0x8000, 0x5, 0x2, 0x7, 0x7, 0x7, 0x3, 0x4, 0x215, 0x10000, 0x8], [0x1000, 0x8, 0x1, 0x1, 0x3ff, 0x2, 0x7fff, 0x93e2, 0x2, 0xfffffffb, 0x2, 0xfffffff7, 0x8, 0x9, 0xfff, 0x7f, 0x401, 0x200, 0x3, 0x401, 0xfff, 0x800, 0x10000, 0xfff, 0x200, 0x80, 0x37, 0x3, 0x3, 0x2, 0x8001, 0x7fffffff, 0xfff, 0x0, 0x2, 0x9fe, 0x81, 0xa, 0x1, 0x715, 0x5, 0x5, 0x80000003, 0x6322, 0x3, 0xff, 0x7fffffff, 0x0, 0xfff, 0x7, 0x4, 0x4, 0x0, 0x6, 0x1, 0x4de3, 0x0, 0x3, 0xffffff7f, 0x90b2, 0x4000007, 0x80000001, 0x6]}, 0x45c) ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000340)) [ 2214.775738] EXT4-fs (loop1): VFS: Can't find ext4 filesystem 20:57:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000380)=""/87, 0x192) getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="bc000000cc4e61e0298f241037e63e5f3e6c1f1126a07f299afd6465e235518eeafd17bdb4ff14e512f6d678080000000000000045ebac83cff795d8c8db3209f82caee3930abc6c67c554538390b421b77f3ce7086dd709d136b958b257fb98355c4235f2a63c7fc854383a4ffcd0c030ed7a44803677bf86c0d44de5860515913873eb5c31ece203bbc5ae6c968d7d1d6a1fecea1eed69241bfeb3cd37dc26411e8df806f1dcb4c2dd1cd46fafd1e3c385040b27e65b241bfcce"], &(0x7f00000002c0)=0xc4) r1 = syz_open_dev$sg(&(0x7f0000000280)='\x00\x00\xca*Nx\xd7O\x00', 0x40, 0x10008003) write(r1, &(0x7f0000000140)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1a", 0x30) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000040)=""/52, 0x20000074}], 0x41) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r2, &(0x7f0000000380)=""/87, 0x192) getdents64(r2, &(0x7f0000000080)=""/167, 0xa7) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000080)={0x1, 0x1, 0xfe2c, 0x0, &(0x7f0000000000)=[{}]}) r3 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r3, 0x80044325, &(0x7f0000000340)) 20:57:25 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000280)=0x8) 20:57:25 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53", 0x39, 0x400}], 0x4801, 0x0) 20:57:25 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x200, 0x0) 20:57:25 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lookup_dcookie(0x9, &(0x7f00000000c0)=""/40, 0x28) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 20:57:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000380)=""/87, 0x192) getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="bc000000cc4e61e0298f241037e63e5f3e6c1f1126a07f299afd6465e235518eeafd17bdb4ff14e512f6d678080000000000000045ebac83cff795d8c8db3209f82caee3930abc6c67c554538390b421b77f3ce7086dd709d136b958b257fb98355c4235f2a63c7fc854383a4ffcd0c030ed7a44803677bf86c0d44de5860515913873eb5c31ece203bbc5ae6c968d7d1d6a1fecea1eed69241bfeb3cd37dc26411e8df806f1dcb4c2dd1cd46fafd1e3c385040b27e65b241bfcce"], &(0x7f00000002c0)=0xc4) r1 = syz_open_dev$sg(&(0x7f0000000280)='\x00\x00\xca*Nx\xd7O\x00', 0x40, 0x10008003) write(r1, &(0x7f0000000140)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1a", 0x30) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000040)=""/52, 0x20000074}], 0x41) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r2, &(0x7f0000000380)=""/87, 0x192) getdents64(r2, &(0x7f0000000080)=""/167, 0xa7) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000080)={0x1, 0x1, 0xfe2c, 0x0, &(0x7f0000000000)=[{}]}) r3 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r3, 0x80044325, &(0x7f0000000340)) 20:57:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000380)=""/87, 0x192) getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="bc000000cc4e61e0298f241037e63e5f3e6c1f1126a07f299afd6465e235518eeafd17bdb4ff14e512f6d678080000000000000045ebac83cff795d8c8db3209f82caee3930abc6c67c554538390b421b77f3ce7086dd709d136b958b257fb98355c4235f2a63c7fc854383a4ffcd0c030ed7a44803677bf86c0d44de5860515913873eb5c31ece203bbc5ae6c968d7d1d6a1fecea1eed69241bfeb3cd37dc26411e8df806f1dcb4c2dd1cd46fafd1e3c385040b27e65b241bfcce"], &(0x7f00000002c0)=0xc4) r1 = syz_open_dev$sg(&(0x7f0000000280)='\x00\x00\xca*Nx\xd7O\x00', 0x40, 0x10008003) write(r1, &(0x7f0000000140)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1a", 0x30) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000040)=""/52, 0x20000074}], 0x41) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r2, &(0x7f0000000380)=""/87, 0x192) getdents64(r2, &(0x7f0000000080)=""/167, 0xa7) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000080)={0x1, 0x1, 0xfe2c, 0x0, &(0x7f0000000000)=[{}]}) r3 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r3, 0x80044325, &(0x7f0000000340)) 20:57:25 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x3) setuid(r1) r2 = socket$can_raw(0x1d, 0x3, 0x1) fcntl$setflags(r2, 0x2, 0x1) [ 2215.268839] EXT4-fs (loop1): VFS: Can't find ext4 filesystem 20:57:25 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) vmsplice(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)="823847e7fe2c9b40c0b53a1dc330cd2d221056c5dffbe09ba3a38f9fb86d7f694ecd8d029362651893df5e7a913a986e63d9918e7a5998938016e1d9ba5561c62e7042371aa7f98d930de8e6c42cfac6ca62bbaf548ea5e652e284790ae30109a2f9e568ebb9f9f5bcaf687fb60ae7304912f6d823ed12494c0e0dca482b159ee521220a9d493bb4afef17e68e660eb88225486ad775d475fb71ea4d629d726a2d88e804ef9cc7b0a8b2c817f5bdd5a491c9b0f17ee1c1db", 0xb8}], 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 20:57:25 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000280)=0x8) 20:57:25 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a}], 0x4801, 0x0) 20:57:25 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000280)=0x8) 20:57:25 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000380)=""/87, 0x192) getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000000)={0x0}) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/mls\x00', 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000100)={r1, 0x0, r2}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) [ 2215.590435] EXT4-fs (loop1): VFS: Can't find ext4 filesystem 20:57:26 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:57:26 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x2250}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000100)={r3, r4/1000+10000}, 0x10) setuid(r2) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 20:57:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r1, &(0x7f0000000380)=""/87, 0x192) getdents64(r1, &(0x7f0000000080)=""/167, 0xa7) ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f0000000000)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) 20:57:26 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a}], 0x4801, 0x0) 20:57:26 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000380)=""/87, 0x192) getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000000)={0x0}) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/mls\x00', 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000100)={r1, 0x0, r2}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) 20:57:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) write$tun(r1, &(0x7f00000000c0)={@val={0x0, 0xa01}, @val={0x2, 0x3, 0x2, 0x9, 0x9, 0x20}, @ipv6={0x8, 0x6, "063e02", 0xa2, 0x3b, 0x6, @mcast1, @mcast2, {[@routing={0x2c, 0xa, 0x1, 0x1, 0x0, [@dev={0xfe, 0x80, [], 0x1d}, @loopback, @mcast2, @mcast1, @empty]}, @hopopts={0x3a}], @dccp={{0x4e22, 0x4e24, 0x4, 0x1, 0x7, 0x0, 0x0, 0xe, 0x7, "2135b0", 0x9, "2192a3"}, "81275ea1e05d6329d2815398bbc77f4114b49b111475e8804341ff4fd6738138b2467d5d7f0446c46ebe1a882c41208df0f7"}}}}, 0xd8) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f00000001c0)={0x651, 0x0, 0x201f, 0x7ff, 0x8000, 0x80000001, 0x5}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r1, 0xc0bc5310, &(0x7f00000002c0)) setuid(r2) [ 2216.404514] EXT4-fs (loop1): VFS: Can't find ext4 filesystem 20:57:26 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000280)=0x8) 20:57:26 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x80, 0x0, 0xf7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0xe) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) prctl$PR_SET_TSC(0x1a, 0x2) setuid(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r2, &(0x7f0000000380)=""/87, 0x192) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r3, &(0x7f0000000380)=""/87, 0x192) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000400)={0x347032f4bebd9c6a, @sliced={0x2, [0x9, 0x9, 0x1, 0x3, 0x1, 0x1000, 0x0, 0x8, 0xc04, 0x9, 0x6, 0x7, 0xca54, 0x7, 0x8001, 0x3, 0x800, 0xffff, 0x7, 0x8, 0x8, 0x9, 0x4, 0x20, 0x7f, 0xb70, 0x200, 0x7, 0xf001, 0x7, 0xf813, 0x1, 0xfff, 0x2, 0x7f, 0x9e, 0xff, 0x8, 0x0, 0x4, 0x3, 0x4, 0x8, 0x2, 0x7, 0x1, 0x971, 0x2], 0xf20}}) getdents64(r3, &(0x7f0000000080)=""/167, 0xa7) ioctl$KVM_GET_FPU(r3, 0x81a0ae8c, &(0x7f00000005c0)) getdents64(r2, &(0x7f0000000080)=""/167, 0xa7) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000100)={{0x8}, 0x0, 0x8, 0x81, {0x1f, 0x4d}, 0x9, 0x9}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETSW(r4, 0x5403, &(0x7f00000000c0)={0x0, 0x1, 0x9, 0x8001, 0x2, 0x67, 0x7, 0x3, 0x7, 0x5, 0x0, 0xb7ac}) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 20:57:26 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a}], 0x4801, 0x0) 20:57:26 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) 20:57:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000280)=0x8) [ 2216.746382] EXT4-fs (loop1): VFS: Can't find ext4 filesystem 20:57:27 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="3400000010000507fa7a6c710000000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000140012000c000100626f6e640000000004000200"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001580)=@newlink={0x20, 0x11, 0xe3b, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x20}}, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8936, &(0x7f00000000c0)={@rand_addr="58099cc694f72ffece30d9b0a71731b2", 0x4, r6}) [ 2216.946399] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2216.978239] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2216.989500] CPU: 1 PID: 7601 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2216.997324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2216.997354] Call Trace: [ 2216.997369] dump_stack+0x142/0x197 [ 2216.997384] warn_alloc.cold+0x96/0x1af [ 2217.012943] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2217.012970] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2217.012988] __alloc_pages_slowpath+0x23c6/0x2930 [ 2217.021792] ? save_trace+0x290/0x290 [ 2217.021813] ? warn_alloc+0xf0/0xf0 [ 2217.021837] ? __might_sleep+0x93/0xb0 [ 2217.021848] __alloc_pages_nodemask+0x62c/0x7a0 [ 2217.021858] ? lock_downgrade+0x740/0x740 [ 2217.021870] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2217.021886] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2217.021909] alloc_pages_current+0xec/0x1e0 [ 2217.021927] ion_page_pool_alloc+0x11f/0x1c0 [ 2217.032125] ion_system_heap_allocate+0x138/0x910 [ 2217.032136] ? ion_alloc+0x19b/0x860 [ 2217.032150] ? rcu_read_lock_sched_held+0x110/0x130 [ 2217.032163] ? ion_system_heap_free+0x250/0x250 [ 2217.032177] ion_alloc+0x222/0x860 [ 2217.032193] ? ion_dma_buf_release+0x50/0x50 [ 2217.032208] ? kasan_check_write+0x14/0x20 [ 2217.032218] ? _copy_from_user+0x99/0x110 [ 2217.032230] ion_ioctl+0x105/0x217 [ 2217.032240] ? ion_alloc.cold+0x40/0x40 [ 2217.032256] ? ion_alloc.cold+0x40/0x40 [ 2217.032266] do_vfs_ioctl+0x7ae/0x1060 [ 2217.032285] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2217.032298] ? lock_downgrade+0x740/0x740 [ 2217.039704] ? ioctl_preallocate+0x1c0/0x1c0 [ 2217.039719] ? __fget+0x237/0x370 [ 2217.039739] ? security_file_ioctl+0x89/0xb0 [ 2217.039753] SyS_ioctl+0x8f/0xc0 [ 2217.039764] ? do_vfs_ioctl+0x1060/0x1060 [ 2217.057626] do_syscall_64+0x1e8/0x640 [ 2217.057638] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2217.057660] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2217.057669] RIP: 0033:0x45a679 [ 2217.057674] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2217.057688] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2217.067610] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2217.067616] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2217.067621] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2217.067626] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2217.174609] warn_alloc_show_mem: 2 callbacks suppressed [ 2217.174613] Mem-Info: [ 2217.202279] active_anon:1241928 inactive_anon:199 isolated_anon:0 [ 2217.202279] active_file:6715 inactive_file:7804 isolated_file:0 [ 2217.202279] unevictable:0 dirty:241 writeback:0 unstable:0 [ 2217.202279] slab_reclaimable:18917 slab_unreclaimable:141299 [ 2217.202279] mapped:57666 shmem:255 pagetables:42305 bounce:0 [ 2217.202279] free:45186 free_pcp:0 free_cma:0 [ 2217.233162] Node 0 active_anon:1854440kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 768000kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2217.346961] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4464kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2217.404354] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2217.420113] Node 0 DMA32 free:35076kB min:36380kB low:45472kB high:54564kB active_anon:1849976kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12864kB pagetables:67028kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2217.448873] lowmem_reserve[]: 0 0 0 0 0 [ 2217.452966] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2217.478690] lowmem_reserve[]: 0 0 0 0 0 [ 2217.482778] Node 0 DMA: 4*4kB (U) 37*8kB (U) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2217.498375] Node 0 DMA32: 281*4kB (UME) 1152*8kB (UMEH) 884*16kB (UMEH) 323*32kB (U) 0*64kB 2*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35076kB [ 2217.512770] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2217.523916] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2217.532850] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2217.551627] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 20:57:27 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:57:27 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 20:57:27 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000100)=0xc) setuid(r1) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000140)={'filter\x00', 0x4}, 0x68) 20:57:27 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000280)=0x8) [ 2217.576201] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2217.589036] 14645 total pagecache pages [ 2217.593861] 0 pages in swap cache [ 2217.597333] Swap cache stats: add 0, delete 0, find 0/0 [ 2217.603225] Free swap = 0kB [ 2217.606258] Total swap = 0kB [ 2217.609287] 1965979 pages RAM [ 2217.622150] 0 pages HighMem/MovableOnly 20:57:27 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ff", 0x37, 0x400}], 0x4801, 0x0) [ 2217.640166] 335854 pages reserved [ 2217.643661] 0 pages cma reserved 20:57:27 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x19) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) mq_unlink(&(0x7f00000000c0)='fd\x00') setuid(r1) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') [ 2217.697846] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) [ 2217.737489] oom_reaper: reaped process 7601 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 20:57:27 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 20:57:28 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000340)) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x2, 0x0) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000080)) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) 20:57:28 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f00000000c0)={'veth1_to_hsr\x00', 0x1}) setuid(r1) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') [ 2217.955647] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) [ 2218.143131] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2218.210615] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2218.234077] CPU: 1 PID: 7601 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2218.241928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2218.251292] Call Trace: [ 2218.253905] dump_stack+0x142/0x197 [ 2218.257564] dump_header+0x177/0x6cd [ 2218.261305] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2218.266429] ? ___ratelimit+0x55/0x537 [ 2218.270344] oom_kill_process.cold+0x10/0xadd [ 2218.274855] ? rcu_read_unlock_special+0x895/0xd40 [ 2218.279801] ? lock_downgrade+0x740/0x740 [ 2218.284138] out_of_memory+0x2ee/0x1180 [ 2218.288221] ? lock_acquire+0x16f/0x430 [ 2218.292190] ? oom_killer_disable+0x1d0/0x1d0 [ 2218.296674] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2218.301590] __alloc_pages_slowpath+0x2251/0x2930 [ 2218.306428] ? warn_alloc+0xf0/0xf0 [ 2218.310057] ? __might_sleep+0x93/0xb0 [ 2218.313939] __alloc_pages_nodemask+0x62c/0x7a0 [ 2218.318715] ? lock_downgrade+0x740/0x740 [ 2218.322857] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2218.327865] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2218.333495] alloc_pages_current+0xec/0x1e0 [ 2218.337807] ion_page_pool_alloc+0x11f/0x1c0 [ 2218.342226] ion_system_heap_allocate+0x138/0x910 [ 2218.347141] ? ion_alloc+0x19b/0x860 [ 2218.350867] ? rcu_read_lock_sched_held+0x110/0x130 [ 2218.355894] ? ion_system_heap_free+0x250/0x250 [ 2218.360560] ion_alloc+0x222/0x860 [ 2218.364088] ? ion_dma_buf_release+0x50/0x50 [ 2218.368489] ? kasan_check_write+0x14/0x20 [ 2218.372757] ? _copy_from_user+0x99/0x110 [ 2218.376912] ion_ioctl+0x105/0x217 [ 2218.380451] ? ion_alloc.cold+0x40/0x40 [ 2218.384428] ? ion_alloc.cold+0x40/0x40 [ 2218.388400] do_vfs_ioctl+0x7ae/0x1060 [ 2218.392285] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2218.397029] ? lock_downgrade+0x740/0x740 [ 2218.401165] ? ioctl_preallocate+0x1c0/0x1c0 [ 2218.405574] ? __fget+0x237/0x370 [ 2218.409018] ? security_file_ioctl+0x89/0xb0 [ 2218.413421] SyS_ioctl+0x8f/0xc0 [ 2218.416769] ? do_vfs_ioctl+0x1060/0x1060 [ 2218.420907] do_syscall_64+0x1e8/0x640 [ 2218.424781] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2218.429615] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2218.434800] RIP: 0033:0x45a679 [ 2218.437998] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2218.445694] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2218.452951] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2218.460213] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2218.467469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2218.474743] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2218.484363] Mem-Info: [ 2218.487017] active_anon:1241836 inactive_anon:198 isolated_anon:0 [ 2218.487017] active_file:6742 inactive_file:7820 isolated_file:0 [ 2218.487017] unevictable:0 dirty:267 writeback:0 unstable:0 [ 2218.487017] slab_reclaimable:18928 slab_unreclaimable:141023 [ 2218.487017] mapped:57652 shmem:255 pagetables:42244 bounce:0 [ 2218.487017] free:41145 free_pcp:30 free_cma:0 [ 2218.521440] Node 0 active_anon:1854440kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 768000kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2218.549058] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4464kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2218.578852] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2218.584171] Node 0 DMA32 free:18100kB min:36380kB low:45472kB high:54564kB active_anon:1849976kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12864kB pagetables:67028kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 2218.613730] lowmem_reserve[]: 0 0 0 0 0 [ 2218.618032] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2218.644588] lowmem_reserve[]: 0 0 0 0 0 [ 2218.648730] Node 0 DMA: 1*4kB (U) 31*8kB (U) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2218.667351] Node 0 DMA32: 47*4kB (ME) 51*8kB (UME) 432*16kB (UME) 323*32kB (U) 0*64kB 2*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18100kB [ 2218.685810] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2218.705950] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2218.725676] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2218.741195] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2218.751638] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2218.765883] 14668 total pagecache pages [ 2218.770101] 0 pages in swap cache [ 2218.773721] Swap cache stats: add 0, delete 0, find 0/0 [ 2218.779262] Free swap = 0kB [ 2218.788501] Total swap = 0kB [ 2218.791696] 1965979 pages RAM [ 2218.794892] 0 pages HighMem/MovableOnly [ 2218.798933] 335854 pages reserved [ 2218.803613] 0 pages cma reserved [ 2218.807004] Out of memory: Kill process 20138 (syz-executor.1) score 1010 or sacrifice child [ 2218.815682] Killed process 20138 (syz-executor.1) total-vm:72980kB, anon-rss:16568kB, file-rss:35632kB, shmem-rss:0kB [ 2218.827440] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2218.838886] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2218.844306] CPU: 1 PID: 7601 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2218.852102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2218.861462] Call Trace: [ 2218.864055] dump_stack+0x142/0x197 [ 2218.867693] warn_alloc.cold+0x96/0x1af [ 2218.871674] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2218.876520] ? wait_for_completion+0x420/0x420 [ 2218.881200] __alloc_pages_slowpath+0x23c6/0x2930 [ 2218.886048] ? warn_alloc+0xf0/0xf0 [ 2218.889682] ? __might_sleep+0x93/0xb0 [ 2218.893576] __alloc_pages_nodemask+0x62c/0x7a0 [ 2218.898247] ? lock_downgrade+0x740/0x740 [ 2218.902406] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2218.907457] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2218.913087] alloc_pages_current+0xec/0x1e0 [ 2218.917419] ion_page_pool_alloc+0x11f/0x1c0 [ 2218.921947] ion_system_heap_allocate+0x138/0x910 [ 2218.926798] ? ion_alloc+0x19b/0x860 [ 2218.930515] ? rcu_read_lock_sched_held+0x110/0x130 [ 2218.935622] ? ion_system_heap_free+0x250/0x250 [ 2218.940311] ion_alloc+0x222/0x860 [ 2218.943856] ? ion_dma_buf_release+0x50/0x50 [ 2218.948259] ? kasan_check_write+0x14/0x20 [ 2218.952484] ? _copy_from_user+0x99/0x110 [ 2218.956688] ion_ioctl+0x105/0x217 [ 2218.960230] ? ion_alloc.cold+0x40/0x40 [ 2218.964204] ? ion_alloc.cold+0x40/0x40 [ 2218.968511] do_vfs_ioctl+0x7ae/0x1060 [ 2218.972506] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2218.977255] ? lock_downgrade+0x740/0x740 [ 2218.981406] ? ioctl_preallocate+0x1c0/0x1c0 [ 2218.985815] ? __fget+0x237/0x370 [ 2218.989256] ? security_file_ioctl+0x89/0xb0 [ 2218.993703] SyS_ioctl+0x8f/0xc0 [ 2218.997053] ? do_vfs_ioctl+0x1060/0x1060 [ 2219.001201] do_syscall_64+0x1e8/0x640 [ 2219.005080] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2219.009923] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2219.015102] RIP: 0033:0x45a679 [ 2219.018272] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2219.025965] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2219.033236] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2219.040498] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2219.047762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2219.055093] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2219.063808] Mem-Info: [ 2219.067818] active_anon:1241767 inactive_anon:199 isolated_anon:0 [ 2219.067818] active_file:6742 inactive_file:7826 isolated_file:0 [ 2219.067818] unevictable:0 dirty:276 writeback:0 unstable:0 [ 2219.067818] slab_reclaimable:18932 slab_unreclaimable:141091 [ 2219.067818] mapped:57639 shmem:255 pagetables:42199 bounce:0 [ 2219.067818] free:41315 free_pcp:374 free_cma:0 [ 2219.104247] Node 0 active_anon:1854440kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 768000kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2219.133367] Node 1 active_anon:3112628kB inactive_anon:32kB active_file:26960kB inactive_file:31288kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21636kB dirty:1100kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2219.161615] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4464kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2219.188092] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2219.193215] Node 0 DMA32 free:18100kB min:36380kB low:45472kB high:54564kB active_anon:1849976kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12864kB pagetables:67028kB bounce:0kB free_pcp:168kB local_pcp:16kB free_cma:0kB [ 2219.222196] lowmem_reserve[]: 0 0 0 0 0 [ 2219.226197] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2219.251523] lowmem_reserve[]: 0 0 0 0 0 [ 2219.255533] Node 1 Normal free:136780kB min:53508kB low:66884kB high:80260kB active_anon:3112628kB inactive_anon:32kB active_file:26960kB inactive_file:31288kB unevictable:0kB writepending:1100kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45984kB pagetables:101760kB bounce:0kB free_pcp:1348kB local_pcp:708kB free_cma:0kB [ 2219.285727] lowmem_reserve[]: 0 0 0 0 0 [ 2219.289723] Node 0 DMA: 1*4kB (U) 31*8kB (U) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2219.305261] Node 0 DMA32: 47*4kB (ME) 51*8kB (UME) 432*16kB (UME) 323*32kB (U) 0*64kB 2*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18100kB [ 2219.319149] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2219.329945] Node 1 Normal: 293*4kB (UME) 435*8kB (UMEH) 482*16kB (UMEH) 216*32kB (UMEH) 298*64kB (UME) 25*128kB (MEH) 30*256kB (UMEH) 93*512kB (UME) 29*1024kB (UMH) 5*2048kB (M) 0*4096kB = 136780kB [ 2219.347928] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2219.356828] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2219.365458] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2219.374362] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2219.383019] 14671 total pagecache pages [ 2219.386982] 0 pages in swap cache [ 2219.390481] Swap cache stats: add 0, delete 0, find 0/0 [ 2219.395846] Free swap = 0kB [ 2219.398856] Total swap = 0kB [ 2219.401930] 1965979 pages RAM [ 2219.405034] 0 pages HighMem/MovableOnly [ 2219.408996] 335854 pages reserved [ 2219.412495] 0 pages cma reserved [ 2219.445528] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2219.457034] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2219.462468] CPU: 1 PID: 7601 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2219.470267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2219.479618] Call Trace: [ 2219.482217] dump_stack+0x142/0x197 [ 2219.485847] warn_alloc.cold+0x96/0x1af [ 2219.489910] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2219.494755] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2219.500025] __alloc_pages_slowpath+0x23c6/0x2930 [ 2219.504864] ? save_trace+0x290/0x290 [ 2219.508651] ? warn_alloc+0xf0/0xf0 [ 2219.512271] ? __might_sleep+0x93/0xb0 [ 2219.516149] __alloc_pages_nodemask+0x62c/0x7a0 [ 2219.520801] ? lock_downgrade+0x740/0x740 [ 2219.524934] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2219.529945] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2219.535559] alloc_pages_current+0xec/0x1e0 [ 2219.539870] ion_page_pool_alloc+0x11f/0x1c0 [ 2219.545221] ion_system_heap_allocate+0x138/0x910 [ 2219.550052] ? ion_system_heap_free+0x250/0x250 [ 2219.554711] ion_alloc+0x68c/0x860 [ 2219.558238] ? ion_dma_buf_release+0x50/0x50 [ 2219.562633] ? kasan_check_write+0x14/0x20 [ 2219.566866] ? _copy_from_user+0x99/0x110 [ 2219.570999] ion_ioctl+0x105/0x217 [ 2219.574523] ? ion_alloc.cold+0x40/0x40 [ 2219.578486] ? ion_alloc.cold+0x40/0x40 [ 2219.582446] do_vfs_ioctl+0x7ae/0x1060 [ 2219.586321] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2219.591061] ? lock_downgrade+0x740/0x740 [ 2219.595206] ? ioctl_preallocate+0x1c0/0x1c0 [ 2219.599599] ? __fget+0x237/0x370 [ 2219.603056] ? security_file_ioctl+0x89/0xb0 [ 2219.607450] SyS_ioctl+0x8f/0xc0 [ 2219.610801] ? do_vfs_ioctl+0x1060/0x1060 [ 2219.614936] do_syscall_64+0x1e8/0x640 [ 2219.618815] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2219.623648] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2219.628820] RIP: 0033:0x45a679 [ 2219.631991] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2219.639683] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2219.647108] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2219.654361] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2219.661613] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2219.668877] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2219.720140] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2219.731609] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2219.736976] CPU: 0 PID: 7601 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2219.744752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2219.754097] Call Trace: [ 2219.756696] dump_stack+0x142/0x197 [ 2219.760308] warn_alloc.cold+0x96/0x1af [ 2219.764284] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2219.769118] ? call_timer_fn+0x670/0x670 [ 2219.773186] __alloc_pages_slowpath+0x23c6/0x2930 [ 2219.778038] ? warn_alloc+0xf0/0xf0 [ 2219.781656] ? __might_sleep+0x93/0xb0 [ 2219.785528] __alloc_pages_nodemask+0x62c/0x7a0 [ 2219.790182] ? lock_downgrade+0x740/0x740 [ 2219.794313] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2219.799313] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2219.804920] alloc_pages_current+0xec/0x1e0 [ 2219.809230] ion_page_pool_alloc+0x11f/0x1c0 [ 2219.813636] ion_system_heap_allocate+0x138/0x910 [ 2219.818467] ? ion_system_heap_free+0x250/0x250 [ 2219.823158] ion_alloc+0x68c/0x860 [ 2219.826686] ? ion_dma_buf_release+0x50/0x50 [ 2219.831183] ? kasan_check_write+0x14/0x20 [ 2219.835413] ? _copy_from_user+0x99/0x110 [ 2219.839554] ion_ioctl+0x105/0x217 [ 2219.843086] ? ion_alloc.cold+0x40/0x40 [ 2219.847055] ? ion_alloc.cold+0x40/0x40 [ 2219.851017] do_vfs_ioctl+0x7ae/0x1060 [ 2219.854891] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2219.859632] ? lock_downgrade+0x740/0x740 [ 2219.863764] ? ioctl_preallocate+0x1c0/0x1c0 [ 2219.868167] ? __fget+0x237/0x370 [ 2219.871624] ? security_file_ioctl+0x89/0xb0 [ 2219.876025] SyS_ioctl+0x8f/0xc0 [ 2219.879379] ? do_vfs_ioctl+0x1060/0x1060 [ 2219.883517] do_syscall_64+0x1e8/0x640 [ 2219.887386] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2219.892220] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2219.897394] RIP: 0033:0x45a679 [ 2219.900621] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2219.908438] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 20:57:30 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) 20:57:30 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') write$dsp(0xffffffffffffffff, &(0x7f0000000140)="87857b", 0x3) getdents64(r0, &(0x7f0000000380)=""/87, 0x192) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 20:57:30 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000340)) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x2, 0x0) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000080)) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) 20:57:30 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x102000, 0x0) sendto$x25(r0, &(0x7f0000000180)="99", 0x1, 0x10, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r3, &(0x7f0000000380)=""/87, 0x192) getdents64(r3, &(0x7f0000000080)=""/167, 0xa7) ioctl$KVM_GET_MSR_INDEX_LIST(r3, 0xc004ae02, &(0x7f00000000c0)={0x3, [0x0, 0x0, 0x0]}) 20:57:30 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) 20:57:30 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2219.915694] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2219.922949] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2219.930206] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2219.937459] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff 20:57:30 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000340)) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x2, 0x0) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000080)) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) [ 2220.025732] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) 20:57:30 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000540)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) 20:57:30 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r6, &(0x7f0000000380)=""/87, 0x192) getdents64(r6, &(0x7f0000000080)=""/167, 0xa7) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r6, 0x84, 0x16, &(0x7f0000000300)={0x2, [0x2, 0x3f]}, 0x8) getdents64(r5, &(0x7f0000000380)=""/87, 0x192) getdents64(r5, &(0x7f0000000080)=""/167, 0xa7) r7 = dup3(r0, r3, 0xc0000) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000f23fd1f80e5500", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) getsockopt$inet_sctp6_SCTP_RTOINFO(r8, 0x84, 0x14, &(0x7f0000000100)={r9}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000100)={r9, @in={{0x2, 0x4e20, @remote}}, 0x7e0, 0x801c}, &(0x7f0000000080)=0x90) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value={r9}, 0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000200)={r9, 0x0, 0x7fff, 0x5, 0xe41, 0x1}, 0x14) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r7, 0x84, 0x19, &(0x7f0000000140)={r9, 0x2}, 0x8) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) sendmsg$sock(r4, &(0x7f0000001ac0)={&(0x7f0000001900)=@xdp={0x2c, 0x1, r10, 0x22}, 0x80, &(0x7f0000001a40)=[{&(0x7f0000001980)="fb529acd8df0e93f7571cf3a7110b55985748cd8265bfe0741e8723379b54a4efda11d3f0ea2050b2d0749e2da33d5204c4525319e4f2b1914893b4e7852f27f5a44700b113ab4212cdb958e14d4ce99977f3e0794f4ab08f9056a50dd0685eb815b0c5a3dcb34bdfa456f1d30a54fadbe77f0a59cd79f916dbdb4fdee3b845ec27bdfb41a7ff3ccf3266d430a72eb869e5ab54ecc29001f56735ff7272c", 0x9e}], 0x1, &(0x7f0000001a80)}, 0x10) 20:57:30 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r1, &(0x7f0000000380)=""/87, 0x192) getdents64(r1, &(0x7f0000000080)=""/167, 0xa7) ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f00000000c0)) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000140)) setreuid(0x0, r3) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x0, 0x0}) setuid(0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') [ 2220.242718] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 20:57:30 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000340)) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x2, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) [ 2220.309019] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2220.311625] IPVS: ftp: loaded support on port[0] = 21 [ 2220.318538] CPU: 1 PID: 7696 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2220.327456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2220.336814] Call Trace: [ 2220.339409] dump_stack+0x142/0x197 [ 2220.343045] warn_alloc.cold+0x96/0x1af [ 2220.347025] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2220.351888] ? __alloc_pages_direct_compact+0xbc/0x380 20:57:30 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000540)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) [ 2220.357178] __alloc_pages_slowpath+0x23c6/0x2930 [ 2220.362036] ? save_trace+0x290/0x290 [ 2220.365851] ? warn_alloc+0xf0/0xf0 [ 2220.369497] ? __might_sleep+0x93/0xb0 [ 2220.373396] __alloc_pages_nodemask+0x62c/0x7a0 [ 2220.378073] ? lock_downgrade+0x740/0x740 [ 2220.382226] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2220.387252] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2220.392892] alloc_pages_current+0xec/0x1e0 [ 2220.397226] ion_page_pool_alloc+0x11f/0x1c0 [ 2220.401642] ion_system_heap_allocate+0x138/0x910 [ 2220.406485] ? ion_alloc+0x19b/0x860 [ 2220.410202] ? rcu_read_lock_sched_held+0x110/0x130 [ 2220.415226] ? ion_system_heap_free+0x250/0x250 [ 2220.419912] ion_alloc+0x222/0x860 [ 2220.423460] ? ion_dma_buf_release+0x50/0x50 [ 2220.427867] ? kasan_check_write+0x14/0x20 [ 2220.432108] ? _copy_from_user+0x99/0x110 [ 2220.436265] ion_ioctl+0x105/0x217 [ 2220.439813] ? ion_alloc.cold+0x40/0x40 [ 2220.443805] ? ion_alloc.cold+0x40/0x40 [ 2220.448281] do_vfs_ioctl+0x7ae/0x1060 [ 2220.448296] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2220.448307] ? lock_downgrade+0x740/0x740 [ 2220.448320] ? ioctl_preallocate+0x1c0/0x1c0 [ 2220.448335] ? __fget+0x237/0x370 [ 2220.448355] ? security_file_ioctl+0x89/0xb0 [ 2220.448369] SyS_ioctl+0x8f/0xc0 [ 2220.448380] ? do_vfs_ioctl+0x1060/0x1060 [ 2220.448394] do_syscall_64+0x1e8/0x640 [ 2220.448405] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2220.448424] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2220.448433] RIP: 0033:0x45a679 [ 2220.448439] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2220.448450] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2220.448457] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2220.448463] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2220.448469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2220.448476] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2220.495277] warn_alloc_show_mem: 2 callbacks suppressed [ 2220.495282] Mem-Info: [ 2220.495306] active_anon:1237824 inactive_anon:195 isolated_anon:0 [ 2220.495306] active_file:6729 inactive_file:7833 isolated_file:0 [ 2220.495306] unevictable:0 dirty:300 writeback:0 unstable:0 [ 2220.495306] slab_reclaimable:18931 slab_unreclaimable:140696 [ 2220.495306] mapped:57677 shmem:256 pagetables:42318 bounce:0 [ 2220.495306] free:49609 free_pcp:199 free_cma:0 [ 2220.495329] Node 0 active_anon:1838320kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 751616kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2220.495333] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4464kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2220.495355] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2220.495378] Node 0 DMA32 free:49416kB min:36380kB low:45472kB high:54564kB active_anon:1833856kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12832kB pagetables:67188kB bounce:0kB free_pcp:796kB local_pcp:440kB free_cma:0kB [ 2220.495405] lowmem_reserve[]: 0 0 0 0 0 [ 2220.495431] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2220.495451] lowmem_reserve[]: 0 0 0 0 0 [ 2220.495474] Node 0 DMA: 4*4kB (U) 37*8kB (U) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2220.495621] Node 0 DMA32: 50*4kB (U) 1118*8kB (UE) 859*16kB (UM) 325*32kB (UE) 0*64kB 0*128kB 1*256kB (E) 1*512kB (E) 1*1024kB (E) 7*2048kB (M) 0*4096kB = 49416kB [ 2220.495745] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2220.495797] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2220.495803] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2220.495810] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2220.495816] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2220.495821] 14662 total pagecache pages [ 2220.495833] 0 pages in swap cache [ 2220.495837] Swap cache stats: add 0, delete 0, find 0/0 [ 2220.495840] Free swap = 0kB [ 2220.495843] Total swap = 0kB [ 2220.495849] 1965979 pages RAM [ 2220.495852] 0 pages HighMem/MovableOnly [ 2220.495855] 335854 pages reserved [ 2220.495858] 0 pages cma reserved [ 2220.596215] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2221.035131] 0, order=0, oom_score_adj=1000 [ 2221.039518] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2221.045088] CPU: 1 PID: 7696 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2221.053009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2221.062579] Call Trace: [ 2221.065167] dump_stack+0x142/0x197 [ 2221.068799] dump_header+0x177/0x6cd [ 2221.072503] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2221.077727] ? ___ratelimit+0x55/0x537 [ 2221.081627] oom_kill_process.cold+0x10/0xadd [ 2221.086259] ? rcu_read_unlock_special+0x895/0xd40 [ 2221.091192] ? lock_downgrade+0x740/0x740 [ 2221.095341] out_of_memory+0x2ee/0x1180 [ 2221.099321] ? lock_acquire+0x16f/0x430 [ 2221.103295] ? oom_killer_disable+0x1d0/0x1d0 [ 2221.107784] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2221.112709] __alloc_pages_slowpath+0x2251/0x2930 [ 2221.117571] ? warn_alloc+0xf0/0xf0 [ 2221.121194] ? __might_sleep+0x93/0xb0 [ 2221.125071] __alloc_pages_nodemask+0x62c/0x7a0 [ 2221.129728] ? lock_downgrade+0x740/0x740 [ 2221.133883] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2221.138899] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2221.144517] alloc_pages_current+0xec/0x1e0 [ 2221.148833] ion_page_pool_alloc+0x11f/0x1c0 [ 2221.153236] ion_system_heap_allocate+0x138/0x910 [ 2221.158078] ? ion_alloc+0x19b/0x860 [ 2221.161789] ? rcu_read_lock_sched_held+0x110/0x130 [ 2221.166799] ? ion_system_heap_free+0x250/0x250 [ 2221.171461] ion_alloc+0x222/0x860 [ 2221.174991] ? ion_dma_buf_release+0x50/0x50 [ 2221.179409] ? kasan_check_write+0x14/0x20 [ 2221.183664] ? _copy_from_user+0x99/0x110 [ 2221.187824] ion_ioctl+0x105/0x217 [ 2221.191360] ? ion_alloc.cold+0x40/0x40 [ 2221.195334] ? ion_alloc.cold+0x40/0x40 [ 2221.199297] do_vfs_ioctl+0x7ae/0x1060 [ 2221.203175] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2221.207916] ? lock_downgrade+0x740/0x740 [ 2221.212053] ? ioctl_preallocate+0x1c0/0x1c0 [ 2221.216451] ? __fget+0x237/0x370 [ 2221.219897] ? security_file_ioctl+0x89/0xb0 [ 2221.224295] SyS_ioctl+0x8f/0xc0 [ 2221.227650] ? do_vfs_ioctl+0x1060/0x1060 [ 2221.231796] do_syscall_64+0x1e8/0x640 [ 2221.235775] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2221.240631] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2221.245818] RIP: 0033:0x45a679 [ 2221.248993] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2221.256693] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2221.263971] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2221.271244] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2221.278501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2221.285761] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2221.294755] Mem-Info: [ 2221.297622] active_anon:1237700 inactive_anon:199 isolated_anon:0 [ 2221.297622] active_file:6728 inactive_file:7842 isolated_file:0 [ 2221.297622] unevictable:0 dirty:312 writeback:0 unstable:0 [ 2221.297622] slab_reclaimable:18825 slab_unreclaimable:140559 [ 2221.297622] mapped:57662 shmem:255 pagetables:42191 bounce:0 [ 2221.297622] free:46634 free_pcp:337 free_cma:0 [ 2221.332373] Node 0 active_anon:1838004kB inactive_anon:764kB active_file:12kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208924kB dirty:24kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 751616kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2221.360472] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4464kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2221.387652] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2221.392775] Node 0 DMA32 free:37140kB min:36380kB low:45472kB high:54564kB active_anon:1833540kB inactive_anon:764kB active_file:12kB inactive_file:32kB unevictable:0kB writepending:24kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12832kB pagetables:66892kB bounce:0kB free_pcp:1348kB local_pcp:708kB free_cma:0kB [ 2221.422377] lowmem_reserve[]: 0 0 0 0 0 [ 2221.426402] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2221.451797] lowmem_reserve[]: 0 0 0 0 0 [ 2221.455803] Node 0 DMA: 4*4kB (U) 37*8kB (U) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2221.471211] Node 0 DMA32: 139*4kB (UME) 11*8kB (UME) 617*16kB (UME) 324*32kB (U) 0*64kB 1*128kB (E) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 7*2048kB (M) 0*4096kB = 37140kB [ 2221.486588] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2221.497425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2221.506334] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2221.515588] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2221.524519] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2221.533174] 14671 total pagecache pages [ 2221.537168] 0 pages in swap cache [ 2221.540734] Swap cache stats: add 0, delete 0, find 0/0 [ 2221.546107] Free swap = 0kB [ 2221.549114] Total swap = 0kB [ 2221.552207] 1965979 pages RAM [ 2221.555307] 0 pages HighMem/MovableOnly [ 2221.559265] 335854 pages reserved [ 2221.562799] 0 pages cma reserved [ 2221.566177] Out of memory: Kill process 20634 (syz-executor.1) score 1010 or sacrifice child [ 2221.574912] Killed process 20634 (syz-executor.1) total-vm:72980kB, anon-rss:16568kB, file-rss:35632kB, shmem-rss:0kB [ 2222.685793] oom_reaper: reaped process 7696 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2224.543531] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2224.556641] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2224.562231] CPU: 1 PID: 7696 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2224.570178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2224.579523] Call Trace: [ 2224.582113] dump_stack+0x142/0x197 [ 2224.585730] dump_header+0x177/0x6cd [ 2224.589439] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2224.594527] ? ___ratelimit+0x55/0x537 [ 2224.598401] oom_kill_process.cold+0x10/0xadd [ 2224.602888] ? rcu_read_unlock_special+0x639/0xd40 [ 2224.607813] ? lock_downgrade+0x740/0x740 [ 2224.611945] out_of_memory+0x2ee/0x1180 [ 2224.615899] ? lock_acquire+0x16f/0x430 [ 2224.619855] ? oom_killer_disable+0x1d0/0x1d0 [ 2224.624332] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2224.629241] __alloc_pages_slowpath+0x2251/0x2930 [ 2224.634075] ? warn_alloc+0xf0/0xf0 [ 2224.637689] ? __might_sleep+0x93/0xb0 [ 2224.641560] __alloc_pages_nodemask+0x62c/0x7a0 [ 2224.646212] ? lock_downgrade+0x740/0x740 [ 2224.650341] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2224.655340] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2224.660965] alloc_pages_current+0xec/0x1e0 [ 2224.665289] ion_page_pool_alloc+0x11f/0x1c0 [ 2224.669680] ion_system_heap_allocate+0x138/0x910 [ 2224.674504] ? ion_alloc+0x19b/0x860 [ 2224.678212] ? rcu_read_lock_sched_held+0x110/0x130 [ 2224.683278] ? ion_system_heap_free+0x250/0x250 [ 2224.687961] ion_alloc+0x222/0x860 [ 2224.691495] ? ion_dma_buf_release+0x50/0x50 [ 2224.695904] ? kasan_check_write+0x14/0x20 [ 2224.700123] ? _copy_from_user+0x99/0x110 [ 2224.704256] ion_ioctl+0x105/0x217 [ 2224.707777] ? ion_alloc.cold+0x40/0x40 [ 2224.711745] ? ion_alloc.cold+0x40/0x40 [ 2224.715703] do_vfs_ioctl+0x7ae/0x1060 [ 2224.719570] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2224.724305] ? lock_downgrade+0x740/0x740 [ 2224.728434] ? ioctl_preallocate+0x1c0/0x1c0 [ 2224.732845] ? __fget+0x237/0x370 [ 2224.736287] ? security_file_ioctl+0x89/0xb0 [ 2224.740697] SyS_ioctl+0x8f/0xc0 [ 2224.744052] ? do_vfs_ioctl+0x1060/0x1060 [ 2224.748225] do_syscall_64+0x1e8/0x640 [ 2224.752101] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2224.756940] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2224.762107] RIP: 0033:0x45a679 [ 2224.765278] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2224.772981] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2224.780246] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2224.787543] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2224.794805] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2224.802061] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2224.809656] Mem-Info: [ 2224.812133] active_anon:1233507 inactive_anon:199 isolated_anon:0 [ 2224.812133] active_file:6727 inactive_file:7880 isolated_file:0 [ 2224.812133] unevictable:0 dirty:350 writeback:0 unstable:0 [ 2224.812133] slab_reclaimable:18824 slab_unreclaimable:140541 [ 2224.812133] mapped:57638 shmem:255 pagetables:42131 bounce:0 [ 2224.812133] free:41916 free_pcp:300 free_cma:0 [ 2224.845975] Node 0 active_anon:1821460kB inactive_anon:764kB active_file:8kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:24kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2224.873530] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4464kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2224.900686] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2224.905745] Node 0 DMA32 free:18184kB min:36380kB low:45472kB high:54564kB active_anon:1816996kB inactive_anon:764kB active_file:8kB inactive_file:36kB unevictable:0kB writepending:24kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12800kB pagetables:66756kB bounce:0kB free_pcp:1200kB local_pcp:728kB free_cma:0kB [ 2224.936900] lowmem_reserve[]: 0 0 0 0 0 [ 2224.940978] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2224.966335] lowmem_reserve[]: 0 0 0 0 0 [ 2224.970388] Node 0 DMA: 1*4kB (U) 31*8kB (U) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2224.985860] Node 0 DMA32: 104*4kB (UME) 13*8kB (UME) 22*16kB (UME) 3*32kB (UM) 1*64kB (U) 2*128kB (UE) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 7*2048kB (M) 0*4096kB = 18184kB [ 2225.001902] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2225.012768] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2225.021855] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2225.031348] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2225.040427] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2225.049010] 14765 total pagecache pages [ 2225.053070] 0 pages in swap cache [ 2225.056532] Swap cache stats: add 0, delete 0, find 0/0 [ 2225.087853] Free swap = 0kB [ 2225.090980] Total swap = 0kB [ 2225.093999] 1965979 pages RAM [ 2225.097087] 0 pages HighMem/MovableOnly [ 2225.101232] 335854 pages reserved [ 2225.104801] 0 pages cma reserved [ 2225.108150] Out of memory: Kill process 22946 (syz-executor.2) score 1010 or sacrifice child [ 2225.117576] Killed process 22946 (syz-executor.2) total-vm:72980kB, anon-rss:16560kB, file-rss:35632kB, shmem-rss:0kB [ 2225.129299] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2225.141159] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2225.146524] CPU: 1 PID: 7696 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2225.154307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2225.163652] Call Trace: [ 2225.166224] dump_stack+0x142/0x197 [ 2225.169838] warn_alloc.cold+0x96/0x1af [ 2225.173805] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2225.178632] ? wait_for_completion+0x420/0x420 [ 2225.183199] __alloc_pages_slowpath+0x23c6/0x2930 [ 2225.188030] ? warn_alloc+0xf0/0xf0 [ 2225.191644] ? __might_sleep+0x93/0xb0 [ 2225.195512] __alloc_pages_nodemask+0x62c/0x7a0 [ 2225.200165] ? lock_downgrade+0x740/0x740 [ 2225.204299] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2225.209303] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2225.214912] alloc_pages_current+0xec/0x1e0 [ 2225.219218] ion_page_pool_alloc+0x11f/0x1c0 [ 2225.223607] ion_system_heap_allocate+0x138/0x910 [ 2225.228440] ? ion_alloc+0x19b/0x860 [ 2225.232222] ? rcu_read_lock_sched_held+0x110/0x130 [ 2225.237222] ? ion_system_heap_free+0x250/0x250 [ 2225.241886] ion_alloc+0x222/0x860 [ 2225.245409] ? ion_dma_buf_release+0x50/0x50 [ 2225.249801] ? kasan_check_write+0x14/0x20 [ 2225.254028] ? _copy_from_user+0x99/0x110 [ 2225.258159] ion_ioctl+0x105/0x217 [ 2225.261681] ? ion_alloc.cold+0x40/0x40 [ 2225.265638] ? ion_alloc.cold+0x40/0x40 [ 2225.269593] do_vfs_ioctl+0x7ae/0x1060 [ 2225.273465] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2225.278214] ? lock_downgrade+0x740/0x740 [ 2225.282357] ? ioctl_preallocate+0x1c0/0x1c0 [ 2225.286745] ? __fget+0x237/0x370 [ 2225.290181] ? security_file_ioctl+0x89/0xb0 [ 2225.294583] SyS_ioctl+0x8f/0xc0 [ 2225.297927] ? do_vfs_ioctl+0x1060/0x1060 [ 2225.302057] do_syscall_64+0x1e8/0x640 [ 2225.305921] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2225.310747] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2225.315916] RIP: 0033:0x45a679 [ 2225.319084] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2225.326784] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2225.334047] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2225.341301] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2225.348550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2225.355809] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2225.363185] Mem-Info: [ 2225.365620] active_anon:1225304 inactive_anon:199 isolated_anon:0 [ 2225.365620] active_file:6789 inactive_file:7877 isolated_file:0 [ 2225.365620] unevictable:0 dirty:357 writeback:0 unstable:0 [ 2225.365620] slab_reclaimable:18824 slab_unreclaimable:140211 [ 2225.365620] mapped:57636 shmem:255 pagetables:41868 bounce:0 [ 2225.365620] free:50761 free_pcp:668 free_cma:0 [ 2225.399792] Node 0 active_anon:1819424kB inactive_anon:764kB active_file:8kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:24kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2225.427414] Node 1 active_anon:3081792kB inactive_anon:32kB active_file:27148kB inactive_file:31472kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21624kB dirty:1404kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2225.455399] Node 0 DMA free:10400kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2225.481880] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2225.486927] Node 0 DMA32 free:20648kB min:36380kB low:45472kB high:54564kB active_anon:1814980kB inactive_anon:764kB active_file:8kB inactive_file:36kB unevictable:0kB writepending:24kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66456kB bounce:0kB free_pcp:1272kB local_pcp:624kB free_cma:0kB [ 2225.516149] lowmem_reserve[]: 0 0 0 0 0 [ 2225.520196] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2225.545530] lowmem_reserve[]: 0 0 0 0 0 [ 2225.549540] Node 1 Normal free:172496kB min:53508kB low:66884kB high:80260kB active_anon:3081792kB inactive_anon:32kB active_file:27148kB inactive_file:31472kB unevictable:0kB writepending:1404kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45536kB pagetables:101008kB bounce:0kB free_pcp:1280kB local_pcp:632kB free_cma:0kB [ 2225.579738] lowmem_reserve[]: 0 0 0 0 0 [ 2225.583784] Node 0 DMA: 4*4kB (UM) 32*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10400kB [ 2225.599457] Node 0 DMA32: 526*4kB (UME) 82*8kB (UME) 29*16kB (UME) 7*32kB (UM) 1*64kB (U) 1*128kB (E) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 7*2048kB (M) 0*4096kB = 20792kB [ 2225.615083] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2225.625818] Node 1 Normal: 1231*4kB (UME) 1011*8kB (UMEH) 625*16kB (UMEH) 1003*32kB (UMEH) 294*64kB (UME) 27*128kB (UMEH) 30*256kB (UMEH) 93*512kB (UME) 29*1024kB (UMH) 5*2048kB (M) 0*4096kB = 172612kB [ 2225.644049] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2225.652926] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2225.661529] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2225.670400] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2225.679294] 14766 total pagecache pages [ 2225.683313] 0 pages in swap cache [ 2225.686782] Swap cache stats: add 0, delete 0, find 0/0 [ 2225.692177] Free swap = 0kB [ 2225.695188] Total swap = 0kB [ 2225.698191] 1965979 pages RAM [ 2225.701344] 0 pages HighMem/MovableOnly [ 2225.705310] 335854 pages reserved [ 2225.708738] 0 pages cma reserved [ 2225.771719] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2225.783159] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2225.788523] CPU: 1 PID: 7696 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2225.796298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2225.805648] Call Trace: [ 2225.808240] dump_stack+0x142/0x197 [ 2225.811850] warn_alloc.cold+0x96/0x1af [ 2225.815818] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2225.820645] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2225.825900] __alloc_pages_slowpath+0x23c6/0x2930 [ 2225.830739] ? save_trace+0x290/0x290 [ 2225.834525] ? warn_alloc+0xf0/0xf0 [ 2225.838156] ? __might_sleep+0x93/0xb0 [ 2225.842046] __alloc_pages_nodemask+0x62c/0x7a0 [ 2225.846753] ? lock_downgrade+0x740/0x740 [ 2225.850887] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2225.855894] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2225.861507] alloc_pages_current+0xec/0x1e0 [ 2225.865837] ion_page_pool_alloc+0x11f/0x1c0 [ 2225.870246] ion_system_heap_allocate+0x138/0x910 [ 2225.875075] ? ion_system_heap_free+0x250/0x250 [ 2225.879743] ion_alloc+0x68c/0x860 [ 2225.883266] ? ion_dma_buf_release+0x50/0x50 [ 2225.887656] ? kasan_check_write+0x14/0x20 [ 2225.891873] ? _copy_from_user+0x99/0x110 [ 2225.896002] ion_ioctl+0x105/0x217 [ 2225.899522] ? ion_alloc.cold+0x40/0x40 [ 2225.903498] ? ion_alloc.cold+0x40/0x40 [ 2225.907484] do_vfs_ioctl+0x7ae/0x1060 [ 2225.911368] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2225.916127] ? lock_downgrade+0x740/0x740 [ 2225.920265] ? ioctl_preallocate+0x1c0/0x1c0 [ 2225.924672] ? __fget+0x237/0x370 [ 2225.928134] ? security_file_ioctl+0x89/0xb0 [ 2225.932589] SyS_ioctl+0x8f/0xc0 [ 2225.935942] ? do_vfs_ioctl+0x1060/0x1060 [ 2225.940078] do_syscall_64+0x1e8/0x640 [ 2225.944024] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2225.948875] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2225.954070] RIP: 0033:0x45a679 [ 2225.957283] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2225.964979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2225.972247] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2225.979512] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2225.986777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2225.994036] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2228.029576] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2228.042914] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2228.048305] CPU: 0 PID: 7696 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2228.056146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2228.065502] Call Trace: [ 2228.068090] dump_stack+0x142/0x197 [ 2228.071850] dump_header+0x177/0x6cd [ 2228.075588] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2228.080686] ? ___ratelimit+0x55/0x537 [ 2228.084565] oom_kill_process.cold+0x10/0xadd [ 2228.089050] ? oom_unkillable_task+0x294/0x390 [ 2228.093635] ? lock_downgrade+0x740/0x740 [ 2228.097861] out_of_memory+0x2ee/0x1180 [ 2228.101821] ? lock_acquire+0x16f/0x430 [ 2228.105822] ? oom_killer_disable+0x1d0/0x1d0 [ 2228.110308] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2228.115245] __alloc_pages_slowpath+0x2251/0x2930 [ 2228.120104] ? warn_alloc+0xf0/0xf0 [ 2228.123727] ? __might_sleep+0x93/0xb0 [ 2228.127600] __alloc_pages_nodemask+0x62c/0x7a0 [ 2228.132263] ? lock_downgrade+0x740/0x740 [ 2228.136422] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2228.141422] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2228.147030] alloc_pages_current+0xec/0x1e0 [ 2228.151346] ion_page_pool_alloc+0x11f/0x1c0 [ 2228.155745] ion_system_heap_allocate+0x138/0x910 [ 2228.160572] ? ion_system_heap_free+0x250/0x250 [ 2228.165243] ion_alloc+0x68c/0x860 [ 2228.168780] ? ion_dma_buf_release+0x50/0x50 [ 2228.173195] ? kasan_check_write+0x14/0x20 [ 2228.177427] ? _copy_from_user+0x99/0x110 [ 2228.181561] ion_ioctl+0x105/0x217 [ 2228.185083] ? ion_alloc.cold+0x40/0x40 [ 2228.189043] ? ion_alloc.cold+0x40/0x40 [ 2228.193009] do_vfs_ioctl+0x7ae/0x1060 [ 2228.196888] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2228.201647] ? lock_downgrade+0x740/0x740 [ 2228.205792] ? ioctl_preallocate+0x1c0/0x1c0 [ 2228.210191] ? __fget+0x237/0x370 [ 2228.213660] ? security_file_ioctl+0x89/0xb0 [ 2228.218076] SyS_ioctl+0x8f/0xc0 [ 2228.221425] ? do_vfs_ioctl+0x1060/0x1060 [ 2228.225604] do_syscall_64+0x1e8/0x640 [ 2228.229472] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2228.234318] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2228.239501] RIP: 0033:0x45a679 [ 2228.242670] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2228.250363] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2228.257620] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2228.264869] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2228.272125] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2228.279509] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2228.288202] Mem-Info: [ 2228.290760] active_anon:1221147 inactive_anon:199 isolated_anon:0 [ 2228.290760] active_file:6789 inactive_file:7887 isolated_file:0 [ 2228.290760] unevictable:0 dirty:367 writeback:0 unstable:0 [ 2228.290760] slab_reclaimable:18818 slab_unreclaimable:140173 [ 2228.290760] mapped:57636 shmem:255 pagetables:41811 bounce:0 [ 2228.290760] free:53402 free_pcp:225 free_cma:0 [ 2228.324623] Node 0 active_anon:1815140kB inactive_anon:764kB active_file:8kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:24kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2228.352192] Node 0 DMA free:10376kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2228.378655] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2228.383714] Node 0 DMA32 free:18192kB min:36380kB low:45472kB high:54564kB active_anon:1810696kB inactive_anon:764kB active_file:8kB inactive_file:36kB unevictable:0kB writepending:24kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66340kB bounce:0kB free_pcp:900kB local_pcp:772kB free_cma:0kB [ 2228.413633] lowmem_reserve[]: 0 0 0 0 0 [ 2228.418513] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2228.443826] lowmem_reserve[]: 0 0 0 0 0 [ 2228.447820] Node 0 DMA: 4*4kB (UM) 37*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 3*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10376kB [ 2228.463515] Node 0 DMA32: 738*4kB (ME) 129*8kB (UME) 62*16kB (UM) 365*32kB (UM) 18*64kB (M) 3*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18192kB [ 2228.477805] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2228.488573] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2228.497612] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2228.506237] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2228.515098] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2228.523711] 14775 total pagecache pages [ 2228.527678] 0 pages in swap cache [ 2228.531172] Swap cache stats: add 0, delete 0, find 0/0 [ 2228.536593] Free swap = 0kB [ 2228.539623] Total swap = 0kB [ 2228.543210] 1965979 pages RAM [ 2228.546317] 0 pages HighMem/MovableOnly [ 2228.550390] 335854 pages reserved [ 2228.553845] 0 pages cma reserved [ 2228.557207] Out of memory: Kill process 25936 (syz-executor.5) score 1010 or sacrifice child [ 2228.565901] Killed process 25936 (syz-executor.5) total-vm:72848kB, anon-rss:16548kB, file-rss:35636kB, shmem-rss:0kB [ 2228.578178] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2228.589673] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2228.595102] CPU: 0 PID: 7696 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2228.602895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2228.612255] Call Trace: [ 2228.614842] dump_stack+0x142/0x197 [ 2228.618459] warn_alloc.cold+0x96/0x1af [ 2228.622427] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2228.627268] ? wait_for_completion+0x420/0x420 [ 2228.631850] __alloc_pages_slowpath+0x23c6/0x2930 [ 2228.636695] ? warn_alloc+0xf0/0xf0 [ 2228.640325] ? __might_sleep+0x93/0xb0 [ 2228.644206] __alloc_pages_nodemask+0x62c/0x7a0 [ 2228.648873] ? lock_downgrade+0x740/0x740 [ 2228.653006] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2228.658026] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2228.663669] alloc_pages_current+0xec/0x1e0 [ 2228.667987] ion_page_pool_alloc+0x11f/0x1c0 [ 2228.672396] ion_system_heap_allocate+0x138/0x910 [ 2228.677278] ? ion_system_heap_free+0x250/0x250 [ 2228.681953] ion_alloc+0x68c/0x860 [ 2228.685489] ? ion_dma_buf_release+0x50/0x50 [ 2228.689895] ? kasan_check_write+0x14/0x20 [ 2228.695330] ? _copy_from_user+0x99/0x110 [ 2228.699473] ion_ioctl+0x105/0x217 [ 2228.703021] ? ion_alloc.cold+0x40/0x40 [ 2228.706992] ? ion_alloc.cold+0x40/0x40 [ 2228.710969] do_vfs_ioctl+0x7ae/0x1060 [ 2228.714851] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2228.719607] ? lock_downgrade+0x740/0x740 [ 2228.723772] ? ioctl_preallocate+0x1c0/0x1c0 [ 2228.728171] ? __fget+0x237/0x370 [ 2228.731633] ? security_file_ioctl+0x89/0xb0 [ 2228.736050] SyS_ioctl+0x8f/0xc0 [ 2228.739420] ? do_vfs_ioctl+0x1060/0x1060 [ 2228.743624] do_syscall_64+0x1e8/0x640 [ 2228.747616] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2228.752461] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2228.757749] RIP: 0033:0x45a679 [ 2228.760933] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2228.768702] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2228.776073] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2228.783339] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2228.790743] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2228.798152] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2228.806541] warn_alloc_show_mem: 1 callbacks suppressed [ 2228.806544] Mem-Info: [ 2228.814559] active_anon:1217047 inactive_anon:199 isolated_anon:0 [ 2228.814559] active_file:6789 inactive_file:7887 isolated_file:0 [ 2228.814559] unevictable:0 dirty:367 writeback:0 unstable:0 [ 2228.814559] slab_reclaimable:18818 slab_unreclaimable:140173 [ 2228.814559] mapped:57636 shmem:255 pagetables:41774 bounce:0 [ 2228.814559] free:57377 free_pcp:668 free_cma:0 [ 2228.848417] Node 0 active_anon:1805540kB inactive_anon:764kB active_file:8kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:24kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2228.876006] Node 1 active_anon:3062648kB inactive_anon:32kB active_file:27148kB inactive_file:31512kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21624kB dirty:1444kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2228.904059] Node 0 DMA free:10376kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2228.931452] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2228.936622] Node 0 DMA32 free:27492kB min:36380kB low:45472kB high:54564kB active_anon:1801096kB inactive_anon:764kB active_file:8kB inactive_file:36kB unevictable:0kB writepending:24kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66192kB bounce:0kB free_pcp:1424kB local_pcp:772kB free_cma:0kB [ 2228.965940] lowmem_reserve[]: 0 0 0 0 0 [ 2228.969954] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2228.995326] lowmem_reserve[]: 0 0 0 0 0 [ 2228.999327] Node 1 Normal free:191840kB min:53508kB low:66884kB high:80260kB active_anon:3062648kB inactive_anon:32kB active_file:27148kB inactive_file:31512kB unevictable:0kB writepending:1444kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45472kB pagetables:100896kB bounce:0kB free_pcp:1284kB local_pcp:660kB free_cma:0kB [ 2229.029798] lowmem_reserve[]: 0 0 0 0 0 [ 2229.033830] Node 0 DMA: 4*4kB (UM) 37*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 3*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10376kB [ 2229.049649] Node 0 DMA32: 2983*4kB (UME) 161*8kB (UME) 70*16kB (UM) 365*32kB (UM) 18*64kB (M) 3*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27556kB [ 2229.064586] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2229.075361] Node 1 Normal: 4353*4kB (UME) 1064*8kB (UMEH) 655*16kB (UMEH) 1187*32kB (UMEH) 294*64kB (UME) 27*128kB (UMEH) 30*256kB (UMEH) 93*512kB (UME) 29*1024kB (UMH) 5*2048kB (M) 0*4096kB = 191892kB [ 2229.093758] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2229.102651] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2229.111839] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2229.120733] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2229.129304] 14775 total pagecache pages 20:57:39 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) 20:57:39 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000540)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) 20:57:39 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000340)) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) 20:57:39 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) setuid(0x0) 20:57:39 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 20:57:39 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) [ 2229.133351] 0 pages in swap cache [ 2229.136814] Swap cache stats: add 0, delete 0, find 0/0 [ 2229.142207] Free swap = 0kB [ 2229.145217] Total swap = 0kB [ 2229.148216] 1965979 pages RAM [ 2229.151367] 0 pages HighMem/MovableOnly [ 2229.155330] 335854 pages reserved [ 2229.158763] 0 pages cma reserved 20:57:39 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) 20:57:39 executing program 1: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000004060501ff0080fffdffff2e0a0005610c000100060000007d0a00010c0002"], 0x23}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 20:57:39 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r1, &(0x7f0000000380)=""/87, 0x192) getdents64(r1, &(0x7f0000000080)=""/167, 0xa7) r2 = fcntl$dupfd(0xffffffffffffffff, 0xc0a, r1) ioctl$KDGKBENT(r2, 0x4b46, &(0x7f00000000c0)={0x1, 0x5, 0x6}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 20:57:39 executing program 5: ioctl$CAPI_NCCI_GETUNIT(0xffffffffffffffff, 0x80044327, &(0x7f0000000000)=0x6) 20:57:39 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) getpgid(r2) [ 2229.451488] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2229.511497] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2229.534841] CPU: 1 PID: 7746 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2229.541496] IPVS: ftp: loaded support on port[0] = 21 [ 2229.542705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2229.557269] Call Trace: [ 2229.559872] dump_stack+0x142/0x197 [ 2229.563529] warn_alloc.cold+0x96/0x1af [ 2229.567526] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2229.572396] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2229.577696] __alloc_pages_slowpath+0x23c6/0x2930 [ 2229.582581] ? save_trace+0x290/0x290 [ 2229.586415] ? warn_alloc+0xf0/0xf0 [ 2229.590062] ? __might_sleep+0x93/0xb0 [ 2229.593964] __alloc_pages_nodemask+0x62c/0x7a0 [ 2229.598646] ? lock_downgrade+0x740/0x740 [ 2229.602808] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2229.607843] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2229.613478] alloc_pages_current+0xec/0x1e0 [ 2229.613502] ion_page_pool_alloc+0x11f/0x1c0 [ 2229.613516] ion_system_heap_allocate+0x138/0x910 [ 2229.613525] ? ion_alloc+0x19b/0x860 [ 2229.613538] ? rcu_read_lock_sched_held+0x110/0x130 [ 2229.622249] ? ion_system_heap_free+0x250/0x250 [ 2229.622266] ion_alloc+0x222/0x860 [ 2229.622285] ? ion_dma_buf_release+0x50/0x50 [ 2229.622306] ? kasan_check_write+0x14/0x20 [ 2229.622316] ? _copy_from_user+0x99/0x110 [ 2229.622328] ion_ioctl+0x105/0x217 [ 2229.622338] ? ion_alloc.cold+0x40/0x40 [ 2229.622353] ? ion_alloc.cold+0x40/0x40 [ 2229.668346] do_vfs_ioctl+0x7ae/0x1060 [ 2229.672250] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2229.677017] ? lock_downgrade+0x740/0x740 [ 2229.681188] ? ioctl_preallocate+0x1c0/0x1c0 [ 2229.685619] ? __fget+0x237/0x370 [ 2229.689090] ? security_file_ioctl+0x89/0xb0 [ 2229.693519] SyS_ioctl+0x8f/0xc0 [ 2229.696900] ? do_vfs_ioctl+0x1060/0x1060 [ 2229.701066] do_syscall_64+0x1e8/0x640 [ 2229.704964] ? trace_hardirqs_off_thunk+0x1a/0x1c 20:57:39 executing program 5: ioctl$CAPI_NCCI_GETUNIT(0xffffffffffffffff, 0x80044327, &(0x7f0000000000)=0x6) [ 2229.709838] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2229.715034] RIP: 0033:0x45a679 [ 2229.718231] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2229.725953] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2229.733235] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2229.740516] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2229.747806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2229.755087] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2229.816547] Mem-Info: [ 2229.819239] active_anon:1217247 inactive_anon:199 isolated_anon:0 [ 2229.819239] active_file:6789 inactive_file:7937 isolated_file:0 [ 2229.819239] unevictable:0 dirty:367 writeback:0 unstable:0 [ 2229.819239] slab_reclaimable:18813 slab_unreclaimable:140201 [ 2229.819239] mapped:57686 shmem:255 pagetables:41859 bounce:0 [ 2229.819239] free:63115 free_pcp:280 free_cma:0 [ 2229.857561] Node 0 active_anon:1805456kB inactive_anon:768kB active_file:8kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208924kB dirty:24kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2229.885627] Node 0 DMA free:10396kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2229.912180] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2229.917485] Node 0 DMA32 free:52436kB min:36380kB low:45472kB high:54564kB active_anon:1801012kB inactive_anon:768kB active_file:8kB inactive_file:36kB unevictable:0kB writepending:24kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66224kB bounce:0kB free_pcp:1160kB local_pcp:468kB free_cma:0kB [ 2229.948471] lowmem_reserve[]: 0 0 0 0 0 [ 2229.952525] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2229.977888] lowmem_reserve[]: 0 0 0 0 0 [ 2229.981959] Node 0 DMA: 7*4kB (UM) 38*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 3*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10396kB [ 2229.997712] Node 0 DMA32: 3413*4kB (UMEH) 1324*8kB (UMEH) 864*16kB (UMH) 373*32kB (UMH) 21*64kB (UM) 4*128kB (UM) 2*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 52372kB [ 2230.013236] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2230.024072] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2230.039422] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2230.049697] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2230.058967] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2230.068861] 14848 total pagecache pages [ 2230.074935] 0 pages in swap cache [ 2230.078810] Swap cache stats: add 0, delete 0, find 0/0 [ 2230.084678] Free swap = 0kB [ 2230.088024] Total swap = 0kB [ 2230.091437] 1965979 pages RAM [ 2230.094841] 0 pages HighMem/MovableOnly [ 2230.099023] 335854 pages reserved [ 2230.102852] 0 pages cma reserved [ 2230.153831] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2230.166981] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2230.172506] CPU: 1 PID: 7746 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2230.180319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2230.189718] Call Trace: [ 2230.192314] dump_stack+0x142/0x197 [ 2230.195954] dump_header+0x177/0x6cd [ 2230.199677] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2230.204878] ? ___ratelimit+0x55/0x537 [ 2230.208788] oom_kill_process.cold+0x10/0xadd [ 2230.213290] ? oom_unkillable_task+0x294/0x390 [ 2230.217872] ? lock_downgrade+0x740/0x740 [ 2230.222042] out_of_memory+0x2ee/0x1180 [ 2230.226030] ? lock_acquire+0x16f/0x430 [ 2230.230031] ? oom_killer_disable+0x1d0/0x1d0 [ 2230.234542] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2230.239520] __alloc_pages_slowpath+0x2251/0x2930 [ 2230.244398] ? warn_alloc+0xf0/0xf0 [ 2230.248050] ? __might_sleep+0x93/0xb0 [ 2230.251959] __alloc_pages_nodemask+0x62c/0x7a0 [ 2230.256652] ? lock_downgrade+0x740/0x740 [ 2230.260823] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2230.265955] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2230.271574] alloc_pages_current+0xec/0x1e0 [ 2230.275889] ion_page_pool_alloc+0x11f/0x1c0 [ 2230.280287] ion_system_heap_allocate+0x138/0x910 [ 2230.285119] ? ion_alloc+0x19b/0x860 [ 2230.288823] ? rcu_read_lock_sched_held+0x110/0x130 [ 2230.293832] ? ion_system_heap_free+0x250/0x250 [ 2230.298492] ion_alloc+0x222/0x860 [ 2230.302025] ? ion_dma_buf_release+0x50/0x50 [ 2230.306438] ? kasan_check_write+0x14/0x20 [ 2230.310673] ? _copy_from_user+0x99/0x110 [ 2230.314809] ion_ioctl+0x105/0x217 [ 2230.318334] ? ion_alloc.cold+0x40/0x40 [ 2230.322309] ? ion_alloc.cold+0x40/0x40 [ 2230.326276] do_vfs_ioctl+0x7ae/0x1060 [ 2230.330161] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2230.334929] ? lock_downgrade+0x740/0x740 [ 2230.339081] ? ioctl_preallocate+0x1c0/0x1c0 [ 2230.343487] ? __fget+0x237/0x370 [ 2230.346948] ? security_file_ioctl+0x89/0xb0 [ 2230.351364] SyS_ioctl+0x8f/0xc0 [ 2230.354732] ? do_vfs_ioctl+0x1060/0x1060 [ 2230.358878] do_syscall_64+0x1e8/0x640 [ 2230.362763] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2230.367618] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2230.372803] RIP: 0033:0x45a679 [ 2230.375983] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2230.383688] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2230.390963] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2230.398232] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2230.405491] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2230.412758] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2230.420598] Mem-Info: [ 2230.423071] active_anon:1217159 inactive_anon:199 isolated_anon:0 [ 2230.423071] active_file:6809 inactive_file:7946 isolated_file:0 [ 2230.423071] unevictable:0 dirty:407 writeback:0 unstable:0 [ 2230.423071] slab_reclaimable:18810 slab_unreclaimable:140129 [ 2230.423071] mapped:57648 shmem:255 pagetables:41819 bounce:0 [ 2230.423071] free:59480 free_pcp:200 free_cma:0 [ 2230.457623] Node 0 active_anon:1805464kB inactive_anon:776kB active_file:20kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:28kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2230.485304] Node 0 DMA free:10396kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2230.511782] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2230.516837] Node 0 DMA32 free:36624kB min:36380kB low:45472kB high:54564kB active_anon:1801020kB inactive_anon:776kB active_file:20kB inactive_file:28kB unevictable:0kB writepending:28kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66220kB bounce:0kB free_pcp:800kB local_pcp:148kB free_cma:0kB [ 2230.546109] lowmem_reserve[]: 0 0 0 0 0 [ 2230.550170] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2230.575956] lowmem_reserve[]: 0 0 0 0 0 [ 2230.579952] Node 0 DMA: 7*4kB (UM) 38*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 3*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10396kB [ 2230.595735] Node 0 DMA32: 3138*4kB (UMEH) 163*8kB (UMEH) 523*16kB (UMH) 376*32kB (UMH) 21*64kB (UM) 4*128kB (UM) 2*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36624kB [ 2230.611168] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2230.621974] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2230.630939] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2230.639521] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2230.648451] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2230.657089] 14860 total pagecache pages [ 2230.661136] 0 pages in swap cache [ 2230.664583] Swap cache stats: add 0, delete 0, find 0/0 [ 2230.669928] Free swap = 0kB [ 2230.673017] Total swap = 0kB [ 2230.676034] 1965979 pages RAM [ 2230.679140] 0 pages HighMem/MovableOnly [ 2230.683171] 335854 pages reserved [ 2230.686619] 0 pages cma reserved [ 2230.689971] Out of memory: Kill process 20282 (syz-executor.3) score 1010 or sacrifice child [ 2230.698649] Killed process 20282 (syz-executor.3) total-vm:72980kB, anon-rss:16548kB, file-rss:35632kB, shmem-rss:0kB [ 2231.805550] oom_reaper: reaped process 7746 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2233.623637] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2233.636743] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2233.642169] CPU: 0 PID: 7746 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2233.649962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.659317] Call Trace: [ 2233.661896] dump_stack+0x142/0x197 [ 2233.665523] dump_header+0x177/0x6cd [ 2233.669225] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2233.674308] ? ___ratelimit+0x55/0x537 [ 2233.678198] oom_kill_process.cold+0x10/0xadd [ 2233.682692] ? oom_unkillable_task+0x294/0x390 [ 2233.687268] ? lock_downgrade+0x740/0x740 [ 2233.691404] out_of_memory+0x2ee/0x1180 [ 2233.695552] ? lock_acquire+0x16f/0x430 [ 2233.699627] ? oom_killer_disable+0x1d0/0x1d0 [ 2233.704112] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2233.709040] __alloc_pages_slowpath+0x2251/0x2930 [ 2233.713876] ? warn_alloc+0xf0/0xf0 [ 2233.717508] ? __might_sleep+0x93/0xb0 [ 2233.721389] __alloc_pages_nodemask+0x62c/0x7a0 [ 2233.726041] ? lock_downgrade+0x740/0x740 [ 2233.730188] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2233.735201] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2233.740821] alloc_pages_current+0xec/0x1e0 [ 2233.745138] ion_page_pool_alloc+0x11f/0x1c0 [ 2233.749525] ion_system_heap_allocate+0x138/0x910 [ 2233.754349] ? ion_alloc+0x19b/0x860 [ 2233.758045] ? rcu_read_lock_sched_held+0x110/0x130 [ 2233.763041] ? ion_system_heap_free+0x250/0x250 [ 2233.767694] ion_alloc+0x222/0x860 [ 2233.771217] ? ion_dma_buf_release+0x50/0x50 [ 2233.775608] ? kasan_check_write+0x14/0x20 [ 2233.779834] ? _copy_from_user+0x99/0x110 [ 2233.783963] ion_ioctl+0x105/0x217 [ 2233.787484] ? ion_alloc.cold+0x40/0x40 [ 2233.791454] ? ion_alloc.cold+0x40/0x40 [ 2233.795428] do_vfs_ioctl+0x7ae/0x1060 [ 2233.799297] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2233.804030] ? lock_downgrade+0x740/0x740 [ 2233.808170] ? ioctl_preallocate+0x1c0/0x1c0 [ 2233.812570] ? __fget+0x237/0x370 [ 2233.816008] ? security_file_ioctl+0x89/0xb0 [ 2233.820399] SyS_ioctl+0x8f/0xc0 [ 2233.823744] ? do_vfs_ioctl+0x1060/0x1060 [ 2233.827877] do_syscall_64+0x1e8/0x640 [ 2233.831745] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2233.836595] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2233.841764] RIP: 0033:0x45a679 [ 2233.844945] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2233.852632] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2233.859883] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2233.867145] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2233.874410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2233.881669] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2233.890418] Mem-Info: [ 2233.892889] active_anon:1212965 inactive_anon:199 isolated_anon:0 [ 2233.892889] active_file:6810 inactive_file:7981 isolated_file:0 [ 2233.892889] unevictable:0 dirty:443 writeback:0 unstable:0 [ 2233.892889] slab_reclaimable:18810 slab_unreclaimable:139755 [ 2233.892889] mapped:57638 shmem:255 pagetables:41758 bounce:0 [ 2233.892889] free:55359 free_pcp:248 free_cma:0 [ 2233.927061] Node 0 active_anon:1788932kB inactive_anon:776kB active_file:8kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:28kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2233.954775] Node 0 DMA free:10376kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2233.981240] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2233.986261] Node 0 DMA32 free:18164kB min:36380kB low:45472kB high:54564kB active_anon:1784488kB inactive_anon:776kB active_file:8kB inactive_file:40kB unevictable:0kB writepending:28kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66084kB bounce:0kB free_pcp:992kB local_pcp:660kB free_cma:0kB [ 2234.016054] lowmem_reserve[]: 0 0 0 0 0 [ 2234.020136] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2234.045526] lowmem_reserve[]: 0 0 0 0 0 [ 2234.049548] Node 0 DMA: 4*4kB (UM) 37*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 3*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10376kB [ 2234.065216] Node 0 DMA32: 3109*4kB (UME) 162*8kB (UME) 59*16kB (UM) 51*32kB (UM) 19*64kB (M) 3*128kB (M) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18164kB [ 2234.080222] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2234.095643] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2234.104620] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2234.113299] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2234.122225] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2234.130954] 14896 total pagecache pages [ 2234.134937] 0 pages in swap cache [ 2234.138386] Swap cache stats: add 0, delete 0, find 0/0 [ 2234.144379] Free swap = 0kB [ 2234.147397] Total swap = 0kB [ 2234.150559] 1965979 pages RAM [ 2234.153655] 0 pages HighMem/MovableOnly [ 2234.157725] 335854 pages reserved [ 2234.161384] 0 pages cma reserved [ 2234.164759] Out of memory: Kill process 20090 (syz-executor.1) score 1009 or sacrifice child [ 2234.173470] Killed process 20090 (syz-executor.1) total-vm:72980kB, anon-rss:16568kB, file-rss:34864kB, shmem-rss:0kB [ 2234.185268] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2234.196760] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2234.202229] CPU: 0 PID: 7746 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2234.210036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2234.219417] Call Trace: [ 2234.221993] dump_stack+0x142/0x197 [ 2234.225610] warn_alloc.cold+0x96/0x1af [ 2234.229660] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2234.234489] ? wait_for_completion+0x420/0x420 [ 2234.239057] __alloc_pages_slowpath+0x23c6/0x2930 [ 2234.243904] ? warn_alloc+0xf0/0xf0 [ 2234.247521] ? __might_sleep+0x93/0xb0 [ 2234.251391] __alloc_pages_nodemask+0x62c/0x7a0 [ 2234.256042] ? lock_downgrade+0x740/0x740 [ 2234.260170] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2234.265171] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2234.270776] alloc_pages_current+0xec/0x1e0 [ 2234.275083] ion_page_pool_alloc+0x11f/0x1c0 [ 2234.279488] ion_system_heap_allocate+0x138/0x910 [ 2234.284312] ? ion_alloc+0x19b/0x860 [ 2234.288024] ? rcu_read_lock_sched_held+0x110/0x130 [ 2234.293037] ? ion_system_heap_free+0x250/0x250 [ 2234.297687] ion_alloc+0x222/0x860 [ 2234.301211] ? ion_dma_buf_release+0x50/0x50 [ 2234.305615] ? kasan_check_write+0x14/0x20 [ 2234.309830] ? _copy_from_user+0x99/0x110 [ 2234.313960] ion_ioctl+0x105/0x217 [ 2234.317491] ? ion_alloc.cold+0x40/0x40 [ 2234.321451] ? ion_alloc.cold+0x40/0x40 [ 2234.325405] do_vfs_ioctl+0x7ae/0x1060 [ 2234.329275] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2234.334015] ? lock_downgrade+0x740/0x740 [ 2234.338146] ? ioctl_preallocate+0x1c0/0x1c0 [ 2234.342538] ? __fget+0x237/0x370 [ 2234.345981] ? security_file_ioctl+0x89/0xb0 [ 2234.350370] SyS_ioctl+0x8f/0xc0 [ 2234.353717] ? do_vfs_ioctl+0x1060/0x1060 [ 2234.357846] do_syscall_64+0x1e8/0x640 [ 2234.361714] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2234.366559] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2234.371993] RIP: 0033:0x45a679 [ 2234.375167] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2234.382996] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2234.390252] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2234.397508] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2234.404763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2234.412012] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2234.420315] Mem-Info: [ 2234.422752] active_anon:1208390 inactive_anon:199 isolated_anon:0 [ 2234.422752] active_file:6811 inactive_file:7980 isolated_file:0 [ 2234.422752] unevictable:0 dirty:449 writeback:0 unstable:0 [ 2234.422752] slab_reclaimable:18805 slab_unreclaimable:139745 [ 2234.422752] mapped:57638 shmem:255 pagetables:41721 bounce:0 [ 2234.422752] free:59869 free_pcp:674 free_cma:0 [ 2234.456711] Node 0 active_anon:1783132kB inactive_anon:776kB active_file:12kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:28kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2234.484407] Node 1 active_anon:3050428kB inactive_anon:20kB active_file:27232kB inactive_file:31884kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21632kB dirty:1768kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2234.512353] Node 0 DMA free:10376kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2234.538834] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2234.543944] Node 0 DMA32 free:23664kB min:36380kB low:45472kB high:54564kB active_anon:1778688kB inactive_anon:776kB active_file:12kB inactive_file:36kB unevictable:0kB writepending:28kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66084kB bounce:0kB free_pcp:1320kB local_pcp:660kB free_cma:0kB [ 2234.573859] lowmem_reserve[]: 0 0 0 0 0 [ 2234.577847] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2234.603393] lowmem_reserve[]: 0 0 0 0 0 [ 2234.607447] Node 1 Normal free:205536kB min:53508kB low:66884kB high:80260kB active_anon:3050428kB inactive_anon:20kB active_file:27232kB inactive_file:31884kB unevictable:0kB writepending:1768kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45440kB pagetables:100792kB bounce:0kB free_pcp:1408kB local_pcp:680kB free_cma:0kB [ 2234.637787] lowmem_reserve[]: 0 0 0 0 0 [ 2234.641825] Node 0 DMA: 4*4kB (UM) 37*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 3*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10376kB [ 2234.657596] Node 0 DMA32: 3396*4kB (UME) 264*8kB (UME) 155*16kB (UM) 70*32kB (UM) 34*64kB (M) 7*128kB (UM) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23744kB [ 2234.672636] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2234.683398] Node 1 Normal: 4602*4kB (UME) 1203*8kB (UMEH) 797*16kB (UMEH) 1260*32kB (UMEH) 364*64kB (UMEH) 47*128kB (UMEH) 30*256kB (UMEH) 93*512kB (UME) 29*1024kB (UMH) 5*2048kB (M) 0*4096kB = 205648kB [ 2234.702157] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2234.711063] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2234.719638] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2234.728533] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2234.737241] 14896 total pagecache pages [ 2234.741274] 0 pages in swap cache [ 2234.744716] Swap cache stats: add 0, delete 0, find 0/0 [ 2234.750124] Free swap = 0kB [ 2234.753134] Total swap = 0kB [ 2234.756134] 1965979 pages RAM [ 2234.759215] 0 pages HighMem/MovableOnly [ 2234.763232] 335854 pages reserved [ 2234.766675] 0 pages cma reserved [ 2234.821959] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2234.834186] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2234.839570] CPU: 0 PID: 7746 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2234.847342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2234.856677] Call Trace: [ 2234.859251] dump_stack+0x142/0x197 [ 2234.862878] warn_alloc.cold+0x96/0x1af [ 2234.866840] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2234.871685] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2234.876959] __alloc_pages_slowpath+0x23c6/0x2930 [ 2234.881788] ? save_trace+0x290/0x290 [ 2234.885572] ? warn_alloc+0xf0/0xf0 [ 2234.889225] ? __might_sleep+0x93/0xb0 [ 2234.893110] __alloc_pages_nodemask+0x62c/0x7a0 [ 2234.897785] ? lock_downgrade+0x740/0x740 [ 2234.901924] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2234.907032] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2234.912675] alloc_pages_current+0xec/0x1e0 [ 2234.916996] ion_page_pool_alloc+0x11f/0x1c0 [ 2234.921436] ion_system_heap_allocate+0x138/0x910 [ 2234.926290] ? ion_system_heap_free+0x250/0x250 [ 2234.930977] ion_alloc+0x68c/0x860 [ 2234.934528] ? ion_dma_buf_release+0x50/0x50 [ 2234.938950] ? kasan_check_write+0x14/0x20 [ 2234.943194] ? _copy_from_user+0x99/0x110 [ 2234.947326] ion_ioctl+0x105/0x217 [ 2234.950862] ? ion_alloc.cold+0x40/0x40 [ 2234.954847] ? ion_alloc.cold+0x40/0x40 [ 2234.958817] do_vfs_ioctl+0x7ae/0x1060 [ 2234.962690] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2234.967429] ? lock_downgrade+0x740/0x740 [ 2234.971572] ? ioctl_preallocate+0x1c0/0x1c0 [ 2234.975977] ? __fget+0x237/0x370 [ 2234.979427] ? security_file_ioctl+0x89/0xb0 [ 2234.983820] SyS_ioctl+0x8f/0xc0 [ 2234.987169] ? do_vfs_ioctl+0x1060/0x1060 [ 2234.991316] do_syscall_64+0x1e8/0x640 [ 2234.995209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2235.000136] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2235.005330] RIP: 0033:0x45a679 [ 2235.008531] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2235.016235] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2235.023495] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2235.030759] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2235.038027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2235.045285] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2235.220173] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2235.231754] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2235.237143] CPU: 0 PID: 7746 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2235.245270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2235.254638] Call Trace: [ 2235.257271] dump_stack+0x142/0x197 [ 2235.260897] warn_alloc.cold+0x96/0x1af [ 2235.264864] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2235.269704] ? call_timer_fn+0x670/0x670 [ 2235.273783] __alloc_pages_slowpath+0x23c6/0x2930 [ 2235.278652] ? warn_alloc+0xf0/0xf0 [ 2235.282300] ? __might_sleep+0x93/0xb0 [ 2235.286183] __alloc_pages_nodemask+0x62c/0x7a0 [ 2235.290855] ? lock_downgrade+0x740/0x740 [ 2235.295016] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2235.300040] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2235.305673] alloc_pages_current+0xec/0x1e0 [ 2235.310040] ion_page_pool_alloc+0x11f/0x1c0 [ 2235.314719] ion_system_heap_allocate+0x138/0x910 [ 2235.319554] ? ion_system_heap_free+0x250/0x250 [ 2235.324220] ion_alloc+0x68c/0x860 [ 2235.327792] ? ion_dma_buf_release+0x50/0x50 [ 2235.332208] ? kasan_check_write+0x14/0x20 [ 2235.336444] ? _copy_from_user+0x99/0x110 [ 2235.340735] ion_ioctl+0x105/0x217 [ 2235.344302] ? ion_alloc.cold+0x40/0x40 [ 2235.348269] ? ion_alloc.cold+0x40/0x40 [ 2235.352251] do_vfs_ioctl+0x7ae/0x1060 [ 2235.356139] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2235.360892] ? lock_downgrade+0x740/0x740 [ 2235.365030] ? ioctl_preallocate+0x1c0/0x1c0 [ 2235.369438] ? __fget+0x237/0x370 [ 2235.372898] ? security_file_ioctl+0x89/0xb0 [ 2235.377312] SyS_ioctl+0x8f/0xc0 [ 2235.380669] ? do_vfs_ioctl+0x1060/0x1060 [ 2235.384845] do_syscall_64+0x1e8/0x640 [ 2235.388723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2235.393575] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2235.398764] RIP: 0033:0x45a679 [ 2235.402206] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2235.410042] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2235.417351] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2235.424612] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2235.431880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2235.439160] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2235.447441] warn_alloc_show_mem: 1 callbacks suppressed [ 2235.447445] Mem-Info: [ 2235.455588] active_anon:1208355 inactive_anon:199 isolated_anon:0 [ 2235.455588] active_file:6810 inactive_file:7988 isolated_file:0 [ 2235.455588] unevictable:0 dirty:463 writeback:0 unstable:0 [ 2235.455588] slab_reclaimable:18805 slab_unreclaimable:139748 [ 2235.455588] mapped:57638 shmem:255 pagetables:41708 bounce:0 [ 2235.455588] free:58531 free_pcp:541 free_cma:0 [ 2235.489759] Node 0 active_anon:1783036kB inactive_anon:776kB active_file:8kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:40kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2235.517900] Node 1 active_anon:3050384kB inactive_anon:20kB active_file:27232kB inactive_file:31956kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21632kB dirty:1816kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2235.546499] Node 0 DMA free:10376kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2235.573883] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2235.578918] Node 0 DMA32 free:18100kB min:36380kB low:45472kB high:54564kB active_anon:1778592kB inactive_anon:776kB active_file:8kB inactive_file:52kB unevictable:0kB writepending:40kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66076kB bounce:0kB free_pcp:776kB local_pcp:124kB free_cma:0kB [ 2235.608397] lowmem_reserve[]: 0 0 0 0 0 [ 2235.612470] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2235.637984] lowmem_reserve[]: 0 0 0 0 0 [ 2235.642263] Node 1 Normal free:205648kB min:53508kB low:66884kB high:80260kB active_anon:3050384kB inactive_anon:20kB active_file:27232kB inactive_file:31956kB unevictable:0kB writepending:1816kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45440kB pagetables:100748kB bounce:0kB free_pcp:1384kB local_pcp:680kB free_cma:0kB [ 2235.672906] lowmem_reserve[]: 0 0 0 0 0 [ 2235.676926] Node 0 DMA: 4*4kB (UM) 37*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 3*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10376kB [ 2235.692603] Node 0 DMA32: 3261*4kB (ME) 164*8kB (UME) 70*16kB (UM) 82*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18100kB [ 2235.706774] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2235.717560] Node 1 Normal: 4602*4kB (UME) 1203*8kB (UMEH) 797*16kB (UMEH) 1260*32kB (UMEH) 364*64kB (UMEH) 47*128kB (UMEH) 30*256kB (UMEH) 93*512kB (UME) 29*1024kB (UMH) 5*2048kB (M) 0*4096kB = 205648kB [ 2235.735864] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2235.744750] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2235.753516] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2235.762568] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 20:57:45 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:57:45 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x523) setuid(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r2, &(0x7f0000000380)=""/87, 0x192) getdents64(r2, &(0x7f0000000080)=""/167, 0xa7) r3 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cgroup.stat\x00', 0x0, 0x0) connect$bt_l2cap(r3, &(0x7f0000000100)={0x1f, 0x2, {0x40, 0x3, 0xa9, 0x5, 0xde, 0x6}, 0x200, 0x7f}, 0xe) clone(0x8000300, &(0x7f00000001c0)="4b6467a30ab3229dde8fe7180d9beb893ed133d7ffe9258fcfb6938306bc17d8cecf5ce97692f6a82d1550a73d66abd8cdc65065917985091123ac94ac181a3fe6a65c7096767f1e21c329d93217ad154bde2c9f34c84a8da2cc2776bcf80f2a8bef4ab7161147565e46f171ce4615c3f9d9bd63d7d70ffe", &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000400)="f1e3bbd52c46f668b29ff0508dfc16acbc55b4bcfc99e94e3c888c3b48182ac9c588d6746ec5ec0f6395d3bfb1d75c6931f1224c475f7b281285f88ed292c0c6d0eefe88d7c4096547e110cf58583a035aef15b0bfdda5cb3f794402aa7ea5943e78aa6c789bb16f60bcc2fc984786e517c9") r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000180)=0x4, 0x4) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) mkdirat$cgroup(r4, &(0x7f0000000140)='syz0\x00', 0x1ff) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 20:57:45 executing program 5: ioctl$CAPI_NCCI_GETUNIT(0xffffffffffffffff, 0x80044327, &(0x7f0000000000)=0x6) 20:57:45 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) 20:57:45 executing program 1: epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) socket$unix(0x1, 0x0, 0x0) close(0xffffffffffffffff) pipe2(0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x2) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) readlink(0x0, &(0x7f0000000380)=""/96, 0x60) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000000c0)={0x1f, 0x0, 0x80, 0x3, 0x7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, &(0x7f00000002c0)={0x0, 0x2}) 20:57:45 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) setuid(0x0) [ 2235.771196] 14913 total pagecache pages [ 2235.775165] 0 pages in swap cache [ 2235.778605] Swap cache stats: add 0, delete 0, find 0/0 [ 2235.784137] Free swap = 0kB [ 2235.787160] Total swap = 0kB [ 2235.790260] 1965979 pages RAM [ 2235.793375] 0 pages HighMem/MovableOnly [ 2235.797653] 335854 pages reserved [ 2235.801196] 0 pages cma reserved 20:57:46 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) 20:57:46 executing program 4: vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) dup(0xffffffffffffffff) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, 0x0) r0 = open(&(0x7f0000000380)='./file0\x00', 0x20, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r1 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS(r1, 0x4c02, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(0xffffffffffffffff, 0x0, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000480)={0x30, 0x0, 0x0, 0x6, 0x8, 0x20000, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(r3, r4, 0x0, 0x320f) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(r5, r6, 0x0, 0x320f) fchdir(r5) r7 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r7, &(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)='fd\x00') write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x6, {0x0, 0x4, 0x0, 0x7f}}, 0x20) umount2(0x0, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000000440)) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000004d00)={@mcast1, 0x0}, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000280)={{{@in=@broadcast, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4e20, 0x7f, 0x4e24, 0x0, 0x2, 0xa0, 0x0, 0x5c, r8}, {0x0, 0x7, 0x5, 0x105, 0x0, 0x7, 0x2, 0x7b5}, {0xffff, 0x7, 0x8, 0x6}, 0x0, 0x6e6bb3, 0x0, 0x0, 0x0, 0x1}, {{@in6=@local, 0x4d5}, 0xa, @in6=@remote, 0x3505, 0x2, 0x1, 0x0, 0x82, 0x9}}, 0xe8) [ 2236.048381] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2236.075606] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2236.082329] CPU: 0 PID: 7795 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2236.090176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2236.099692] Call Trace: [ 2236.102505] dump_stack+0x142/0x197 [ 2236.106459] warn_alloc.cold+0x96/0x1af [ 2236.110468] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2236.115574] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2236.121095] __alloc_pages_slowpath+0x23c6/0x2930 [ 2236.126157] ? save_trace+0x290/0x290 [ 2236.129994] ? warn_alloc+0xf0/0xf0 [ 2236.133679] ? __might_sleep+0x93/0xb0 [ 2236.137620] __alloc_pages_nodemask+0x62c/0x7a0 [ 2236.142325] ? lock_downgrade+0x740/0x740 [ 2236.146491] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2236.151537] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2236.157218] alloc_pages_current+0xec/0x1e0 [ 2236.161578] ion_page_pool_alloc+0x11f/0x1c0 [ 2236.166013] ion_system_heap_allocate+0x138/0x910 [ 2236.170870] ? ion_alloc+0x19b/0x860 [ 2236.174600] ? rcu_read_lock_sched_held+0x110/0x130 [ 2236.179816] ? ion_system_heap_free+0x250/0x250 [ 2236.184534] ion_alloc+0x222/0x860 [ 2236.188120] ? ion_dma_buf_release+0x50/0x50 [ 2236.192571] ? kasan_check_write+0x14/0x20 [ 2236.196824] ? _copy_from_user+0x99/0x110 [ 2236.201282] ion_ioctl+0x105/0x217 [ 2236.204839] ? ion_alloc.cold+0x40/0x40 [ 2236.209008] ? ion_alloc.cold+0x40/0x40 [ 2236.213120] do_vfs_ioctl+0x7ae/0x1060 [ 2236.217026] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2236.221808] ? lock_downgrade+0x740/0x740 [ 2236.225971] ? ioctl_preallocate+0x1c0/0x1c0 [ 2236.230547] ? __fget+0x237/0x370 [ 2236.234168] ? security_file_ioctl+0x89/0xb0 [ 2236.238588] SyS_ioctl+0x8f/0xc0 [ 2236.241966] ? do_vfs_ioctl+0x1060/0x1060 [ 2236.246141] do_syscall_64+0x1e8/0x640 [ 2236.250362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2236.255226] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2236.260608] RIP: 0033:0x45a679 [ 2236.263802] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2236.271703] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2236.279261] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2236.286546] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 20:57:46 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) [ 2236.294360] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2236.301922] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2236.343143] IPVS: ftp: loaded support on port[0] = 21 20:57:46 executing program 1: epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) socket$unix(0x1, 0x0, 0x0) close(0xffffffffffffffff) pipe2(0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x2) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) readlink(0x0, &(0x7f0000000380)=""/96, 0x60) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000000c0)={0x1f, 0x0, 0x80, 0x3, 0x7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, &(0x7f00000002c0)={0x0, 0x2}) 20:57:46 executing program 4: vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) dup(0xffffffffffffffff) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, 0x0) r0 = open(&(0x7f0000000380)='./file0\x00', 0x20, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r1 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS(r1, 0x4c02, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(0xffffffffffffffff, 0x0, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000480)={0x30, 0x0, 0x0, 0x6, 0x8, 0x20000, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(r3, r4, 0x0, 0x320f) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(r5, r6, 0x0, 0x320f) fchdir(r5) r7 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r7, &(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)='fd\x00') write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x6, {0x0, 0x4, 0x0, 0x7f}}, 0x20) umount2(0x0, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000000440)) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000004d00)={@mcast1, 0x0}, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000280)={{{@in=@broadcast, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4e20, 0x7f, 0x4e24, 0x0, 0x2, 0xa0, 0x0, 0x5c, r8}, {0x0, 0x7, 0x5, 0x105, 0x0, 0x7, 0x2, 0x7b5}, {0xffff, 0x7, 0x8, 0x6}, 0x0, 0x6e6bb3, 0x0, 0x0, 0x0, 0x1}, {{@in6=@local, 0x4d5}, 0xa, @in6=@remote, 0x3505, 0x2, 0x1, 0x0, 0x82, 0x9}}, 0xe8) 20:57:46 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)=0x6) [ 2236.585443] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2236.623312] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2236.671217] CPU: 0 PID: 7795 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2236.679093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2236.688477] Call Trace: [ 2236.691193] dump_stack+0x142/0x197 [ 2236.694868] dump_header+0x177/0x6cd [ 2236.698774] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2236.703918] ? ___ratelimit+0x55/0x537 [ 2236.707850] oom_kill_process.cold+0x10/0xadd [ 2236.712382] ? rcu_read_unlock_special+0x895/0xd40 [ 2236.717379] ? lock_downgrade+0x740/0x740 [ 2236.721576] out_of_memory+0x2ee/0x1180 [ 2236.725579] ? lock_acquire+0x16f/0x430 [ 2236.729596] ? oom_killer_disable+0x1d0/0x1d0 [ 2236.734126] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2236.739096] __alloc_pages_slowpath+0x2251/0x2930 [ 2236.744014] ? warn_alloc+0xf0/0xf0 [ 2236.747694] ? __might_sleep+0x93/0xb0 [ 2236.751625] __alloc_pages_nodemask+0x62c/0x7a0 [ 2236.756333] ? lock_downgrade+0x740/0x740 [ 2236.760517] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2236.765590] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2236.771265] alloc_pages_current+0xec/0x1e0 [ 2236.775785] ion_page_pool_alloc+0x11f/0x1c0 [ 2236.780319] ion_system_heap_allocate+0x138/0x910 [ 2236.785200] ? ion_alloc+0x19b/0x860 [ 2236.788944] ? rcu_read_lock_sched_held+0x110/0x130 [ 2236.793969] ? ion_system_heap_free+0x250/0x250 [ 2236.798683] ion_alloc+0x222/0x860 [ 2236.802270] ? ion_dma_buf_release+0x50/0x50 [ 2236.806693] ? kasan_check_write+0x14/0x20 [ 2236.810927] ? _copy_from_user+0x99/0x110 [ 2236.815084] ion_ioctl+0x105/0x217 [ 2236.818631] ? ion_alloc.cold+0x40/0x40 [ 2236.822647] ? ion_alloc.cold+0x40/0x40 [ 2236.826623] do_vfs_ioctl+0x7ae/0x1060 [ 2236.830512] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2236.835324] ? lock_downgrade+0x740/0x740 [ 2236.839477] ? ioctl_preallocate+0x1c0/0x1c0 [ 2236.843890] ? __fget+0x237/0x370 [ 2236.847363] ? security_file_ioctl+0x89/0xb0 [ 2236.851777] SyS_ioctl+0x8f/0xc0 [ 2236.855158] ? do_vfs_ioctl+0x1060/0x1060 [ 2236.859315] do_syscall_64+0x1e8/0x640 [ 2236.863203] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2236.868076] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2236.873301] RIP: 0033:0x45a679 [ 2236.876498] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2236.884207] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2236.891531] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2236.898812] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2236.906192] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2236.913560] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2237.004973] Mem-Info: [ 2237.007712] active_anon:1209020 inactive_anon:199 isolated_anon:0 [ 2237.007712] active_file:6820 inactive_file:7997 isolated_file:0 [ 2237.007712] unevictable:0 dirty:80 writeback:24 unstable:0 [ 2237.007712] slab_reclaimable:18806 slab_unreclaimable:139612 [ 2237.007712] mapped:57661 shmem:255 pagetables:41840 bounce:0 [ 2237.007712] free:63850 free_pcp:30 free_cma:0 [ 2237.042550] Node 0 active_anon:1785216kB inactive_anon:780kB active_file:32kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:36kB writeback:12kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 722944kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2237.108509] Node 0 DMA free:10492kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2237.139712] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2237.152293] Node 0 DMA32 free:37372kB min:36380kB low:45472kB high:54564kB active_anon:1780760kB inactive_anon:764kB active_file:4kB inactive_file:36kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66180kB bounce:0kB free_pcp:156kB local_pcp:124kB free_cma:0kB [ 2237.257823] lowmem_reserve[]: 0 0 0 0 0 [ 2237.262191] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2237.287872] lowmem_reserve[]: 0 0 0 0 0 [ 2237.292042] Node 0 DMA: 7*4kB (UM) 34*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10492kB [ 2237.307942] Node 0 DMA32: 3335*4kB (ME) 237*8kB (UMEH) 140*16kB (UM) 259*32kB (UM) 54*64kB (UM) 32*128kB (UM) 3*256kB (U) 2*512kB (U) 0*1024kB 1*2048kB (M) 0*4096kB = 37156kB [ 2237.324110] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2237.335104] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2237.344249] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2237.353924] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2237.363431] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2237.380260] 14929 total pagecache pages [ 2237.384284] 0 pages in swap cache [ 2237.387775] Swap cache stats: add 0, delete 0, find 0/0 [ 2237.394744] Free swap = 0kB [ 2237.397874] Total swap = 0kB [ 2237.402380] 1965979 pages RAM [ 2237.405638] 0 pages HighMem/MovableOnly [ 2237.409622] 335854 pages reserved [ 2237.414424] 0 pages cma reserved [ 2237.417818] Out of memory: Kill process 8800 (syz-executor.2) score 1009 or sacrifice child [ 2237.426739] Killed process 8800 (syz-executor.2) total-vm:72980kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB [ 2238.504143] oom_reaper: reaped process 7795 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2238.559638] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2238.578711] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2238.584717] CPU: 1 PID: 7795 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2238.592640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2238.602193] Call Trace: [ 2238.604797] dump_stack+0x142/0x197 [ 2238.608445] dump_header+0x177/0x6cd [ 2238.612171] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2238.617469] ? ___ratelimit+0x55/0x537 [ 2238.621381] oom_kill_process.cold+0x10/0xadd [ 2238.626044] ? rcu_read_unlock_special+0x895/0xd40 [ 2238.631013] ? lock_downgrade+0x740/0x740 [ 2238.635180] out_of_memory+0x2ee/0x1180 [ 2238.639243] ? lock_acquire+0x16f/0x430 [ 2238.643362] ? oom_killer_disable+0x1d0/0x1d0 [ 2238.647880] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2238.652835] __alloc_pages_slowpath+0x2251/0x2930 [ 2238.657960] ? warn_alloc+0xf0/0xf0 [ 2238.661707] ? __might_sleep+0x93/0xb0 [ 2238.665612] __alloc_pages_nodemask+0x62c/0x7a0 [ 2238.670436] ? lock_downgrade+0x740/0x740 [ 2238.674659] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2238.679693] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2238.685332] alloc_pages_current+0xec/0x1e0 [ 2238.689719] ion_page_pool_alloc+0x11f/0x1c0 [ 2238.694159] ion_system_heap_allocate+0x138/0x910 [ 2238.699012] ? ion_alloc+0x19b/0x860 [ 2238.702736] ? rcu_read_lock_sched_held+0x110/0x130 [ 2238.707767] ? ion_system_heap_free+0x250/0x250 [ 2238.712652] ion_alloc+0x222/0x860 [ 2238.716233] ? ion_dma_buf_release+0x50/0x50 [ 2238.720749] ? kasan_check_write+0x14/0x20 [ 2238.725286] ? _copy_from_user+0x99/0x110 [ 2238.729834] ion_ioctl+0x105/0x217 [ 2238.733396] ? ion_alloc.cold+0x40/0x40 [ 2238.737389] ? ion_alloc.cold+0x40/0x40 [ 2238.741374] do_vfs_ioctl+0x7ae/0x1060 [ 2238.745272] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2238.750035] ? lock_downgrade+0x740/0x740 [ 2238.754191] ? ioctl_preallocate+0x1c0/0x1c0 [ 2238.758609] ? __fget+0x237/0x370 [ 2238.762204] ? security_file_ioctl+0x89/0xb0 [ 2238.766621] SyS_ioctl+0x8f/0xc0 [ 2238.770002] ? do_vfs_ioctl+0x1060/0x1060 [ 2238.774159] do_syscall_64+0x1e8/0x640 [ 2238.778052] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2238.782910] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2238.788124] RIP: 0033:0x45a679 [ 2238.791318] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2238.799036] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2238.806310] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2238.813669] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2238.820946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2238.828248] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2238.846934] Mem-Info: [ 2238.849519] active_anon:1204234 inactive_anon:199 isolated_anon:0 [ 2238.849519] active_file:6808 inactive_file:8027 isolated_file:0 [ 2238.849519] unevictable:0 dirty:43 writeback:0 unstable:0 [ 2238.849519] slab_reclaimable:18813 slab_unreclaimable:139555 [ 2238.849519] mapped:57651 shmem:255 pagetables:41671 bounce:0 [ 2238.849519] free:63470 free_pcp:123 free_cma:0 [ 2238.889331] Node 0 active_anon:1783016kB inactive_anon:764kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208924kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 720896kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2238.923799] Node 0 DMA free:10372kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2238.956477] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2238.962084] Node 0 DMA32 free:18092kB min:36380kB low:45472kB high:54564kB active_anon:1778572kB inactive_anon:764kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66180kB bounce:0kB free_pcp:492kB local_pcp:384kB free_cma:0kB [ 2238.997942] lowmem_reserve[]: 0 0 0 0 0 [ 2239.002575] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2239.035272] lowmem_reserve[]: 0 0 0 0 0 [ 2239.039406] Node 0 DMA: 3*4kB (M) 21*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10372kB [ 2239.062751] Node 0 DMA32: 3291*4kB (ME) 202*8kB (MEH) 103*16kB (M) 16*32kB (M) 16*64kB (M) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18092kB [ 2239.083519] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2239.096376] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2239.109360] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2239.120798] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2239.129923] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2239.143821] 14957 total pagecache pages [ 2239.147981] 0 pages in swap cache [ 2239.152805] Swap cache stats: add 0, delete 0, find 0/0 [ 2239.158405] Free swap = 0kB [ 2239.166572] Total swap = 0kB [ 2239.169718] 1965979 pages RAM [ 2239.174125] 0 pages HighMem/MovableOnly [ 2239.178255] 335854 pages reserved [ 2239.186738] 0 pages cma reserved [ 2239.192950] Out of memory: Kill process 8926 (syz-executor.5) score 1009 or sacrifice child [ 2239.206478] Killed process 8926 (syz-executor.5) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB [ 2239.219650] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2239.237238] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2239.243275] CPU: 1 PID: 7795 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2239.251087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2239.260562] Call Trace: [ 2239.263162] dump_stack+0x142/0x197 [ 2239.266809] warn_alloc.cold+0x96/0x1af [ 2239.270796] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2239.275769] ? wait_for_completion+0x420/0x420 [ 2239.280368] __alloc_pages_slowpath+0x23c6/0x2930 [ 2239.285228] ? warn_alloc+0xf0/0xf0 [ 2239.288859] ? __might_sleep+0x93/0xb0 [ 2239.292748] __alloc_pages_nodemask+0x62c/0x7a0 [ 2239.297427] ? lock_downgrade+0x740/0x740 [ 2239.301738] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2239.306920] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2239.312933] alloc_pages_current+0xec/0x1e0 [ 2239.317261] ion_page_pool_alloc+0x11f/0x1c0 [ 2239.321969] ion_system_heap_allocate+0x138/0x910 [ 2239.326875] ? ion_alloc+0x19b/0x860 [ 2239.330643] ? rcu_read_lock_sched_held+0x110/0x130 [ 2239.337238] ? ion_system_heap_free+0x250/0x250 [ 2239.341912] ion_alloc+0x222/0x860 [ 2239.345454] ? ion_dma_buf_release+0x50/0x50 [ 2239.349984] ? kasan_check_write+0x14/0x20 [ 2239.354279] ? _copy_from_user+0x99/0x110 [ 2239.358469] ion_ioctl+0x105/0x217 [ 2239.362006] ? ion_alloc.cold+0x40/0x40 [ 2239.366350] ? ion_alloc.cold+0x40/0x40 [ 2239.370329] do_vfs_ioctl+0x7ae/0x1060 [ 2239.374223] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2239.378979] ? lock_downgrade+0x740/0x740 [ 2239.383577] ? ioctl_preallocate+0x1c0/0x1c0 [ 2239.387995] ? __fget+0x237/0x370 [ 2239.391458] ? security_file_ioctl+0x89/0xb0 [ 2239.395860] SyS_ioctl+0x8f/0xc0 [ 2239.399462] ? do_vfs_ioctl+0x1060/0x1060 [ 2239.403621] do_syscall_64+0x1e8/0x640 [ 2239.407553] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2239.412398] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2239.417580] RIP: 0033:0x45a679 [ 2239.420760] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2239.428480] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2239.435752] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2239.443154] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2239.450547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2239.457899] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2239.466597] warn_alloc_show_mem: 1 callbacks suppressed [ 2239.466601] Mem-Info: [ 2239.474484] active_anon:1204226 inactive_anon:199 isolated_anon:0 [ 2239.474484] active_file:6808 inactive_file:8045 isolated_file:0 [ 2239.474484] unevictable:0 dirty:66 writeback:0 unstable:0 [ 2239.474484] slab_reclaimable:18813 slab_unreclaimable:139500 [ 2239.474484] mapped:57641 shmem:255 pagetables:41674 bounce:0 [ 2239.474484] free:63500 free_pcp:443 free_cma:0 [ 2239.509000] Node 0 active_anon:1783000kB inactive_anon:764kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208924kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2239.537258] Node 1 active_anon:3033904kB inactive_anon:32kB active_file:27220kB inactive_file:32164kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21640kB dirty:264kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2239.565380] Node 0 DMA free:10372kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2239.592200] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2239.597440] Node 0 DMA32 free:18092kB min:36380kB low:45472kB high:54564kB active_anon:1778556kB inactive_anon:764kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66176kB bounce:0kB free_pcp:492kB local_pcp:384kB free_cma:0kB [ 2239.626710] lowmem_reserve[]: 0 0 0 0 0 [ 2239.630755] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2239.656203] lowmem_reserve[]: 0 0 0 0 0 [ 2239.660276] Node 1 Normal free:225536kB min:53508kB low:66884kB high:80260kB active_anon:3033904kB inactive_anon:32kB active_file:27220kB inactive_file:32164kB unevictable:0kB writepending:264kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45376kB pagetables:100512kB bounce:0kB free_pcp:1300kB local_pcp:584kB free_cma:0kB [ 2239.690892] lowmem_reserve[]: 0 0 0 0 0 [ 2239.694903] Node 0 DMA: 3*4kB (M) 21*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10372kB [ 2239.710842] Node 0 DMA32: 3291*4kB (ME) 202*8kB (MEH) 103*16kB (M) 16*32kB (M) 16*64kB (M) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18092kB [ 2239.725943] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2239.737029] Node 1 Normal: 4756*4kB (UM) 1394*8kB (UMEH) 1086*16kB (UMEH) 1442*32kB (UMEH) 486*64kB (UMEH) 55*128kB (UMEH) 28*256kB (MEH) 93*512kB (UME) 28*1024kB (MH) 5*2048kB (M) 0*4096kB = 225536kB [ 2239.755448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2239.764341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2239.773277] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2239.782368] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2239.791282] 14960 total pagecache pages [ 2239.795314] 0 pages in swap cache [ 2239.799169] Swap cache stats: add 0, delete 0, find 0/0 [ 2239.804621] Free swap = 0kB [ 2239.807652] Total swap = 0kB [ 2239.810804] 1965979 pages RAM [ 2239.813913] 0 pages HighMem/MovableOnly [ 2239.817889] 335854 pages reserved [ 2239.821594] 0 pages cma reserved [ 2239.896415] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2239.908075] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2239.913951] CPU: 1 PID: 7795 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2239.921902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2239.931603] Call Trace: [ 2239.934253] dump_stack+0x142/0x197 [ 2239.938101] warn_alloc.cold+0x96/0x1af [ 2239.942105] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2239.947423] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2239.952708] __alloc_pages_slowpath+0x23c6/0x2930 [ 2239.957934] ? save_trace+0x290/0x290 [ 2239.961763] ? warn_alloc+0xf0/0xf0 [ 2239.965468] ? __might_sleep+0x93/0xb0 [ 2239.969354] __alloc_pages_nodemask+0x62c/0x7a0 [ 2239.974115] ? lock_downgrade+0x740/0x740 [ 2239.978263] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2239.983293] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2239.988933] alloc_pages_current+0xec/0x1e0 [ 2239.993290] ion_page_pool_alloc+0x11f/0x1c0 [ 2239.997972] ion_system_heap_allocate+0x138/0x910 [ 2240.002834] ? ion_system_heap_free+0x250/0x250 [ 2240.007514] ion_alloc+0x68c/0x860 [ 2240.011073] ? ion_dma_buf_release+0x50/0x50 [ 2240.015656] ? kasan_check_write+0x14/0x20 [ 2240.019890] ? _copy_from_user+0x99/0x110 [ 2240.024046] ion_ioctl+0x105/0x217 [ 2240.027589] ? ion_alloc.cold+0x40/0x40 [ 2240.031560] ? ion_alloc.cold+0x40/0x40 [ 2240.035653] do_vfs_ioctl+0x7ae/0x1060 [ 2240.039858] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2240.044620] ? lock_downgrade+0x740/0x740 [ 2240.048772] ? ioctl_preallocate+0x1c0/0x1c0 [ 2240.053189] ? __fget+0x237/0x370 [ 2240.056643] ? security_file_ioctl+0x89/0xb0 [ 2240.061070] SyS_ioctl+0x8f/0xc0 [ 2240.064451] ? do_vfs_ioctl+0x1060/0x1060 [ 2240.068749] do_syscall_64+0x1e8/0x640 [ 2240.072858] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2240.077845] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2240.083049] RIP: 0033:0x45a679 [ 2240.086245] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2240.094257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2240.101535] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2240.108811] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2240.116078] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2240.123487] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2240.325327] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2240.338447] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2240.343933] CPU: 1 PID: 7795 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2240.351740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2240.361213] Call Trace: [ 2240.363972] dump_stack+0x142/0x197 [ 2240.367602] dump_header+0x177/0x6cd [ 2240.371324] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2240.376434] ? ___ratelimit+0x55/0x537 [ 2240.380466] oom_kill_process.cold+0x10/0xadd [ 2240.384966] ? rcu_read_unlock_special+0x895/0xd40 [ 2240.389931] ? lock_downgrade+0x740/0x740 [ 2240.394097] out_of_memory+0x2ee/0x1180 [ 2240.398087] ? lock_acquire+0x16f/0x430 [ 2240.402062] ? oom_killer_disable+0x1d0/0x1d0 [ 2240.406557] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2240.411494] __alloc_pages_slowpath+0x2251/0x2930 [ 2240.416460] ? warn_alloc+0xf0/0xf0 [ 2240.420096] ? __might_sleep+0x93/0xb0 [ 2240.424205] __alloc_pages_nodemask+0x62c/0x7a0 [ 2240.429130] ? lock_downgrade+0x740/0x740 [ 2240.433303] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2240.438757] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2240.444393] alloc_pages_current+0xec/0x1e0 [ 2240.448887] ion_page_pool_alloc+0x11f/0x1c0 [ 2240.453346] ion_system_heap_allocate+0x138/0x910 [ 2240.458200] ? ion_system_heap_free+0x250/0x250 [ 2240.462867] ion_alloc+0x68c/0x860 [ 2240.466744] ? ion_dma_buf_release+0x50/0x50 [ 2240.471170] ? kasan_check_write+0x14/0x20 [ 2240.475411] ? _copy_from_user+0x99/0x110 [ 2240.479552] ion_ioctl+0x105/0x217 [ 2240.483088] ? ion_alloc.cold+0x40/0x40 [ 2240.487055] ? ion_alloc.cold+0x40/0x40 [ 2240.491031] do_vfs_ioctl+0x7ae/0x1060 [ 2240.494926] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2240.499693] ? lock_downgrade+0x740/0x740 [ 2240.503872] ? ioctl_preallocate+0x1c0/0x1c0 [ 2240.508294] ? __fget+0x237/0x370 [ 2240.511756] ? security_file_ioctl+0x89/0xb0 [ 2240.516164] SyS_ioctl+0x8f/0xc0 [ 2240.519518] ? do_vfs_ioctl+0x1060/0x1060 [ 2240.523659] do_syscall_64+0x1e8/0x640 [ 2240.527532] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2240.532385] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2240.537573] RIP: 0033:0x45a679 [ 2240.540755] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2240.548457] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2240.555719] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2240.562979] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2240.570471] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2240.577795] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2240.585351] Mem-Info: [ 2240.587782] active_anon:1200126 inactive_anon:199 isolated_anon:0 [ 2240.587782] active_file:6808 inactive_file:8055 isolated_file:0 [ 2240.587782] unevictable:0 dirty:75 writeback:0 unstable:0 [ 2240.587782] slab_reclaimable:18813 slab_unreclaimable:139502 [ 2240.587782] mapped:57641 shmem:255 pagetables:41637 bounce:0 [ 2240.587782] free:67709 free_pcp:213 free_cma:0 [ 2240.621937] Node 0 active_anon:1783000kB inactive_anon:764kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208924kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2240.649521] Node 0 DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2240.675989] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2240.681094] Node 0 DMA32 free:18176kB min:36380kB low:45472kB high:54564kB active_anon:1778556kB inactive_anon:764kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66176kB bounce:0kB free_pcp:852kB local_pcp:732kB free_cma:0kB [ 2240.710230] lowmem_reserve[]: 0 0 0 0 0 [ 2240.714208] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2240.739793] lowmem_reserve[]: 0 0 0 0 0 [ 2240.743849] Node 0 DMA: 4*4kB (UM) 28*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2240.759494] Node 0 DMA32: 3286*4kB (UME) 165*8kB (UME) 64*16kB (M) 84*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18176kB [ 2240.773007] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2240.783862] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2240.792743] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2240.801362] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2240.810265] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2240.818871] 14966 total pagecache pages [ 2240.823117] 0 pages in swap cache [ 2240.826571] Swap cache stats: add 0, delete 0, find 0/0 [ 2240.832006] Free swap = 0kB [ 2240.835022] Total swap = 0kB [ 2240.838027] 1965979 pages RAM [ 2240.841190] 0 pages HighMem/MovableOnly [ 2240.845161] 335854 pages reserved [ 2240.848639] 0 pages cma reserved [ 2240.852047] Out of memory: Kill process 9297 (syz-executor.2) score 1009 or sacrifice child [ 2240.860620] Killed process 9297 (syz-executor.2) total-vm:72980kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB [ 2240.872225] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2240.883656] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2240.889040] CPU: 1 PID: 7795 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2240.896824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2240.906356] Call Trace: [ 2240.908936] dump_stack+0x142/0x197 [ 2240.912556] warn_alloc.cold+0x96/0x1af [ 2240.916518] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2240.921349] ? wait_for_completion+0x420/0x420 [ 2240.925916] __alloc_pages_slowpath+0x23c6/0x2930 [ 2240.930751] ? warn_alloc+0xf0/0xf0 [ 2240.934365] ? __might_sleep+0x93/0xb0 [ 2240.938245] __alloc_pages_nodemask+0x62c/0x7a0 [ 2240.942897] ? lock_downgrade+0x740/0x740 [ 2240.947038] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2240.952215] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2240.957823] alloc_pages_current+0xec/0x1e0 [ 2240.962128] ion_page_pool_alloc+0x11f/0x1c0 [ 2240.966518] ion_system_heap_allocate+0x138/0x910 [ 2240.971347] ? ion_system_heap_free+0x250/0x250 [ 2240.976004] ion_alloc+0x68c/0x860 [ 2240.979530] ? ion_dma_buf_release+0x50/0x50 [ 2240.983922] ? kasan_check_write+0x14/0x20 [ 2240.988150] ? _copy_from_user+0x99/0x110 [ 2240.992280] ion_ioctl+0x105/0x217 [ 2240.995808] ? ion_alloc.cold+0x40/0x40 [ 2240.999767] ? ion_alloc.cold+0x40/0x40 [ 2241.003732] do_vfs_ioctl+0x7ae/0x1060 [ 2241.007601] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2241.012336] ? lock_downgrade+0x740/0x740 [ 2241.016478] ? ioctl_preallocate+0x1c0/0x1c0 [ 2241.020872] ? __fget+0x237/0x370 [ 2241.024312] ? security_file_ioctl+0x89/0xb0 [ 2241.028701] SyS_ioctl+0x8f/0xc0 [ 2241.032049] ? do_vfs_ioctl+0x1060/0x1060 [ 2241.036179] do_syscall_64+0x1e8/0x640 [ 2241.040053] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2241.044887] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2241.050064] RIP: 0033:0x45a679 [ 2241.053236] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2241.060935] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2241.068213] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2241.075517] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2241.082776] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2241.090035] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2241.098205] warn_alloc_show_mem: 1 callbacks suppressed [ 2241.098208] Mem-Info: [ 2241.106044] active_anon:1200126 inactive_anon:199 isolated_anon:0 [ 2241.106044] active_file:6808 inactive_file:8054 isolated_file:0 [ 2241.106044] unevictable:0 dirty:75 writeback:0 unstable:0 [ 2241.106044] slab_reclaimable:18813 slab_unreclaimable:139502 [ 2241.106044] mapped:57640 shmem:255 pagetables:41637 bounce:0 [ 2241.106044] free:67734 free_pcp:479 free_cma:0 [ 2241.140098] Node 0 active_anon:1783000kB inactive_anon:764kB active_file:12kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2241.167672] Node 1 active_anon:3017408kB inactive_anon:32kB active_file:27220kB inactive_file:32220kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21640kB dirty:336kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2241.196360] Node 0 DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2241.222799] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2241.227817] Node 0 DMA32 free:18276kB min:36380kB low:45472kB high:54564kB active_anon:1778532kB inactive_anon:764kB active_file:16kB inactive_file:20kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12672kB pagetables:66176kB bounce:0kB free_pcp:756kB local_pcp:624kB free_cma:0kB [ 2241.257066] lowmem_reserve[]: 0 0 0 0 0 [ 2241.261111] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2241.286436] lowmem_reserve[]: 0 0 0 0 0 [ 2241.290480] Node 1 Normal free:242340kB min:53508kB low:66884kB high:80260kB active_anon:3017408kB inactive_anon:32kB active_file:27220kB inactive_file:32220kB unevictable:0kB writepending:344kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45344kB pagetables:100376kB bounce:0kB free_pcp:1164kB local_pcp:584kB free_cma:0kB [ 2241.320578] lowmem_reserve[]: 0 0 0 0 0 [ 2241.324577] Node 0 DMA: 4*4kB (UM) 28*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2241.340166] Node 0 DMA32: 3289*4kB (UME) 167*8kB (UME) 64*16kB (M) 87*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18300kB [ 2241.353635] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2241.364386] Node 1 Normal: 4993*4kB (UM) 1548*8kB (UMEH) 1208*16kB (UMEH) 1566*32kB (UMEH) 600*64kB (UMEH) 60*128kB (UMEH) 31*256kB (MEH) 93*512kB (UME) 28*1024kB (MH) 5*2048kB (M) 0*4096kB = 242340kB [ 2241.382530] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2241.391410] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2241.399994] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2241.408899] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2241.417531] 14980 total pagecache pages [ 2241.421550] 0 pages in swap cache [ 2241.424993] Swap cache stats: add 0, delete 0, find 0/0 [ 2241.430392] Free swap = 0kB [ 2241.433402] Total swap = 0kB [ 2241.436408] 1965979 pages RAM [ 2241.439487] 0 pages HighMem/MovableOnly [ 2241.443501] 335854 pages reserved [ 2241.446949] 0 pages cma reserved 20:57:52 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:57:52 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) 20:57:52 executing program 5: openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(0xffffffffffffffff, 0x80044327, &(0x7f0000000000)=0x6) 20:57:52 executing program 4: vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) dup(0xffffffffffffffff) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, 0x0) r0 = open(&(0x7f0000000380)='./file0\x00', 0x20, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r1 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS(r1, 0x4c02, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(0xffffffffffffffff, 0x0, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000480)={0x30, 0x0, 0x0, 0x6, 0x8, 0x20000, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(r3, r4, 0x0, 0x320f) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(r5, r6, 0x0, 0x320f) fchdir(r5) r7 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r7, &(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)='fd\x00') write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x6, {0x0, 0x4, 0x0, 0x7f}}, 0x20) umount2(0x0, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000000440)) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000004d00)={@mcast1, 0x0}, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000280)={{{@in=@broadcast, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4e20, 0x7f, 0x4e24, 0x0, 0x2, 0xa0, 0x0, 0x5c, r8}, {0x0, 0x7, 0x5, 0x105, 0x0, 0x7, 0x2, 0x7b5}, {0xffff, 0x7, 0x8, 0x6}, 0x0, 0x6e6bb3, 0x0, 0x0, 0x0, 0x1}, {{@in6=@local, 0x4d5}, 0xa, @in6=@remote, 0x3505, 0x2, 0x1, 0x0, 0x82, 0x9}}, 0xe8) 20:57:52 executing program 1: epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) socket$unix(0x1, 0x0, 0x0) close(0xffffffffffffffff) pipe2(0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x2) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) readlink(0x0, &(0x7f0000000380)=""/96, 0x60) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000000c0)={0x1f, 0x0, 0x80, 0x3, 0x7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, &(0x7f00000002c0)={0x0, 0x2}) 20:57:52 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) setuid(0x0) 20:57:52 executing program 5: openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(0xffffffffffffffff, 0x80044327, &(0x7f0000000000)=0x6) 20:57:52 executing program 5: openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(0xffffffffffffffff, 0x80044327, &(0x7f0000000000)=0x6) [ 2242.244344] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2242.260480] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2242.266832] CPU: 0 PID: 7853 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2242.274662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2242.284025] Call Trace: [ 2242.284044] dump_stack+0x142/0x197 [ 2242.284065] warn_alloc.cold+0x96/0x1af [ 2242.284077] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2242.284109] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2242.304411] __alloc_pages_slowpath+0x23c6/0x2930 [ 2242.309291] ? save_trace+0x290/0x290 [ 2242.313115] ? warn_alloc+0xf0/0xf0 [ 2242.316787] ? __might_sleep+0x93/0xb0 [ 2242.320705] __alloc_pages_nodemask+0x62c/0x7a0 [ 2242.325407] ? lock_downgrade+0x740/0x740 [ 2242.329589] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2242.334678] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2242.340343] alloc_pages_current+0xec/0x1e0 20:57:52 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, 0x0) [ 2242.344847] ion_page_pool_alloc+0x11f/0x1c0 [ 2242.349294] ion_system_heap_allocate+0x138/0x910 [ 2242.354161] ? ion_alloc+0x19b/0x860 [ 2242.357896] ? rcu_read_lock_sched_held+0x110/0x130 [ 2242.362934] ? ion_system_heap_free+0x250/0x250 [ 2242.367636] ion_alloc+0x222/0x860 [ 2242.371214] ? ion_dma_buf_release+0x50/0x50 [ 2242.375656] ? kasan_check_write+0x14/0x20 [ 2242.379912] ? _copy_from_user+0x99/0x110 [ 2242.384089] ion_ioctl+0x105/0x217 [ 2242.387651] ? ion_alloc.cold+0x40/0x40 20:57:52 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, 0x0) [ 2242.391659] ? ion_alloc.cold+0x40/0x40 [ 2242.395663] do_vfs_ioctl+0x7ae/0x1060 [ 2242.399571] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2242.404341] ? lock_downgrade+0x740/0x740 [ 2242.408515] ? ioctl_preallocate+0x1c0/0x1c0 [ 2242.412945] ? __fget+0x237/0x370 [ 2242.416428] ? security_file_ioctl+0x89/0xb0 [ 2242.420840] SyS_ioctl+0x8f/0xc0 [ 2242.424199] ? do_vfs_ioctl+0x1060/0x1060 [ 2242.428354] do_syscall_64+0x1e8/0x640 [ 2242.432232] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2242.437073] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2242.442252] RIP: 0033:0x45a679 20:57:52 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) [ 2242.445428] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2242.453128] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2242.460390] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2242.467671] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2242.474949] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2242.482210] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2242.511890] Mem-Info: [ 2242.514372] active_anon:1196631 inactive_anon:198 isolated_anon:0 [ 2242.514372] active_file:6809 inactive_file:8083 isolated_file:0 [ 2242.514372] unevictable:0 dirty:147 writeback:0 unstable:0 [ 2242.514372] slab_reclaimable:18816 slab_unreclaimable:139402 [ 2242.514372] mapped:57678 shmem:256 pagetables:41680 bounce:0 [ 2242.514372] free:82736 free_pcp:292 free_cma:0 [ 2242.521593] IPVS: ftp: loaded support on port[0] = 21 [ 2242.561584] Node 0 active_anon:1785340kB inactive_anon:772kB active_file:16kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208924kB dirty:16kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 720896kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2242.601971] Node 0 DMA free:10424kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 20:57:52 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, 0x0) [ 2242.694973] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2242.707475] Node 0 DMA32 free:60720kB min:36380kB low:45472kB high:54564kB active_anon:1780796kB inactive_anon:772kB active_file:16kB inactive_file:20kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12768kB pagetables:66192kB bounce:0kB free_pcp:764kB local_pcp:372kB free_cma:0kB [ 2242.769825] lowmem_reserve[]: 0 0 0 0 0 [ 2242.788832] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2242.864522] lowmem_reserve[]: 0 0 0 0 0 [ 2242.876502] Node 0 DMA: 7*4kB (UM) 34*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10428kB [ 2242.991516] Node 0 DMA32: 3513*4kB (UME) 934*8kB (UMEH) 985*16kB (UMH) 341*32kB (UM) 5*64kB (UM) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 3*2048kB (U) 1*4096kB (M) = 60548kB [ 2243.042478] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2243.053423] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2243.062920] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2243.071712] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2243.080919] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2243.089543] 14980 total pagecache pages [ 2243.093631] 0 pages in swap cache [ 2243.097082] Swap cache stats: add 0, delete 0, find 0/0 [ 2243.102577] Free swap = 0kB [ 2243.105592] Total swap = 0kB [ 2243.108614] 1965979 pages RAM [ 2243.112377] 0 pages HighMem/MovableOnly [ 2243.116352] 335854 pages reserved [ 2243.119783] 0 pages cma reserved [ 2243.173374] oom_reaper: reaped process 7853 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2243.201205] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2243.212844] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2243.218249] CPU: 1 PID: 7853 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2243.226041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2243.235393] Call Trace: [ 2243.237973] dump_stack+0x142/0x197 [ 2243.241602] warn_alloc.cold+0x96/0x1af [ 2243.245575] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2243.250542] ? call_timer_fn+0x670/0x670 [ 2243.254621] __alloc_pages_slowpath+0x23c6/0x2930 [ 2243.259486] ? warn_alloc+0xf0/0xf0 [ 2243.263144] ? __might_sleep+0x93/0xb0 [ 2243.267034] __alloc_pages_nodemask+0x62c/0x7a0 [ 2243.271699] ? lock_downgrade+0x740/0x740 [ 2243.275842] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2243.280862] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2243.286492] alloc_pages_current+0xec/0x1e0 [ 2243.290805] ion_page_pool_alloc+0x11f/0x1c0 [ 2243.295221] ion_system_heap_allocate+0x138/0x910 [ 2243.300212] ? ion_alloc+0x19b/0x860 [ 2243.303944] ? rcu_read_lock_sched_held+0x110/0x130 [ 2243.308964] ? ion_system_heap_free+0x250/0x250 [ 2243.313823] ion_alloc+0x222/0x860 [ 2243.317363] ? ion_dma_buf_release+0x50/0x50 [ 2243.321780] ? kasan_check_write+0x14/0x20 [ 2243.326015] ? _copy_from_user+0x99/0x110 [ 2243.330163] ion_ioctl+0x105/0x217 [ 2243.333716] ? ion_alloc.cold+0x40/0x40 [ 2243.337701] ? ion_alloc.cold+0x40/0x40 [ 2243.341696] do_vfs_ioctl+0x7ae/0x1060 [ 2243.345618] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2243.350382] ? lock_downgrade+0x740/0x740 [ 2243.354526] ? ioctl_preallocate+0x1c0/0x1c0 [ 2243.359047] ? __fget+0x237/0x370 [ 2243.362529] ? security_file_ioctl+0x89/0xb0 [ 2243.366944] SyS_ioctl+0x8f/0xc0 [ 2243.370299] ? do_vfs_ioctl+0x1060/0x1060 [ 2243.374436] do_syscall_64+0x1e8/0x640 [ 2243.378305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2243.383176] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2243.388443] RIP: 0033:0x45a679 [ 2243.391618] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2243.399313] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2243.406573] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2243.413890] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2243.421152] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2243.428417] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2243.483353] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2243.494949] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2243.500428] CPU: 1 PID: 7853 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2243.508227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2243.517569] Call Trace: [ 2243.520156] dump_stack+0x142/0x197 [ 2243.523790] warn_alloc.cold+0x96/0x1af [ 2243.527758] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2243.532597] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2243.537862] __alloc_pages_slowpath+0x23c6/0x2930 [ 2243.542711] ? save_trace+0x290/0x290 [ 2243.546647] ? warn_alloc+0xf0/0xf0 [ 2243.550332] ? __might_sleep+0x93/0xb0 [ 2243.554222] __alloc_pages_nodemask+0x62c/0x7a0 [ 2243.558891] ? lock_downgrade+0x740/0x740 [ 2243.563038] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2243.568057] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2243.573675] alloc_pages_current+0xec/0x1e0 [ 2243.577985] ion_page_pool_alloc+0x11f/0x1c0 [ 2243.582393] ion_system_heap_allocate+0x138/0x910 [ 2243.587249] ? ion_system_heap_free+0x250/0x250 [ 2243.591909] ion_alloc+0x68c/0x860 [ 2243.595453] ? ion_dma_buf_release+0x50/0x50 [ 2243.599849] ? kasan_check_write+0x14/0x20 [ 2243.604081] ? _copy_from_user+0x99/0x110 [ 2243.608233] ion_ioctl+0x105/0x217 [ 2243.611767] ? ion_alloc.cold+0x40/0x40 [ 2243.615757] ? ion_alloc.cold+0x40/0x40 [ 2243.619740] do_vfs_ioctl+0x7ae/0x1060 [ 2243.623632] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2243.628385] ? lock_downgrade+0x740/0x740 [ 2243.632534] ? ioctl_preallocate+0x1c0/0x1c0 [ 2243.637115] ? __fget+0x237/0x370 [ 2243.640578] ? security_file_ioctl+0x89/0xb0 [ 2243.644994] SyS_ioctl+0x8f/0xc0 [ 2243.648352] ? do_vfs_ioctl+0x1060/0x1060 [ 2243.652491] do_syscall_64+0x1e8/0x640 [ 2243.656376] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2243.661237] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2243.666428] RIP: 0033:0x45a679 [ 2243.669601] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2243.677296] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2243.684564] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2243.691836] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2243.699099] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2243.706363] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2243.713918] warn_alloc_show_mem: 1 callbacks suppressed [ 2243.713921] Mem-Info: [ 2243.721739] active_anon:1196077 inactive_anon:199 isolated_anon:0 [ 2243.721739] active_file:6811 inactive_file:8074 isolated_file:0 [ 2243.721739] unevictable:0 dirty:11 writeback:0 unstable:0 [ 2243.721739] slab_reclaimable:18840 slab_unreclaimable:139241 [ 2243.721739] mapped:57656 shmem:255 pagetables:41650 bounce:0 [ 2243.721739] free:81172 free_pcp:277 free_cma:0 [ 2243.755512] Node 0 active_anon:1783408kB inactive_anon:792kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:980kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2243.788095] Node 1 active_anon:3000900kB inactive_anon:4kB active_file:27236kB inactive_file:32280kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21704kB dirty:40kB writeback:0kB shmem:40kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2243.815874] Node 0 DMA free:10412kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2243.842381] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2243.847435] Node 0 DMA32 free:49596kB min:36380kB low:45472kB high:54564kB active_anon:1779064kB inactive_anon:792kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66240kB bounce:0kB free_pcp:892kB local_pcp:652kB free_cma:0kB [ 2243.876508] lowmem_reserve[]: 0 0 0 0 0 [ 2243.880548] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2243.905999] lowmem_reserve[]: 0 0 0 0 0 [ 2243.910007] Node 1 Normal free:264680kB min:53508kB low:66884kB high:80260kB active_anon:3000900kB inactive_anon:4kB active_file:27236kB inactive_file:32280kB unevictable:0kB writepending:44kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45408kB pagetables:100352kB bounce:0kB free_pcp:208kB local_pcp:124kB free_cma:0kB [ 2243.939896] lowmem_reserve[]: 0 0 0 0 0 [ 2243.943957] Node 0 DMA: 7*4kB (UM) 34*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10428kB [ 2243.959564] Node 0 DMA32: 3729*4kB (UME) 953*8kB (UME) 997*16kB (UM) 345*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 49532kB [ 2243.973348] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2243.984132] Node 1 Normal: 5336*4kB (UM) 2071*8kB (UMEH) 1489*16kB (UMEH) 1698*32kB (UMEH) 694*64kB (UMEH) 72*128kB (MEH) 35*256kB (UMEH) 94*512kB (UME) 29*1024kB (UMH) 4*2048kB (M) 0*4096kB = 264680kB [ 2244.002589] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2244.002598] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2244.002605] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2244.002612] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2244.002618] 14996 total pagecache pages [ 2244.002629] 0 pages in swap cache [ 2244.002635] Swap cache stats: add 0, delete 0, find 0/0 [ 2244.002639] Free swap = 0kB [ 2244.002643] Total swap = 0kB [ 2244.002652] 1965979 pages RAM [ 2244.002655] 0 pages HighMem/MovableOnly [ 2244.002658] 335854 pages reserved [ 2244.002661] 0 pages cma reserved [ 2244.066862] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2244.086467] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2244.092240] CPU: 1 PID: 7853 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2244.092247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2244.092251] Call Trace: [ 2244.092269] dump_stack+0x142/0x197 [ 2244.109431] dump_header+0x177/0x6cd [ 2244.109447] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2244.109460] ? ___ratelimit+0x55/0x537 [ 2244.115649] oom_kill_process.cold+0x10/0xadd [ 2244.115659] ? oom_unkillable_task+0x294/0x390 [ 2244.115674] ? lock_downgrade+0x740/0x740 [ 2244.115690] out_of_memory+0x2ee/0x1180 [ 2244.124467] ? lock_acquire+0x16f/0x430 [ 2244.124484] ? oom_killer_disable+0x1d0/0x1d0 [ 2244.124494] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2244.124507] __alloc_pages_slowpath+0x2251/0x2930 [ 2244.124535] ? warn_alloc+0xf0/0xf0 [ 2244.124556] ? __might_sleep+0x93/0xb0 [ 2244.124569] __alloc_pages_nodemask+0x62c/0x7a0 [ 2244.124580] ? lock_downgrade+0x740/0x740 [ 2244.124592] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2244.124608] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2244.124623] alloc_pages_current+0xec/0x1e0 [ 2244.124638] ion_page_pool_alloc+0x11f/0x1c0 [ 2244.137572] ion_system_heap_allocate+0x138/0x910 [ 2244.137589] ? ion_system_heap_free+0x250/0x250 [ 2244.145692] ion_alloc+0x68c/0x860 [ 2244.145709] ? ion_dma_buf_release+0x50/0x50 [ 2244.145727] ? kasan_check_write+0x14/0x20 [ 2244.154160] ? _copy_from_user+0x99/0x110 [ 2244.154172] ion_ioctl+0x105/0x217 [ 2244.154183] ? ion_alloc.cold+0x40/0x40 [ 2244.154200] ? ion_alloc.cold+0x40/0x40 [ 2244.154213] do_vfs_ioctl+0x7ae/0x1060 [ 2244.154224] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2244.154234] ? lock_downgrade+0x740/0x740 [ 2244.154246] ? ioctl_preallocate+0x1c0/0x1c0 [ 2244.154259] ? __fget+0x237/0x370 [ 2244.154277] ? security_file_ioctl+0x89/0xb0 [ 2244.154290] SyS_ioctl+0x8f/0xc0 [ 2244.154302] ? do_vfs_ioctl+0x1060/0x1060 [ 2244.167666] do_syscall_64+0x1e8/0x640 [ 2244.167677] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2244.167694] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2244.176229] RIP: 0033:0x45a679 [ 2244.176235] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2244.176247] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2244.176253] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2244.176261] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2244.191171] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2244.191177] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2244.191481] Mem-Info: [ 2244.205006] active_anon:1196075 inactive_anon:199 isolated_anon:0 [ 2244.205006] active_file:6811 inactive_file:8074 isolated_file:0 [ 2244.205006] unevictable:0 dirty:14 writeback:0 unstable:0 [ 2244.205006] slab_reclaimable:18840 slab_unreclaimable:139241 [ 2244.205006] mapped:57646 shmem:255 pagetables:41650 bounce:0 [ 2244.205006] free:73268 free_pcp:90 free_cma:0 [ 2244.205026] Node 0 active_anon:1783400kB inactive_anon:792kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:980kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2244.213505] Node 0 [ 2244.222101] DMA free:10372kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2244.229732] lowmem_reserve[]: [ 2244.245401] 0 [ 2244.251035] 2569 [ 2244.258589] 2569 [ 2244.269843] 2569 [ 2244.276052] 2569 [ 2244.304826] Node 0 [ 2244.320586] DMA32 free:18160kB min:36380kB low:45472kB high:54564kB active_anon:1778956kB inactive_anon:792kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66240kB bounce:0kB free_pcp:360kB local_pcp:120kB free_cma:0kB [ 2244.336994] lowmem_reserve[]: [ 2244.400733] 0 [ 2244.432179] 0 [ 2244.435283] 0 [ 2244.439597] 0 [ 2244.476300] 0 [ 2244.480539] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2244.512210] lowmem_reserve[]: 0 0 0 0 0 [ 2244.516413] Node 0 DMA: 3*4kB (M) 29*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10372kB [ 2244.537939] Node 0 DMA32: 3260*4kB (ME) 222*8kB (ME) 117*16kB (M) 46*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18160kB [ 2244.557449] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2244.569117] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2244.584024] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2244.594857] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2244.606115] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2244.615224] 14996 total pagecache pages [ 2244.619401] 0 pages in swap cache [ 2244.623250] Swap cache stats: add 0, delete 0, find 0/0 [ 2244.628807] Free swap = 0kB [ 2244.632192] Total swap = 0kB [ 2244.636469] 1965979 pages RAM [ 2244.644220] 0 pages HighMem/MovableOnly [ 2244.651853] 335854 pages reserved [ 2244.655438] 0 pages cma reserved [ 2244.658927] Out of memory: Kill process 18959 (syz-executor.2) score 1009 or sacrifice child [ 2244.667833] Killed process 18959 (syz-executor.2) total-vm:72980kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB [ 2244.679924] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2244.691622] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2244.697460] CPU: 1 PID: 7853 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2244.705270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2244.714630] Call Trace: [ 2244.717228] dump_stack+0x142/0x197 [ 2244.720872] warn_alloc.cold+0x96/0x1af [ 2244.724850] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2244.729706] ? wait_for_completion+0x420/0x420 [ 2244.734286] __alloc_pages_slowpath+0x23c6/0x2930 [ 2244.739213] ? warn_alloc+0xf0/0xf0 [ 2244.742847] ? __might_sleep+0x93/0xb0 [ 2244.746722] __alloc_pages_nodemask+0x62c/0x7a0 [ 2244.751377] ? lock_downgrade+0x740/0x740 [ 2244.755512] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2244.760519] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2244.766132] alloc_pages_current+0xec/0x1e0 [ 2244.770459] ion_page_pool_alloc+0x11f/0x1c0 [ 2244.774854] ion_system_heap_allocate+0x138/0x910 [ 2244.779684] ? ion_system_heap_free+0x250/0x250 [ 2244.784343] ion_alloc+0x68c/0x860 [ 2244.787871] ? ion_dma_buf_release+0x50/0x50 [ 2244.792266] ? kasan_check_write+0x14/0x20 [ 2244.796488] ? _copy_from_user+0x99/0x110 [ 2244.800621] ion_ioctl+0x105/0x217 [ 2244.804146] ? ion_alloc.cold+0x40/0x40 [ 2244.808111] ? ion_alloc.cold+0x40/0x40 [ 2244.812069] do_vfs_ioctl+0x7ae/0x1060 [ 2244.815956] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2244.820701] ? lock_downgrade+0x740/0x740 [ 2244.824840] ? ioctl_preallocate+0x1c0/0x1c0 [ 2244.829247] ? __fget+0x237/0x370 [ 2244.832697] ? security_file_ioctl+0x89/0xb0 [ 2244.837107] SyS_ioctl+0x8f/0xc0 [ 2244.840462] ? do_vfs_ioctl+0x1060/0x1060 [ 2244.844613] do_syscall_64+0x1e8/0x640 [ 2244.848624] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2244.853491] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2244.858691] RIP: 0033:0x45a679 [ 2244.861878] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2244.870101] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2244.877358] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2244.884614] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2244.891870] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2244.899124] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2244.907752] Mem-Info: [ 2244.910523] active_anon:1196050 inactive_anon:199 isolated_anon:0 [ 2244.910523] active_file:6811 inactive_file:8074 isolated_file:0 [ 2244.910523] unevictable:0 dirty:14 writeback:0 unstable:0 [ 2244.910523] slab_reclaimable:18840 slab_unreclaimable:139370 [ 2244.910523] mapped:57646 shmem:255 pagetables:41650 bounce:0 [ 2244.910523] free:73097 free_pcp:281 free_cma:0 [ 2244.944312] Node 0 active_anon:1783400kB inactive_anon:792kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:980kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2244.971986] Node 1 active_anon:3000800kB inactive_anon:4kB active_file:27236kB inactive_file:32280kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21664kB dirty:48kB writeback:0kB shmem:40kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2244.999654] Node 0 DMA free:10372kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2245.026158] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2245.031748] Node 0 DMA32 free:18160kB min:36380kB low:45472kB high:54564kB active_anon:1778932kB inactive_anon:792kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66240kB bounce:0kB free_pcp:440kB local_pcp:144kB free_cma:0kB [ 2245.060856] lowmem_reserve[]: 0 0 0 0 0 [ 2245.064857] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2245.090177] lowmem_reserve[]: 0 0 0 0 0 [ 2245.094181] Node 1 Normal free:263800kB min:53508kB low:66884kB high:80260kB active_anon:3000800kB inactive_anon:4kB active_file:27236kB inactive_file:32324kB unevictable:0kB writepending:108kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45376kB pagetables:100292kB bounce:0kB free_pcp:680kB local_pcp:400kB free_cma:0kB [ 2245.124114] lowmem_reserve[]: 0 0 0 0 0 [ 2245.128120] Node 0 DMA: 3*4kB (M) 29*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10372kB [ 2245.143644] Node 0 DMA32: 3260*4kB (ME) 222*8kB (ME) 117*16kB (M) 45*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18128kB [ 2245.157050] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2245.167829] Node 1 Normal: 5212*4kB (UM) 1980*8kB (UMEH) 1514*16kB (UMEH) 1698*32kB (UMEH) 694*64kB (UMEH) 72*128kB (MEH) 35*256kB (UMEH) 94*512kB (UME) 29*1024kB (UMH) 4*2048kB (M) 0*4096kB = 263856kB [ 2245.186051] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2245.195006] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2245.203708] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2245.212624] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2245.221255] 15022 total pagecache pages [ 2245.221303] 0 pages in swap cache [ 2245.228708] Swap cache stats: add 0, delete 0, find 0/0 [ 2245.234116] Free swap = 0kB [ 2245.234121] Total swap = 0kB [ 2245.234131] 1965979 pages RAM [ 2245.234134] 0 pages HighMem/MovableOnly [ 2245.234139] 335854 pages reserved [ 2245.234142] 0 pages cma reserved 20:57:55 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:57:55 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000300)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000000)) 20:57:55 executing program 1: epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) r0 = socket$unix(0x1, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) accept4$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f00000001c0)=0x6e, 0x80000) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x2) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) readlink(&(0x7f0000000000)='./bus\x00', &(0x7f0000000380)=""/96, 0x60) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f00000000c0)={0x1f, 0x0, 0x80, 0x3, 0x7}) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, &(0x7f00000002c0)={0x0, 0x2}) open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) 20:57:55 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) 20:57:55 executing program 4: lstat(0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setuid(0x0) getpid() ptrace(0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) inotify_init() ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) geteuid() syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) lseek(0xffffffffffffffff, 0x0, 0x0) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, 0x0) keyctl$chown(0x5, r2, 0x0, 0x0) getpid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) socket$inet6_udp(0xa, 0x2, 0x0) lstat(0x0, 0x0) getgroups(0x0, 0x0) getpid() ptrace(0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setuid(0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setuid(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setuid(0x0) getegid() add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) getpgrp(0x0) setuid(0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) creat(0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) socket(0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 20:57:55 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:57:56 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x400, "3f69f798b58646ce276bed891d66e35700"}) 20:57:56 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="8500000007000000dc000000400000009500000000000000b625e55a9cdeb0d6a4723a18b01ea6a49f0473b70d14cab8ca2c580065a57e18ae9f0d79bb6f1f3d437cf5a711a2a499fefee861d26fd0a460afe55b913de9318ac930c3cb158e3af9ae214084f00d05eebf6c13111ee52afdc947ec810a63aba1c1ee67623da3f4f4f1c8bfe89d34b4c5b2b858c748d0edf67d64ac62d365299208782e6bf7ab20fd5d4fb7533f6329c62ed5a6ba601b7e835abb8cb29dad95b7374a64b4399110df11f255de3ea52f01e4c18dd9a0ff426643cc7c9752e2b7545fe5be1699d46aca18e107b0d20462c386014929d32411331b25c6811e95b8cbd8c4927e455f3c22541450da770dc9cf515f9c2bd52309eacb0232ec1570a5e726a010edf3bc103c8a726141d36feb5f10ebafee695a9a571d1a52d929372f8f58acd6c73b957da2fc92a45ad3421239eea9ca0e"], &(0x7f0000000240)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x1, 0x348, &(0x7f0000000480)=""/195}, 0x48) 20:57:56 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='cgroup2\x00\x93\xd9\x00P\x01\x1f\x81\xaep\n\ac\xfe\xd1\xd0\x90\x17Y\x00\xb2\xe5\xeb&\a\xf8\xc0\xefr\x17\xa1\xaa\tT\xd0\x84:Py\xd5\xfaF\x9c\x19:I\xfd\x8e\t\xf8\xf6\x17\xcc\x8f\x16\"\x18\xb1\xd8\xfb\x90f\xe9\xfev\xfb\xac\x90\xa3\x9d\xe8{\xa6F\x14\x15\xd3\v\x91\x8eWEV\x1e7\'x\'\xe6', 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0) chown(0x0, 0xee01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400000000004) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) rmdir(&(0x7f00000002c0)='./file0//ile0\x00') [ 2246.175158] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2246.197942] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2246.204754] CPU: 0 PID: 7911 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2246.212595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2246.222029] Call Trace: [ 2246.224613] dump_stack+0x142/0x197 [ 2246.228238] warn_alloc.cold+0x96/0x1af [ 2246.232204] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2246.237053] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2246.242332] __alloc_pages_slowpath+0x23c6/0x2930 [ 2246.247195] ? save_trace+0x290/0x290 [ 2246.251002] ? warn_alloc+0xf0/0xf0 [ 2246.254660] ? __might_sleep+0x93/0xb0 [ 2246.258580] __alloc_pages_nodemask+0x62c/0x7a0 [ 2246.263252] ? lock_downgrade+0x740/0x740 [ 2246.267403] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2246.272424] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2246.278049] alloc_pages_current+0xec/0x1e0 [ 2246.282374] ion_page_pool_alloc+0x11f/0x1c0 [ 2246.286777] ion_system_heap_allocate+0x138/0x910 [ 2246.291621] ? ion_alloc+0x19b/0x860 [ 2246.295330] ? rcu_read_lock_sched_held+0x110/0x130 [ 2246.300344] ? ion_system_heap_free+0x250/0x250 [ 2246.305014] ion_alloc+0x222/0x860 [ 2246.308564] ? ion_dma_buf_release+0x50/0x50 [ 2246.312970] ? kasan_check_write+0x14/0x20 [ 2246.317195] ? _copy_from_user+0x99/0x110 [ 2246.321365] ion_ioctl+0x105/0x217 [ 2246.324912] ? ion_alloc.cold+0x40/0x40 [ 2246.328894] ? do_vfs_ioctl+0x74f/0x1060 [ 2246.332953] ? ion_alloc.cold+0x40/0x40 [ 2246.336924] do_vfs_ioctl+0x7ae/0x1060 [ 2246.340808] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2246.345555] ? lock_downgrade+0x740/0x740 [ 2246.349695] ? ioctl_preallocate+0x1c0/0x1c0 [ 2246.354101] ? __fget+0x237/0x370 [ 2246.357554] ? security_file_ioctl+0x89/0xb0 [ 2246.361956] SyS_ioctl+0x8f/0xc0 [ 2246.365322] ? do_vfs_ioctl+0x1060/0x1060 [ 2246.369464] do_syscall_64+0x1e8/0x640 [ 2246.373342] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2246.378185] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2246.383369] RIP: 0033:0x45a679 [ 2246.386553] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2246.394257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2246.401538] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2246.408808] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2246.416089] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2246.423354] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2246.433444] Mem-Info: [ 2246.441076] active_anon:1192084 inactive_anon:197 isolated_anon:0 [ 2246.441076] active_file:6811 inactive_file:8133 isolated_file:0 [ 2246.441076] unevictable:0 dirty:145 writeback:0 unstable:0 [ 2246.441076] slab_reclaimable:18831 slab_unreclaimable:139404 [ 2246.441076] mapped:57691 shmem:255 pagetables:41702 bounce:0 [ 2246.441076] free:88645 free_pcp:363 free_cma:0 [ 2246.493997] Node 0 active_anon:1783608kB inactive_anon:776kB active_file:8kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 720896kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 20:57:56 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='cgroup2\x00\x93\xd9\x00P\x01\x1f\x81\xaep\n\ac\xfe\xd1\xd0\x90\x17Y\x00\xb2\xe5\xeb&\a\xf8\xc0\xefr\x17\xa1\xaa\tT\xd0\x84:Py\xd5\xfaF\x9c\x19:I\xfd\x8e\t\xf8\xf6\x17\xcc\x8f\x16\"\x18\xb1\xd8\xfb\x90f\xe9\xfev\xfb\xac\x90\xa3\x9d\xe8{\xa6F\x14\x15\xd3\v\x91\x8eWEV\x1e7\'x\'\xe6', 0x0, 0x0) getresgid(0x0, 0x0, &(0x7f0000000280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400000000004) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-simd\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) rmdir(&(0x7f00000002c0)='./file0//ile0\x00') [ 2246.528620] Node 0 DMA free:10476kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 20:57:56 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) [ 2246.610667] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2246.615825] Node 0 DMA32 free:59308kB min:36380kB low:45472kB high:54564kB active_anon:1779164kB inactive_anon:776kB active_file:8kB inactive_file:20kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66160kB bounce:0kB free_pcp:604kB local_pcp:496kB free_cma:0kB 20:57:56 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x0) [ 2246.716360] lowmem_reserve[]: 0 0 0 0 0 [ 2246.720644] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2246.771855] lowmem_reserve[]: 0 0 0 0 0 [ 2246.785316] Node 0 DMA: 7*4kB (UM) 34*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10492kB [ 2246.828943] Node 0 DMA32: 3517*4kB (UMEH) 756*8kB (UMEH) 970*16kB (UMH) 307*32kB (UMH) 24*64kB (UM) 5*128kB (M) 0*256kB 0*512kB 1*1024kB (U) 7*2048kB (UM) 0*4096kB = 62996kB [ 2246.855296] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2246.868636] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2246.878053] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2246.886771] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2246.899215] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2246.908422] 15043 total pagecache pages [ 2246.913223] 0 pages in swap cache [ 2246.916771] Swap cache stats: add 0, delete 0, find 0/0 [ 2246.922627] Free swap = 0kB [ 2246.925734] Total swap = 0kB [ 2246.928826] 1965979 pages RAM [ 2246.934837] 0 pages HighMem/MovableOnly [ 2246.938828] 335854 pages reserved [ 2246.983933] 0 pages cma reserved [ 2247.117476] oom_reaper: reaped process 7911 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2247.667581] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2247.681746] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2247.687163] CPU: 0 PID: 7911 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2247.694962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2247.704349] Call Trace: [ 2247.706968] dump_stack+0x142/0x197 [ 2247.710615] dump_header+0x177/0x6cd [ 2247.714345] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2247.719458] ? ___ratelimit+0x55/0x537 [ 2247.723512] oom_kill_process.cold+0x10/0xadd [ 2247.728003] ? rcu_read_unlock_special+0x639/0xd40 [ 2247.732926] ? lock_downgrade+0x740/0x740 [ 2247.737064] out_of_memory+0x2ee/0x1180 [ 2247.741022] ? lock_acquire+0x16f/0x430 [ 2247.744982] ? oom_killer_disable+0x1d0/0x1d0 [ 2247.749505] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2247.754435] __alloc_pages_slowpath+0x2251/0x2930 [ 2247.759281] ? warn_alloc+0xf0/0xf0 [ 2247.762898] ? __might_sleep+0x93/0xb0 [ 2247.766783] __alloc_pages_nodemask+0x62c/0x7a0 [ 2247.771437] ? lock_downgrade+0x740/0x740 [ 2247.775577] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2247.780851] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2247.786559] alloc_pages_current+0xec/0x1e0 [ 2247.790876] ion_page_pool_alloc+0x11f/0x1c0 [ 2247.795325] ion_system_heap_allocate+0x138/0x910 [ 2247.800158] ? ion_alloc+0x19b/0x860 [ 2247.803859] ? rcu_read_lock_sched_held+0x110/0x130 [ 2247.808862] ? ion_system_heap_free+0x250/0x250 [ 2247.813530] ion_alloc+0x222/0x860 [ 2247.817059] ? ion_dma_buf_release+0x50/0x50 [ 2247.821456] ? kasan_check_write+0x14/0x20 [ 2247.825690] ? _copy_from_user+0x99/0x110 [ 2247.829835] ion_ioctl+0x105/0x217 [ 2247.833371] ? ion_alloc.cold+0x40/0x40 [ 2247.837332] ? do_vfs_ioctl+0x74f/0x1060 [ 2247.841375] ? ion_alloc.cold+0x40/0x40 [ 2247.845345] do_vfs_ioctl+0x7ae/0x1060 [ 2247.849215] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2247.853955] ? lock_downgrade+0x740/0x740 [ 2247.858087] ? ioctl_preallocate+0x1c0/0x1c0 [ 2247.862483] ? __fget+0x237/0x370 [ 2247.865927] ? security_file_ioctl+0x89/0xb0 [ 2247.870341] SyS_ioctl+0x8f/0xc0 [ 2247.873708] ? do_vfs_ioctl+0x1060/0x1060 [ 2247.877847] do_syscall_64+0x1e8/0x640 [ 2247.881722] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2247.886568] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2247.891751] RIP: 0033:0x45a679 [ 2247.895021] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2247.902758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2247.910062] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2247.917601] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2247.924868] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2247.932323] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2247.941283] Mem-Info: [ 2247.943715] active_anon:1191918 inactive_anon:201 isolated_anon:0 [ 2247.943715] active_file:6814 inactive_file:8138 isolated_file:0 [ 2247.943715] unevictable:0 dirty:171 writeback:0 unstable:0 [ 2247.943715] slab_reclaimable:18844 slab_unreclaimable:139218 [ 2247.943715] mapped:57659 shmem:255 pagetables:41564 bounce:0 [ 2247.943715] free:77925 free_pcp:344 free_cma:0 [ 2247.977656] Node 0 active_anon:1783380kB inactive_anon:784kB active_file:16kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:36kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2248.005625] Node 0 DMA free:10372kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2248.032155] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2248.037206] Node 0 DMA32 free:18132kB min:36380kB low:45472kB high:54564kB active_anon:1778936kB inactive_anon:784kB active_file:16kB inactive_file:40kB unevictable:0kB writepending:36kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66092kB bounce:0kB free_pcp:1376kB local_pcp:736kB free_cma:0kB [ 2248.066745] lowmem_reserve[]: 0 0 0 0 0 [ 2248.071846] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2248.097287] lowmem_reserve[]: 0 0 0 0 0 [ 2248.101379] Node 0 DMA: 3*4kB (M) 21*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10372kB [ 2248.117050] Node 0 DMA32: 3103*4kB (UMEH) 225*8kB (UMEH) 129*16kB (UMH) 22*32kB (UMH) 18*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18132kB [ 2248.131622] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2248.142605] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2248.151512] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2248.160139] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2248.168983] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2248.177786] 15055 total pagecache pages [ 2248.181827] 0 pages in swap cache [ 2248.185278] Swap cache stats: add 0, delete 0, find 0/0 [ 2248.190721] Free swap = 0kB [ 2248.193737] Total swap = 0kB [ 2248.196755] 1965979 pages RAM [ 2248.199847] 0 pages HighMem/MovableOnly [ 2248.204463] 335854 pages reserved [ 2248.208433] 0 pages cma reserved [ 2248.211917] Out of memory: Kill process 9322 (syz-executor.0) score 1009 or sacrifice child [ 2248.220538] Killed process 9322 (syz-executor.0) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB [ 2248.232294] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2248.243822] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2248.249270] CPU: 0 PID: 7911 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2248.257069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2248.266427] Call Trace: [ 2248.269015] dump_stack+0x142/0x197 [ 2248.272631] warn_alloc.cold+0x96/0x1af [ 2248.276597] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2248.281594] ? wait_for_completion+0x420/0x420 [ 2248.286187] __alloc_pages_slowpath+0x23c6/0x2930 [ 2248.291029] ? warn_alloc+0xf0/0xf0 [ 2248.294704] ? __might_sleep+0x93/0xb0 [ 2248.298582] __alloc_pages_nodemask+0x62c/0x7a0 [ 2248.303256] ? lock_downgrade+0x740/0x740 [ 2248.307405] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2248.312540] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2248.318162] alloc_pages_current+0xec/0x1e0 [ 2248.322473] ion_page_pool_alloc+0x11f/0x1c0 [ 2248.326882] ion_system_heap_allocate+0x138/0x910 [ 2248.331719] ? ion_alloc+0x19b/0x860 [ 2248.335428] ? rcu_read_lock_sched_held+0x110/0x130 [ 2248.340438] ? ion_system_heap_free+0x250/0x250 [ 2248.345120] ion_alloc+0x222/0x860 [ 2248.348689] ? ion_dma_buf_release+0x50/0x50 [ 2248.353113] ? kasan_check_write+0x14/0x20 [ 2248.357404] ? _copy_from_user+0x99/0x110 [ 2248.361561] ion_ioctl+0x105/0x217 [ 2248.365093] ? ion_alloc.cold+0x40/0x40 [ 2248.369057] ? do_vfs_ioctl+0x74f/0x1060 [ 2248.373104] ? ion_alloc.cold+0x40/0x40 [ 2248.377074] do_vfs_ioctl+0x7ae/0x1060 [ 2248.380959] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2248.385700] ? lock_downgrade+0x740/0x740 [ 2248.389834] ? ioctl_preallocate+0x1c0/0x1c0 [ 2248.394227] ? __fget+0x237/0x370 [ 2248.397848] ? security_file_ioctl+0x89/0xb0 [ 2248.402372] SyS_ioctl+0x8f/0xc0 [ 2248.405740] ? do_vfs_ioctl+0x1060/0x1060 [ 2248.409898] do_syscall_64+0x1e8/0x640 [ 2248.413775] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2248.418613] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2248.423787] RIP: 0033:0x45a679 [ 2248.426962] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2248.434665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2248.441945] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2248.449200] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2248.456468] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2248.463725] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2248.472348] Mem-Info: [ 2248.474775] active_anon:1191911 inactive_anon:199 isolated_anon:0 [ 2248.474775] active_file:6814 inactive_file:8138 isolated_file:0 [ 2248.474775] unevictable:0 dirty:175 writeback:0 unstable:0 [ 2248.474775] slab_reclaimable:18844 slab_unreclaimable:139242 [ 2248.474775] mapped:57646 shmem:255 pagetables:41590 bounce:0 [ 2248.474775] free:77952 free_pcp:674 free_cma:0 [ 2248.508624] Node 0 active_anon:1783360kB inactive_anon:780kB active_file:16kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:36kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 718848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2248.536408] Node 1 active_anon:2984284kB inactive_anon:16kB active_file:27240kB inactive_file:32512kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21664kB dirty:664kB writeback:0kB shmem:52kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2248.564404] Node 0 DMA free:10372kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2248.590903] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2248.595953] Node 0 DMA32 free:18132kB min:36380kB low:45472kB high:54564kB active_anon:1778916kB inactive_anon:780kB active_file:16kB inactive_file:40kB unevictable:0kB writepending:36kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12640kB pagetables:66136kB bounce:0kB free_pcp:1376kB local_pcp:736kB free_cma:0kB [ 2248.626222] lowmem_reserve[]: 0 0 0 0 0 [ 2248.630299] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2248.655750] lowmem_reserve[]: 0 0 0 0 0 [ 2248.659745] Node 1 Normal free:283304kB min:53508kB low:66884kB high:80260kB active_anon:2984284kB inactive_anon:16kB active_file:27240kB inactive_file:32512kB unevictable:0kB writepending:664kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45376kB pagetables:100216kB bounce:0kB free_pcp:1312kB local_pcp:684kB free_cma:0kB [ 2248.690229] lowmem_reserve[]: 0 0 0 0 0 [ 2248.694277] Node 0 DMA: 3*4kB (M) 21*8kB (UM) 17*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10372kB [ 2248.709917] Node 0 DMA32: 3103*4kB (UMEH) 225*8kB (UMEH) 129*16kB (UMH) 22*32kB (UMH) 18*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18132kB [ 2248.724515] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2248.735335] Node 1 Normal: 5510*4kB (UM) 2018*8kB (UMEH) 1836*16kB (UMEH) 1764*32kB (UMEH) 713*64kB (UMEH) 82*128kB (MEH) 37*256kB (MEH) 101*512kB (ME) 31*1024kB (UMH) 5*2048kB (M) 0*4096kB = 283304kB [ 2248.753946] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2248.762835] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2248.771460] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2248.780349] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2248.788918] 15055 total pagecache pages [ 2248.792963] 0 pages in swap cache [ 2248.796408] Swap cache stats: add 0, delete 0, find 0/0 [ 2248.801814] Free swap = 0kB [ 2248.804823] Total swap = 0kB [ 2248.807827] 1965979 pages RAM [ 2248.810986] 0 pages HighMem/MovableOnly [ 2248.814957] 335854 pages reserved [ 2248.818398] 0 pages cma reserved [ 2248.868478] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2248.879960] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2248.886407] CPU: 0 PID: 7911 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2248.894214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2248.903643] Call Trace: [ 2248.906222] dump_stack+0x142/0x197 [ 2248.909848] warn_alloc.cold+0x96/0x1af [ 2248.913813] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2248.918686] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2248.923964] __alloc_pages_slowpath+0x23c6/0x2930 [ 2248.928814] ? save_trace+0x290/0x290 [ 2248.932604] ? warn_alloc+0xf0/0xf0 [ 2248.936227] ? __might_sleep+0x93/0xb0 [ 2248.940097] __alloc_pages_nodemask+0x62c/0x7a0 [ 2248.945012] ? lock_downgrade+0x740/0x740 [ 2248.949145] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2248.954163] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2248.959790] alloc_pages_current+0xec/0x1e0 [ 2248.964117] ion_page_pool_alloc+0x11f/0x1c0 [ 2248.968521] ion_system_heap_allocate+0x138/0x910 [ 2248.973358] ? ion_system_heap_free+0x250/0x250 [ 2248.978190] ion_alloc+0x68c/0x860 [ 2248.981734] ? ion_dma_buf_release+0x50/0x50 [ 2248.986302] ? kasan_check_write+0x14/0x20 [ 2248.990536] ? _copy_from_user+0x99/0x110 [ 2248.994673] ion_ioctl+0x105/0x217 [ 2248.998201] ? ion_alloc.cold+0x40/0x40 [ 2249.002166] ? do_vfs_ioctl+0x74f/0x1060 [ 2249.006211] ? ion_alloc.cold+0x40/0x40 [ 2249.010167] do_vfs_ioctl+0x7ae/0x1060 [ 2249.014036] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2249.018792] ? lock_downgrade+0x740/0x740 [ 2249.022933] ? ioctl_preallocate+0x1c0/0x1c0 [ 2249.027325] ? __fget+0x237/0x370 [ 2249.030762] ? security_file_ioctl+0x89/0xb0 [ 2249.035169] SyS_ioctl+0x8f/0xc0 [ 2249.038515] ? do_vfs_ioctl+0x1060/0x1060 [ 2249.042654] do_syscall_64+0x1e8/0x640 [ 2249.046518] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2249.051344] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2249.056537] RIP: 0033:0x45a679 [ 2249.059708] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2249.067414] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2249.074672] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2249.081933] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2249.089209] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2249.096472] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2249.150166] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2249.161827] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2249.167187] CPU: 0 PID: 7911 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2249.175429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2249.184765] Call Trace: [ 2249.187361] dump_stack+0x142/0x197 [ 2249.190984] warn_alloc.cold+0x96/0x1af [ 2249.194965] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2249.199798] ? call_timer_fn+0x670/0x670 [ 2249.203851] __alloc_pages_slowpath+0x23c6/0x2930 [ 2249.208702] ? warn_alloc+0xf0/0xf0 [ 2249.212340] ? __might_sleep+0x93/0xb0 [ 2249.216225] __alloc_pages_nodemask+0x62c/0x7a0 [ 2249.220891] ? lock_downgrade+0x740/0x740 [ 2249.225021] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2249.230120] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2249.235739] alloc_pages_current+0xec/0x1e0 [ 2249.240053] ion_page_pool_alloc+0x11f/0x1c0 [ 2249.244443] ion_system_heap_allocate+0x138/0x910 [ 2249.249270] ? ion_system_heap_free+0x250/0x250 [ 2249.253932] ion_alloc+0x68c/0x860 [ 2249.257477] ? ion_dma_buf_release+0x50/0x50 [ 2249.261980] ? kasan_check_write+0x14/0x20 [ 2249.266197] ? _copy_from_user+0x99/0x110 [ 2249.270337] ion_ioctl+0x105/0x217 [ 2249.273886] ? ion_alloc.cold+0x40/0x40 [ 2249.277878] ? do_vfs_ioctl+0x74f/0x1060 [ 2249.281943] ? ion_alloc.cold+0x40/0x40 [ 2249.285921] do_vfs_ioctl+0x7ae/0x1060 [ 2249.289824] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2249.294575] ? lock_downgrade+0x740/0x740 [ 2249.298706] ? ioctl_preallocate+0x1c0/0x1c0 [ 2249.303097] ? __fget+0x237/0x370 [ 2249.306543] ? security_file_ioctl+0x89/0xb0 [ 2249.310933] SyS_ioctl+0x8f/0xc0 [ 2249.314302] ? do_vfs_ioctl+0x1060/0x1060 [ 2249.318432] do_syscall_64+0x1e8/0x640 [ 2249.322321] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2249.327155] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2249.333036] RIP: 0033:0x45a679 [ 2249.336474] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:57:59 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:57:59 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:57:59 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='cgroup2\x00\x93\xd9\x00P\x01\x1f\x81\xaep\n\ac\xfe\xd1\xd0\x90\x17Y\x00\xb2\xe5\xeb&\a\xf8\xc0\xefr\x17\xa1\xaa\tT\xd0\x84:Py\xd5\xfaF\x9c\x19:I\xfd\x8e\t\xf8\xf6\x17\xcc\x8f\x16\"\x18\xb1\xd8\xfb\x90f\xe9\xfev\xfb\xac\x90\xa3\x9d\xe8{\xa6F\x14\x15\xd3\v\x91\x8eWEV\x1e7\'x\'\xe6', 0x0, 0x0) mkdir(0x0, 0x0) getresgid(0x0, 0x0, &(0x7f0000000280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400000000004) rmdir(&(0x7f00000002c0)='./file0//ile0\x00') 20:57:59 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:57:59 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:57:59 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) [ 2249.344249] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2249.351501] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2249.358751] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2249.366003] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2249.373398] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff 20:57:59 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) [ 2249.475791] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2249.477256] syz-executor.4: [ 2249.491995] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2249.511326] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2249.523444] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2249.529107] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2249.537370] CPU: 0 PID: 7974 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2249.545197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2249.554002] syz-executor.2 cpuset= [ 2249.554555] Call Trace: [ 2249.554557] syz2 [ 2249.558104] dump_stack+0x142/0x197 [ 2249.558123] warn_alloc.cold+0x96/0x1af [ 2249.558135] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2249.558172] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2249.571668] mems_allowed=0-1 [ 2249.575289] __alloc_pages_slowpath+0x23c6/0x2930 [ 2249.575322] ? save_trace+0x290/0x290 [ 2249.592338] ? warn_alloc+0xf0/0xf0 [ 2249.595986] ? __might_sleep+0x93/0xb0 [ 2249.599885] __alloc_pages_nodemask+0x62c/0x7a0 [ 2249.604568] ? lock_downgrade+0x740/0x740 [ 2249.608739] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2249.614484] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2249.620139] alloc_pages_current+0xec/0x1e0 [ 2249.624529] ion_page_pool_alloc+0x11f/0x1c0 [ 2249.628958] ion_system_heap_allocate+0x138/0x910 [ 2249.633824] ? ion_alloc+0x19b/0x860 [ 2249.637552] ? rcu_read_lock_sched_held+0x110/0x130 [ 2249.642583] ? ion_system_heap_free+0x250/0x250 [ 2249.647270] ion_alloc+0x222/0x860 [ 2249.650821] ? ion_dma_buf_release+0x50/0x50 [ 2249.655252] ? kasan_check_write+0x14/0x20 [ 2249.659588] ? _copy_from_user+0x99/0x110 [ 2249.663748] ion_ioctl+0x105/0x217 [ 2249.667291] ? ion_alloc.cold+0x40/0x40 [ 2249.671289] ? ion_alloc.cold+0x40/0x40 [ 2249.675273] do_vfs_ioctl+0x7ae/0x1060 [ 2249.679171] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2249.683934] ? lock_downgrade+0x740/0x740 [ 2249.688105] ? ioctl_preallocate+0x1c0/0x1c0 [ 2249.692536] ? __fget+0x237/0x370 [ 2249.696003] ? security_file_ioctl+0x89/0xb0 [ 2249.700421] SyS_ioctl+0x8f/0xc0 [ 2249.703789] ? do_vfs_ioctl+0x1060/0x1060 [ 2249.707946] do_syscall_64+0x1e8/0x640 [ 2249.711837] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2249.716702] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2249.722683] RIP: 0033:0x45a679 [ 2249.725875] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2249.733583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2249.740846] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2249.748114] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2249.755387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2249.762673] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2249.772278] CPU: 1 PID: 7983 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2249.780099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2249.790609] Call Trace: [ 2249.793187] dump_stack+0x142/0x197 [ 2249.796803] warn_alloc.cold+0x96/0x1af [ 2249.800769] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2249.805627] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2249.810901] __alloc_pages_slowpath+0x23c6/0x2930 [ 2249.815743] ? save_trace+0x290/0x290 [ 2249.819534] ? warn_alloc+0xf0/0xf0 [ 2249.823156] ? __might_sleep+0x93/0xb0 [ 2249.827032] __alloc_pages_nodemask+0x62c/0x7a0 [ 2249.831688] ? lock_downgrade+0x740/0x740 [ 2249.835831] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2249.840851] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2249.846470] alloc_pages_current+0xec/0x1e0 [ 2249.850786] ion_page_pool_alloc+0x11f/0x1c0 [ 2249.855183] ion_system_heap_allocate+0x138/0x910 [ 2249.860013] ? ion_alloc+0x19b/0x860 [ 2249.863718] ? rcu_read_lock_sched_held+0x110/0x130 [ 2249.868731] ? ion_system_heap_free+0x250/0x250 [ 2249.873408] ion_alloc+0x222/0x860 [ 2249.876939] ? ion_dma_buf_release+0x50/0x50 [ 2249.881341] ? kasan_check_write+0x14/0x20 [ 2249.885564] ? _copy_from_user+0x99/0x110 [ 2249.889701] ion_ioctl+0x105/0x217 [ 2249.893227] ? ion_alloc.cold+0x40/0x40 [ 2249.897191] ? ion_alloc.cold+0x40/0x40 [ 2249.901156] do_vfs_ioctl+0x7ae/0x1060 [ 2249.905042] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2249.909809] ? lock_downgrade+0x740/0x740 [ 2249.913966] ? ioctl_preallocate+0x1c0/0x1c0 [ 2249.918382] ? __fget+0x237/0x370 [ 2249.921839] ? security_file_ioctl+0x89/0xb0 [ 2249.926336] SyS_ioctl+0x8f/0xc0 [ 2249.929711] ? do_vfs_ioctl+0x1060/0x1060 [ 2249.933857] do_syscall_64+0x1e8/0x640 [ 2249.937741] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2249.942589] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2249.947764] RIP: 0033:0x45a679 [ 2249.950940] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2249.958736] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2249.965999] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2249.973261] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2249.980517] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2249.987772] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2249.995046] CPU: 0 PID: 7975 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2250.002864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2250.012230] Call Trace: [ 2250.014843] dump_stack+0x142/0x197 [ 2250.018496] warn_alloc.cold+0x96/0x1af [ 2250.022489] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2250.027370] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2250.032673] __alloc_pages_slowpath+0x23c6/0x2930 [ 2250.034352] warn_alloc_show_mem: 2 callbacks suppressed [ 2250.034355] Mem-Info: [ 2250.037549] ? save_trace+0x290/0x290 [ 2250.037581] ? warn_alloc+0xf0/0xf0 [ 2250.037623] ? __might_sleep+0x93/0xb0 [ 2250.043575] active_anon:1188038 inactive_anon:199 isolated_anon:0 [ 2250.043575] active_file:6815 inactive_file:8153 isolated_file:0 [ 2250.043575] unevictable:0 dirty:215 writeback:0 unstable:0 [ 2250.043575] slab_reclaimable:18844 slab_unreclaimable:139086 [ 2250.043575] mapped:57696 shmem:255 pagetables:41716 bounce:0 [ 2250.043575] free:88811 free_pcp:235 free_cma:0 [ 2250.045381] __alloc_pages_nodemask+0x62c/0x7a0 [ 2250.045399] ? lock_downgrade+0x740/0x740 [ 2250.045418] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2250.045445] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2250.045468] alloc_pages_current+0xec/0x1e0 [ 2250.049834] Node 0 active_anon:1767344kB inactive_anon:780kB active_file:20kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:36kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 702464kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2250.052879] ion_page_pool_alloc+0x11f/0x1c0 [ 2250.052895] ion_system_heap_allocate+0x138/0x910 [ 2250.052905] ? ion_alloc+0x19b/0x860 [ 2250.052920] ? rcu_read_lock_sched_held+0x110/0x130 [ 2250.052941] ? ion_system_heap_free+0x250/0x250 [ 2250.052968] ion_alloc+0x222/0x860 [ 2250.052993] ? ion_dma_buf_release+0x50/0x50 [ 2250.053016] ? kasan_check_write+0x14/0x20 [ 2250.062893] Node 0 [ 2250.090756] ? _copy_from_user+0x99/0x110 [ 2250.090777] ion_ioctl+0x105/0x217 [ 2250.090793] ? ion_alloc.cold+0x40/0x40 [ 2250.090820] ? ion_alloc.cold+0x40/0x40 [ 2250.090836] do_vfs_ioctl+0x7ae/0x1060 [ 2250.090852] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2250.090865] ? lock_downgrade+0x740/0x740 [ 2250.090880] ? ioctl_preallocate+0x1c0/0x1c0 [ 2250.090898] ? __fget+0x237/0x370 [ 2250.090923] ? security_file_ioctl+0x89/0xb0 [ 2250.096497] DMA free:10428kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2250.099747] SyS_ioctl+0x8f/0xc0 [ 2250.099762] ? do_vfs_ioctl+0x1060/0x1060 [ 2250.099783] do_syscall_64+0x1e8/0x640 [ 2250.099795] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2250.099824] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2250.099834] RIP: 0033:0x45a679 20:58:00 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) getdents64(r4, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2250.099843] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 [ 2250.106343] lowmem_reserve[]: [ 2250.110456] ORIG_RAX: 0000000000000010 [ 2250.110465] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2250.110473] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2250.110482] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2250.110491] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2250.110499] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2250.215534] syz-executor.1 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2250.403223] 0, order=0, oom_score_adj=1000 [ 2250.407652] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2250.416511] CPU: 0 PID: 7974 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2250.424333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2250.431493] 0 [ 2250.433683] Call Trace: [ 2250.433700] dump_stack+0x142/0x197 [ 2250.433719] dump_header+0x177/0x6cd [ 2250.433733] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2250.433744] ? ___ratelimit+0x55/0x537 [ 2250.433757] oom_kill_process.cold+0x10/0xadd [ 2250.444768] 2569 [ 2250.445456] ? rcu_read_unlock_special+0x639/0xd40 [ 2250.460624] 2569 [ 2250.461055] ? lock_downgrade+0x740/0x740 [ 2250.472175] out_of_memory+0x2ee/0x1180 [ 2250.474189] 2569 [ 2250.476168] ? lock_acquire+0x16f/0x430 [ 2250.476190] ? oom_killer_disable+0x1d0/0x1d0 [ 2250.476203] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2250.482673] 2569 [ 2250.486807] __alloc_pages_slowpath+0x2251/0x2930 [ 2250.486838] ? warn_alloc+0xf0/0xf0 [ 2250.486859] ? __might_sleep+0x93/0xb0 [ 2250.502401] __alloc_pages_nodemask+0x62c/0x7a0 [ 2250.502414] ? lock_downgrade+0x740/0x740 [ 2250.502425] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2250.502447] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2250.502465] alloc_pages_current+0xec/0x1e0 [ 2250.502481] ion_page_pool_alloc+0x11f/0x1c0 [ 2250.507271] Node 0 [ 2250.511027] ion_system_heap_allocate+0x138/0x910 [ 2250.511038] ? ion_alloc+0x19b/0x860 [ 2250.511051] ? rcu_read_lock_sched_held+0x110/0x130 20:58:00 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) [ 2250.511064] ? ion_system_heap_free+0x250/0x250 [ 2250.511078] ion_alloc+0x222/0x860 [ 2250.511096] ? ion_dma_buf_release+0x50/0x50 [ 2250.516074] DMA32 free:36364kB min:36380kB low:45472kB high:54564kB active_anon:1762608kB inactive_anon:788kB active_file:16kB inactive_file:80kB unevictable:0kB writepending:76kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12608kB pagetables:66068kB bounce:0kB free_pcp:296kB local_pcp:144kB free_cma:0kB [ 2250.520521] ? kasan_check_write+0x14/0x20 [ 2250.520534] ? _copy_from_user+0x99/0x110 [ 2250.520549] ion_ioctl+0x105/0x217 [ 2250.520558] ? ion_alloc.cold+0x40/0x40 [ 2250.520574] ? ion_alloc.cold+0x40/0x40 [ 2250.520585] do_vfs_ioctl+0x7ae/0x1060 [ 2250.520598] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2250.527346] lowmem_reserve[]: [ 2250.530518] ? lock_downgrade+0x740/0x740 [ 2250.530534] ? ioctl_preallocate+0x1c0/0x1c0 [ 2250.530549] ? __fget+0x237/0x370 [ 2250.530567] ? security_file_ioctl+0x89/0xb0 [ 2250.530579] SyS_ioctl+0x8f/0xc0 [ 2250.530589] ? do_vfs_ioctl+0x1060/0x1060 [ 2250.535786] 0 [ 2250.537407] do_syscall_64+0x1e8/0x640 [ 2250.537418] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2250.537443] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2250.537453] RIP: 0033:0x45a679 [ 2250.543136] 0 [ 2250.546007] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2250.546018] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2250.546023] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2250.546030] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2250.546036] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2250.546042] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2250.583365] 0 [ 2250.605709] syz-executor.5: [ 2250.618686] 0 [ 2250.625936] page allocation failure: order:4 [ 2250.634050] 0 [ 2250.638704] IPVS: ftp: loaded support on port[0] = 21 [ 2250.656848] Node 0 [ 2250.660431] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2250.671407] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2250.702994] 0 [ 2250.714319] lowmem_reserve[]: [ 2250.733189] syz-executor.5 cpuset= [ 2250.742065] 0 [ 2250.745502] syz5 [ 2250.768061] 0 [ 2250.772725] mems_allowed=0-1 [ 2250.782872] 0 0 0 [ 2250.785082] CPU: 0 PID: 8007 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2250.787448] Node 0 [ 2250.794821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2250.794828] Call Trace: [ 2250.794847] dump_stack+0x142/0x197 [ 2250.794872] warn_alloc.cold+0x96/0x1af [ 2250.794886] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2250.794918] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2250.794939] __alloc_pages_slowpath+0x23c6/0x2930 [ 2250.794969] ? save_trace+0x290/0x290 [ 2250.797734] DMA: [ 2250.806555] ? warn_alloc+0xf0/0xf0 [ 2250.806594] ? __might_sleep+0x93/0xb0 [ 2250.806617] __alloc_pages_nodemask+0x62c/0x7a0 [ 2250.806634] ? lock_downgrade+0x740/0x740 [ 2250.809788] 7*4kB [ 2250.812857] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2250.812881] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2250.812909] alloc_pages_current+0xec/0x1e0 [ 2250.812934] ion_page_pool_alloc+0x11f/0x1c0 [ 2250.817402] (UM) [ 2250.821738] ion_system_heap_allocate+0x138/0x910 [ 2250.821752] ? ion_alloc+0x19b/0x860 [ 2250.821767] ? rcu_read_lock_sched_held+0x110/0x130 [ 2250.821787] ? ion_system_heap_free+0x250/0x250 [ 2250.821813] ion_alloc+0x222/0x860 [ 2250.827601] 34*8kB [ 2250.831934] ? ion_dma_buf_release+0x50/0x50 [ 2250.831962] ? kasan_check_write+0x14/0x20 [ 2250.831977] ? _copy_from_user+0x99/0x110 [ 2250.831994] ion_ioctl+0x105/0x217 [ 2250.832007] ? ion_alloc.cold+0x40/0x40 [ 2250.836337] (UM) [ 2250.837861] ? ion_alloc.cold+0x40/0x40 [ 2250.837879] do_vfs_ioctl+0x7ae/0x1060 [ 2250.837896] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2250.837910] ? lock_downgrade+0x740/0x740 [ 2250.842070] 17*16kB [ 2250.845401] ? ioctl_preallocate+0x1c0/0x1c0 [ 2250.845424] ? __fget+0x237/0x370 [ 2250.845453] ? security_file_ioctl+0x89/0xb0 [ 2250.845471] SyS_ioctl+0x8f/0xc0 [ 2250.850699] (UME) [ 2250.854274] ? do_vfs_ioctl+0x1060/0x1060 [ 2250.854294] do_syscall_64+0x1e8/0x640 [ 2250.854307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2250.854334] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2250.854345] RIP: 0033:0x45a679 [ 2250.857020] 2*32kB [ 2250.861501] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2250.861517] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2250.861528] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2250.861535] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2250.861544] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2250.861552] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2250.867993] Mem-Info: [ 2250.888764] (U) [ 2250.895513] active_anon:1188000 inactive_anon:199 isolated_anon:0 [ 2250.895513] active_file:6815 inactive_file:8167 isolated_file:0 [ 2250.895513] unevictable:0 dirty:56 writeback:2 unstable:0 [ 2250.895513] slab_reclaimable:18844 slab_unreclaimable:139300 [ 2250.895513] mapped:57723 shmem:255 pagetables:41689 bounce:0 [ 2250.895513] free:82233 free_pcp:64 free_cma:0 [ 2250.905710] 1*64kB [ 2250.915593] Node 0 active_anon:1767052kB inactive_anon:788kB active_file:16kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:72kB writeback:4kB shmem:976kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 702464kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2250.919150] (E) [ 2250.919315] Node 0 [ 2250.926801] 4*128kB [ 2250.933078] DMA free:10428kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2250.936842] (UME) [ 2250.940730] lowmem_reserve[]: [ 2250.945878] 2*256kB [ 2250.953745] 0 [ 2250.961437] (UE) [ 2250.966093] 2569 [ 2250.968272] 3*512kB [ 2250.979940] 2569 [ 2250.989103] (UME) [ 2251.004987] 2569 [ 2251.016739] 3*1024kB [ 2251.018450] 2569 [ 2251.026285] (UME) [ 2251.072220] 2*2048kB [ 2251.096135] Node 0 [ 2251.102229] (UE) [ 2251.109678] DMA32 free:36288kB min:36380kB low:45472kB high:54564kB active_anon:1762608kB inactive_anon:780kB active_file:24kB inactive_file:72kB unevictable:0kB writepending:88kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12576kB pagetables:66108kB bounce:0kB free_pcp:256kB local_pcp:124kB free_cma:0kB [ 2251.134767] 0*4096kB [ 2251.151829] lowmem_reserve[]: [ 2251.153273] = 10428kB [ 2251.155675] 0 [ 2251.157498] Node 0 [ 2251.175075] 0 [ 2251.199884] DMA32: [ 2251.213951] 3296*4kB (UMEH) 242*8kB (MEH) 135*16kB (MH) 68*32kB (UMH) 3*64kB (M) 2*128kB (M) 0*256kB 0*512kB 0*1024kB 6*2048kB (M) 1*4096kB (M) = 36288kB [ 2251.230274] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2251.241620] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 20:58:01 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r3, &(0x7f0000000380)=""/87, 0x192) getdents64(r3, &(0x7f0000000080)=""/167, 0xa7) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2251.263234] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2251.276145] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2251.288097] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2251.299713] 15076 total pagecache pages [ 2251.310562] 0 pages in swap cache [ 2251.318820] Swap cache stats: add 0, delete 0, find 0/0 [ 2251.337058] Free swap = 0kB [ 2251.338432] 0 [ 2251.346251] Total swap = 0kB [ 2251.351975] 1965979 pages RAM [ 2251.355509] 0 pages HighMem/MovableOnly [ 2251.356846] 0 [ 2251.359876] 335854 pages reserved [ 2251.363852] 0 [ 2251.371458] 0 pages cma reserved [ 2251.378829] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2251.419919] lowmem_reserve[]: 0 0 0 0 0 [ 2251.424048] Node 0 DMA: 7*4kB (UM) 34*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10428kB [ 2251.440095] Node 0 DMA32: 3296*4kB (UMEH) 241*8kB (ME) 135*16kB (MH) 68*32kB (UMH) 3*64kB (M) 2*128kB (M) 0*256kB 0*512kB 0*1024kB 6*2048kB (M) 1*4096kB (M) = 36280kB [ 2251.455286] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2251.466473] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2251.475460] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2251.484441] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2251.493348] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2251.502331] 15080 total pagecache pages [ 2251.506332] 0 pages in swap cache [ 2251.509797] Swap cache stats: add 0, delete 0, find 0/0 [ 2251.515719] Free swap = 0kB [ 2251.518762] Total swap = 0kB [ 2251.522194] 1965979 pages RAM [ 2251.525322] 0 pages HighMem/MovableOnly [ 2251.529293] 335854 pages reserved [ 2251.536150] 0 pages cma reserved [ 2251.544384] Out of memory: Kill process 9988 (syz-executor.0) score 1009 or sacrifice child [ 2251.556666] Killed process 9988 (syz-executor.0) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB 20:58:02 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r3, &(0x7f0000000380)=""/87, 0x192) getdents64(r3, &(0x7f0000000080)=""/167, 0xa7) socket$inet_udplite(0x2, 0x2, 0x88) [ 2252.124502] IPVS: ftp: loaded support on port[0] = 21 [ 2252.687444] oom_reaper: reaped process 7974 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2252.739241] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2252.756056] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2252.772779] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2252.778496] CPU: 1 PID: 8007 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2252.786297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2252.795638] Call Trace: [ 2252.798212] dump_stack+0x142/0x197 [ 2252.801830] warn_alloc.cold+0x96/0x1af [ 2252.805790] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2252.810624] ? wait_for_completion+0x420/0x420 [ 2252.815209] __alloc_pages_slowpath+0x23c6/0x2930 [ 2252.820057] ? warn_alloc+0xf0/0xf0 [ 2252.823676] ? __might_sleep+0x93/0xb0 [ 2252.827565] __alloc_pages_nodemask+0x62c/0x7a0 [ 2252.832219] ? lock_downgrade+0x740/0x740 [ 2252.836352] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2252.841370] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2252.847000] alloc_pages_current+0xec/0x1e0 [ 2252.851321] ion_page_pool_alloc+0x11f/0x1c0 [ 2252.855728] ion_system_heap_allocate+0x138/0x910 [ 2252.860562] ? ion_alloc+0x19b/0x860 [ 2252.864284] ? rcu_read_lock_sched_held+0x110/0x130 [ 2252.869312] ? ion_system_heap_free+0x250/0x250 [ 2252.873983] ion_alloc+0x222/0x860 [ 2252.877518] ? ion_dma_buf_release+0x50/0x50 [ 2252.881914] ? kasan_check_write+0x14/0x20 [ 2252.886136] ? _copy_from_user+0x99/0x110 [ 2252.890272] ion_ioctl+0x105/0x217 [ 2252.893928] ? ion_alloc.cold+0x40/0x40 [ 2252.897904] ? ion_alloc.cold+0x40/0x40 [ 2252.901887] do_vfs_ioctl+0x7ae/0x1060 [ 2252.905771] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2252.910523] ? lock_downgrade+0x740/0x740 [ 2252.914666] ? ioctl_preallocate+0x1c0/0x1c0 [ 2252.919067] ? __fget+0x237/0x370 [ 2252.922511] ? security_file_ioctl+0x89/0xb0 [ 2252.926907] SyS_ioctl+0x8f/0xc0 [ 2252.930262] ? do_vfs_ioctl+0x1060/0x1060 [ 2252.934398] do_syscall_64+0x1e8/0x640 [ 2252.938267] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2252.943097] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2252.948270] RIP: 0033:0x45a679 [ 2252.951442] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2252.959135] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2252.966402] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2252.973656] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2252.980921] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 20:58:03 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r3, &(0x7f0000000380)=""/87, 0x192) getdents64(r3, &(0x7f0000000080)=""/167, 0xa7) socket$inet_udplite(0x2, 0x2, 0x88) [ 2252.988176] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2253.001310] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2253.027118] warn_alloc_show_mem: 3 callbacks suppressed [ 2253.027122] Mem-Info: [ 2253.037722] oom_reaper: reaped process 8007 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2253.039675] syz-executor.1 cpuset= [ 2253.060408] active_anon:1183755 inactive_anon:199 isolated_anon:0 [ 2253.060408] active_file:6818 inactive_file:8176 isolated_file:0 [ 2253.060408] unevictable:0 dirty:20 writeback:0 unstable:0 [ 2253.060408] slab_reclaimable:18857 slab_unreclaimable:138989 [ 2253.060408] mapped:57660 shmem:255 pagetables:41617 bounce:0 [ 2253.060408] free:77952 free_pcp:418 free_cma:0 [ 2253.066372] oom_reaper: reaped process 7983 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2253.097858] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2253.097887] CPU: 1 PID: 7983 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2253.097893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2253.097897] Call Trace: [ 2253.097913] dump_stack+0x142/0x197 [ 2253.097929] warn_alloc.cold+0x96/0x1af [ 2253.097939] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2253.097952] ? call_timer_fn+0x670/0x670 [ 2253.097974] __alloc_pages_slowpath+0x23c6/0x2930 [ 2253.116910] syz1 [ 2253.121007] ? warn_alloc+0xf0/0xf0 [ 2253.138874] mems_allowed=0-1 [ 2253.140493] ? __might_sleep+0x93/0xb0 [ 2253.140507] __alloc_pages_nodemask+0x62c/0x7a0 [ 2253.140518] ? lock_downgrade+0x740/0x740 [ 2253.140530] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2253.140546] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2253.165397] oom_reaper: reaped process 7975 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2253.166796] alloc_pages_current+0xec/0x1e0 [ 2253.190232] syz-executor.4: [ 2253.196062] ion_page_pool_alloc+0x11f/0x1c0 [ 2253.207777] ion_system_heap_allocate+0x138/0x910 [ 2253.212623] ? ion_alloc+0x19b/0x860 [ 2253.215184] page allocation failure: order:0 [ 2253.216332] ? rcu_read_lock_sched_held+0x110/0x130 [ 2253.216348] ? ion_system_heap_free+0x250/0x250 [ 2253.216364] ion_alloc+0x222/0x860 [ 2253.229857] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2253.230442] ? ion_dma_buf_release+0x50/0x50 [ 2253.230459] ? kasan_check_write+0x14/0x20 [ 2253.230470] ? _copy_from_user+0x99/0x110 [ 2253.230482] ion_ioctl+0x105/0x217 [ 2253.230492] ? ion_alloc.cold+0x40/0x40 [ 2253.230508] ? ion_alloc.cold+0x40/0x40 [ 2253.230521] do_vfs_ioctl+0x7ae/0x1060 [ 2253.230532] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2253.230541] ? lock_downgrade+0x740/0x740 [ 2253.230553] ? ioctl_preallocate+0x1c0/0x1c0 [ 2253.245395] 0 [ 2253.245585] ? __fget+0x237/0x370 [ 2253.258907] syz-executor.4 cpuset= [ 2253.261432] ? security_file_ioctl+0x89/0xb0 [ 2253.261448] SyS_ioctl+0x8f/0xc0 [ 2253.261457] ? do_vfs_ioctl+0x1060/0x1060 [ 2253.261471] do_syscall_64+0x1e8/0x640 [ 2253.261480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2253.261498] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2253.261507] RIP: 0033:0x45a679 [ 2253.261513] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2253.261524] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2253.261530] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2253.261535] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2253.261541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2253.261547] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2253.266122] Node 0 active_anon:1750328kB inactive_anon:776kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2253.270891] CPU: 0 PID: 7974 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2253.276770] Node 1 active_anon:2984552kB inactive_anon:20kB active_file:27268kB inactive_file:32700kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21680kB dirty:148kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2253.278301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2253.282729] Node 0 [ 2253.284388] Call Trace: [ 2253.287831] DMA free:10348kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2253.291353] dump_stack+0x142/0x197 [ 2253.291372] warn_alloc.cold+0x96/0x1af [ 2253.291383] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2253.296941] lowmem_reserve[]: [ 2253.299132] ? wait_for_completion+0x420/0x420 [ 2253.303280] 0 [ 2253.307131] __alloc_pages_slowpath+0x23c6/0x2930 [ 2253.311958] 2569 [ 2253.317132] ? warn_alloc+0xf0/0xf0 [ 2253.320305] 2569 [ 2253.327997] ? __might_sleep+0x93/0xb0 [ 2253.335354] 2569 [ 2253.342598] __alloc_pages_nodemask+0x62c/0x7a0 [ 2253.342609] ? lock_downgrade+0x740/0x740 [ 2253.342624] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2253.349870] 2569 [ 2253.357997] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2253.358013] alloc_pages_current+0xec/0x1e0 [ 2253.358028] ion_page_pool_alloc+0x11f/0x1c0 [ 2253.358041] ion_system_heap_allocate+0x138/0x910 [ 2253.392703] ? ion_alloc+0x19b/0x860 [ 2253.392717] ? rcu_read_lock_sched_held+0x110/0x130 [ 2253.392729] ? ion_system_heap_free+0x250/0x250 [ 2253.392744] ion_alloc+0x222/0x860 [ 2253.400552] Node 0 [ 2253.428306] ? ion_dma_buf_release+0x50/0x50 [ 2253.428324] ? kasan_check_write+0x14/0x20 [ 2253.428334] ? _copy_from_user+0x99/0x110 [ 2253.428345] ion_ioctl+0x105/0x217 [ 2253.428354] ? ion_alloc.cold+0x40/0x40 [ 2253.428369] ? ion_alloc.cold+0x40/0x40 [ 2253.445544] syz-executor.2: [ 2253.468279] do_vfs_ioctl+0x7ae/0x1060 [ 2253.468294] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2253.468309] ? lock_downgrade+0x740/0x740 [ 2253.471947] page allocation failure: order:4 [ 2253.475888] ? ioctl_preallocate+0x1c0/0x1c0 [ 2253.481168] DMA32 free:21808kB min:36380kB low:45472kB high:54564kB active_anon:1745884kB inactive_anon:776kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12544kB pagetables:65976kB bounce:0kB free_pcp:444kB local_pcp:732kB free_cma:0kB [ 2253.483807] ? __fget+0x237/0x370 [ 2253.488363] lowmem_reserve[]: [ 2253.490188] ? security_file_ioctl+0x89/0xb0 [ 2253.490202] SyS_ioctl+0x8f/0xc0 [ 2253.490211] ? do_vfs_ioctl+0x1060/0x1060 [ 2253.490228] do_syscall_64+0x1e8/0x640 [ 2253.490239] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2253.496222] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2253.497122] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2253.500754] 0 [ 2253.502766] RIP: 0033:0x45a679 [ 2253.506630] syz-executor.2 cpuset= [ 2253.508670] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2253.514185] 0 [ 2253.517451] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2253.517459] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2253.522487] 0 [ 2253.524500] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2253.524508] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2253.530390] syz2 [ 2253.534413] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2253.538802] mems_allowed=0-1 [ 2253.546789] syz4 [ 2253.547632] 0 [ 2253.552796] mems_allowed=0-1 [ 2253.564125] 0 [ 2253.568272] CPU: 0 PID: 7975 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2253.571819] 0 [ 2253.575817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2253.583297] Call Trace: [ 2253.583316] dump_stack+0x142/0x197 [ 2253.583331] warn_alloc.cold+0x96/0x1af [ 2253.583340] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2253.583353] ? call_timer_fn+0x670/0x670 [ 2253.583373] __alloc_pages_slowpath+0x23c6/0x2930 [ 2253.583400] ? warn_alloc+0xf0/0xf0 [ 2253.583422] ? __might_sleep+0x93/0xb0 [ 2253.583433] __alloc_pages_nodemask+0x62c/0x7a0 [ 2253.583444] ? lock_downgrade+0x740/0x740 [ 2253.583455] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2253.583471] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2253.590444] alloc_pages_current+0xec/0x1e0 [ 2253.590460] ion_page_pool_alloc+0x11f/0x1c0 [ 2253.590472] ion_system_heap_allocate+0x138/0x910 [ 2253.590481] ? ion_alloc+0x19b/0x860 [ 2253.590491] ? rcu_read_lock_sched_held+0x110/0x130 [ 2253.590503] ? ion_system_heap_free+0x250/0x250 [ 2253.612023] ion_alloc+0x222/0x860 [ 2253.640427] Node 0 [ 2253.643838] ? ion_dma_buf_release+0x50/0x50 [ 2253.646952] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2253.651352] ? kasan_check_write+0x14/0x20 [ 2253.651363] ? _copy_from_user+0x99/0x110 [ 2253.651375] ion_ioctl+0x105/0x217 [ 2253.651384] ? ion_alloc.cold+0x40/0x40 [ 2253.651398] ? ion_alloc.cold+0x40/0x40 [ 2253.651409] do_vfs_ioctl+0x7ae/0x1060 [ 2253.651420] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2253.651434] ? lock_downgrade+0x740/0x740 [ 2253.670068] lowmem_reserve[]: [ 2253.674786] ? ioctl_preallocate+0x1c0/0x1c0 [ 2253.690041] 0 [ 2253.696304] ? __fget+0x237/0x370 [ 2253.698079] 0 [ 2253.705341] ? security_file_ioctl+0x89/0xb0 [ 2253.705355] SyS_ioctl+0x8f/0xc0 [ 2253.705367] ? do_vfs_ioctl+0x1060/0x1060 [ 2253.714431] do_syscall_64+0x1e8/0x640 [ 2253.730908] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2253.741279] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2253.741288] RIP: 0033:0x45a679 [ 2253.741293] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2253.741304] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2253.741310] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2253.741314] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2253.741322] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2253.768831] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2253.771443] 0 [ 2253.782762] syz-executor.4: [ 2253.790206] CPU: 1 PID: 7983 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2253.793412] page allocation failure: order:4 [ 2253.796367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2253.796372] Call Trace: [ 2253.796387] dump_stack+0x142/0x197 [ 2253.796403] warn_alloc.cold+0x96/0x1af [ 2253.796414] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2253.800687] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2253.804959] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2253.804975] __alloc_pages_slowpath+0x23c6/0x2930 [ 2253.804995] ? save_trace+0x290/0x290 [ 2253.809363] 0 [ 2253.814123] ? warn_alloc+0xf0/0xf0 [ 2253.814144] ? __might_sleep+0x93/0xb0 [ 2253.814159] __alloc_pages_nodemask+0x62c/0x7a0 [ 2253.814171] ? lock_downgrade+0x740/0x740 [ 2253.814187] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2253.814206] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2253.820109] syz-executor.4 cpuset= [ 2253.824128] alloc_pages_current+0xec/0x1e0 [ 2253.824146] ion_page_pool_alloc+0x11f/0x1c0 [ 2253.824160] ion_system_heap_allocate+0x138/0x910 [ 2253.828853] syz4 [ 2253.833390] ? ion_system_heap_free+0x250/0x250 [ 2253.837426] mems_allowed=0-1 [ 2253.842095] ion_alloc+0x68c/0x860 [ 2253.842114] ? ion_dma_buf_release+0x50/0x50 [ 2253.842132] ? kasan_check_write+0x14/0x20 [ 2253.842144] ? _copy_from_user+0x99/0x110 [ 2253.842155] ion_ioctl+0x105/0x217 [ 2253.842165] ? ion_alloc.cold+0x40/0x40 [ 2253.842186] ? ion_alloc.cold+0x40/0x40 [ 2253.901823] do_vfs_ioctl+0x7ae/0x1060 [ 2253.918566] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2253.931292] ? lock_downgrade+0x740/0x740 [ 2253.940870] ? ioctl_preallocate+0x1c0/0x1c0 [ 2253.940885] ? __fget+0x237/0x370 [ 2253.940902] ? security_file_ioctl+0x89/0xb0 [ 2253.940916] SyS_ioctl+0x8f/0xc0 [ 2253.940925] ? do_vfs_ioctl+0x1060/0x1060 [ 2253.940938] do_syscall_64+0x1e8/0x640 [ 2253.940947] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2253.940966] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2253.953809] RIP: 0033:0x45a679 [ 2253.977213] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2253.977225] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2253.977230] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2253.977234] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2253.977241] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2253.977247] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2253.984042] 0 [ 2253.985909] CPU: 0 PID: 7975 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2253.992146] 0 [ 2253.999115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2253.999121] Call Trace: [ 2253.999140] dump_stack+0x142/0x197 [ 2253.999155] warn_alloc.cold+0x96/0x1af [ 2253.999164] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2253.999187] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2254.008343] __alloc_pages_slowpath+0x23c6/0x2930 [ 2254.008363] ? save_trace+0x290/0x290 [ 2254.008380] ? warn_alloc+0xf0/0xf0 [ 2254.012114] Node 1 [ 2254.019205] ? __might_sleep+0x93/0xb0 [ 2254.019220] __alloc_pages_nodemask+0x62c/0x7a0 [ 2254.019232] ? lock_downgrade+0x740/0x740 [ 2254.019244] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2254.023956] Normal free:283168kB min:53508kB low:66884kB high:80260kB active_anon:2984552kB inactive_anon:20kB active_file:27268kB inactive_file:32700kB unevictable:0kB writepending:148kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45664kB pagetables:100680kB bounce:0kB free_pcp:1040kB local_pcp:628kB free_cma:0kB [ 2254.033130] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2254.033149] alloc_pages_current+0xec/0x1e0 [ 2254.033164] ion_page_pool_alloc+0x11f/0x1c0 [ 2254.033174] ion_system_heap_allocate+0x138/0x910 [ 2254.033189] ? ion_system_heap_free+0x250/0x250 [ 2254.033203] ion_alloc+0x68c/0x860 [ 2254.033223] ? ion_dma_buf_release+0x50/0x50 [ 2254.036502] lowmem_reserve[]: [ 2254.039450] ? kasan_check_write+0x14/0x20 [ 2254.039462] ? _copy_from_user+0x99/0x110 [ 2254.039476] ion_ioctl+0x105/0x217 [ 2254.039488] ? ion_alloc.cold+0x40/0x40 [ 2254.043775] 0 [ 2254.048302] ? ion_alloc.cold+0x40/0x40 [ 2254.048315] do_vfs_ioctl+0x7ae/0x1060 [ 2254.048329] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2254.056228] 0 [ 2254.060956] ? lock_downgrade+0x740/0x740 [ 2254.060972] ? ioctl_preallocate+0x1c0/0x1c0 [ 2254.060985] ? __fget+0x237/0x370 [ 2254.061003] ? security_file_ioctl+0x89/0xb0 [ 2254.061014] SyS_ioctl+0x8f/0xc0 [ 2254.061026] ? do_vfs_ioctl+0x1060/0x1060 [ 2254.066148] 0 [ 2254.069683] do_syscall_64+0x1e8/0x640 [ 2254.069694] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2254.069713] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2254.072025] 0 [ 2254.075137] RIP: 0033:0x45a679 [ 2254.075144] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2254.075154] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2254.075160] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2254.075165] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2254.075170] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2254.075179] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2254.079466] 0 [ 2254.142149] Node 0 [ 2254.180740] DMA: [ 2254.185277] syz-executor.1: [ 2254.190141] 13*4kB [ 2254.197805] (UM) [ 2254.202735] page allocation failure: order:4 [ 2254.208792] 26*8kB [ 2254.222374] (UM) [ 2254.241784] warn_alloc_show_mem: 3 callbacks suppressed [ 2254.241787] Mem-Info: [ 2254.243707] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2254.255565] 17*16kB [ 2254.262349] active_anon:1183715 inactive_anon:199 isolated_anon:0 [ 2254.262349] active_file:6819 inactive_file:8182 isolated_file:0 [ 2254.262349] unevictable:0 dirty:24 writeback:0 unstable:0 [ 2254.262349] slab_reclaimable:18857 slab_unreclaimable:139139 [ 2254.262349] mapped:57659 shmem:255 pagetables:41655 bounce:0 [ 2254.262349] free:85557 free_pcp:619 free_cma:0 [ 2254.271990] 0 [ 2254.278893] (UME) [ 2254.287256] 2*32kB [ 2254.292164] syz-executor.1 cpuset= [ 2254.302670] Node 0 active_anon:1750300kB inactive_anon:776kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:20kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2254.306963] (U) [ 2254.310758] syz1 [ 2254.319213] Node 1 active_anon:2984560kB inactive_anon:20kB active_file:27268kB inactive_file:32712kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21716kB dirty:76kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2254.326858] 1*64kB [ 2254.354860] mems_allowed=0-1 [ 2254.373035] Node 0 [ 2254.373807] CPU: 0 PID: 7974 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2254.383090] DMA free:10388kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2254.385987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2254.385992] Call Trace: [ 2254.386008] dump_stack+0x142/0x197 [ 2254.386024] warn_alloc.cold+0x96/0x1af [ 2254.394313] lowmem_reserve[]: [ 2254.397480] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2254.397499] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2254.430344] 0 [ 2254.433484] __alloc_pages_slowpath+0x23c6/0x2930 [ 2254.437865] 2569 [ 2254.441224] ? save_trace+0x290/0x290 [ 2254.441240] ? warn_alloc+0xf0/0xf0 [ 2254.441262] ? __might_sleep+0x93/0xb0 [ 2254.470092] (E) [ 2254.473732] __alloc_pages_nodemask+0x62c/0x7a0 [ 2254.481465] 2569 [ 2254.488716] ? lock_downgrade+0x740/0x740 [ 2254.510069] 4*128kB [ 2254.510502] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2254.512283] (UME) [ 2254.514514] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2254.516547] 2*256kB [ 2254.519563] alloc_pages_current+0xec/0x1e0 [ 2254.521826] 2569 [ 2254.523841] ion_page_pool_alloc+0x11f/0x1c0 [ 2254.528223] 2569 [ 2254.530448] ion_system_heap_allocate+0x138/0x910 [ 2254.530462] ? ion_system_heap_free+0x250/0x250 [ 2254.530481] ion_alloc+0x68c/0x860 [ 2254.539547] (UE) [ 2254.540292] ? ion_dma_buf_release+0x50/0x50 [ 2254.540310] ? kasan_check_write+0x14/0x20 [ 2254.540321] ? _copy_from_user+0x99/0x110 [ 2254.540333] ion_ioctl+0x105/0x217 [ 2254.547624] 3*512kB [ 2254.549741] ? ion_alloc.cold+0x40/0x40 [ 2254.589481] ? ion_alloc.cold+0x40/0x40 [ 2254.596100] Node 0 [ 2254.620487] do_vfs_ioctl+0x7ae/0x1060 [ 2254.620502] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2254.620511] ? lock_downgrade+0x740/0x740 [ 2254.620523] ? ioctl_preallocate+0x1c0/0x1c0 [ 2254.649024] (UME) [ 2254.652119] ? __fget+0x237/0x370 [ 2254.652138] ? security_file_ioctl+0x89/0xb0 [ 2254.654357] 3*1024kB [ 2254.657453] SyS_ioctl+0x8f/0xc0 [ 2254.659660] (UME) [ 2254.667438] ? do_vfs_ioctl+0x1060/0x1060 [ 2254.667452] do_syscall_64+0x1e8/0x640 [ 2254.667461] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2254.667479] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2254.667489] RIP: 0033:0x45a679 [ 2254.696102] DMA32 free:18152kB min:36380kB low:45472kB high:54564kB active_anon:1745856kB inactive_anon:776kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:20kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12544kB pagetables:65976kB bounce:0kB free_pcp:976kB local_pcp:236kB free_cma:0kB [ 2254.702603] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2254.702614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2254.702619] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2254.702624] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2254.702630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2254.702635] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2254.720420] lowmem_reserve[]: [ 2254.742642] 0 [ 2254.746606] 0 0 0 0 [ 2254.746625] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2254.746645] lowmem_reserve[]: 0 0 0 0 0 [ 2254.765159] syz-executor.4 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2254.769249] 0 [ 2254.788165] Node 1 Normal free:282888kB min:53508kB low:66884kB high:80260kB active_anon:2984460kB inactive_anon:20kB active_file:27268kB inactive_file:32712kB unevictable:0kB writepending:176kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45536kB pagetables:100488kB bounce:0kB free_pcp:884kB local_pcp:604kB free_cma:0kB [ 2254.788190] lowmem_reserve[]: [ 2254.804266] , order=0, oom_score_adj=1000 [ 2254.818649] 2*2048kB [ 2254.824518] 0 [ 2254.832521] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2254.832547] CPU: 1 PID: 7975 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2254.832553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2254.832557] Call Trace: [ 2254.832571] dump_stack+0x142/0x197 [ 2254.832588] dump_header+0x177/0x6cd [ 2254.832600] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2254.832611] ? ___ratelimit+0x55/0x537 [ 2254.832625] oom_kill_process.cold+0x10/0xadd [ 2254.832635] ? rcu_read_unlock_special+0x895/0xd40 [ 2254.832652] ? lock_downgrade+0x740/0x740 [ 2254.843521] out_of_memory+0x2ee/0x1180 [ 2254.843531] ? lock_acquire+0x16f/0x430 [ 2254.843547] ? oom_killer_disable+0x1d0/0x1d0 [ 2254.843557] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2254.843570] __alloc_pages_slowpath+0x2251/0x2930 [ 2254.843596] ? warn_alloc+0xf0/0xf0 [ 2254.843617] ? __might_sleep+0x93/0xb0 [ 2254.843630] __alloc_pages_nodemask+0x62c/0x7a0 [ 2254.843642] ? lock_downgrade+0x740/0x740 [ 2254.857837] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2254.864681] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2254.864699] alloc_pages_current+0xec/0x1e0 [ 2254.870206] ion_page_pool_alloc+0x11f/0x1c0 [ 2254.870218] ion_system_heap_allocate+0x138/0x910 [ 2254.870232] ? ion_system_heap_free+0x250/0x250 [ 2254.870246] ion_alloc+0x68c/0x860 [ 2254.870262] ? ion_dma_buf_release+0x50/0x50 [ 2254.870278] ? kasan_check_write+0x14/0x20 [ 2254.870290] ? _copy_from_user+0x99/0x110 [ 2254.870302] ion_ioctl+0x105/0x217 [ 2254.870313] ? ion_alloc.cold+0x40/0x40 [ 2254.870329] ? ion_alloc.cold+0x40/0x40 [ 2254.870340] do_vfs_ioctl+0x7ae/0x1060 [ 2254.870353] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2254.883213] ? lock_downgrade+0x740/0x740 [ 2254.883229] ? ioctl_preallocate+0x1c0/0x1c0 [ 2254.883241] ? __fget+0x237/0x370 [ 2254.883260] ? security_file_ioctl+0x89/0xb0 [ 2254.883272] SyS_ioctl+0x8f/0xc0 [ 2254.883282] ? do_vfs_ioctl+0x1060/0x1060 [ 2254.883294] do_syscall_64+0x1e8/0x640 [ 2254.883302] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2254.883320] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2254.891681] RIP: 0033:0x45a679 [ 2254.891687] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2254.891697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2254.891703] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2254.891709] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2254.891714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2254.891720] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2254.892003] (UE) [ 2254.928145] 0 [ 2254.942855] 0 0 0 [ 2254.942870] Node 0 DMA: [ 2254.957482] 0*4096kB [ 2254.967936] 8*4kB [ 2254.972093] (UM) 26*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB [ 2255.012039] = 10388kB [ 2255.044720] Mem-Info: [ 2255.053943] active_anon:1183707 inactive_anon:199 isolated_anon:0 [ 2255.053943] active_file:6822 inactive_file:8200 isolated_file:0 [ 2255.053943] unevictable:0 dirty:62 writeback:0 unstable:0 [ 2255.053943] slab_reclaimable:18857 slab_unreclaimable:139110 [ 2255.053943] mapped:57646 shmem:255 pagetables:41630 bounce:0 [ 2255.053943] free:78034 free_pcp:244 free_cma:0 [ 2255.053961] Node 0 active_anon:1750312kB inactive_anon:776kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:48kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2255.061168] Node 0 DMA32: 3262*4kB (UME) 236*8kB (UME) 123*16kB (UM) 17*32kB (UM) 5*64kB (U) 3*128kB (U) [ 2255.078584] Node 0 [ 2255.084688] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2255.093619] (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2255.093662] Node 0 DMA32: 3262*4kB (UME) 236*8kB (UME) 123*16kB (UM) 17*32kB (UM) 5*64kB (U) 3*128kB (U) [ 2255.107221] lowmem_reserve[]: [ 2255.115499] 0*256kB 0*512kB [ 2255.129131] 0*256kB 0*512kB [ 2255.137865] 0 [ 2255.146844] 0*1024kB [ 2255.156061] 0*1024kB [ 2255.166158] 2569 [ 2255.175437] 0*2048kB [ 2255.188118] 2569 [ 2255.196661] 0*2048kB [ 2255.204177] 0*4096kB [ 2255.212289] 2569 2569 [ 2255.212305] Node 0 DMA32 free:18152kB min:36380kB low:45472kB high:54564kB active_anon:1745868kB inactive_anon:776kB active_file:20kB inactive_file:36kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12544kB pagetables:65976kB bounce:0kB free_pcp:976kB local_pcp:240kB free_cma:0kB [ 2255.221437] 0*4096kB = 18152kB [ 2255.221447] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB [ 2255.233954] = 18152kB [ 2255.245368] lowmem_reserve[]: [ 2255.252645] warn_alloc_show_mem: 1 callbacks suppressed [ 2255.252648] Mem-Info: [ 2255.255475] 0*512kB [ 2255.258964] active_anon:1183691 inactive_anon:199 isolated_anon:0 [ 2255.258964] active_file:6822 inactive_file:8204 isolated_file:0 [ 2255.258964] unevictable:0 dirty:37 writeback:0 unstable:0 [ 2255.258964] slab_reclaimable:18858 slab_unreclaimable:139131 [ 2255.258964] mapped:57646 shmem:255 pagetables:41629 bounce:0 [ 2255.258964] free:78016 free_pcp:470 free_cma:0 [ 2255.266422] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2255.266479] Node 1 Normal: 5354*4kB (UME) 1909*8kB (UMEH) [ 2255.281317] 0 [ 2255.295902] 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2255.295923] Node 1 [ 2255.309041] Node 0 active_anon:1750312kB inactive_anon:776kB active_file:20kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:16kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2255.309272] 1929*16kB [ 2255.312037] Node 1 active_anon:2984452kB inactive_anon:20kB active_file:27268kB inactive_file:32780kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21664kB dirty:132kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2255.314386] (UMEH) [ 2255.316542] Node 0 [ 2255.323642] Normal: 5354*4kB (UME) 1908*8kB (UMEH) 1929*16kB (UMEH) 1779*32kB (UMEH) 710*64kB (UMEH) 82*128kB (MEH) 37*256kB (MEH) 101*512kB (ME) 31*1024kB (UMH) 5*2048kB (M) 0*4096kB = 283576kB [ 2255.323742] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2255.323748] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2255.323757] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2255.332094] 0 [ 2255.362480] 1779*32kB [ 2255.400307] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2255.400314] 15133 total pagecache pages [ 2255.400324] 0 pages in swap cache [ 2255.428764] (UMEH) 710*64kB (UMEH) 82*128kB (MEH) 37*256kB (MEH) 101*512kB (ME) 31*1024kB (UMH) 5*2048kB (M) 0*4096kB [ 2255.442414] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2255.447224] = 283584kB [ 2255.451816] lowmem_reserve[]: [ 2255.453457] Swap cache stats: add 0, delete 0, find 0/0 [ 2255.456448] 0 [ 2255.458264] Free swap = 0kB [ 2255.464220] 2569 [ 2255.465450] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2255.467834] 2569 [ 2255.470074] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2255.470082] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2255.470089] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2255.470099] 15133 total pagecache pages [ 2255.475009] 2569 [ 2255.477404] 0 pages in swap cache [ 2255.517469] Total swap = 0kB [ 2255.523198] 1965979 pages RAM [ 2255.523203] 0 pages HighMem/MovableOnly [ 2255.523206] 335854 pages reserved [ 2255.523210] 0 pages cma reserved [ 2255.526679] Swap cache stats: add 0, delete 0, find 0/0 [ 2255.571588] Free swap = 0kB [ 2255.583367] 2569 [ 2255.584179] syz-executor.2: [ 2255.585829] Node 0 [ 2255.590502] page allocation failure: order:0 [ 2255.594603] DMA32 free:18120kB min:36380kB low:45472kB high:54564kB active_anon:1745868kB inactive_anon:776kB active_file:20kB inactive_file:36kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12544kB pagetables:65976kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 2255.620562] Total swap = 0kB [ 2255.620572] 1965979 pages RAM [ 2255.620576] 0 pages HighMem/MovableOnly [ 2255.620580] 335854 pages reserved [ 2255.620584] 0 pages cma reserved [ 2255.632209] syz-executor.5: [ 2255.658378] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2255.682382] 0 [ 2255.691130] lowmem_reserve[]: [ 2255.699766] page allocation failure: order:4 [ 2255.708731] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2255.713055] 0 [ 2255.716840] 0 [ 2255.716847] syz-executor.5 cpuset= [ 2255.725212] 0 [ 2255.731299] 0 [ 2255.768553] 0 [ 2255.773416] syz-executor.2 cpuset= [ 2255.784719] syz5 mems_allowed=0-1 [ 2255.784739] CPU: 1 PID: 8007 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2255.784745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2255.784749] Call Trace: [ 2255.784763] dump_stack+0x142/0x197 [ 2255.784779] warn_alloc.cold+0x96/0x1af [ 2255.784790] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2255.795436] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2255.808340] 0 [ 2255.813462] __alloc_pages_slowpath+0x23c6/0x2930 [ 2255.813483] ? save_trace+0x290/0x290 [ 2255.813498] ? warn_alloc+0xf0/0xf0 [ 2255.813518] ? __might_sleep+0x93/0xb0 [ 2255.813536] __alloc_pages_nodemask+0x62c/0x7a0 [ 2255.813545] ? lock_downgrade+0x740/0x740 [ 2255.813555] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2255.813570] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2255.813586] alloc_pages_current+0xec/0x1e0 [ 2255.813601] ion_page_pool_alloc+0x11f/0x1c0 [ 2255.813612] ion_system_heap_allocate+0x138/0x910 [ 2255.813626] ? ion_system_heap_free+0x250/0x250 [ 2255.813642] ion_alloc+0x68c/0x860 [ 2255.813658] ? ion_dma_buf_release+0x50/0x50 [ 2255.813673] ? kasan_check_write+0x14/0x20 [ 2255.813687] ? _copy_from_user+0x99/0x110 [ 2255.823448] ion_ioctl+0x105/0x217 [ 2255.823459] ? ion_alloc.cold+0x40/0x40 [ 2255.823474] ? ion_alloc.cold+0x40/0x40 [ 2255.823486] do_vfs_ioctl+0x7ae/0x1060 [ 2255.823498] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2255.823508] ? lock_downgrade+0x740/0x740 [ 2255.823519] ? ioctl_preallocate+0x1c0/0x1c0 [ 2255.823538] ? __fget+0x237/0x370 [ 2255.823555] ? security_file_ioctl+0x89/0xb0 [ 2255.829714] 0 [ 2255.829829] SyS_ioctl+0x8f/0xc0 [ 2255.837589] ? do_vfs_ioctl+0x1060/0x1060 [ 2255.844231] 0 [ 2255.846307] do_syscall_64+0x1e8/0x640 [ 2255.846317] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2255.846333] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2255.846341] RIP: 0033:0x45a679 [ 2255.846346] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2255.846355] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2255.846360] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2255.846366] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2255.846371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2255.846377] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2255.848322] syz2 [ 2255.854587] mems_allowed=0-1 [ 2255.856768] Node 0 [ 2255.861322] 0 [ 2255.861330] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2255.861352] lowmem_reserve[]: 0 0 0 0 0 [ 2255.861377] Node 0 DMA: 12*4kB (UM) 29*8kB (UM) 17*16kB [ 2255.896203] CPU: 1 PID: 7983 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2255.903985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2255.910369] Call Trace: [ 2255.910384] dump_stack+0x142/0x197 [ 2255.910398] warn_alloc.cold+0x96/0x1af [ 2255.910406] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2255.910419] ? call_timer_fn+0x670/0x670 [ 2255.910438] __alloc_pages_slowpath+0x23c6/0x2930 [ 2255.910463] ? warn_alloc+0xf0/0xf0 [ 2255.910487] ? __might_sleep+0x93/0xb0 [ 2255.910500] __alloc_pages_nodemask+0x62c/0x7a0 [ 2255.910512] ? lock_downgrade+0x740/0x740 [ 2255.910522] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2255.910539] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2255.910556] alloc_pages_current+0xec/0x1e0 [ 2255.927397] ion_page_pool_alloc+0x11f/0x1c0 [ 2255.943907] ion_system_heap_allocate+0x138/0x910 [ 2255.947433] ? ion_system_heap_free+0x250/0x250 [ 2255.954690] ion_alloc+0x68c/0x860 [ 2255.966039] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2255.972372] ? ion_dma_buf_release+0x50/0x50 [ 2255.972390] ? kasan_check_write+0x14/0x20 [ 2255.972401] ? _copy_from_user+0x99/0x110 [ 2255.972411] ion_ioctl+0x105/0x217 [ 2255.972421] ? ion_alloc.cold+0x40/0x40 [ 2255.972436] ? ion_alloc.cold+0x40/0x40 [ 2255.972446] do_vfs_ioctl+0x7ae/0x1060 [ 2255.972459] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2255.972469] ? lock_downgrade+0x740/0x740 [ 2255.972479] ? ioctl_preallocate+0x1c0/0x1c0 [ 2255.972498] ? __fget+0x237/0x370 [ 2255.991729] lowmem_reserve[]: [ 2255.993676] ? security_file_ioctl+0x89/0xb0 [ 2255.995469] 0 0 [ 2256.000472] SyS_ioctl+0x8f/0xc0 [ 2256.000483] ? do_vfs_ioctl+0x1060/0x1060 [ 2256.000496] do_syscall_64+0x1e8/0x640 [ 2256.000504] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2256.000522] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2256.000530] RIP: 0033:0x45a679 [ 2256.000535] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2256.000545] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2256.000551] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2256.000555] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2256.000561] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2256.000567] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2256.004256] (UME) [ 2256.008358] 2*32kB (U) [ 2256.019173] 0 [ 2256.027300] 1*64kB [ 2256.027414] 0 [ 2256.033367] (E) [ 2256.037652] syz-executor.5: [ 2256.047246] 4*128kB [ 2256.052743] (UME) [ 2256.066402] 2*256kB [ 2256.070177] 0 [ 2256.073434] page allocation failure: order:0 [ 2256.086884] (UE) [ 2256.095104] 3*512kB [ 2256.110015] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2256.110863] Node 1 [ 2256.114177] 0 [ 2256.118586] Normal free:283832kB min:53508kB low:66884kB high:80260kB active_anon:2984456kB inactive_anon:20kB active_file:27268kB inactive_file:32980kB unevictable:0kB writepending:204kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45504kB pagetables:100532kB bounce:0kB free_pcp:304kB local_pcp:188kB free_cma:0kB [ 2256.125968] (UME) [ 2256.135399] syz-executor.5 cpuset= [ 2256.151523] 3*1024kB [ 2256.153767] lowmem_reserve[]: [ 2256.166352] syz5 [ 2256.168785] 0 [ 2256.176624] (UME) [ 2256.192302] mems_allowed=0-1 [ 2256.192333] CPU: 1 PID: 8007 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2256.192341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2256.220589] Call Trace: [ 2256.220613] dump_stack+0x142/0x197 [ 2256.220627] warn_alloc.cold+0x96/0x1af [ 2256.220637] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2256.220649] ? call_timer_fn+0x670/0x670 [ 2256.220668] __alloc_pages_slowpath+0x23c6/0x2930 [ 2256.220692] ? warn_alloc+0xf0/0xf0 [ 2256.220712] ? __might_sleep+0x93/0xb0 [ 2256.220725] __alloc_pages_nodemask+0x62c/0x7a0 [ 2256.220736] ? lock_downgrade+0x740/0x740 [ 2256.220747] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2256.220764] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2256.220779] alloc_pages_current+0xec/0x1e0 [ 2256.220794] ion_page_pool_alloc+0x11f/0x1c0 [ 2256.225491] 0 [ 2256.230438] ion_system_heap_allocate+0x138/0x910 [ 2256.230453] ? ion_system_heap_free+0x250/0x250 [ 2256.230467] ion_alloc+0x68c/0x860 [ 2256.230482] ? ion_dma_buf_release+0x50/0x50 [ 2256.230498] ? kasan_check_write+0x14/0x20 [ 2256.230511] ? _copy_from_user+0x99/0x110 [ 2256.238523] 0 [ 2256.248519] ion_ioctl+0x105/0x217 [ 2256.248531] ? ion_alloc.cold+0x40/0x40 [ 2256.248545] ? ion_alloc.cold+0x40/0x40 [ 2256.248557] do_vfs_ioctl+0x7ae/0x1060 [ 2256.248569] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2256.248579] ? lock_downgrade+0x740/0x740 [ 2256.248590] ? ioctl_preallocate+0x1c0/0x1c0 [ 2256.248602] ? __fget+0x237/0x370 [ 2256.248619] ? security_file_ioctl+0x89/0xb0 [ 2256.255105] SyS_ioctl+0x8f/0xc0 [ 2256.260208] 0 [ 2256.264271] ? do_vfs_ioctl+0x1060/0x1060 [ 2256.268361] 0 [ 2256.273218] do_syscall_64+0x1e8/0x640 [ 2256.273229] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2256.273245] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2256.273253] RIP: 0033:0x45a679 [ 2256.273258] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2256.273268] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2256.273273] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2256.273279] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2256.273283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2256.273288] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2256.279257] 2*2048kB [ 2256.285843] (UE) 0*4096kB [ 2256.300051] = 10408kB [ 2256.305287] Node 0 [ 2256.309704] Node 0 [ 2256.322678] DMA32: [ 2256.353850] 3330*4kB [ 2256.357970] DMA: [ 2256.366312] (UME) [ 2256.369127] 4*4kB [ 2256.373725] 239*8kB [ 2256.387049] warn_alloc_show_mem: 2 callbacks suppressed [ 2256.387053] Mem-Info: [ 2256.390773] (UM) [ 2256.394627] (UME) [ 2256.398079] 28*8kB (UM) [ 2256.407526] active_anon:1183577 inactive_anon:199 isolated_anon:0 [ 2256.407526] active_file:6821 inactive_file:8250 isolated_file:0 [ 2256.407526] unevictable:0 dirty:55 writeback:0 unstable:0 [ 2256.407526] slab_reclaimable:18858 slab_unreclaimable:139177 [ 2256.407526] mapped:57677 shmem:255 pagetables:41629 bounce:0 [ 2256.407526] free:78289 free_pcp:377 free_cma:0 [ 2256.412503] Node 0 active_anon:1749852kB inactive_anon:776kB active_file:16kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:16kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2256.426883] 125*16kB [ 2256.427071] 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB [ 2256.430794] (UM) [ 2256.438941] (UME) [ 2256.451712] Node 1 active_anon:2984456kB inactive_anon:20kB active_file:27268kB inactive_file:32980kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21788kB dirty:204kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2256.467221] Node 0 [ 2256.469845] 2*2048kB [ 2256.477852] 22*32kB [ 2256.487435] (UM) [ 2256.490650] 11*64kB [ 2256.496587] (U) [ 2256.506760] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2256.508338] (UE) [ 2256.510657] lowmem_reserve[]: [ 2256.512871] 0*4096kB [ 2256.525682] 1*128kB [ 2256.577600] 0 [ 2256.586656] 2569 [ 2256.636624] = 10368kB [ 2256.684922] (U) [ 2256.694331] Node 0 [ 2256.706311] 1*256kB [ 2256.724360] DMA32: [ 2256.728864] 2569 [ 2256.737218] 3330*4kB [ 2256.738529] 2569 [ 2256.740982] (UME) [ 2256.744250] 2569 [ 2256.749328] 239*8kB [ 2256.755267] (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19024kB [ 2256.755294] Node 0 Normal: 0*4kB [ 2256.763706] (UMEH) [ 2256.767123] 0*8kB [ 2256.775750] 125*16kB [ 2256.782434] Node 0 DMA32 free:18956kB min:36380kB low:45472kB high:54564kB active_anon:1745408kB inactive_anon:776kB active_file:16kB inactive_file:20kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12544kB pagetables:65976kB bounce:0kB free_pcp:1224kB local_pcp:660kB free_cma:0kB [ 2256.782456] lowmem_reserve[]: 0 0 0 0 [ 2256.797108] (UMH) [ 2256.797973] 0 [ 2256.805531] 21*32kB [ 2256.807923] 0*16kB [ 2256.815889] (UM) [ 2256.818332] 0*32kB [ 2256.820670] 11*64kB [ 2256.822880] 0*64kB [ 2256.825117] (UH) [ 2256.827275] 0*128kB [ 2256.829420] 1*128kB [ 2256.831999] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2256.832021] lowmem_reserve[]: [ 2256.843210] (H) [ 2256.844456] 0*256kB [ 2256.847306] 1*256kB [ 2256.882872] 0 0 0 0 0 [ 2256.882894] Node 1 Normal free:282628kB min:53508kB low:66884kB high:80260kB active_anon:2984356kB inactive_anon:20kB active_file:27268kB inactive_file:32980kB unevictable:0kB writepending:204kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45472kB pagetables:100532kB bounce:0kB free_pcp:892kB local_pcp:440kB free_cma:0kB [ 2256.882919] lowmem_reserve[]: 0 0 0 0 0 [ 2256.882940] Node 0 DMA: 4*4kB (UM) 28*8kB (UM) 17*16kB (UME) [ 2256.917730] (H) [ 2256.924171] 2*32kB [ 2256.926445] 0*512kB [ 2256.928423] (U) [ 2256.962786] 0*1024kB [ 2256.964987] 0*512kB [ 2256.969390] 0*1024kB [ 2256.999298] 1*64kB [ 2257.006275] 0*2048kB [ 2257.007231] (E) [ 2257.009553] 0*4096kB [ 2257.011728] 4*128kB [ 2257.014397] = 18992kB [ 2257.016555] (UME) [ 2257.018523] Node 0 [ 2257.020957] 2*256kB [ 2257.028110] Normal: [ 2257.029905] (UE) [ 2257.032406] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2257.032452] Node 1 Normal: 5321*4kB (UME) 1794*8kB (UMEH) 1930*16kB (UMEH) 1780*32kB (UMEH) [ 2257.035423] 0*2048kB [ 2257.037178] 710*64kB [ 2257.039048] 0*4096kB [ 2257.047057] (UMEH) [ 2257.047672] 3*512kB [ 2257.053257] (UME) [ 2257.058047] 3*1024kB [ 2257.092519] 82*128kB [ 2257.094231] = 0kB [ 2257.095967] (MEH) [ 2257.097990] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2257.101982] 37*256kB [ 2257.102756] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2257.105218] (MEH) [ 2257.107467] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2257.109824] 101*512kB [ 2257.112172] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2257.120964] (ME) [ 2257.143647] (UME) 2*2048kB [ 2257.153975] 15184 total pagecache pages [ 2257.156846] 31*1024kB [ 2257.187011] (UE) [ 2257.199123] 0*4096kB [ 2257.203901] = 10368kB [ 2257.208224] Node 0 [ 2257.218273] DMA32: [ 2257.222862] 3330*4kB [ 2257.227796] (UME) 239*8kB [ 2257.234911] 0 pages in swap cache [ 2257.239371] Swap cache stats: add 0, delete 0, find 0/0 [ 2257.249200] (UMH) [ 2257.258094] (UMEH) [ 2257.265524] 125*16kB [ 2257.270653] (UMH) [ 2257.275110] 21*32kB (UM) [ 2257.279565] 11*64kB (UH) [ 2257.286401] 5*2048kB [ 2257.290950] Free swap = 0kB [ 2257.293585] (M) [ 2257.302006] Total swap = 0kB [ 2257.313046] 1*128kB (H) 1*256kB (H) 0*512kB 0*1024kB [ 2257.324837] 1965979 pages RAM [ 2257.332307] 0*4096kB [ 2257.333891] 0*2048kB [ 2257.336434] = 282580kB [ 2257.338298] 0*4096kB 20:58:07 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:07 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r3, &(0x7f0000000380)=""/87, 0x192) getdents64(r3, &(0x7f0000000080)=""/167, 0xa7) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:07 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r3, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2257.343178] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2257.343571] = 18992kB [ 2257.345853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2257.347901] Node 0 Normal: [ 2257.356053] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2257.357386] 0 pages HighMem/MovableOnly [ 2257.367123] 335854 pages reserved [ 2257.367127] 0 pages cma reserved [ 2257.367134] Out of memory: Kill process 10164 (syz-executor.0) score 1009 or sacrifice child [ 2257.367180] Killed process 10164 (syz-executor.0) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB [ 2257.372281] 0*4kB [ 2257.377372] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2257.377562] 0*8kB [ 2257.382469] 15184 total pagecache pages [ 2257.400261] syz-executor.4: [ 2257.406649] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2257.441252] 0*16kB [ 2257.463168] 0*32kB [ 2257.493513] 0 [ 2257.508241] 0 pages in swap cache [ 2257.510912] 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2257.514362] Swap cache stats: add 0, delete 0, find 0/0 [ 2257.519508] Node 1 [ 2257.531621] syz-executor.4 cpuset= [ 2257.534192] Normal: [ 2257.537965] syz4 [ 2257.541760] mems_allowed=0-1 [ 2257.543712] Free swap = 0kB [ 2257.546963] 5258*4kB (UM) 1978*8kB (UMEH) 1953*16kB (UMEH) 1777*32kB (UMEH) 711*64kB [ 2257.556174] (UMEH) [ 2257.560967] syz-executor.2: [ 2257.561483] CPU: 1 PID: 7975 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2257.564050] Total swap = 0kB [ 2257.566808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2257.566813] Call Trace: [ 2257.566831] dump_stack+0x142/0x197 [ 2257.566848] warn_alloc.cold+0x96/0x1af [ 2257.576886] page allocation failure: order:4 [ 2257.578489] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2257.578512] ? wait_for_completion+0x420/0x420 [ 2257.578529] __alloc_pages_slowpath+0x23c6/0x2930 [ 2257.591038] ? warn_alloc+0xf0/0xf0 [ 2257.591061] ? __might_sleep+0x93/0xb0 [ 2257.591074] __alloc_pages_nodemask+0x62c/0x7a0 [ 2257.591085] ? lock_downgrade+0x740/0x740 [ 2257.591095] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2257.591115] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2257.595534] 1965979 pages RAM [ 2257.598940] alloc_pages_current+0xec/0x1e0 [ 2257.598960] ion_page_pool_alloc+0x11f/0x1c0 [ 2257.598973] ion_system_heap_allocate+0x138/0x910 [ 2257.608546] ? ion_system_heap_free+0x250/0x250 [ 2257.608565] ion_alloc+0x68c/0x860 [ 2257.608580] ? ion_dma_buf_release+0x50/0x50 [ 2257.614090] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2257.618423] ? kasan_check_write+0x14/0x20 [ 2257.618436] ? _copy_from_user+0x99/0x110 [ 2257.618451] ion_ioctl+0x105/0x217 [ 2257.618463] ? ion_alloc.cold+0x40/0x40 [ 2257.623380] 0 pages HighMem/MovableOnly [ 2257.627317] ? ion_alloc.cold+0x40/0x40 [ 2257.627331] do_vfs_ioctl+0x7ae/0x1060 [ 2257.627346] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2257.627355] ? lock_downgrade+0x740/0x740 [ 2257.627368] ? ioctl_preallocate+0x1c0/0x1c0 [ 2257.636707] ? __fget+0x237/0x370 [ 2257.636727] ? security_file_ioctl+0x89/0xb0 [ 2257.636744] SyS_ioctl+0x8f/0xc0 [ 2257.642272] 0 [ 2257.647685] ? do_vfs_ioctl+0x1060/0x1060 [ 2257.647700] do_syscall_64+0x1e8/0x640 [ 2257.647710] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2257.647730] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2257.647741] RIP: 0033:0x45a679 [ 2257.651683] 335854 pages reserved [ 2257.655180] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2257.655192] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2257.655198] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2257.655204] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2257.655210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2257.655217] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2257.666279] 82*128kB [ 2257.691771] (MEH) [ 2257.696270] syz-executor.2 cpuset= [ 2257.709821] 37*256kB [ 2257.712285] 0 pages cma reserved [ 2257.718238] (MEH) [ 2257.721931] syz2 [ 2257.729042] 101*512kB [ 2257.734039] (ME) [ 2257.747404] 31*1024kB [ 2257.751937] (UMH) [ 2257.762659] 5*2048kB [ 2257.766905] mems_allowed=0-1 [ 2257.769607] (M) [ 2257.796531] 0*4096kB [ 2257.808026] CPU: 0 PID: 8043 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2257.829542] = 284136kB [ 2257.829562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2257.831991] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2257.833689] Call Trace: [ 2257.833709] dump_stack+0x142/0x197 [ 2257.833733] warn_alloc.cold+0x96/0x1af [ 2257.833746] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2257.836553] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2257.838570] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2257.838594] __alloc_pages_slowpath+0x23c6/0x2930 [ 2257.841348] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2257.843267] ? save_trace+0x290/0x290 [ 2257.843296] ? warn_alloc+0xf0/0xf0 [ 2257.845864] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2257.848822] ? __might_sleep+0x93/0xb0 [ 2257.848843] __alloc_pages_nodemask+0x62c/0x7a0 [ 2257.851218] Mem-Info: [ 2257.853432] ? lock_downgrade+0x740/0x740 [ 2257.853450] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2257.853476] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2257.853499] alloc_pages_current+0xec/0x1e0 [ 2257.861751] 15184 total pagecache pages [ 2257.864034] ion_page_pool_alloc+0x11f/0x1c0 [ 2257.864052] ion_system_heap_allocate+0x138/0x910 [ 2257.864063] ? ion_alloc+0x19b/0x860 [ 2257.864076] ? rcu_read_lock_sched_held+0x110/0x130 [ 2257.873888] active_anon:1179522 inactive_anon:199 isolated_anon:0 [ 2257.873888] active_file:6819 inactive_file:8261 isolated_file:0 [ 2257.873888] unevictable:0 dirty:71 writeback:0 unstable:0 [ 2257.873888] slab_reclaimable:18858 slab_unreclaimable:139135 [ 2257.873888] mapped:57677 shmem:255 pagetables:41639 bounce:0 [ 2257.873888] free:79851 free_pcp:424 free_cma:0 [ 2257.882782] ? ion_system_heap_free+0x250/0x250 [ 2257.882807] ion_alloc+0x222/0x860 [ 2257.882836] ? ion_dma_buf_release+0x50/0x50 [ 2257.882860] ? kasan_check_write+0x14/0x20 [ 2257.882875] ? _copy_from_user+0x99/0x110 [ 2257.885817] 0 pages in swap cache [ 2257.889387] ion_ioctl+0x105/0x217 [ 2257.889404] ? ion_alloc.cold+0x40/0x40 [ 2257.889432] ? ion_alloc.cold+0x40/0x40 [ 2257.889446] do_vfs_ioctl+0x7ae/0x1060 [ 2257.889467] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2257.894360] Node 0 active_anon:1733364kB inactive_anon:776kB active_file:8kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:16kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2257.898964] ? lock_downgrade+0x740/0x740 [ 2257.898987] ? ioctl_preallocate+0x1c0/0x1c0 [ 2257.899007] ? __fget+0x237/0x370 [ 2257.899034] ? security_file_ioctl+0x89/0xb0 [ 2257.908025] Swap cache stats: add 0, delete 0, find 0/0 [ 2257.913086] SyS_ioctl+0x8f/0xc0 [ 2257.913101] ? do_vfs_ioctl+0x1060/0x1060 [ 2257.913123] do_syscall_64+0x1e8/0x640 [ 2257.913134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2257.913158] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2257.918288] Free swap = 0kB [ 2257.926993] RIP: 0033:0x45a679 [ 2257.927000] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2257.927015] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2257.927024] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2257.927033] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2257.927041] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2257.927049] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2257.961182] Node 1 active_anon:2984724kB inactive_anon:20kB active_file:27268kB inactive_file:33016kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21788kB dirty:368kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2257.995172] Total swap = 0kB [ 2258.034667] Node 0 [ 2258.108999] 1965979 pages RAM [ 2258.125970] 0 pages HighMem/MovableOnly [ 2258.139501] 335854 pages reserved [ 2258.139506] 0 pages cma reserved [ 2258.141286] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2258.144101] syz-executor.1: [ 2258.148504] lowmem_reserve[]: 0 2569 [ 2258.159949] page allocation failure: order:0 [ 2258.160516] 2569 [ 2258.175850] 2569 2569 [ 2258.175863] Node 0 DMA32 free:18204kB min:36380kB low:45472kB high:54564kB active_anon:1728880kB inactive_anon:772kB active_file:12kB inactive_file:24kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65740kB bounce:0kB free_pcp:1328kB local_pcp:728kB free_cma:0kB [ 2258.175886] lowmem_reserve[]: 0 0 0 0 0 [ 2258.175910] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2258.175928] lowmem_reserve[]: 0 0 [ 2258.190120] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2258.191036] 0 [ 2258.208670] 0 [ 2258.210141] 0 [ 2258.248687] 0 [ 2258.275004] syz-executor.1 cpuset= [ 2258.323353] Node 1 [ 2258.343863] Normal free:284132kB min:53508kB low:66884kB high:80260kB active_anon:2984496kB inactive_anon:24kB active_file:27268kB inactive_file:33096kB unevictable:0kB writepending:476kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45568kB pagetables:100592kB bounce:0kB free_pcp:752kB local_pcp:616kB free_cma:0kB [ 2258.402127] lowmem_reserve[]: [ 2258.418483] syz1 mems_allowed=0-1 [ 2258.425679] CPU: 0 PID: 7974 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2258.433485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2258.440456] 0 [ 2258.443072] Call Trace: [ 2258.443077] 0 0 [ 2258.445018] dump_stack+0x142/0x197 [ 2258.447601] 0 [ 2258.449576] warn_alloc.cold+0x96/0x1af [ 2258.457159] 0 [ 2258.459093] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2258.459100] Node 0 [ 2258.461028] ? trace_hardirqs_on_caller+0x400/0x590 [ 2258.461039] ? call_timer_fn+0x670/0x670 [ 2258.461059] __alloc_pages_slowpath+0x23c6/0x2930 [ 2258.461083] ? warn_alloc+0xf0/0xf0 [ 2258.466160] DMA: [ 2258.468408] ? __might_sleep+0x93/0xb0 [ 2258.473644] 4*4kB [ 2258.477481] __alloc_pages_nodemask+0x62c/0x7a0 [ 2258.482421] (UM) [ 2258.486022] ? lock_downgrade+0x740/0x740 [ 2258.488064] 28*8kB [ 2258.491968] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2258.491984] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2258.492002] alloc_pages_current+0xec/0x1e0 [ 2258.494134] (UM) [ 2258.498803] ion_page_pool_alloc+0x11f/0x1c0 [ 2258.501130] 17*16kB [ 2258.505259] ion_system_heap_allocate+0x138/0x910 [ 2258.507597] (UME) [ 2258.512614] ? ion_system_heap_free+0x250/0x250 [ 2258.512629] ion_alloc+0x68c/0x860 [ 2258.512648] ? ion_dma_buf_release+0x50/0x50 [ 2258.518557] 2*32kB [ 2258.522880] ? kasan_check_write+0x14/0x20 [ 2258.522890] ? _copy_from_user+0x99/0x110 [ 2258.522901] ion_ioctl+0x105/0x217 [ 2258.522912] ? ion_alloc.cold+0x40/0x40 [ 2258.522928] ? ion_alloc.cold+0x40/0x40 [ 2258.525142] (U) [ 2258.529397] do_vfs_ioctl+0x7ae/0x1060 [ 2258.531731] 1*64kB [ 2258.536633] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2258.538975] (E) [ 2258.543780] ? lock_downgrade+0x740/0x740 [ 2258.543794] ? ioctl_preallocate+0x1c0/0x1c0 [ 2258.543809] ? __fget+0x237/0x370 [ 2258.547335] 4*128kB [ 2258.551839] ? security_file_ioctl+0x89/0xb0 [ 2258.551852] SyS_ioctl+0x8f/0xc0 [ 2258.551862] ? do_vfs_ioctl+0x1060/0x1060 [ 2258.551874] do_syscall_64+0x1e8/0x640 [ 2258.551885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2258.554274] (UME) [ 2258.558430] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2258.562753] 2*256kB [ 2258.566284] RIP: 0033:0x45a679 [ 2258.570462] (UE) [ 2258.574470] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 [ 2258.576525] 3*512kB (UME) [ 2258.580410] ORIG_RAX: 0000000000000010 [ 2258.580416] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2258.580421] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2258.580426] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2258.580430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2258.580436] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2258.607852] syz-executor.2: [ 2258.647621] oom_reaper: reaped process 8043 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2258.649444] 3*1024kB [ 2258.682353] page allocation failure: order:0 [ 2258.706582] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2258.719014] 0 [ 2258.720898] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2258.726443] CPU: 0 PID: 8043 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2258.726450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2258.726454] Call Trace: [ 2258.726470] dump_stack+0x142/0x197 [ 2258.726489] warn_alloc.cold+0x96/0x1af [ 2258.735075] (UME) [ 2258.744157] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2258.744178] ? wait_for_completion+0x420/0x420 [ 2258.744194] __alloc_pages_slowpath+0x23c6/0x2930 [ 2258.744249] ? warn_alloc+0xf0/0xf0 [ 2258.750807] ? __might_sleep+0x93/0xb0 [ 2258.750823] __alloc_pages_nodemask+0x62c/0x7a0 [ 2258.750835] ? lock_downgrade+0x740/0x740 [ 2258.750847] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2258.757267] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2258.757284] alloc_pages_current+0xec/0x1e0 [ 2258.757301] ion_page_pool_alloc+0x11f/0x1c0 [ 2258.762297] 2*2048kB [ 2258.767011] ion_system_heap_allocate+0x138/0x910 [ 2258.767020] ? ion_alloc+0x19b/0x860 [ 2258.767032] ? rcu_read_lock_sched_held+0x110/0x130 [ 2258.767048] ? ion_system_heap_free+0x250/0x250 [ 2258.775675] ion_alloc+0x222/0x860 [ 2258.775693] ? ion_dma_buf_release+0x50/0x50 [ 2258.775710] ? kasan_check_write+0x14/0x20 [ 2258.779756] (UE) [ 2258.784468] ? _copy_from_user+0x99/0x110 [ 2258.784483] ion_ioctl+0x105/0x217 [ 2258.784494] ? ion_alloc.cold+0x40/0x40 [ 2258.784509] ? ion_alloc.cold+0x40/0x40 [ 2258.784521] do_vfs_ioctl+0x7ae/0x1060 [ 2258.784536] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2258.793980] ? lock_downgrade+0x740/0x740 [ 2258.793996] ? ioctl_preallocate+0x1c0/0x1c0 [ 2258.794008] ? __fget+0x237/0x370 [ 2258.794026] ? security_file_ioctl+0x89/0xb0 [ 2258.794038] SyS_ioctl+0x8f/0xc0 [ 2258.794049] ? do_vfs_ioctl+0x1060/0x1060 [ 2258.800168] 0*4096kB [ 2258.804337] do_syscall_64+0x1e8/0x640 [ 2258.808885] = 10368kB [ 2258.811374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2258.811394] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2258.811403] RIP: 0033:0x45a679 [ 2258.811408] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2258.811418] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2258.811427] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2258.820404] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2258.820410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2258.820415] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2258.874305] Node 0 [ 2258.882444] DMA32: [ 2258.931739] warn_alloc_show_mem: 1 callbacks suppressed [ 2258.931742] Mem-Info: [ 2258.950837] active_anon:1179430 inactive_anon:199 isolated_anon:0 [ 2258.950837] active_file:6820 inactive_file:8280 isolated_file:0 [ 2258.950837] unevictable:0 dirty:123 writeback:0 unstable:0 [ 2258.950837] slab_reclaimable:18861 slab_unreclaimable:138956 [ 2258.950837] mapped:57700 shmem:255 pagetables:41548 bounce:0 [ 2258.950837] free:78083 free_pcp:586 free_cma:0 [ 2258.962090] 3336*4kB [ 2258.972656] Node 0 active_anon:1733324kB inactive_anon:772kB active_file:12kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:16kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2259.048728] (UME) 238*8kB (UME) 115*16kB (UM) 17*32kB (UM) 1*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18080kB [ 2259.062358] Node 1 active_anon:2984456kB inactive_anon:20kB active_file:27268kB inactive_file:33096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21828kB dirty:484kB writeback:0kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2259.067079] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2259.107430] Node 1 Normal: 5287*4kB (UM) 1797*8kB (UMEH) 2013*16kB (UMEH) 1797*32kB (UMEH) 711*64kB (UMEH) 82*128kB (MEH) 37*256kB (MEH) 101*512kB (ME) 31*1024kB (UMH) 5*2048kB (M) 0*4096kB = 284404kB [ 2259.115662] Node 0 DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2259.154099] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2259.158091] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2259.159172] Node 0 DMA32 free:18180kB min:36380kB low:45472kB high:54564kB active_anon:1728836kB inactive_anon:772kB active_file:12kB inactive_file:24kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65740kB bounce:0kB free_pcp:1256kB local_pcp:636kB free_cma:0kB [ 2259.159199] lowmem_reserve[]: [ 2259.169414] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2259.199298] 0 [ 2259.210968] 0 0 0 0 [ 2259.214905] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2259.214935] lowmem_reserve[]: [ 2259.245523] 0 0 0 0 0 [ 2259.247848] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2259.248076] Node 1 [ 2259.257432] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2259.257854] Normal free:284260kB min:53508kB low:66884kB high:80260kB active_anon:2984376kB inactive_anon:16kB active_file:27272kB inactive_file:33144kB unevictable:0kB writepending:568kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45408kB pagetables:100320kB bounce:0kB free_pcp:1280kB local_pcp:724kB free_cma:0kB [ 2259.259766] 15211 total pagecache pages [ 2259.273467] lowmem_reserve[]: [ 2259.298362] 0 pages in swap cache [ 2259.307471] 0 0 0 0 0 [ 2259.309333] Swap cache stats: add 0, delete 0, find 0/0 20:58:09 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:58:09 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:09 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r4, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:09 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:58:09 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) [ 2259.312064] Node 0 DMA: 4*4kB (UM) 28*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) [ 2259.327241] Free swap = 0kB [ 2259.330319] Total swap = 0kB [ 2259.332388] 2*256kB (UE) [ 2259.333339] 1965979 pages RAM [ 2259.333345] 0 pages HighMem/MovableOnly [ 2259.336188] 3*512kB [ 2259.339279] 335854 pages reserved [ 2259.339284] 0 pages cma reserved [ 2259.346466] (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2259.391265] Node 0 DMA32: 3339*4kB (UME) 239*8kB (UME) 115*16kB (UM) 20*32kB (UMH) 1*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18196kB [ 2259.413405] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2259.449410] Node 1 Normal: 5163*4kB (UM) 1626*8kB (UMEH) 2012*16kB (UMEH) 1789*32kB (UMEH) 711*64kB (UMEH) 82*128kB (MEH) 37*256kB (MEH) 101*512kB (ME) 31*1024kB (UMH) 5*2048kB (M) 0*4096kB = 282268kB [ 2259.479428] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2259.508314] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2259.532622] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2259.545525] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2259.548273] syz-executor.1: [ 2259.564785] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2259.567440] syz-executor.4: [ 2259.571904] syz-executor.5 cpuset= [ 2259.582206] page allocation failure: order:4 [ 2259.583203] 15211 total pagecache pages [ 2259.586129] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2259.599506] 0 pages in swap cache [ 2259.602408] page allocation failure: order:4 [ 2259.605757] 0 [ 2259.606288] syz5 [ 2259.610605] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2259.617600] Swap cache stats: add 0, delete 0, find 0/0 [ 2259.622162] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2259.629419] mems_allowed=0-1 [ 2259.638005] Free swap = 0kB [ 2259.638142] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2259.641991] CPU: 0 PID: 8063 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2259.655773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2259.665402] Call Trace: [ 2259.668038] dump_stack+0x142/0x197 [ 2259.671679] warn_alloc.cold+0x96/0x1af [ 2259.675655] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2259.680719] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2259.686017] __alloc_pages_slowpath+0x23c6/0x2930 [ 2259.690906] ? save_trace+0x290/0x290 [ 2259.694819] ? warn_alloc+0xf0/0xf0 [ 2259.698477] ? __might_sleep+0x93/0xb0 [ 2259.702522] __alloc_pages_nodemask+0x62c/0x7a0 [ 2259.707272] ? lock_downgrade+0x740/0x740 [ 2259.711727] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2259.716857] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2259.722491] alloc_pages_current+0xec/0x1e0 [ 2259.726830] ion_page_pool_alloc+0x11f/0x1c0 [ 2259.731246] ion_system_heap_allocate+0x138/0x910 [ 2259.736150] ? ion_alloc+0x19b/0x860 [ 2259.739888] ? rcu_read_lock_sched_held+0x110/0x130 [ 2259.744911] ? ion_system_heap_free+0x250/0x250 [ 2259.749588] ion_alloc+0x222/0x860 [ 2259.753138] ? ion_dma_buf_release+0x50/0x50 [ 2259.757555] ? kasan_check_write+0x14/0x20 [ 2259.761794] ? _copy_from_user+0x99/0x110 [ 2259.765949] ion_ioctl+0x105/0x217 [ 2259.769493] ? ion_alloc.cold+0x40/0x40 [ 2259.773482] ? ion_alloc.cold+0x40/0x40 [ 2259.777456] do_vfs_ioctl+0x7ae/0x1060 [ 2259.781600] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2259.786530] ? lock_downgrade+0x740/0x740 [ 2259.790680] ? ioctl_preallocate+0x1c0/0x1c0 [ 2259.795092] ? __fget+0x237/0x370 [ 2259.798557] ? security_file_ioctl+0x89/0xb0 [ 2259.802977] SyS_ioctl+0x8f/0xc0 [ 2259.806482] ? do_vfs_ioctl+0x1060/0x1060 [ 2259.810695] do_syscall_64+0x1e8/0x640 [ 2259.814595] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2259.819472] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2259.824663] RIP: 0033:0x45a679 [ 2259.827854] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2259.835781] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2259.843113] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2259.850630] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2259.858066] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2259.865394] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2259.873155] CPU: 1 PID: 8062 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2259.877199] Total swap = 0kB [ 2259.881514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2259.881519] Call Trace: [ 2259.881538] dump_stack+0x142/0x197 [ 2259.881555] warn_alloc.cold+0x96/0x1af [ 2259.881567] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2259.881587] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2259.881600] __alloc_pages_slowpath+0x23c6/0x2930 [ 2259.881622] ? save_trace+0x290/0x290 [ 2259.881646] ? warn_alloc+0xf0/0xf0 [ 2259.881667] ? __might_sleep+0x93/0xb0 [ 2259.895944] 1965979 pages RAM [ 2259.896892] __alloc_pages_nodemask+0x62c/0x7a0 [ 2259.896906] ? lock_downgrade+0x740/0x740 [ 2259.896920] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2259.896938] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2259.896954] alloc_pages_current+0xec/0x1e0 [ 2259.905993] 0 pages HighMem/MovableOnly [ 2259.909987] ion_page_pool_alloc+0x11f/0x1c0 [ 2259.910001] ion_system_heap_allocate+0x138/0x910 [ 2259.910012] ? ion_alloc+0x19b/0x860 [ 2259.910025] ? rcu_read_lock_sched_held+0x110/0x130 [ 2259.910040] ? ion_system_heap_free+0x250/0x250 [ 2259.910054] ion_alloc+0x222/0x860 [ 2259.910068] ? ion_dma_buf_release+0x50/0x50 [ 2259.910086] ? kasan_check_write+0x14/0x20 [ 2259.910096] ? _copy_from_user+0x99/0x110 [ 2259.910107] ion_ioctl+0x105/0x217 [ 2259.910116] ? ion_alloc.cold+0x40/0x40 [ 2259.910131] ? ion_alloc.cold+0x40/0x40 [ 2259.910142] do_vfs_ioctl+0x7ae/0x1060 [ 2259.910156] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2259.917207] 335854 pages reserved [ 2259.920811] ? lock_downgrade+0x740/0x740 [ 2259.920828] ? ioctl_preallocate+0x1c0/0x1c0 [ 2259.920843] ? __fget+0x237/0x370 [ 2259.920864] ? security_file_ioctl+0x89/0xb0 [ 2259.920878] SyS_ioctl+0x8f/0xc0 [ 2259.920887] ? do_vfs_ioctl+0x1060/0x1060 [ 2259.920900] do_syscall_64+0x1e8/0x640 [ 2259.920908] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2259.920926] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2259.920934] RIP: 0033:0x45a679 [ 2259.920942] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 [ 2259.925506] 0 pages cma reserved [ 2259.928506] ORIG_RAX: 0000000000000010 [ 2259.928512] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2259.928517] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2259.928522] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2259.928528] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2259.928534] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2259.929467] CPU: 1 PID: 8071 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2259.968597] syz-executor.2: [ 2259.973542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2259.973548] Call Trace: [ 2259.973567] dump_stack+0x142/0x197 [ 2259.973585] warn_alloc.cold+0x96/0x1af [ 2259.973596] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2259.973618] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2259.973631] __alloc_pages_slowpath+0x23c6/0x2930 [ 2259.973649] ? save_trace+0x290/0x290 [ 2259.973664] ? warn_alloc+0xf0/0xf0 [ 2259.973682] ? __might_sleep+0x93/0xb0 [ 2259.973693] __alloc_pages_nodemask+0x62c/0x7a0 [ 2259.973702] ? lock_downgrade+0x740/0x740 [ 2259.973713] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2259.973730] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2259.973746] alloc_pages_current+0xec/0x1e0 [ 2259.973762] ion_page_pool_alloc+0x11f/0x1c0 [ 2259.973774] ion_system_heap_allocate+0x138/0x910 [ 2259.973783] ? ion_alloc+0x19b/0x860 [ 2259.973796] ? rcu_read_lock_sched_held+0x110/0x130 [ 2259.973810] ? ion_system_heap_free+0x250/0x250 [ 2259.973826] ion_alloc+0x222/0x860 [ 2259.973844] ? ion_dma_buf_release+0x50/0x50 [ 2259.973861] ? kasan_check_write+0x14/0x20 [ 2259.973873] ? _copy_from_user+0x99/0x110 [ 2259.973886] ion_ioctl+0x105/0x217 [ 2259.973896] ? ion_alloc.cold+0x40/0x40 [ 2259.973914] ? ion_alloc.cold+0x40/0x40 [ 2259.973926] do_vfs_ioctl+0x7ae/0x1060 [ 2259.973939] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2259.973949] ? lock_downgrade+0x740/0x740 [ 2259.973961] ? ioctl_preallocate+0x1c0/0x1c0 [ 2259.973976] ? __fget+0x237/0x370 [ 2259.973995] ? security_file_ioctl+0x89/0xb0 [ 2259.974009] SyS_ioctl+0x8f/0xc0 [ 2259.974019] ? do_vfs_ioctl+0x1060/0x1060 [ 2259.974033] do_syscall_64+0x1e8/0x640 [ 2259.974043] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2259.974064] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2259.974073] RIP: 0033:0x45a679 [ 2259.974078] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2259.974090] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2259.974097] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2259.974103] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2259.974109] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2259.974116] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2259.979486] warn_alloc_show_mem: 1 callbacks suppressed [ 2259.979491] Mem-Info: [ 2260.017777] page allocation failure: order:4 [ 2260.048261] active_anon:1179589 inactive_anon:197 isolated_anon:0 [ 2260.048261] active_file:6821 inactive_file:8292 isolated_file:0 [ 2260.048261] unevictable:0 dirty:21 writeback:50 unstable:0 [ 2260.048261] slab_reclaimable:18861 slab_unreclaimable:138760 [ 2260.048261] mapped:57702 shmem:254 pagetables:41628 bounce:0 [ 2260.048261] free:82784 free_pcp:197 free_cma:0 [ 2260.054460] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2260.065261] Node 0 active_anon:1733480kB inactive_anon:772kB active_file:12kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:16kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2260.094248] 0 [ 2260.137229] syz-executor.1 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2260.169479] syz-executor.2 cpuset= [ 2260.170662] Node 0 [ 2260.174774] syz2 20:58:10 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:10 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) [ 2260.179603] DMA free:10428kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2260.182820] mems_allowed=0-1 [ 2260.223799] lowmem_reserve[]: [ 2260.248195] CPU: 0 PID: 8043 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2260.275599] 0 [ 2260.278926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2260.278931] Call Trace: [ 2260.278948] dump_stack+0x142/0x197 [ 2260.278967] warn_alloc.cold+0x96/0x1af [ 2260.278978] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2260.279000] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2260.283356] , order=0, oom_score_adj=1000 [ 2260.286876] __alloc_pages_slowpath+0x23c6/0x2930 [ 2260.286900] ? save_trace+0x290/0x290 [ 2260.286919] ? warn_alloc+0xf0/0xf0 [ 2260.286942] ? __might_sleep+0x93/0xb0 [ 2260.286954] __alloc_pages_nodemask+0x62c/0x7a0 [ 2260.314102] syz-executor.1 cpuset= [ 2260.319707] ? lock_downgrade+0x740/0x740 [ 2260.319723] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2260.319741] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2260.319761] alloc_pages_current+0xec/0x1e0 [ 2260.337971] 0 [ 2260.341752] ion_page_pool_alloc+0x11f/0x1c0 [ 2260.341766] ion_system_heap_allocate+0x138/0x910 [ 2260.341783] ? ion_system_heap_free+0x250/0x250 [ 2260.341797] ion_alloc+0x68c/0x860 [ 2260.341812] ? ion_dma_buf_release+0x50/0x50 [ 2260.341830] ? kasan_check_write+0x14/0x20 [ 2260.360640] 2569 [ 2260.362060] ? _copy_from_user+0x99/0x110 [ 2260.362077] ion_ioctl+0x105/0x217 [ 2260.362090] ? ion_alloc.cold+0x40/0x40 [ 2260.362107] ? ion_alloc.cold+0x40/0x40 [ 2260.367071] 2569 [ 2260.369068] do_vfs_ioctl+0x7ae/0x1060 [ 2260.369084] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2260.369096] ? lock_downgrade+0x740/0x740 [ 2260.369106] ? ioctl_preallocate+0x1c0/0x1c0 [ 2260.369129] ? __fget+0x237/0x370 [ 2260.411936] syz1 [ 2260.438238] ? security_file_ioctl+0x89/0xb0 [ 2260.438253] SyS_ioctl+0x8f/0xc0 [ 2260.438263] ? do_vfs_ioctl+0x1060/0x1060 [ 2260.438276] do_syscall_64+0x1e8/0x640 [ 2260.438286] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2260.438303] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2260.466114] mems_allowed=0-1 [ 2260.484457] RIP: 0033:0x45a679 [ 2260.484465] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2260.484475] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2260.484480] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2260.484484] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2260.484490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2260.484496] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2260.513897] 2569 [ 2260.548430] 2569 [ 2260.597586] CPU: 1 PID: 8062 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2260.670382] Node 0 [ 2260.671726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2260.671731] Call Trace: [ 2260.671748] dump_stack+0x142/0x197 [ 2260.671765] dump_header+0x177/0x6cd [ 2260.679681] DMA32 free:18124kB min:36380kB low:45472kB high:54564kB active_anon:1728984kB inactive_anon:768kB active_file:16kB inactive_file:40kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65756kB bounce:0kB free_pcp:304kB local_pcp:148kB free_cma:0kB [ 2260.680317] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2260.680329] ? ___ratelimit+0x55/0x537 [ 2260.680348] oom_kill_process.cold+0x10/0xadd [ 2260.680357] ? rcu_read_unlock_special+0x639/0xd40 [ 2260.680372] ? lock_downgrade+0x740/0x740 [ 2260.680387] out_of_memory+0x2ee/0x1180 [ 2260.680394] ? lock_acquire+0x16f/0x430 [ 2260.680410] ? oom_killer_disable+0x1d0/0x1d0 [ 2260.683806] syz-executor.2: [ 2260.691383] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2260.691395] __alloc_pages_slowpath+0x2251/0x2930 [ 2260.691419] ? warn_alloc+0xf0/0xf0 [ 2260.691439] ? __might_sleep+0x93/0xb0 [ 2260.691451] __alloc_pages_nodemask+0x62c/0x7a0 [ 2260.691461] ? lock_downgrade+0x740/0x740 [ 2260.691472] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2260.691488] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2260.703081] page allocation failure: order:0 [ 2260.707101] alloc_pages_current+0xec/0x1e0 [ 2260.707121] ion_page_pool_alloc+0x11f/0x1c0 [ 2260.707135] ion_system_heap_allocate+0x138/0x910 [ 2260.718624] lowmem_reserve[]: [ 2260.721706] ? ion_alloc+0x19b/0x860 [ 2260.721719] ? rcu_read_lock_sched_held+0x110/0x130 [ 2260.721731] ? ion_system_heap_free+0x250/0x250 [ 2260.721746] ion_alloc+0x222/0x860 [ 2260.721761] ? ion_dma_buf_release+0x50/0x50 [ 2260.721777] ? kasan_check_write+0x14/0x20 [ 2260.721791] ? _copy_from_user+0x99/0x110 [ 2260.735139] 0 [ 2260.741005] ion_ioctl+0x105/0x217 [ 2260.741019] ? ion_alloc.cold+0x40/0x40 [ 2260.741040] ? ion_alloc.cold+0x40/0x40 [ 2260.741052] do_vfs_ioctl+0x7ae/0x1060 [ 2260.741064] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2260.741075] ? lock_downgrade+0x740/0x740 [ 2260.741085] ? ioctl_preallocate+0x1c0/0x1c0 [ 2260.741099] ? __fget+0x237/0x370 [ 2260.744368] 0 [ 2260.752797] ? security_file_ioctl+0x89/0xb0 [ 2260.752813] SyS_ioctl+0x8f/0xc0 [ 2260.752822] ? do_vfs_ioctl+0x1060/0x1060 [ 2260.752835] do_syscall_64+0x1e8/0x640 [ 2260.752844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2260.752862] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2260.752870] RIP: 0033:0x45a679 [ 2260.752875] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2260.752885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2260.752896] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2260.758987] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2260.759106] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2260.763451] 0 [ 2260.791359] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2260.791366] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2260.793887] Mem-Info: [ 2260.801260] 0 [ 2260.818602] 0 [ 2260.832276] active_anon:1179567 inactive_anon:199 isolated_anon:0 [ 2260.832276] active_file:6822 inactive_file:8305 isolated_file:0 [ 2260.832276] unevictable:0 dirty:51 writeback:1 unstable:0 [ 2260.832276] slab_reclaimable:18867 slab_unreclaimable:138991 [ 2260.832276] mapped:57719 shmem:255 pagetables:41659 bounce:0 [ 2260.832276] free:77723 free_pcp:76 free_cma:0 [ 2260.842616] 0 [ 2260.875263] syz-executor.2 cpuset= [ 2260.888640] Node 0 active_anon:1733428kB inactive_anon:768kB active_file:16kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:16kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2260.889974] syz2 [ 2260.893670] Node 0 [ 2260.905380] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2260.915801] Node 0 [ 2260.922003] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2260.926871] lowmem_reserve[]: [ 2260.936694] mems_allowed=0-1 [ 2260.939485] 0 [ 2260.944773] CPU: 0 PID: 8043 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2260.952395] 2569 [ 2260.952833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2260.952838] Call Trace: [ 2260.952857] dump_stack+0x142/0x197 [ 2260.952875] warn_alloc.cold+0x96/0x1af [ 2260.952887] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2260.956583] 2569 [ 2260.958141] ? call_timer_fn+0x670/0x670 [ 2260.958166] __alloc_pages_slowpath+0x23c6/0x2930 [ 2260.958193] ? warn_alloc+0xf0/0xf0 [ 2260.963290] 2569 [ 2260.966118] ? __might_sleep+0x93/0xb0 [ 2260.966135] __alloc_pages_nodemask+0x62c/0x7a0 [ 2260.966147] ? lock_downgrade+0x740/0x740 [ 2260.966158] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2260.966173] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2260.970779] 2569 [ 2260.974340] alloc_pages_current+0xec/0x1e0 [ 2260.974358] ion_page_pool_alloc+0x11f/0x1c0 [ 2260.974369] ion_system_heap_allocate+0x138/0x910 [ 2260.974384] ? ion_system_heap_free+0x250/0x250 [ 2260.985366] ion_alloc+0x68c/0x860 [ 2260.985386] ? ion_dma_buf_release+0x50/0x50 [ 2260.985405] ? kasan_check_write+0x14/0x20 [ 2260.985417] ? _copy_from_user+0x99/0x110 [ 2260.988879] Node 0 [ 2260.996459] ion_ioctl+0x105/0x217 [ 2260.996470] ? ion_alloc.cold+0x40/0x40 [ 2260.996487] ? ion_alloc.cold+0x40/0x40 [ 2260.996501] do_vfs_ioctl+0x7ae/0x1060 [ 2260.996513] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2260.996523] ? lock_downgrade+0x740/0x740 [ 2260.996534] ? ioctl_preallocate+0x1c0/0x1c0 [ 2260.996547] ? __fget+0x237/0x370 [ 2260.996564] ? security_file_ioctl+0x89/0xb0 [ 2261.004708] DMA32 free:18124kB min:36380kB low:45472kB high:54564kB active_anon:1728984kB inactive_anon:768kB active_file:16kB inactive_file:40kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65756kB bounce:0kB free_pcp:304kB local_pcp:156kB free_cma:0kB [ 2261.011249] SyS_ioctl+0x8f/0xc0 [ 2261.011260] ? do_vfs_ioctl+0x1060/0x1060 20:58:11 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2261.011275] do_syscall_64+0x1e8/0x640 [ 2261.011285] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2261.011302] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2261.011310] RIP: 0033:0x45a679 [ 2261.011315] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2261.018892] lowmem_reserve[]: [ 2261.026015] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2261.026021] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2261.026027] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2261.026033] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2261.026044] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2261.035363] lowmem_reserve[]: 0 0 0 0 0 [ 2261.035392] Node 0 DMA: [ 2261.056463] 4*4kB [ 2261.087996] 0 [ 2261.094115] (UM) [ 2261.127895] 28*8kB [ 2261.147452] 0 [ 2261.158140] (UM) [ 2261.188752] warn_alloc_show_mem: 3 callbacks suppressed [ 2261.188757] Mem-Info: [ 2261.192324] 0 [ 2261.193505] active_anon:1179567 inactive_anon:199 isolated_anon:0 [ 2261.193505] active_file:6820 inactive_file:8314 isolated_file:0 [ 2261.193505] unevictable:0 dirty:77 writeback:0 unstable:0 [ 2261.193505] slab_reclaimable:18877 slab_unreclaimable:138793 [ 2261.193505] mapped:57694 shmem:255 pagetables:41622 bounce:0 [ 2261.193505] free:77931 free_pcp:377 free_cma:0 [ 2261.212878] Node 0 active_anon:1733380kB inactive_anon:768kB active_file:8kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:16kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2261.212896] Node 1 active_anon:2984888kB inactive_anon:28kB active_file:27272kB inactive_file:33228kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21856kB dirty:292kB writeback:0kB shmem:64kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 20:58:11 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) [ 2261.212901] Node 0 DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2261.212922] lowmem_reserve[]: [ 2261.218764] 0 [ 2261.222507] 17*16kB [ 2261.224642] 0 [ 2261.236264] (UME) [ 2261.248411] 0 [ 2261.268427] 2*32kB [ 2261.299113] 2569 [ 2261.300606] Node 0 [ 2261.317519] 2569 [ 2261.385052] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2261.397099] (U) [ 2261.413538] lowmem_reserve[]: [ 2261.426070] 2569 [ 2261.480737] 1*64kB [ 2261.506946] 0 [ 2261.545798] 2569 [ 2261.609736] 0 [ 2261.647868] (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2261.659978] 0 0 0 [ 2261.669169] Node 0 DMA: 4*4kB (UM) 28*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2261.688441] Node 0 DMA32: 3327*4kB (UMEH) 250*8kB (UMEH) 92*16kB (UMH) 5*32kB (H) 8*64kB (H) 5*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18092kB [ 2261.713172] Node 0 DMA32 free:18108kB min:36380kB low:45472kB high:54564kB active_anon:1728936kB inactive_anon:768kB active_file:8kB inactive_file:28kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65756kB bounce:0kB free_pcp:312kB local_pcp:148kB free_cma:0kB [ 2261.717668] Node 0 [ 2261.743721] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2261.758663] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2261.760997] DMA32: [ 2261.768112] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2261.769405] 3327*4kB [ 2261.782436] lowmem_reserve[]: [ 2261.784888] (UMEH) 250*8kB (UMEH) 92*16kB [ 2261.789195] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2261.796524] 0 [ 2261.804205] (UMH) [ 2261.808750] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2261.811650] 5*32kB [ 2261.820690] 15235 total pagecache pages [ 2261.828218] 0 0 0 0 [ 2261.831335] 0 pages in swap cache [ 2261.835283] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2261.861791] Swap cache stats: add 0, delete 0, find 0/0 [ 2261.867746] Free swap = 0kB [ 2261.869342] (H) 8*64kB (H) 5*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18092kB [ 2261.872432] Total swap = 0kB [ 2261.884030] 1965979 pages RAM [ 2261.887555] 0 pages HighMem/MovableOnly [ 2261.888908] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2261.892367] lowmem_reserve[]: [ 2261.903341] 335854 pages reserved [ 2261.910780] 0 pages cma reserved [ 2261.915822] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2261.918754] 0 0 0 0 0 [ 2261.927876] Node 1 Normal free:283504kB min:53508kB low:66884kB high:80260kB active_anon:2984888kB inactive_anon:28kB active_file:27272kB inactive_file:33228kB unevictable:0kB writepending:292kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45792kB pagetables:100724kB bounce:0kB free_pcp:1180kB local_pcp:464kB free_cma:0kB [ 2261.929980] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2261.962139] lowmem_reserve[]: 0 0 0 0 0 [ 2261.972424] Node 0 DMA: 4*4kB (UM) 28*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2261.975327] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2261.992210] Node 0 DMA32: 3327*4kB (UMEH) 249*8kB (UME) 92*16kB (UMH) 5*32kB (H) 8*64kB (H) 5*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18084kB [ 2262.017525] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2262.028951] Node 1 Normal: 4980*4kB (UM) 1673*8kB (UMEH) 2097*16kB (UMEH) 1791*32kB (UMEH) 710*64kB (UMEH) 81*128kB (MEH) 36*256kB (MEH) 100*512kB (ME) 32*1024kB (UMH) 5*2048kB (M) 0*4096kB = 283400kB [ 2262.030674] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2262.051628] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2262.065452] 15235 total pagecache pages [ 2262.065921] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2262.069965] 0 pages in swap cache [ 2262.085363] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2262.089679] Swap cache stats: add 0, delete 0, find 0/0 [ 2262.095045] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2262.114972] 15249 total pagecache pages [ 2262.115942] Free swap = 0kB [ 2262.119342] 0 pages in swap cache [ 2262.125731] Total swap = 0kB [ 2262.125961] Swap cache stats: add 0, delete 0, find 0/0 [ 2262.133269] 1965979 pages RAM [ 2262.138897] 0 pages HighMem/MovableOnly [ 2262.140827] Free swap = 0kB [ 2262.146307] Total swap = 0kB [ 2262.149624] 1965979 pages RAM [ 2262.157293] 335854 pages reserved [ 2262.158935] 0 pages HighMem/MovableOnly [ 2262.165656] 335854 pages reserved [ 2262.169516] 0 pages cma reserved [ 2262.171512] 0 pages cma reserved 20:58:12 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2262.177866] Out of memory: Kill process 18240 (syz-executor.0) score 1009 or sacrifice child [ 2262.193324] Killed process 18240 (syz-executor.0) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB 20:58:12 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2262.393716] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2262.409119] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2262.418123] CPU: 1 PID: 8116 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2262.425966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2262.435339] Call Trace: [ 2262.437952] dump_stack+0x142/0x197 [ 2262.441607] warn_alloc.cold+0x96/0x1af [ 2262.445607] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2262.450490] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2262.455810] __alloc_pages_slowpath+0x23c6/0x2930 [ 2262.460691] ? save_trace+0x290/0x290 [ 2262.464521] ? warn_alloc+0xf0/0xf0 [ 2262.468217] ? __might_sleep+0x93/0xb0 [ 2262.472133] __alloc_pages_nodemask+0x62c/0x7a0 [ 2262.476970] ? lock_downgrade+0x740/0x740 [ 2262.481295] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2262.486333] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2262.492067] alloc_pages_current+0xec/0x1e0 [ 2262.496449] ion_page_pool_alloc+0x11f/0x1c0 [ 2262.500859] ion_system_heap_allocate+0x138/0x910 [ 2262.505705] ? ion_alloc+0x19b/0x860 [ 2262.509418] ? rcu_read_lock_sched_held+0x110/0x130 [ 2262.514428] ? ion_system_heap_free+0x250/0x250 [ 2262.519099] ion_alloc+0x222/0x860 [ 2262.522642] ? ion_dma_buf_release+0x50/0x50 [ 2262.527058] ? kasan_check_write+0x14/0x20 [ 2262.531293] ? _copy_from_user+0x99/0x110 [ 2262.535440] ion_ioctl+0x105/0x217 [ 2262.538976] ? ion_alloc.cold+0x40/0x40 [ 2262.542950] ? ion_alloc.cold+0x40/0x40 [ 2262.546923] do_vfs_ioctl+0x7ae/0x1060 [ 2262.550868] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2262.555751] ? lock_downgrade+0x740/0x740 [ 2262.559898] ? ioctl_preallocate+0x1c0/0x1c0 [ 2262.564308] ? __fget+0x237/0x370 [ 2262.567761] ? security_file_ioctl+0x89/0xb0 [ 2262.572166] SyS_ioctl+0x8f/0xc0 [ 2262.575622] ? do_vfs_ioctl+0x1060/0x1060 [ 2262.579912] do_syscall_64+0x1e8/0x640 [ 2262.583795] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2262.588714] entry_SYSCALL_64_after_hwframe+0x42/0xb7 20:58:12 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) socket$inet_udplite(0x2, 0x2, 0x88) [ 2262.593902] RIP: 0033:0x45a679 [ 2262.597087] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2262.604850] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2262.612120] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2262.619393] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2262.626834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2262.634102] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2262.707513] Mem-Info: [ 2262.718209] active_anon:1175440 inactive_anon:199 isolated_anon:0 [ 2262.718209] active_file:6821 inactive_file:8329 isolated_file:0 [ 2262.718209] unevictable:0 dirty:42 writeback:25 unstable:0 [ 2262.718209] slab_reclaimable:18878 slab_unreclaimable:138584 [ 2262.718209] mapped:57694 shmem:255 pagetables:41548 bounce:0 [ 2262.718209] free:85523 free_pcp:40 free_cma:0 [ 2262.770889] Node 0 active_anon:1727280kB inactive_anon:768kB active_file:12kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:16kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2262.810845] Node 0 DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2262.851054] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2262.856532] Node 0 DMA32 free:36288kB min:36380kB low:45472kB high:54564kB active_anon:1722836kB inactive_anon:768kB active_file:12kB inactive_file:24kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65756kB bounce:0kB free_pcp:160kB local_pcp:40kB free_cma:0kB [ 2262.906119] lowmem_reserve[]: 0 0 0 0 0 [ 2262.917619] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2262.958244] lowmem_reserve[]: 0 0 0 0 0 [ 2262.969024] Node 0 DMA: 4*4kB (UM) 28*8kB (UM) 17*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2262.992523] Node 0 DMA32: 3449*4kB (UME) 335*8kB (MEH) 137*16kB (MEH) 49*32kB (UM) 52*64kB (UM) 28*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 2*4096kB (U) = 36364kB [ 2263.022649] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2263.040566] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2263.049743] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2263.065620] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2263.065702] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2263.097860] 15255 total pagecache pages [ 2263.108656] 0 pages in swap cache [ 2263.126059] Swap cache stats: add 0, delete 0, find 0/0 [ 2263.137285] Free swap = 0kB [ 2263.147643] Total swap = 0kB [ 2263.155522] 1965979 pages RAM [ 2263.158869] 0 pages HighMem/MovableOnly [ 2263.175089] 335854 pages reserved [ 2263.178862] 0 pages cma reserved [ 2263.370540] oom_reaper: reaped process 8116 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2263.446417] oom_reaper: reaped process 8063 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2263.450155] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2263.468150] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2263.470218] syz-executor.2: [ 2263.479738] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2263.490095] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2263.507455] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2263.510142] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2263.524353] oom_reaper: reaped process 8062 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2263.530085] CPU: 0 PID: 8071 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2263.539195] syz-executor.5 cpuset= [ 2263.542058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2263.542064] Call Trace: [ 2263.542082] dump_stack+0x142/0x197 [ 2263.542100] warn_alloc.cold+0x96/0x1af [ 2263.542111] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2263.542126] ? call_timer_fn+0x670/0x670 [ 2263.546187] syz5 [ 2263.555062] __alloc_pages_slowpath+0x23c6/0x2930 [ 2263.557941] syz-executor.2 cpuset= [ 2263.561382] ? warn_alloc+0xf0/0xf0 [ 2263.561405] ? __might_sleep+0x93/0xb0 [ 2263.561422] __alloc_pages_nodemask+0x62c/0x7a0 [ 2263.597097] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2263.602113] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2263.607741] alloc_pages_current+0xec/0x1e0 [ 2263.612065] ion_page_pool_alloc+0x11f/0x1c0 [ 2263.616475] ion_system_heap_allocate+0x138/0x910 [ 2263.621370] ? ion_alloc+0x19b/0x860 [ 2263.625234] ? rcu_read_lock_sched_held+0x110/0x130 [ 2263.630305] ? ion_system_heap_free+0x250/0x250 [ 2263.635856] ion_alloc+0x222/0x860 [ 2263.639409] ? ion_dma_buf_release+0x50/0x50 [ 2263.643845] ? kasan_check_write+0x14/0x20 [ 2263.648078] ? _copy_from_user+0x99/0x110 [ 2263.652223] ion_ioctl+0x105/0x217 [ 2263.655889] ? ion_alloc.cold+0x40/0x40 [ 2263.659863] ? ion_alloc.cold+0x40/0x40 [ 2263.663847] do_vfs_ioctl+0x7ae/0x1060 [ 2263.667733] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2263.672485] ? lock_downgrade+0x740/0x740 [ 2263.676629] ? ioctl_preallocate+0x1c0/0x1c0 [ 2263.681104] ? __fget+0x237/0x370 [ 2263.684621] ? security_file_ioctl+0x89/0xb0 [ 2263.689047] SyS_ioctl+0x8f/0xc0 [ 2263.692421] ? do_vfs_ioctl+0x1060/0x1060 [ 2263.696574] do_syscall_64+0x1e8/0x640 [ 2263.700460] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2263.705362] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2263.710709] RIP: 0033:0x45a679 [ 2263.713895] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2263.721779] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2263.729111] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2263.736381] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2263.743647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2263.750914] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2263.758411] syz2 mems_allowed=0-1 [ 2263.758434] CPU: 1 PID: 8116 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2263.758439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2263.758443] Call Trace: [ 2263.758459] dump_stack+0x142/0x197 [ 2263.758474] warn_alloc.cold+0x96/0x1af [ 2263.758485] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2263.758498] ? call_timer_fn+0x670/0x670 [ 2263.758519] __alloc_pages_slowpath+0x23c6/0x2930 [ 2263.758545] ? warn_alloc+0xf0/0xf0 [ 2263.807062] ? __might_sleep+0x93/0xb0 [ 2263.810950] __alloc_pages_nodemask+0x62c/0x7a0 [ 2263.815778] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2263.820795] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2263.826432] alloc_pages_current+0xec/0x1e0 [ 2263.830753] ion_page_pool_alloc+0x11f/0x1c0 [ 2263.835161] ion_system_heap_allocate+0x138/0x910 [ 2263.839996] ? ion_alloc+0x19b/0x860 [ 2263.843711] ? rcu_read_lock_sched_held+0x110/0x130 [ 2263.848880] ? ion_system_heap_free+0x250/0x250 [ 2263.853549] ion_alloc+0x222/0x860 [ 2263.857087] ? ion_dma_buf_release+0x50/0x50 [ 2263.861490] ? kasan_check_write+0x14/0x20 [ 2263.865719] ? _copy_from_user+0x99/0x110 [ 2263.869866] ion_ioctl+0x105/0x217 [ 2263.873446] ? ion_alloc.cold+0x40/0x40 [ 2263.877422] ? ion_alloc.cold+0x40/0x40 [ 2263.881397] do_vfs_ioctl+0x7ae/0x1060 [ 2263.885296] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2263.890059] ? lock_downgrade+0x740/0x740 [ 2263.894214] ? ioctl_preallocate+0x1c0/0x1c0 [ 2263.898743] ? __fget+0x237/0x370 [ 2263.902205] ? security_file_ioctl+0x89/0xb0 [ 2263.906612] SyS_ioctl+0x8f/0xc0 [ 2263.910117] ? do_vfs_ioctl+0x1060/0x1060 [ 2263.914274] do_syscall_64+0x1e8/0x640 [ 2263.918165] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2263.923162] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2263.928365] RIP: 0033:0x45a679 [ 2263.931568] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2263.939481] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2263.946810] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2263.954081] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2263.961348] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2263.968630] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2263.980286] CPU: 0 PID: 8062 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2263.988227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2263.992401] mems_allowed=0-1 [ 2263.997680] Call Trace: [ 2263.997697] dump_stack+0x142/0x197 [ 2263.997712] warn_alloc.cold+0x96/0x1af [ 2264.010983] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2264.015825] ? call_timer_fn+0x670/0x670 [ 2264.020038] __alloc_pages_slowpath+0x23c6/0x2930 [ 2264.024894] ? warn_alloc+0xf0/0xf0 [ 2264.028523] ? __might_sleep+0x93/0xb0 [ 2264.032521] __alloc_pages_nodemask+0x62c/0x7a0 [ 2264.037195] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2264.042216] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2264.047981] alloc_pages_current+0xec/0x1e0 [ 2264.052326] ion_page_pool_alloc+0x11f/0x1c0 [ 2264.056743] ion_system_heap_allocate+0x138/0x910 [ 2264.061587] ? ion_alloc+0x19b/0x860 [ 2264.065305] ? rcu_read_lock_sched_held+0x110/0x130 [ 2264.070337] ? ion_system_heap_free+0x250/0x250 [ 2264.075039] ion_alloc+0x222/0x860 [ 2264.078673] ? ion_dma_buf_release+0x50/0x50 [ 2264.083220] ? kasan_check_write+0x14/0x20 [ 2264.087460] ? _copy_from_user+0x99/0x110 [ 2264.091615] ion_ioctl+0x105/0x217 [ 2264.095159] ? ion_alloc.cold+0x40/0x40 [ 2264.099135] ? ion_alloc.cold+0x40/0x40 [ 2264.103109] do_vfs_ioctl+0x7ae/0x1060 [ 2264.107004] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2264.111758] ? lock_downgrade+0x740/0x740 [ 2264.115900] ? ioctl_preallocate+0x1c0/0x1c0 [ 2264.120363] ? __fget+0x237/0x370 [ 2264.123826] ? security_file_ioctl+0x89/0xb0 [ 2264.128237] SyS_ioctl+0x8f/0xc0 [ 2264.131600] ? do_vfs_ioctl+0x1060/0x1060 [ 2264.135744] do_syscall_64+0x1e8/0x640 [ 2264.139630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2264.144625] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2264.149815] RIP: 0033:0x45a679 [ 2264.153008] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2264.161049] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2264.168494] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2264.176038] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2264.183326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2264.186901] oom_reaper: reaped process 8071 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2264.190732] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2264.220084] CPU: 1 PID: 8063 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2264.228139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2264.237930] Call Trace: [ 2264.240540] dump_stack+0x142/0x197 [ 2264.244190] warn_alloc.cold+0x96/0x1af [ 2264.248185] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2264.253063] ? call_timer_fn+0x670/0x670 [ 2264.257149] __alloc_pages_slowpath+0x23c6/0x2930 [ 2264.262171] ? __mutex_lock+0x951/0x1470 [ 2264.266258] ? warn_alloc+0xf0/0xf0 [ 2264.269911] ? __might_sleep+0x93/0xb0 [ 2264.273815] __alloc_pages_nodemask+0x62c/0x7a0 [ 2264.278496] ? lock_downgrade+0x740/0x740 [ 2264.282657] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2264.287788] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2264.293435] alloc_pages_current+0xec/0x1e0 [ 2264.297772] ion_page_pool_alloc+0x11f/0x1c0 [ 2264.302339] ion_system_heap_allocate+0x138/0x910 [ 2264.307290] ? ion_alloc+0x19b/0x860 [ 2264.311039] ? rcu_read_lock_sched_held+0x110/0x130 [ 2264.316074] ? ion_system_heap_free+0x250/0x250 [ 2264.320762] ion_alloc+0x222/0x860 [ 2264.324332] ? ion_dma_buf_release+0x50/0x50 [ 2264.328758] ? kasan_check_write+0x14/0x20 [ 2264.333005] ? _copy_from_user+0x99/0x110 [ 2264.337174] ion_ioctl+0x105/0x217 [ 2264.340740] ? ion_alloc.cold+0x40/0x40 [ 2264.344745] ? ion_alloc.cold+0x40/0x40 [ 2264.348834] do_vfs_ioctl+0x7ae/0x1060 [ 2264.352744] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2264.357512] ? lock_downgrade+0x740/0x740 [ 2264.361674] ? ioctl_preallocate+0x1c0/0x1c0 [ 2264.366204] ? __fget+0x237/0x370 [ 2264.369678] ? security_file_ioctl+0x89/0xb0 [ 2264.374268] SyS_ioctl+0x8f/0xc0 [ 2264.377654] ? do_vfs_ioctl+0x1060/0x1060 [ 2264.381819] do_syscall_64+0x1e8/0x640 [ 2264.385725] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2264.390593] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2264.395789] RIP: 0033:0x45a679 [ 2264.399292] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2264.407028] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2264.414474] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2264.421934] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2264.429222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2264.430711] Mem-Info: [ 2264.436656] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2264.502417] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2264.504970] active_anon:1175291 inactive_anon:199 isolated_anon:0 [ 2264.504970] active_file:6820 inactive_file:8342 isolated_file:0 [ 2264.504970] unevictable:0 dirty:67 writeback:0 unstable:0 [ 2264.504970] slab_reclaimable:18878 slab_unreclaimable:138458 [ 2264.504970] mapped:57690 shmem:255 pagetables:41525 bounce:0 [ 2264.504970] free:83251 free_pcp:543 free_cma:0 [ 2264.514243] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2264.514268] CPU: 1 PID: 8116 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2264.514274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2264.514278] Call Trace: [ 2264.514293] dump_stack+0x142/0x197 [ 2264.514318] warn_alloc.cold+0x96/0x1af [ 2264.556950] syz-executor.4: [ 2264.561306] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2264.561326] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2264.561339] __alloc_pages_slowpath+0x23c6/0x2930 [ 2264.561358] ? save_trace+0x290/0x290 [ 2264.561373] ? warn_alloc+0xf0/0xf0 [ 2264.561396] ? __might_sleep+0x93/0xb0 [ 2264.571062] page allocation failure: order:4 [ 2264.573466] __alloc_pages_nodemask+0x62c/0x7a0 [ 2264.573480] ? lock_downgrade+0x740/0x740 [ 2264.577262] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2264.581170] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2264.581187] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2264.581203] alloc_pages_current+0xec/0x1e0 [ 2264.581219] ion_page_pool_alloc+0x11f/0x1c0 [ 2264.581231] ion_system_heap_allocate+0x138/0x910 [ 2264.581246] ? ion_system_heap_free+0x250/0x250 [ 2264.581261] ion_alloc+0x68c/0x860 [ 2264.585174] 0 [ 2264.589118] ? ion_dma_buf_release+0x50/0x50 [ 2264.589135] ? kasan_check_write+0x14/0x20 [ 2264.594706] syz-executor.4 cpuset= [ 2264.599360] ? _copy_from_user+0x99/0x110 [ 2264.599376] ion_ioctl+0x105/0x217 [ 2264.603380] syz4 [ 2264.606793] ? ion_alloc.cold+0x40/0x40 [ 2264.611036] Node 0 active_anon:1727172kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2264.615174] ? ion_alloc.cold+0x40/0x40 [ 2264.615189] do_vfs_ioctl+0x7ae/0x1060 [ 2264.619920] Node 1 active_anon:2973992kB inactive_anon:32kB active_file:27272kB inactive_file:33352kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21840kB dirty:264kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2264.623999] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2264.624009] ? lock_downgrade+0x740/0x740 [ 2264.624021] ? ioctl_preallocate+0x1c0/0x1c0 [ 2264.624034] ? __fget+0x237/0x370 [ 2264.624052] ? security_file_ioctl+0x89/0xb0 [ 2264.624065] SyS_ioctl+0x8f/0xc0 [ 2264.624075] ? do_vfs_ioctl+0x1060/0x1060 [ 2264.631747] mems_allowed=0-1 [ 2264.636187] do_syscall_64+0x1e8/0x640 [ 2264.636196] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2264.636214] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2264.641954] Node 0 [ 2264.646182] RIP: 0033:0x45a679 [ 2264.646187] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2264.646198] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2264.646205] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2264.658491] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2264.660248] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2264.660254] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2264.660260] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2264.683144] syz-executor.5: [ 2264.686108] CPU: 0 PID: 8071 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2264.695723] page allocation failure: order:4 [ 2264.719268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2264.719274] Call Trace: [ 2264.719290] dump_stack+0x142/0x197 [ 2264.719309] warn_alloc.cold+0x96/0x1af [ 2264.719321] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2264.734978] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2264.755311] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2264.755325] __alloc_pages_slowpath+0x23c6/0x2930 [ 2264.755344] ? save_trace+0x290/0x290 [ 2264.760137] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2264.764368] ? warn_alloc+0xf0/0xf0 [ 2264.768757] 0 [ 2264.772209] ? __might_sleep+0x93/0xb0 [ 2264.772222] __alloc_pages_nodemask+0x62c/0x7a0 [ 2264.772234] ? lock_downgrade+0x740/0x740 [ 2264.776788] 0 [ 2264.780138] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2264.780153] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2264.780169] alloc_pages_current+0xec/0x1e0 [ 2264.784384] , order=0, oom_score_adj=1000 [ 2264.784391] syz-executor.2 cpuset= [ 2264.787497] ion_page_pool_alloc+0x11f/0x1c0 [ 2264.791406] syz-executor.5 cpuset= [ 2264.796207] ion_system_heap_allocate+0x138/0x910 [ 2264.801417] syz2 [ 2264.803636] ? ion_system_heap_free+0x250/0x250 [ 2264.806816] mems_allowed=0-1 [ 2264.814688] ion_alloc+0x68c/0x860 [ 2264.814704] ? ion_dma_buf_release+0x50/0x50 [ 2264.814721] ? kasan_check_write+0x14/0x20 [ 2264.822020] syz5 [ 2264.829260] ? _copy_from_user+0x99/0x110 [ 2264.880041] mems_allowed=0-1 [ 2264.887987] ion_ioctl+0x105/0x217 [ 2265.038943] ? ion_alloc.cold+0x40/0x40 [ 2265.042932] ? ion_alloc.cold+0x40/0x40 [ 2265.046936] do_vfs_ioctl+0x7ae/0x1060 [ 2265.050831] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2265.055664] ? lock_downgrade+0x740/0x740 [ 2265.059814] ? ioctl_preallocate+0x1c0/0x1c0 [ 2265.064296] ? __fget+0x237/0x370 [ 2265.067753] ? security_file_ioctl+0x89/0xb0 [ 2265.072159] SyS_ioctl+0x8f/0xc0 [ 2265.075521] ? do_vfs_ioctl+0x1060/0x1060 [ 2265.079669] do_syscall_64+0x1e8/0x640 [ 2265.083552] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2265.089023] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2265.094218] RIP: 0033:0x45a679 [ 2265.097408] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2265.105120] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2265.112387] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2265.119657] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2265.126921] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2265.134182] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2265.141460] CPU: 1 PID: 8063 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2265.143939] lowmem_reserve[]: [ 2265.149268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2265.149272] Call Trace: [ 2265.149288] dump_stack+0x142/0x197 [ 2265.149304] warn_alloc.cold+0x96/0x1af [ 2265.152547] 0 [ 2265.161753] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2265.161777] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2265.161791] __alloc_pages_slowpath+0x23c6/0x2930 [ 2265.161810] ? save_trace+0x290/0x290 [ 2265.161826] ? warn_alloc+0xf0/0xf0 [ 2265.161846] ? __might_sleep+0x93/0xb0 [ 2265.164767] 2569 [ 2265.168162] __alloc_pages_nodemask+0x62c/0x7a0 [ 2265.168175] ? lock_downgrade+0x740/0x740 [ 2265.172255] 2569 [ 2265.173936] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2265.173955] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2265.178839] 2569 [ 2265.184053] alloc_pages_current+0xec/0x1e0 [ 2265.184070] ion_page_pool_alloc+0x11f/0x1c0 [ 2265.184082] ion_system_heap_allocate+0x138/0x910 [ 2265.184097] ? ion_system_heap_free+0x250/0x250 [ 2265.184112] ion_alloc+0x68c/0x860 [ 2265.184127] ? ion_dma_buf_release+0x50/0x50 [ 2265.189154] 2569 [ 2265.192753] ? kasan_check_write+0x14/0x20 [ 2265.192764] ? _copy_from_user+0x99/0x110 [ 2265.192779] ion_ioctl+0x105/0x217 [ 2265.192788] ? ion_alloc.cold+0x40/0x40 [ 2265.192804] ? ion_alloc.cold+0x40/0x40 [ 2265.192815] do_vfs_ioctl+0x7ae/0x1060 [ 2265.192827] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2265.200317] ? lock_downgrade+0x740/0x740 [ 2265.200330] ? ioctl_preallocate+0x1c0/0x1c0 [ 2265.200344] ? __fget+0x237/0x370 [ 2265.200363] ? security_file_ioctl+0x89/0xb0 [ 2265.200376] SyS_ioctl+0x8f/0xc0 [ 2265.200385] ? do_vfs_ioctl+0x1060/0x1060 [ 2265.200398] do_syscall_64+0x1e8/0x640 [ 2265.200409] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2265.202759] Node 0 [ 2265.207129] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2265.207141] RIP: 0033:0x45a679 [ 2265.211444] DMA32 free:18128kB min:36380kB low:45472kB high:54564kB active_anon:1722728kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65732kB bounce:0kB free_pcp:688kB local_pcp:152kB free_cma:0kB [ 2265.213366] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2265.213378] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2265.213383] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2265.213391] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2265.218452] lowmem_reserve[]: [ 2265.224002] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2265.224008] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2265.234019] CPU: 1 PID: 8116 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2265.235402] 0 [ 2265.239807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2265.239812] Call Trace: [ 2265.239826] dump_stack+0x142/0x197 [ 2265.239844] dump_header+0x177/0x6cd [ 2265.244689] 0 [ 2265.248028] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2265.248043] ? ___ratelimit+0x55/0x537 [ 2265.252667] 0 [ 2265.254492] oom_kill_process.cold+0x10/0xadd [ 2265.254503] ? rcu_read_unlock_special+0x639/0xd40 [ 2265.259020] 0 [ 2265.263050] ? lock_downgrade+0x740/0x740 [ 2265.263068] out_of_memory+0x2ee/0x1180 [ 2265.263078] ? lock_acquire+0x16f/0x430 [ 2265.263094] ? oom_killer_disable+0x1d0/0x1d0 [ 2265.263104] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2265.263115] __alloc_pages_slowpath+0x2251/0x2930 [ 2265.263141] ? warn_alloc+0xf0/0xf0 [ 2265.263161] ? __might_sleep+0x93/0xb0 [ 2265.263174] __alloc_pages_nodemask+0x62c/0x7a0 [ 2265.266981] 0 [ 2265.270664] ? lock_downgrade+0x740/0x740 [ 2265.270676] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2265.270692] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2265.270708] alloc_pages_current+0xec/0x1e0 [ 2265.270724] ion_page_pool_alloc+0x11f/0x1c0 [ 2265.270737] ion_system_heap_allocate+0x138/0x910 [ 2265.270753] ? ion_system_heap_free+0x250/0x250 [ 2265.270769] ion_alloc+0x68c/0x860 [ 2265.270784] ? ion_dma_buf_release+0x50/0x50 [ 2265.270799] ? kasan_check_write+0x14/0x20 [ 2265.270810] ? _copy_from_user+0x99/0x110 [ 2265.270822] ion_ioctl+0x105/0x217 [ 2265.278662] ? ion_alloc.cold+0x40/0x40 [ 2265.278680] ? ion_alloc.cold+0x40/0x40 [ 2265.283764] Node 0 [ 2265.287944] do_vfs_ioctl+0x7ae/0x1060 [ 2265.287957] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2265.287968] ? lock_downgrade+0x740/0x740 [ 2265.292544] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2265.295827] ? ioctl_preallocate+0x1c0/0x1c0 [ 2265.295842] ? __fget+0x237/0x370 [ 2265.295861] ? security_file_ioctl+0x89/0xb0 [ 2265.300569] lowmem_reserve[]: [ 2265.303611] SyS_ioctl+0x8f/0xc0 [ 2265.303621] ? do_vfs_ioctl+0x1060/0x1060 [ 2265.303647] do_syscall_64+0x1e8/0x640 [ 2265.307863] 0 [ 2265.311654] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2265.311678] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2265.311686] RIP: 0033:0x45a679 [ 2265.311692] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2265.311703] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2265.311708] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2265.311713] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2265.311719] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2265.311725] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2265.317907] Mem-Info: [ 2265.319172] 0 [ 2265.326054] active_anon:1175284 inactive_anon:199 isolated_anon:0 [ 2265.326054] active_file:6820 inactive_file:8353 isolated_file:0 [ 2265.326054] unevictable:0 dirty:80 writeback:0 unstable:0 [ 2265.326054] slab_reclaimable:18878 slab_unreclaimable:138468 [ 2265.326054] mapped:57677 shmem:255 pagetables:41536 bounce:0 [ 2265.326054] free:81126 free_pcp:173 free_cma:0 [ 2265.327417] 0 [ 2265.362382] Node 0 active_anon:1727172kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2265.378976] 0 [ 2265.385456] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2265.395212] 0 [ 2265.400663] 0 [ 2265.417463] Node 0 [ 2265.433240] Node 1 [ 2265.440080] syz-executor.5 cpuset= [ 2265.451125] Normal free:296008kB min:53508kB low:66884kB high:80260kB active_anon:2973964kB inactive_anon:32kB active_file:27272kB inactive_file:33396kB unevictable:0kB writepending:316kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45408kB pagetables:100404kB bounce:0kB free_pcp:1384kB local_pcp:700kB free_cma:0kB [ 2265.458694] syz5 [ 2265.460283] lowmem_reserve[]: [ 2265.464111] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2265.468075] 0 [ 2265.472526] mems_allowed=0-1 [ 2265.477707] 0 [ 2265.482545] lowmem_reserve[]: [ 2265.491016] 0 [ 2265.494765] CPU: 1 PID: 8063 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2265.496619] 0 [ 2265.500625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2265.500630] Call Trace: [ 2265.500651] dump_stack+0x142/0x197 [ 2265.500665] warn_alloc.cold+0x96/0x1af [ 2265.500679] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2265.500691] ? call_timer_fn+0x670/0x670 [ 2265.500712] __alloc_pages_slowpath+0x23c6/0x2930 [ 2265.500736] ? warn_alloc+0xf0/0xf0 [ 2265.500757] ? __might_sleep+0x93/0xb0 [ 2265.500771] __alloc_pages_nodemask+0x62c/0x7a0 [ 2265.500782] ? lock_downgrade+0x740/0x740 [ 2265.500792] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2265.500806] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2265.500824] alloc_pages_current+0xec/0x1e0 [ 2265.500840] ion_page_pool_alloc+0x11f/0x1c0 [ 2265.500853] ion_system_heap_allocate+0x138/0x910 [ 2265.500871] ? ion_system_heap_free+0x250/0x250 [ 2265.500887] ion_alloc+0x68c/0x860 [ 2265.500907] ? ion_dma_buf_release+0x50/0x50 [ 2265.514342] 0 [ 2265.515862] ? kasan_check_write+0x14/0x20 [ 2265.515875] ? _copy_from_user+0x99/0x110 [ 2265.525108] ion_ioctl+0x105/0x217 [ 2265.525121] ? ion_alloc.cold+0x40/0x40 [ 2265.529831] Node 0 [ 2265.533297] ? ion_alloc.cold+0x40/0x40 [ 2265.533308] do_vfs_ioctl+0x7ae/0x1060 [ 2265.533322] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2265.533333] ? lock_downgrade+0x740/0x740 [ 2265.533343] ? ioctl_preallocate+0x1c0/0x1c0 [ 2265.533357] ? __fget+0x237/0x370 [ 2265.533375] ? security_file_ioctl+0x89/0xb0 [ 2265.533387] SyS_ioctl+0x8f/0xc0 [ 2265.533397] ? do_vfs_ioctl+0x1060/0x1060 [ 2265.533413] do_syscall_64+0x1e8/0x640 [ 2265.543119] DMA: [ 2265.546158] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2265.546184] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2265.549764] 4*4kB [ 2265.553657] RIP: 0033:0x45a679 [ 2265.553662] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2265.553675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2265.553681] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2265.553686] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2265.553692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2265.553698] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2265.554880] 0 [ 2265.559360] (UM) [ 2265.559933] 2569 2569 [ 2265.567031] 28*8kB [ 2265.569254] 2569 [ 2265.574503] (UM) [ 2265.597474] 2569 [ 2265.624706] 17*16kB [ 2265.626642] warn_alloc_show_mem: 5 callbacks suppressed [ 2265.626645] Mem-Info: [ 2265.638991] (UME) [ 2265.639523] active_anon:1175284 inactive_anon:199 isolated_anon:0 [ 2265.639523] active_file:6820 inactive_file:8353 isolated_file:0 [ 2265.639523] unevictable:0 dirty:80 writeback:0 unstable:0 [ 2265.639523] slab_reclaimable:18878 slab_unreclaimable:138468 [ 2265.639523] mapped:57677 shmem:255 pagetables:41536 bounce:0 [ 2265.639523] free:81095 free_pcp:543 free_cma:0 [ 2265.663542] 2*32kB [ 2265.669288] Node 0 [ 2265.700084] (U) [ 2265.727742] Node 0 active_anon:1727172kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2265.770315] 1*64kB [ 2265.777081] DMA32 free:18128kB min:36380kB low:45472kB high:54564kB active_anon:1722728kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65732kB bounce:0kB free_pcp:692kB local_pcp:540kB free_cma:0kB [ 2265.807836] (E) [ 2265.813983] Node 1 active_anon:2973964kB inactive_anon:32kB active_file:27272kB inactive_file:33396kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21788kB dirty:316kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2265.838181] 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) [ 2265.844674] lowmem_reserve[]: [ 2265.844985] 2*2048kB [ 2265.848163] 0 [ 2265.849957] (UE) [ 2265.858184] 0 [ 2265.862502] 0*4096kB [ 2265.874342] Node 0 [ 2265.875310] = 10368kB [ 2265.879283] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2265.884222] syz-executor.4: [ 2265.889149] 0 [ 2265.897955] Node 0 [ 2265.900791] lowmem_reserve[]: [ 2265.905408] DMA32: [ 2265.909534] 0 [ 2265.919067] page allocation failure: order:0 [ 2265.920598] 0 [ 2265.924558] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2265.928946] 0 [ 2265.954572] 3406*4kB [ 2265.957419] 2569 [ 2265.960225] 0 [ 2265.964165] 2569 [ 2265.966391] syz-executor.4 cpuset= [ 2265.970691] 2569 [ 2265.980271] (UME) [ 2265.987647] 293*8kB [ 2266.000056] 2569 [ 2266.007681] syz4 [ 2266.014142] mems_allowed=0-1 [ 2266.019144] Node 0 [ 2266.026060] CPU: 0 PID: 8071 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2266.040091] Node 0 [ 2266.046703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2266.060073] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2266.061326] Call Trace: [ 2266.068581] lowmem_reserve[]: [ 2266.070377] dump_stack+0x142/0x197 [ 2266.070392] warn_alloc.cold+0x96/0x1af [ 2266.070401] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2266.070415] ? call_timer_fn+0x670/0x670 [ 2266.070437] __alloc_pages_slowpath+0x23c6/0x2930 [ 2266.078285] DMA32 free:18128kB min:36380kB low:45472kB high:54564kB active_anon:1722728kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65732kB bounce:0kB free_pcp:692kB local_pcp:540kB free_cma:0kB [ 2266.079262] ? warn_alloc+0xf0/0xf0 [ 2266.081361] lowmem_reserve[]: [ 2266.083362] ? __might_sleep+0x93/0xb0 [ 2266.085651] 0 [ 2266.091000] __alloc_pages_nodemask+0x62c/0x7a0 [ 2266.091011] ? lock_downgrade+0x740/0x740 [ 2266.091024] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2266.100047] 0 [ 2266.129225] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2266.129241] alloc_pages_current+0xec/0x1e0 [ 2266.129257] ion_page_pool_alloc+0x11f/0x1c0 [ 2266.140042] 0 [ 2266.163070] ion_system_heap_allocate+0x138/0x910 [ 2266.163085] ? ion_system_heap_free+0x250/0x250 [ 2266.163100] ion_alloc+0x68c/0x860 [ 2266.170606] 0 [ 2266.193695] ? ion_dma_buf_release+0x50/0x50 [ 2266.193713] ? kasan_check_write+0x14/0x20 [ 2266.195691] 0 [ 2266.223423] ? _copy_from_user+0x99/0x110 [ 2266.223437] ion_ioctl+0x105/0x217 [ 2266.223449] ? ion_alloc.cold+0x40/0x40 [ 2266.229942] 0 [ 2266.233029] ? ion_alloc.cold+0x40/0x40 [ 2266.233040] do_vfs_ioctl+0x7ae/0x1060 [ 2266.233054] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2266.235438] 0 [ 2266.237222] ? lock_downgrade+0x740/0x740 [ 2266.237235] ? ioctl_preallocate+0x1c0/0x1c0 [ 2266.239268] 0 [ 2266.241057] ? __fget+0x237/0x370 [ 2266.241073] ? security_file_ioctl+0x89/0xb0 [ 2266.241086] SyS_ioctl+0x8f/0xc0 [ 2266.243493] 0 [ 2266.245703] ? do_vfs_ioctl+0x1060/0x1060 [ 2266.248093] 0 [ 2266.273847] do_syscall_64+0x1e8/0x640 [ 2266.273857] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2266.273875] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2266.273884] RIP: 0033:0x45a679 [ 2266.278667] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 [ 2266.280921] Node 0 [ 2266.283982] ORIG_RAX: 0000000000000010 [ 2266.283990] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2266.286202] DMA: [ 2266.287980] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2266.287988] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2266.292409] 4*4kB [ 2266.294169] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2266.294177] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2266.301272] (UM) [ 2266.311862] (UME) 113*16kB (UMEH) 11*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18128kB [ 2266.311917] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2266.311974] Node 1 Normal: 5151*4kB (UME) 1676*8kB (UMEH) 2190*16kB (UMEH) 1833*32kB (UMEH) 730*64kB (UMEH) 93*128kB (MEH) 46*256kB (MEH) 103*512kB (ME) 34*1024kB (UMH) 5*2048kB (M) 0*4096kB = 295900kB [ 2266.312069] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2266.312076] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2266.312082] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2266.312089] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2266.312094] 15277 total pagecache pages [ 2266.312106] 0 pages in swap cache [ 2266.312113] Swap cache stats: add 0, delete 0, find 0/0 [ 2266.312117] Free swap = 0kB [ 2266.312120] Total swap = 0kB [ 2266.312127] 1965979 pages RAM [ 2266.312131] 0 pages HighMem/MovableOnly [ 2266.312135] 335854 pages reserved [ 2266.312139] 0 pages cma reserved [ 2266.373557] syz-executor.1: [ 2266.378455] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2266.381641] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2266.392545] 0 [ 2266.394238] lowmem_reserve[]: [ 2266.399551] syz-executor.1 cpuset= [ 2266.404197] 0 [ 2266.437083] syz1 [ 2266.438374] 0 [ 2266.442520] mems_allowed=0-1 [ 2266.444084] 0 [ 2266.448764] CPU: 0 PID: 8062 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2266.452975] 28*8kB [ 2266.457866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2266.457872] Call Trace: [ 2266.459656] (UM) [ 2266.465269] dump_stack+0x142/0x197 [ 2266.465285] warn_alloc.cold+0x96/0x1af [ 2266.465294] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2266.465314] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2266.469616] 0 [ 2266.474004] __alloc_pages_slowpath+0x23c6/0x2930 [ 2266.474026] ? save_trace+0x290/0x290 [ 2266.475803] 0 [ 2266.480654] ? warn_alloc+0xf0/0xf0 [ 2266.480676] ? __might_sleep+0x93/0xb0 [ 2266.485323] Node 1 [ 2266.488846] __alloc_pages_nodemask+0x62c/0x7a0 [ 2266.490655] 17*16kB [ 2266.495018] ? lock_downgrade+0x740/0x740 [ 2266.499224] (UME) [ 2266.501011] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2266.501026] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2266.501042] alloc_pages_current+0xec/0x1e0 [ 2266.505186] Normal free:295900kB min:53508kB low:66884kB high:80260kB active_anon:2973968kB inactive_anon:32kB active_file:27272kB inactive_file:33436kB unevictable:0kB writepending:372kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45408kB pagetables:100404kB bounce:0kB free_pcp:1456kB local_pcp:768kB free_cma:0kB [ 2266.508689] ion_page_pool_alloc+0x11f/0x1c0 [ 2266.512651] lowmem_reserve[]: [ 2266.514424] ion_system_heap_allocate+0x138/0x910 [ 2266.518368] 0 [ 2266.522247] ? ion_system_heap_free+0x250/0x250 [ 2266.522264] ion_alloc+0x68c/0x860 [ 2266.527008] 2*32kB [ 2266.528788] ? ion_dma_buf_release+0x50/0x50 [ 2266.532923] (U) [ 2266.537304] ? kasan_check_write+0x14/0x20 [ 2266.539080] 1*64kB [ 2266.542515] ? _copy_from_user+0x99/0x110 [ 2266.542527] ion_ioctl+0x105/0x217 [ 2266.542538] ? ion_alloc.cold+0x40/0x40 [ 2266.546932] 0 [ 2266.550294] ? ion_alloc.cold+0x40/0x40 [ 2266.550307] do_vfs_ioctl+0x7ae/0x1060 [ 2266.550319] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2266.550336] ? lock_downgrade+0x740/0x740 [ 2266.552150] 0 [ 2266.556305] ? ioctl_preallocate+0x1c0/0x1c0 [ 2266.558080] 0 [ 2266.561974] ? __fget+0x237/0x370 [ 2266.561993] ? security_file_ioctl+0x89/0xb0 [ 2266.562007] SyS_ioctl+0x8f/0xc0 [ 2266.562020] ? do_vfs_ioctl+0x1060/0x1060 [ 2266.566877] (E) [ 2266.572069] do_syscall_64+0x1e8/0x640 [ 2266.572079] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2266.572096] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2266.572106] RIP: 0033:0x45a679 [ 2266.575296] 4*128kB [ 2266.580635] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2266.580647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2266.580653] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2266.580660] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2266.582897] 0 [ 2266.586834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2266.586842] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2266.594118] (UME) [ 2266.642314] warn_alloc_show_mem: 2 callbacks suppressed [ 2266.642318] Mem-Info: [ 2266.698961] active_anon:1175285 inactive_anon:199 isolated_anon:0 [ 2266.698961] active_file:6820 inactive_file:8363 isolated_file:0 [ 2266.698961] unevictable:0 dirty:94 writeback:0 unstable:0 [ 2266.698961] slab_reclaimable:18873 slab_unreclaimable:138467 [ 2266.698961] mapped:57677 shmem:255 pagetables:41536 bounce:0 [ 2266.698961] free:81099 free_pcp:600 free_cma:0 [ 2266.741868] 2*256kB [ 2266.754909] syz-executor.1: [ 2266.777448] Node 0 [ 2266.786067] page allocation failure: order:0 [ 2266.787774] DMA: [ 2266.789522] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2266.792777] 4*4kB [ 2266.794755] 0 [ 2266.802397] (UM) [ 2266.809229] syz-executor.1 cpuset= [ 2266.814109] 28*8kB [ 2266.817325] syz1 [ 2266.818653] (UM) [ 2266.830658] mems_allowed=0-1 [ 2266.831205] (UE) [ 2266.836435] CPU: 0 PID: 8062 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2266.838235] 3*512kB [ 2266.843022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2266.843027] Call Trace: [ 2266.843042] dump_stack+0x142/0x197 [ 2266.843060] warn_alloc.cold+0x96/0x1af [ 2266.843070] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2266.843085] ? call_timer_fn+0x670/0x670 [ 2266.846856] (UME) [ 2266.848653] __alloc_pages_slowpath+0x23c6/0x2930 [ 2266.852275] 17*16kB [ 2266.856150] ? warn_alloc+0xf0/0xf0 [ 2266.858348] (UME) [ 2266.863013] ? __might_sleep+0x93/0xb0 [ 2266.863027] __alloc_pages_nodemask+0x62c/0x7a0 [ 2266.865336] 3*1024kB [ 2266.869458] ? lock_downgrade+0x740/0x740 [ 2266.871600] (UME) [ 2266.876591] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2266.882219] 2*32kB [ 2266.886503] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2266.916682] 2*2048kB [ 2266.920327] alloc_pages_current+0xec/0x1e0 [ 2266.920345] ion_page_pool_alloc+0x11f/0x1c0 [ 2266.920358] ion_system_heap_allocate+0x138/0x910 [ 2266.920375] ? ion_system_heap_free+0x250/0x250 [ 2266.920392] ion_alloc+0x68c/0x860 [ 2266.920408] ? ion_dma_buf_release+0x50/0x50 [ 2266.920425] ? kasan_check_write+0x14/0x20 [ 2266.920436] ? _copy_from_user+0x99/0x110 [ 2266.920450] ion_ioctl+0x105/0x217 [ 2266.920460] ? ion_alloc.cold+0x40/0x40 [ 2266.920477] ? ion_alloc.cold+0x40/0x40 [ 2266.920490] do_vfs_ioctl+0x7ae/0x1060 [ 2266.920503] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2266.920513] ? lock_downgrade+0x740/0x740 [ 2266.920524] ? ioctl_preallocate+0x1c0/0x1c0 [ 2266.920537] ? __fget+0x237/0x370 [ 2266.920556] ? security_file_ioctl+0x89/0xb0 [ 2266.920570] SyS_ioctl+0x8f/0xc0 [ 2266.920580] ? do_vfs_ioctl+0x1060/0x1060 [ 2266.920594] do_syscall_64+0x1e8/0x640 [ 2266.920604] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2266.920623] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2266.920631] RIP: 0033:0x45a679 [ 2266.920637] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2266.920648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2266.920655] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2266.920661] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2266.920667] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2266.920674] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2266.927126] Node 0 active_anon:1727172kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2266.928796] (UE) [ 2266.930804] Node 1 active_anon:2973968kB inactive_anon:32kB active_file:27272kB inactive_file:33436kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21788kB dirty:372kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2266.935448] 0*4096kB [ 2266.938911] Node 0 [ 2266.941820] = 10368kB [ 2266.952348] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4444kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2266.954251] Node 0 [ 2266.958296] lowmem_reserve[]: [ 2266.961886] (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2266.969481] 0 [ 2266.971758] DMA32: [ 2266.977092] 2569 [ 2266.980603] Node 0 [ 2266.988054] 2569 [ 2266.990984] 3386*4kB [ 2266.994186] 2569 [ 2266.996112] (UMEH) [ 2267.003941] DMA32: [ 2267.010115] 305*8kB (UMEH) 118*16kB (MEH) 8*32kB (UMH) 0*64kB 0*128kB 0*256kB 0*512kB [ 2267.024100] 3386*4kB [ 2267.029579] (UMEH) 305*8kB [ 2267.042406] 2569 [ 2267.045228] 0*1024kB [ 2267.059200] (UMEH) [ 2267.063269] Node 0 [ 2267.068388] 0*2048kB [ 2267.084420] 118*16kB [ 2267.119798] 0*4096kB [ 2267.126888] DMA32 free:18128kB min:36380kB low:45472kB high:54564kB active_anon:1722728kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65732kB bounce:0kB free_pcp:948kB local_pcp:408kB free_cma:0kB [ 2267.127123] = 18128kB [ 2267.131607] lowmem_reserve[]: [ 2267.140075] Node 0 [ 2267.145320] 0 [ 2267.146607] Normal: [ 2267.150213] 0 0 [ 2267.155654] 0*4kB [ 2267.156440] 0 [ 2267.159536] 0*8kB [ 2267.169539] (MEH) [ 2267.182132] 0*16kB [ 2267.188874] 0 [ 2267.191683] 8*32kB [ 2267.200941] 0*32kB [ 2267.213989] (UMH) [ 2267.219574] 0*64kB [ 2267.228262] Node 0 [ 2267.231159] 0*64kB [ 2267.233774] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2267.238001] 0*128kB [ 2267.244072] lowmem_reserve[]: [ 2267.246518] 0*256kB [ 2267.248273] 0 [ 2267.252953] 0*128kB [ 2267.262182] 0*512kB [ 2267.270123] 0 [ 2267.270417] 0*256kB [ 2267.274573] 0 [ 2267.278788] 0*512kB [ 2267.287206] 0*1024kB [ 2267.298323] 0*2048kB [ 2267.303123] 0 [ 2267.308359] 0*1024kB [ 2267.320402] 0*4096kB [ 2267.327619] = 0kB [ 2267.327631] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2267.331626] 0 [ 2267.341557] 0*2048kB [ 2267.344762] 0*4096kB [ 2267.368784] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2267.386154] = 18128kB [ 2267.421455] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2267.447286] Node 1 [ 2267.455343] Node 0 [ 2267.479537] Normal free:297044kB min:53508kB low:66884kB high:80260kB active_anon:2973968kB inactive_anon:32kB active_file:27272kB inactive_file:33436kB unevictable:0kB writepending:372kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45408kB pagetables:100404kB bounce:0kB free_pcp:1416kB local_pcp:680kB free_cma:0kB [ 2267.486419] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2267.495506] lowmem_reserve[]: [ 2267.501696] 15291 total pagecache pages [ 2267.506051] 0 pages in swap cache [ 2267.508309] 0 [ 2267.514833] Swap cache stats: add 0, delete 0, find 0/0 [ 2267.523031] 0 [ 2267.525643] Normal: [ 2267.528346] 0 [ 2267.534968] Free swap = 0kB [ 2267.535679] 0 [ 2267.537292] Total swap = 0kB [ 2267.539682] 0 [ 2267.542201] 0*4kB [ 2267.577436] 1965979 pages RAM [ 2267.579124] Node 0 [ 2267.580761] 0 pages HighMem/MovableOnly [ 2267.584846] 335854 pages reserved [ 2267.584851] 0 pages cma reserved [ 2267.588947] Out of memory: Kill process 22102 (syz-executor.0) score 1009 or sacrifice child [ 2267.591001] DMA: [ 2267.598262] Killed process 22102 (syz-executor.0) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB [ 2267.599132] 5*4kB [ 2267.637395] 0*8kB [ 2267.655448] syz-executor.2: [ 2267.670118] 0*16kB [ 2267.710452] page allocation failure: order:0 [ 2267.765051] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2267.769994] (UM) [ 2267.776543] 0 [ 2267.778801] 29*8kB [ 2267.780826] syz-executor.2 cpuset= [ 2267.783838] 0*32kB [ 2267.785609] syz2 [ 2267.787738] 0*64kB [ 2267.795766] mems_allowed=0-1 [ 2267.797124] (UM) [ 2267.801333] CPU: 1 PID: 8116 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2267.812522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2267.812527] Call Trace: [ 2267.812543] dump_stack+0x142/0x197 [ 2267.812559] warn_alloc.cold+0x96/0x1af [ 2267.812568] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2267.812588] ? wait_for_completion+0x420/0x420 [ 2267.812605] __alloc_pages_slowpath+0x23c6/0x2930 [ 2267.812632] ? warn_alloc+0xf0/0xf0 [ 2267.814684] 0*128kB [ 2267.825419] ? __might_sleep+0x93/0xb0 [ 2267.825434] __alloc_pages_nodemask+0x62c/0x7a0 [ 2267.825446] ? lock_downgrade+0x740/0x740 [ 2267.825458] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2267.825473] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2267.825490] alloc_pages_current+0xec/0x1e0 [ 2267.827628] 20*16kB [ 2267.829758] ion_page_pool_alloc+0x11f/0x1c0 [ 2267.832772] (UME) [ 2267.834967] ion_system_heap_allocate+0x138/0x910 [ 2267.839346] 2*32kB [ 2267.846433] ? ion_system_heap_free+0x250/0x250 [ 2267.846450] ion_alloc+0x68c/0x860 [ 2267.846465] ? ion_dma_buf_release+0x50/0x50 [ 2267.846483] ? kasan_check_write+0x14/0x20 [ 2267.850230] ? _copy_from_user+0x99/0x110 [ 2267.850243] ion_ioctl+0x105/0x217 [ 2267.850257] ? ion_alloc.cold+0x40/0x40 [ 2267.856022] ? ion_alloc.cold+0x40/0x40 [ 2267.860189] do_vfs_ioctl+0x7ae/0x1060 [ 2267.860202] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2267.860212] ? lock_downgrade+0x740/0x740 [ 2267.860222] ? ioctl_preallocate+0x1c0/0x1c0 [ 2267.860234] ? __fget+0x237/0x370 [ 2267.860253] ? security_file_ioctl+0x89/0xb0 [ 2267.860266] SyS_ioctl+0x8f/0xc0 [ 2267.862514] 0*256kB [ 2267.865570] ? do_vfs_ioctl+0x1060/0x1060 [ 2267.867610] 0*512kB [ 2267.875388] do_syscall_64+0x1e8/0x640 [ 2267.875397] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2267.875415] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2267.875422] RIP: 0033:0x45a679 [ 2267.875431] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 [ 2267.887346] ORIG_RAX: 0000000000000010 [ 2267.887354] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2267.891051] (U) [ 2267.894939] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2267.899767] 1*64kB [ 2267.904332] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2267.904339] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2267.904344] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2267.920726] 0*1024kB [ 2267.938727] (E) [ 2267.949683] 4*128kB [ 2267.957040] (UME) [ 2267.964645] 0*2048kB [ 2267.973897] warn_alloc_show_mem: 1 callbacks suppressed [ 2267.973900] Mem-Info: [ 2267.977318] 0*4096kB [ 2267.988031] 2*256kB [ 2267.992023] = 0kB [ 2267.992029] Node 1 Normal: 5537*4kB (UM) 1865*8kB [ 2267.997585] (UE) [ 2268.004511] active_anon:1170710 inactive_anon:199 isolated_anon:0 [ 2268.004511] active_file:6820 inactive_file:8363 isolated_file:0 [ 2268.004511] unevictable:0 dirty:94 writeback:0 unstable:0 [ 2268.004511] slab_reclaimable:18873 slab_unreclaimable:138076 [ 2268.004511] mapped:57677 shmem:255 pagetables:41462 bounce:0 [ 2268.004511] free:86101 free_pcp:665 free_cma:0 [ 2268.004952] 3*512kB [ 2268.009316] Node 0 active_anon:1726272kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2268.014025] (UME) [ 2268.017384] (UMEH) [ 2268.023032] 2292*16kB (UMEH) [ 2268.029464] 1965*32kB [ 2268.038107] 3*1024kB [ 2268.038230] Node 1 active_anon:2956568kB inactive_anon:32kB active_file:27272kB inactive_file:33436kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21788kB dirty:372kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2268.043418] (UME) 2*2048kB (UE) 0*4096kB = 10428kB [ 2268.043444] Node 0 DMA32: [ 2268.046624] Node 0 [ 2268.063307] (UMEH) [ 2268.065358] 3421*4kB [ 2268.072720] DMA free:10428kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2268.075305] (UMEH) [ 2268.082196] 770*64kB (UMEH) [ 2268.094405] 321*8kB [ 2268.096839] lowmem_reserve[]: [ 2268.101809] 0 [ 2268.105542] 2569 2569 [ 2268.113321] 104*128kB (MEH) 54*256kB (MEH) 108*512kB (ME) 36*1024kB (UMH) 5*2048kB (M) 0*4096kB = 315436kB [ 2268.113374] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2268.113382] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2268.121823] (UMEH) [ 2268.122592] 2569 [ 2268.127496] 126*16kB [ 2268.129545] 2569 [ 2268.193106] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2268.193114] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2268.193119] 15320 total pagecache pages [ 2268.193130] 0 pages in swap cache [ 2268.193135] Swap cache stats: add 0, delete 0, find 0/0 [ 2268.193138] Free swap = 0kB [ 2268.193141] Total swap = 0kB [ 2268.193149] 1965979 pages RAM [ 2268.193153] 0 pages HighMem/MovableOnly [ 2268.193157] 335854 pages reserved [ 2268.193160] 0 pages cma reserved [ 2268.200783] Node 0 [ 2268.205591] DMA32 free:18748kB min:36380kB low:45472kB high:54564kB active_anon:1721816kB inactive_anon:764kB active_file:20kB inactive_file:28kB unevictable:0kB writepending:28kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65628kB bounce:0kB free_pcp:1380kB local_pcp:668kB free_cma:0kB [ 2268.238992] (UMEH) [ 2268.243459] 13*32kB [ 2268.248064] (UMH) 1*64kB [ 2268.279170] lowmem_reserve[]: [ 2268.284678] 0 [ 2268.288908] 0 0 [ 2268.307630] (M) [ 2268.322873] 0 [ 2268.333788] 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18748kB [ 2268.333816] Node 0 Normal: 0*4kB 0*8kB 0*16kB [ 2268.349826] 0 [ 2268.358213] Node 0 [ 2268.368994] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2268.375295] 0*32kB [ 2268.377402] lowmem_reserve[]: [ 2268.406673] 0*64kB [ 2268.416243] 0 [ 2268.418527] 0 0 0 0 [ 2268.434917] Node 1 [ 2268.436727] 0*128kB [ 2268.437539] Normal free:315436kB min:53508kB low:66884kB high:80260kB active_anon:2956504kB inactive_anon:32kB active_file:27272kB inactive_file:33552kB unevictable:0kB writepending:504kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45280kB pagetables:100208kB bounce:0kB free_pcp:1268kB local_pcp:664kB free_cma:0kB [ 2268.439774] 0*256kB [ 2268.469234] lowmem_reserve[]: [ 2268.470952] 0*512kB [ 2268.472242] 0 [ 2268.474095] 0*1024kB [ 2268.476320] 0 [ 2268.478560] 0*2048kB [ 2268.488300] 0 [ 2268.519316] 0 [ 2268.521489] 0 [ 2268.521498] Node 0 DMA: [ 2268.525695] 5*4kB [ 2268.529871] (UM) 29*8kB [ 2268.538080] (UM) [ 2268.541083] 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10428kB [ 2268.555842] 0*4096kB = 0kB [ 2268.558703] Node 1 Normal: 5537*4kB (UM) 1865*8kB (UMEH) 2292*16kB (UMEH) 1965*32kB (UMEH) 770*64kB (UMEH) 104*128kB (MEH) 54*256kB (MEH) 108*512kB (ME) 36*1024kB (UMH) 5*2048kB (M) 0*4096kB = 315436kB [ 2268.560466] Node 0 [ 2268.580917] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2268.581552] DMA32: [ 2268.589754] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2268.589763] 3421*4kB [ 2268.592475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2268.605209] (UMEH) 321*8kB (UMEH) 126*16kB (UMEH) 13*32kB (UMH) 1*64kB (M) [ 2268.612031] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2268.612036] 15324 total pagecache pages [ 2268.619119] 0*128kB [ 2268.636466] 0*256kB 0*512kB [ 2268.639501] 0*1024kB [ 2268.642664] 0*2048kB 0*4096kB = 18748kB [ 2268.642730] 0 pages in swap cache [ 2268.646649] Node 0 [ 2268.653328] Swap cache stats: add 0, delete 0, find 0/0 [ 2268.654831] Normal: [ 2268.658680] Free swap = 0kB [ 2268.658686] Total swap = 0kB [ 2268.661412] 0*4kB [ 2268.664133] 1965979 pages RAM [ 2268.667086] 0*8kB 0*16kB [ 2268.669220] 0 pages HighMem/MovableOnly [ 2268.677171] 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2268.679123] 335854 pages reserved [ 2268.687219] Node 1 [ 2268.690588] 0 pages cma reserved [ 2268.696292] Normal: 5537*4kB (UM) 1865*8kB (UMEH) 2292*16kB (UMEH) 1965*32kB (UMEH) 770*64kB (UMEH) 104*128kB (MEH) 54*256kB (MEH) 108*512kB (ME) 36*1024kB (UMH) 5*2048kB (M) 0*4096kB = 315436kB [ 2268.713857] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2268.713865] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2268.713872] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2268.713879] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2268.713884] 15330 total pagecache pages [ 2268.713900] 0 pages in swap cache [ 2268.731478] Swap cache stats: add 0, delete 0, find 0/0 [ 2268.748910] Free swap = 0kB [ 2268.764901] Total swap = 0kB [ 2268.767954] 1965979 pages RAM 20:58:18 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:58:18 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:18 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:18 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:58:18 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:58:18 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) [ 2268.771887] 0 pages HighMem/MovableOnly [ 2268.775862] 335854 pages reserved [ 2268.779301] 0 pages cma reserved [ 2269.006239] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2269.014664] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2269.023045] syz-executor.4: [ 2269.038715] syz-executor.1 cpuset= [ 2269.048535] syz-executor.2 cpuset= [ 2269.053362] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2269.053392] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2269.053417] CPU: 1 PID: 8155 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2269.053452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2269.053459] Call Trace: [ 2269.065991] syz2 [ 2269.070212] dump_stack+0x142/0x197 [ 2269.082489] mems_allowed=0-1 [ 2269.087350] warn_alloc.cold+0x96/0x1af [ 2269.087363] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2269.087385] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2269.087401] __alloc_pages_slowpath+0x23c6/0x2930 [ 2269.087428] ? save_trace+0x290/0x290 [ 2269.087447] ? warn_alloc+0xf0/0xf0 [ 2269.087467] ? __might_sleep+0x93/0xb0 [ 2269.087478] __alloc_pages_nodemask+0x62c/0x7a0 [ 2269.087488] ? lock_downgrade+0x740/0x740 [ 2269.087498] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2269.087513] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2269.087530] alloc_pages_current+0xec/0x1e0 [ 2269.087546] ion_page_pool_alloc+0x11f/0x1c0 [ 2269.087557] ion_system_heap_allocate+0x138/0x910 [ 2269.087566] ? ion_alloc+0x19b/0x860 [ 2269.087578] ? rcu_read_lock_sched_held+0x110/0x130 [ 2269.087592] ? ion_system_heap_free+0x250/0x250 [ 2269.087608] ion_alloc+0x222/0x860 [ 2269.087626] ? ion_dma_buf_release+0x50/0x50 [ 2269.087643] ? kasan_check_write+0x14/0x20 [ 2269.087655] ? _copy_from_user+0x99/0x110 [ 2269.087668] ion_ioctl+0x105/0x217 [ 2269.087679] ? ion_alloc.cold+0x40/0x40 [ 2269.087697] ? ion_alloc.cold+0x40/0x40 [ 2269.087710] do_vfs_ioctl+0x7ae/0x1060 [ 2269.087723] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2269.087732] ? lock_downgrade+0x740/0x740 [ 2269.087744] ? ioctl_preallocate+0x1c0/0x1c0 [ 2269.087759] ? __fget+0x237/0x370 [ 2269.087778] ? security_file_ioctl+0x89/0xb0 [ 2269.087791] SyS_ioctl+0x8f/0xc0 [ 2269.087801] ? do_vfs_ioctl+0x1060/0x1060 [ 2269.087816] do_syscall_64+0x1e8/0x640 [ 2269.087826] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2269.087846] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2269.087855] RIP: 0033:0x45a679 [ 2269.087861] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2269.087871] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2269.087876] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2269.087885] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2269.281945] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2269.289206] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2269.304043] CPU: 0 PID: 8149 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2269.311893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2269.313490] page allocation failure: order:4 [ 2269.321258] Call Trace: [ 2269.321281] dump_stack+0x142/0x197 [ 2269.321305] warn_alloc.cold+0x96/0x1af [ 2269.321319] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2269.321355] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2269.321376] __alloc_pages_slowpath+0x23c6/0x2930 [ 2269.321403] ? save_trace+0x290/0x290 [ 2269.331668] syz1 [ 2269.332008] ? warn_alloc+0xf0/0xf0 [ 2269.342980] mems_allowed=0-1 [ 2269.346101] ? __might_sleep+0x93/0xb0 [ 2269.346126] __alloc_pages_nodemask+0x62c/0x7a0 [ 2269.346143] ? lock_downgrade+0x740/0x740 [ 2269.346159] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2269.346180] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2269.386688] alloc_pages_current+0xec/0x1e0 [ 2269.391010] ion_page_pool_alloc+0x11f/0x1c0 [ 2269.395410] ion_system_heap_allocate+0x138/0x910 [ 2269.400242] ? ion_alloc+0x19b/0x860 [ 2269.403946] ? rcu_read_lock_sched_held+0x110/0x130 [ 2269.408960] ? ion_system_heap_free+0x250/0x250 [ 2269.413626] ion_alloc+0x222/0x860 [ 2269.417165] ? ion_dma_buf_release+0x50/0x50 [ 2269.421583] ? kasan_check_write+0x14/0x20 [ 2269.425822] ? _copy_from_user+0x99/0x110 [ 2269.429997] ion_ioctl+0x105/0x217 [ 2269.433533] ? ion_alloc.cold+0x40/0x40 [ 2269.437521] ? ion_alloc.cold+0x40/0x40 [ 2269.441490] do_vfs_ioctl+0x7ae/0x1060 [ 2269.445385] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2269.450131] ? lock_downgrade+0x740/0x740 [ 2269.454271] ? ioctl_preallocate+0x1c0/0x1c0 [ 2269.458687] ? __fget+0x237/0x370 [ 2269.462141] ? security_file_ioctl+0x89/0xb0 [ 2269.466546] SyS_ioctl+0x8f/0xc0 [ 2269.469903] ? do_vfs_ioctl+0x1060/0x1060 [ 2269.474045] do_syscall_64+0x1e8/0x640 [ 2269.477922] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2269.482765] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2269.488075] RIP: 0033:0x45a679 [ 2269.491270] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2269.498985] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2269.506264] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2269.513535] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2269.520803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2269.528111] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2269.537124] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2269.546126] CPU: 1 PID: 8141 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2269.553950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2269.563315] Call Trace: [ 2269.565914] dump_stack+0x142/0x197 [ 2269.569534] warn_alloc.cold+0x96/0x1af [ 2269.573506] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2269.578341] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2269.583608] __alloc_pages_slowpath+0x23c6/0x2930 [ 2269.588442] ? save_trace+0x290/0x290 [ 2269.592230] ? warn_alloc+0xf0/0xf0 [ 2269.595850] ? __might_sleep+0x93/0xb0 [ 2269.599723] __alloc_pages_nodemask+0x62c/0x7a0 [ 2269.604378] ? lock_downgrade+0x740/0x740 [ 2269.608513] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2269.613518] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2269.619653] alloc_pages_current+0xec/0x1e0 [ 2269.623967] ion_page_pool_alloc+0x11f/0x1c0 [ 2269.628359] ion_system_heap_allocate+0x138/0x910 [ 2269.633186] ? ion_alloc+0x19b/0x860 [ 2269.636886] ? rcu_read_lock_sched_held+0x110/0x130 [ 2269.641886] ? ion_system_heap_free+0x250/0x250 [ 2269.646542] ion_alloc+0x222/0x860 [ 2269.650072] ? ion_dma_buf_release+0x50/0x50 [ 2269.654476] ? kasan_check_write+0x14/0x20 [ 2269.658696] ? _copy_from_user+0x99/0x110 [ 2269.662830] ion_ioctl+0x105/0x217 [ 2269.666357] ? ion_alloc.cold+0x40/0x40 [ 2269.670320] ? ion_alloc.cold+0x40/0x40 [ 2269.674283] do_vfs_ioctl+0x7ae/0x1060 [ 2269.678158] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2269.682913] ? lock_downgrade+0x740/0x740 [ 2269.687048] ? ioctl_preallocate+0x1c0/0x1c0 [ 2269.691457] ? __fget+0x237/0x370 [ 2269.694909] ? security_file_ioctl+0x89/0xb0 [ 2269.699350] SyS_ioctl+0x8f/0xc0 [ 2269.702701] ? do_vfs_ioctl+0x1060/0x1060 [ 2269.706840] do_syscall_64+0x1e8/0x640 [ 2269.710724] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2269.715562] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2269.720737] RIP: 0033:0x45a679 [ 2269.723910] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2269.731604] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2269.738857] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2269.746112] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2269.753387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2269.760686] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2269.769988] Mem-Info: [ 2269.773255] active_anon:1170913 inactive_anon:199 isolated_anon:0 [ 2269.773255] active_file:6824 inactive_file:8422 isolated_file:0 [ 2269.773255] unevictable:0 dirty:61 writeback:32 unstable:0 [ 2269.773255] slab_reclaimable:18882 slab_unreclaimable:137946 [ 2269.773255] mapped:57704 shmem:255 pagetables:41555 bounce:0 [ 2269.773255] free:95678 free_pcp:257 free_cma:0 [ 2269.807682] Node 0 active_anon:1726312kB inactive_anon:764kB active_file:24kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:36kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2269.834975] syz-executor.4 cpuset=syz4 mems_allowed=0-1 20:58:20 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2269.844582] Node 0 DMA free:10488kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2269.875149] CPU: 1 PID: 8152 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2269.882983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2269.892341] Call Trace: [ 2269.894930] dump_stack+0x142/0x197 [ 2269.898555] warn_alloc.cold+0x96/0x1af [ 2269.902535] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2269.907381] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2269.912657] __alloc_pages_slowpath+0x23c6/0x2930 [ 2269.917596] ? save_trace+0x290/0x290 [ 2269.921401] ? warn_alloc+0xf0/0xf0 [ 2269.925026] ? __might_sleep+0x93/0xb0 [ 2269.928898] __alloc_pages_nodemask+0x62c/0x7a0 [ 2269.933551] ? lock_downgrade+0x740/0x740 [ 2269.937682] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2269.942688] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2269.948299] alloc_pages_current+0xec/0x1e0 [ 2269.952623] ion_page_pool_alloc+0x11f/0x1c0 [ 2269.957016] ion_system_heap_allocate+0x138/0x910 [ 2269.961840] ? ion_alloc+0x19b/0x860 [ 2269.965545] ? rcu_read_lock_sched_held+0x110/0x130 [ 2269.970561] ? ion_system_heap_free+0x250/0x250 [ 2269.975218] ion_alloc+0x222/0x860 [ 2269.978746] ? ion_dma_buf_release+0x50/0x50 [ 2269.983145] ? kasan_check_write+0x14/0x20 [ 2269.987365] ? _copy_from_user+0x99/0x110 [ 2269.991498] ion_ioctl+0x105/0x217 [ 2269.995025] ? ion_alloc.cold+0x40/0x40 [ 2269.998989] ? ion_alloc.cold+0x40/0x40 [ 2270.002951] do_vfs_ioctl+0x7ae/0x1060 [ 2270.006836] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2270.011579] ? lock_downgrade+0x740/0x740 [ 2270.015726] ? ioctl_preallocate+0x1c0/0x1c0 [ 2270.020126] ? __fget+0x237/0x370 [ 2270.023576] ? security_file_ioctl+0x89/0xb0 [ 2270.027974] SyS_ioctl+0x8f/0xc0 [ 2270.031335] ? do_vfs_ioctl+0x1060/0x1060 [ 2270.035471] do_syscall_64+0x1e8/0x640 [ 2270.039344] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2270.044177] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2270.049351] RIP: 0033:0x45a679 [ 2270.052526] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2270.060218] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2270.067503] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2270.074777] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2270.082038] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2270.089409] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff 20:58:20 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2270.118790] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2270.129561] Node 0 DMA32 free:58272kB min:36380kB low:45472kB high:54564kB active_anon:1721940kB inactive_anon:764kB active_file:8kB inactive_file:52kB unevictable:0kB writepending:36kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65776kB bounce:0kB free_pcp:1400kB local_pcp:720kB free_cma:0kB [ 2270.187623] lowmem_reserve[]: 0 0 0 0 0 [ 2270.192014] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2270.236093] lowmem_reserve[]: 0 0 0 0 0 [ 2270.244149] Node 0 DMA: 8*4kB (UM) 35*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10488kB [ 2270.260489] Node 0 DMA32: 3913*4kB (UMEH) 1331*8kB (UME) 1083*16kB (UMEH) 379*32kB (UMH) 17*64kB (UM) 2*128kB (U) 2*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 58124kB [ 2270.285287] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2270.297926] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2270.307592] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2270.322684] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2270.335353] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2270.346397] 15345 total pagecache pages [ 2270.355683] 0 pages in swap cache [ 2270.359435] Swap cache stats: add 0, delete 0, find 0/0 [ 2270.367221] Free swap = 0kB [ 2270.374163] Total swap = 0kB [ 2270.377340] 1965979 pages RAM [ 2270.382781] 0 pages HighMem/MovableOnly [ 2270.386919] 335854 pages reserved [ 2270.394452] 0 pages cma reserved [ 2270.489542] oom_reaper: reaped process 8149 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2270.535951] oom_reaper: reaped process 8155 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2270.604633] oom_reaper: reaped process 8141 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2270.649101] oom_reaper: reaped process 8152 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2270.725136] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2270.751111] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2270.763903] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2270.783403] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2270.805556] CPU: 1 PID: 8149 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2270.813396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2270.822759] Call Trace: [ 2270.825355] dump_stack+0x142/0x197 [ 2270.828988] dump_header+0x177/0x6cd [ 2270.830120] syz-executor.1 cpuset= [ 2270.832703] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2270.832705] syz1 mems_allowed=0-1 [ 2270.836255] ? ___ratelimit+0x55/0x537 [ 2270.841461] syz-executor.4 cpuset= [ 2270.844786] oom_kill_process.cold+0x10/0xadd [ 2270.848645] syz4 [ 2270.852178] ? rcu_read_unlock_special+0x639/0xd40 [ 2270.863534] ? lock_downgrade+0x740/0x740 [ 2270.867684] out_of_memory+0x2ee/0x1180 [ 2270.871654] ? lock_acquire+0x16f/0x430 [ 2270.875619] ? oom_killer_disable+0x1d0/0x1d0 [ 2270.880119] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2270.880760] mems_allowed=0-1 [ 2270.885049] __alloc_pages_slowpath+0x2251/0x2930 [ 2270.892975] ? warn_alloc+0xf0/0xf0 [ 2270.896594] ? __might_sleep+0x93/0xb0 [ 2270.900473] __alloc_pages_nodemask+0x62c/0x7a0 [ 2270.905146] ? lock_downgrade+0x740/0x740 [ 2270.909295] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2270.914305] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2270.919921] alloc_pages_current+0xec/0x1e0 [ 2270.924233] ion_page_pool_alloc+0x11f/0x1c0 [ 2270.928627] ion_system_heap_allocate+0x138/0x910 [ 2270.933461] ? ion_alloc+0x19b/0x860 [ 2270.937175] ? rcu_read_lock_sched_held+0x110/0x130 [ 2270.942185] ? ion_system_heap_free+0x250/0x250 [ 2270.946839] ion_alloc+0x222/0x860 [ 2270.950369] ? ion_dma_buf_release+0x50/0x50 [ 2270.954769] ? kasan_check_write+0x14/0x20 [ 2270.958988] ? _copy_from_user+0x99/0x110 [ 2270.963218] ion_ioctl+0x105/0x217 [ 2270.966755] ? ion_alloc.cold+0x40/0x40 [ 2270.970725] ? ion_alloc.cold+0x40/0x40 [ 2270.974683] do_vfs_ioctl+0x7ae/0x1060 [ 2270.978582] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2270.983335] ? lock_downgrade+0x740/0x740 [ 2270.987480] ? ioctl_preallocate+0x1c0/0x1c0 [ 2270.991899] ? __fget+0x237/0x370 [ 2270.995363] ? security_file_ioctl+0x89/0xb0 [ 2270.999772] SyS_ioctl+0x8f/0xc0 [ 2271.003143] ? do_vfs_ioctl+0x1060/0x1060 [ 2271.007278] do_syscall_64+0x1e8/0x640 [ 2271.011153] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2271.015988] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2271.021170] RIP: 0033:0x45a679 [ 2271.024357] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2271.032062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2271.039331] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2271.046585] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2271.053844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2271.061106] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2271.068481] CPU: 0 PID: 8152 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2271.076303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2271.085679] Call Trace: [ 2271.088279] dump_stack+0x142/0x197 [ 2271.091897] warn_alloc.cold+0x96/0x1af [ 2271.095863] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2271.100706] ? call_timer_fn+0x670/0x670 [ 2271.104764] __alloc_pages_slowpath+0x23c6/0x2930 [ 2271.109600] ? warn_alloc+0xf0/0xf0 [ 2271.113224] ? __might_sleep+0x93/0xb0 [ 2271.117107] __alloc_pages_nodemask+0x62c/0x7a0 [ 2271.121762] ? lock_downgrade+0x740/0x740 [ 2271.125897] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2271.130906] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2271.136522] alloc_pages_current+0xec/0x1e0 [ 2271.140831] ion_page_pool_alloc+0x11f/0x1c0 [ 2271.145228] ion_system_heap_allocate+0x138/0x910 [ 2271.150068] ? ion_alloc+0x19b/0x860 [ 2271.153770] ? rcu_read_lock_sched_held+0x110/0x130 [ 2271.158773] ? ion_system_heap_free+0x250/0x250 [ 2271.163431] ion_alloc+0x222/0x860 [ 2271.166960] ? ion_dma_buf_release+0x50/0x50 [ 2271.171356] ? kasan_check_write+0x14/0x20 [ 2271.175578] ? _copy_from_user+0x99/0x110 [ 2271.179728] ion_ioctl+0x105/0x217 [ 2271.183259] ? ion_alloc.cold+0x40/0x40 [ 2271.187244] ? ion_alloc.cold+0x40/0x40 [ 2271.191205] do_vfs_ioctl+0x7ae/0x1060 [ 2271.195079] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2271.199828] ? lock_downgrade+0x740/0x740 [ 2271.203964] ? ioctl_preallocate+0x1c0/0x1c0 [ 2271.208380] ? __fget+0x237/0x370 [ 2271.211826] ? security_file_ioctl+0x89/0xb0 [ 2271.216221] SyS_ioctl+0x8f/0xc0 [ 2271.219571] ? do_vfs_ioctl+0x1060/0x1060 [ 2271.223705] do_syscall_64+0x1e8/0x640 [ 2271.227574] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2271.232403] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2271.237575] RIP: 0033:0x45a679 [ 2271.240745] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2271.248441] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2271.255698] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2271.262955] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 20:58:21 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2271.271774] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2271.279029] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2271.289226] CPU: 0 PID: 8141 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2271.297052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2271.306413] Call Trace: [ 2271.309009] dump_stack+0x142/0x197 [ 2271.312655] warn_alloc.cold+0x96/0x1af [ 2271.316642] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2271.321497] ? call_timer_fn+0x670/0x670 [ 2271.325577] __alloc_pages_slowpath+0x23c6/0x2930 [ 2271.330447] ? warn_alloc+0xf0/0xf0 [ 2271.334099] ? __might_sleep+0x93/0xb0 [ 2271.337995] __alloc_pages_nodemask+0x62c/0x7a0 [ 2271.342674] ? lock_downgrade+0x740/0x740 [ 2271.346827] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2271.351855] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2271.357481] alloc_pages_current+0xec/0x1e0 [ 2271.361791] ion_page_pool_alloc+0x11f/0x1c0 [ 2271.366211] ion_system_heap_allocate+0x138/0x910 [ 2271.366222] ? ion_alloc+0x19b/0x860 [ 2271.366233] ? rcu_read_lock_sched_held+0x110/0x130 [ 2271.366246] ? ion_system_heap_free+0x250/0x250 [ 2271.374785] ion_alloc+0x222/0x860 [ 2271.374802] ? ion_dma_buf_release+0x50/0x50 [ 2271.374819] ? kasan_check_write+0x14/0x20 [ 2271.396645] ? _copy_from_user+0x99/0x110 [ 2271.399249] Mem-Info: [ 2271.400805] ion_ioctl+0x105/0x217 [ 2271.400817] ? ion_alloc.cold+0x40/0x40 [ 2271.400836] ? ion_alloc.cold+0x40/0x40 [ 2271.400847] do_vfs_ioctl+0x7ae/0x1060 [ 2271.400861] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2271.403380] active_anon:1170794 inactive_anon:199 isolated_anon:0 [ 2271.403380] active_file:6820 inactive_file:8426 isolated_file:0 [ 2271.403380] unevictable:0 dirty:31 writeback:0 unstable:0 [ 2271.403380] slab_reclaimable:18893 slab_unreclaimable:137920 [ 2271.403380] mapped:57677 shmem:255 pagetables:41529 bounce:0 [ 2271.403380] free:87223 free_pcp:206 free_cma:0 [ 2271.406790] ? lock_downgrade+0x740/0x740 [ 2271.406804] ? ioctl_preallocate+0x1c0/0x1c0 [ 2271.406816] ? __fget+0x237/0x370 [ 2271.406834] ? security_file_ioctl+0x89/0xb0 [ 2271.411108] Node 0 active_anon:1726236kB inactive_anon:776kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2271.414750] SyS_ioctl+0x8f/0xc0 [ 2271.414761] ? do_vfs_ioctl+0x1060/0x1060 [ 2271.414774] do_syscall_64+0x1e8/0x640 [ 2271.414785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2271.418779] Node 0 [ 2271.423410] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2271.423419] RIP: 0033:0x45a679 20:58:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2271.423424] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2271.423435] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2271.423441] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2271.423446] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2271.423452] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2271.423472] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2271.458025] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2271.478700] warn_alloc: 1 callbacks suppressed [ 2271.478705] syz-executor.5: [ 2271.565470] page allocation failure: order:4 [ 2271.579420] lowmem_reserve[]: [ 2271.646365] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2271.654659] 0 2569 2569 2569 2569 [ 2271.664292] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2271.667957] Node 0 DMA32 free:23276kB min:36380kB low:45472kB high:54564kB active_anon:1721852kB inactive_anon:776kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65628kB bounce:0kB free_pcp:1052kB local_pcp:624kB free_cma:0kB [ 2271.676957] CPU: 0 PID: 8155 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2271.708493] lowmem_reserve[]: [ 2271.709688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2271.709693] Call Trace: [ 2271.709710] dump_stack+0x142/0x197 [ 2271.709733] warn_alloc.cold+0x96/0x1af [ 2271.709745] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2271.713931] 0 [ 2271.724634] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2271.724651] __alloc_pages_slowpath+0x23c6/0x2930 [ 2271.724671] ? save_trace+0x290/0x290 [ 2271.724687] ? warn_alloc+0xf0/0xf0 [ 2271.724707] ? __might_sleep+0x93/0xb0 [ 2271.727703] 0 [ 2271.730900] __alloc_pages_nodemask+0x62c/0x7a0 [ 2271.730913] ? lock_downgrade+0x740/0x740 [ 2271.730926] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2271.730943] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2271.730960] alloc_pages_current+0xec/0x1e0 [ 2271.730978] ion_page_pool_alloc+0x11f/0x1c0 [ 2271.735513] 0 [ 2271.739767] ion_system_heap_allocate+0x138/0x910 [ 2271.739785] ? ion_system_heap_free+0x250/0x250 [ 2271.739802] ion_alloc+0x68c/0x860 [ 2271.739817] ? ion_dma_buf_release+0x50/0x50 [ 2271.741948] 0 [ 2271.746873] ? kasan_check_write+0x14/0x20 [ 2271.746885] ? _copy_from_user+0x99/0x110 [ 2271.746899] ion_ioctl+0x105/0x217 [ 2271.746913] ? ion_alloc.cold+0x40/0x40 [ 2271.752461] 0 [ 2271.755538] ? ion_alloc.cold+0x40/0x40 [ 2271.755553] do_vfs_ioctl+0x7ae/0x1060 [ 2271.755566] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2271.755579] ? lock_downgrade+0x740/0x740 [ 2271.763096] ? ioctl_preallocate+0x1c0/0x1c0 [ 2271.763112] ? __fget+0x237/0x370 [ 2271.763131] ? security_file_ioctl+0x89/0xb0 [ 2271.763144] SyS_ioctl+0x8f/0xc0 [ 2271.765245] Node 0 [ 2271.769611] ? do_vfs_ioctl+0x1060/0x1060 [ 2271.769627] do_syscall_64+0x1e8/0x640 [ 2271.769638] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2271.769656] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2271.769666] RIP: 0033:0x45a679 [ 2271.774547] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2271.778792] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2271.778804] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2271.778810] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2271.778816] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2271.778822] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2271.778829] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2271.907158] warn_alloc_show_mem: 3 callbacks suppressed [ 2271.907162] Mem-Info: [ 2271.925623] syz-executor.1: [ 2271.963142] active_anon:1170844 inactive_anon:199 isolated_anon:0 [ 2271.963142] active_file:6820 inactive_file:8426 isolated_file:0 [ 2271.963142] unevictable:0 dirty:31 writeback:0 unstable:0 [ 2271.963142] slab_reclaimable:18893 slab_unreclaimable:138024 [ 2271.963142] mapped:57702 shmem:255 pagetables:41566 bounce:0 [ 2271.963142] free:86696 free_pcp:464 free_cma:0 [ 2271.963161] Node 0 active_anon:1726236kB inactive_anon:776kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2271.963180] Node 1 active_anon:2957140kB inactive_anon:20kB active_file:27272kB inactive_file:33688kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21888kB dirty:120kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2271.967647] page allocation failure: order:4 [ 2271.975101] Node 0 [ 2272.003828] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2272.065559] lowmem_reserve[]: 0 0 0 0 0 [ 2272.078640] Node 0 DMA: 4*4kB (M) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2272.095267] 0 [ 2272.095603] syz-executor.4: [ 2272.097536] syz-executor.1 cpuset= [ 2272.099390] page allocation failure: order:4 [ 2272.101011] Node 0 [ 2272.105371] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2272.109323] syz1 [ 2272.119067] DMA32: 3551*4kB (UMEH) 331*8kB (UME) 132*16kB (UME) 95*32kB (UMH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22004kB [ 2272.122840] 0 [ 2272.147943] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2272.154426] mems_allowed=0-1 20:58:22 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2272.177179] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2272.189290] CPU: 0 PID: 8152 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2272.197123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2272.206487] Call Trace: [ 2272.209091] dump_stack+0x142/0x197 [ 2272.212745] warn_alloc.cold+0x96/0x1af [ 2272.214597] Node 0 [ 2272.216733] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2272.216758] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2272.216771] __alloc_pages_slowpath+0x23c6/0x2930 [ 2272.223013] Normal: [ 2272.223850] ? save_trace+0x290/0x290 [ 2272.243475] ? warn_alloc+0xf0/0xf0 [ 2272.247127] ? __might_sleep+0x93/0xb0 [ 2272.250957] 0*4kB 0*8kB 0*16kB [ 2272.251026] __alloc_pages_nodemask+0x62c/0x7a0 [ 2272.251047] ? lock_downgrade+0x740/0x740 [ 2272.263145] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2272.266683] 0*32kB [ 2272.268182] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2272.268201] alloc_pages_current+0xec/0x1e0 [ 2272.268217] ion_page_pool_alloc+0x11f/0x1c0 [ 2272.279964] 0*64kB [ 2272.280382] ion_system_heap_allocate+0x138/0x910 [ 2272.280398] ? ion_system_heap_free+0x250/0x250 [ 2272.280414] ion_alloc+0x68c/0x860 [ 2272.294552] 0*128kB [ 2272.296538] ? ion_dma_buf_release+0x50/0x50 [ 2272.296557] ? kasan_check_write+0x14/0x20 [ 2272.296569] ? _copy_from_user+0x99/0x110 [ 2272.296580] ion_ioctl+0x105/0x217 [ 2272.310991] 0*256kB [ 2272.311054] ? ion_alloc.cold+0x40/0x40 [ 2272.322966] 0*512kB [ 2272.325503] ? ion_alloc.cold+0x40/0x40 [ 2272.325518] do_vfs_ioctl+0x7ae/0x1060 [ 2272.325533] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2272.325546] ? lock_downgrade+0x740/0x740 [ 2272.331829] 0*1024kB [ 2272.331860] ? ioctl_preallocate+0x1c0/0x1c0 [ 2272.340772] 0*2048kB [ 2272.344615] ? __fget+0x237/0x370 [ 2272.344637] ? security_file_ioctl+0x89/0xb0 [ 2272.352731] 0*4096kB [ 2272.354002] SyS_ioctl+0x8f/0xc0 [ 2272.354013] ? do_vfs_ioctl+0x1060/0x1060 [ 2272.354034] do_syscall_64+0x1e8/0x640 [ 2272.358732] = 0kB [ 2272.361865] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2272.361885] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2272.361893] RIP: 0033:0x45a679 [ 2272.361899] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2272.361910] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2272.361918] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2272.368768] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2272.371803] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2272.371810] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2272.371816] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2272.404821] lowmem_reserve[]: [ 2272.416360] CPU: 1 PID: 8141 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2272.436433] 0 [ 2272.437009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2272.448941] 2569 [ 2272.455183] Call Trace: [ 2272.455202] dump_stack+0x142/0x197 [ 2272.455218] warn_alloc.cold+0x96/0x1af [ 2272.455228] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2272.455248] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2272.457075] 2569 [ 2272.466445] __alloc_pages_slowpath+0x23c6/0x2930 [ 2272.466466] ? save_trace+0x290/0x290 [ 2272.466480] ? warn_alloc+0xf0/0xf0 [ 2272.466499] ? __might_sleep+0x93/0xb0 [ 2272.466511] __alloc_pages_nodemask+0x62c/0x7a0 [ 2272.466521] ? lock_downgrade+0x740/0x740 [ 2272.466537] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2272.466554] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2272.466572] alloc_pages_current+0xec/0x1e0 [ 2272.466587] ion_page_pool_alloc+0x11f/0x1c0 [ 2272.466600] ion_system_heap_allocate+0x138/0x910 [ 2272.473197] 2569 [ 2272.474839] ? ion_system_heap_free+0x250/0x250 [ 2272.478782] 2569 [ 2272.483613] ion_alloc+0x68c/0x860 [ 2272.483630] ? ion_dma_buf_release+0x50/0x50 [ 2272.483646] ? kasan_check_write+0x14/0x20 [ 2272.483657] ? _copy_from_user+0x99/0x110 [ 2272.483670] ion_ioctl+0x105/0x217 [ 2272.483679] ? ion_alloc.cold+0x40/0x40 [ 2272.483696] ? ion_alloc.cold+0x40/0x40 [ 2272.490995] do_vfs_ioctl+0x7ae/0x1060 20:58:22 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2272.491007] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2272.491017] ? lock_downgrade+0x740/0x740 [ 2272.491029] ? ioctl_preallocate+0x1c0/0x1c0 [ 2272.491044] ? __fget+0x237/0x370 [ 2272.491063] ? security_file_ioctl+0x89/0xb0 [ 2272.491075] SyS_ioctl+0x8f/0xc0 [ 2272.491084] ? do_vfs_ioctl+0x1060/0x1060 [ 2272.491098] do_syscall_64+0x1e8/0x640 [ 2272.495913] Node 0 [ 2272.499697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2272.526159] DMA32 free:22004kB min:36380kB low:45472kB high:54564kB active_anon:1721824kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65628kB bounce:0kB free_pcp:1196kB local_pcp:564kB free_cma:0kB [ 2272.526619] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2272.530995] lowmem_reserve[]: [ 2272.535312] RIP: 0033:0x45a679 [ 2272.544814] 0 [ 2272.546840] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 [ 2272.548883] 0 [ 2272.552395] ORIG_RAX: 0000000000000010 [ 2272.552402] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2272.552407] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2272.552412] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2272.552417] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2272.552423] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2272.557326] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2272.562161] 0 [ 2272.568864] 0 [ 2272.592200] 0 [ 2272.594587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2272.610766] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2272.627200] Node 0 [ 2272.680658] 15356 total pagecache pages [ 2272.709500] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2272.711265] 0 pages in swap cache [ 2272.730511] syz-executor.4: [ 2272.735465] Swap cache stats: add 0, delete 0, find 0/0 [ 2272.748092] lowmem_reserve[]: [ 2272.749424] Free swap = 0kB [ 2272.783193] page allocation failure: order:0 [ 2272.787658] Total swap = 0kB [ 2272.799689] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2272.809532] 1965979 pages RAM [ 2272.815359] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2272.817988] 0 pages HighMem/MovableOnly [ 2272.825285] 335854 pages reserved [ 2272.827655] CPU: 0 PID: 8152 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2272.828972] 0 pages cma reserved [ 2272.836621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2272.836626] Call Trace: [ 2272.836644] dump_stack+0x142/0x197 [ 2272.836660] warn_alloc.cold+0x96/0x1af [ 2272.836670] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2272.836684] ? call_timer_fn+0x670/0x670 [ 2272.836704] __alloc_pages_slowpath+0x23c6/0x2930 [ 2272.836728] ? warn_alloc+0xf0/0xf0 [ 2272.836750] ? __might_sleep+0x93/0xb0 [ 2272.836762] __alloc_pages_nodemask+0x62c/0x7a0 [ 2272.836772] ? lock_downgrade+0x740/0x740 [ 2272.836782] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2272.836798] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2272.840825] Out of memory: Kill process 7803 (syz-executor.0) score 1009 or sacrifice child [ 2272.849656] alloc_pages_current+0xec/0x1e0 [ 2272.849675] ion_page_pool_alloc+0x11f/0x1c0 [ 2272.849688] ion_system_heap_allocate+0x138/0x910 [ 2272.849703] ? ion_system_heap_free+0x250/0x250 [ 2272.852587] Killed process 7803 (syz-executor.0) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB [ 2272.855890] ion_alloc+0x68c/0x860 [ 2272.855909] ? ion_dma_buf_release+0x50/0x50 [ 2272.855925] ? kasan_check_write+0x14/0x20 [ 2272.870348] syz-executor.2: [ 2272.873627] ? _copy_from_user+0x99/0x110 [ 2272.873644] ion_ioctl+0x105/0x217 [ 2272.873655] ? ion_alloc.cold+0x40/0x40 [ 2272.873670] ? ion_alloc.cold+0x40/0x40 [ 2272.878481] page allocation failure: order:0 [ 2272.881197] do_vfs_ioctl+0x7ae/0x1060 [ 2272.881214] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2272.881223] ? lock_downgrade+0x740/0x740 [ 2272.881235] ? ioctl_preallocate+0x1c0/0x1c0 [ 2272.881248] ? __fget+0x237/0x370 [ 2272.881267] ? security_file_ioctl+0x89/0xb0 [ 2272.890502] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2272.895096] SyS_ioctl+0x8f/0xc0 [ 2272.895108] ? do_vfs_ioctl+0x1060/0x1060 [ 2272.895124] do_syscall_64+0x1e8/0x640 [ 2272.895134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2272.895152] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2272.895161] RIP: 0033:0x45a679 [ 2272.895166] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2272.895177] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2272.895182] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2272.895188] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2272.895194] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2272.895200] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2272.900677] 0 [ 2272.921655] 0 [ 2272.941006] warn_alloc_show_mem: 3 callbacks suppressed [ 2272.941070] Mem-Info: [ 2272.949374] syz-executor.2 cpuset= [ 2272.952606] 0 [ 2272.955926] syz2 [ 2272.959570] 0 [ 2272.968788] mems_allowed=0-1 [ 2272.971256] active_anon:1166732 inactive_anon:199 isolated_anon:0 [ 2272.971256] active_file:6820 inactive_file:8436 isolated_file:0 [ 2272.971256] unevictable:0 dirty:50 writeback:0 unstable:0 [ 2272.971256] slab_reclaimable:18894 slab_unreclaimable:137923 [ 2272.971256] mapped:57702 shmem:255 pagetables:41529 bounce:0 [ 2272.971256] free:89909 free_pcp:575 free_cma:0 [ 2272.971276] Node 0 active_anon:1725608kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2272.971292] Node 1 active_anon:2941320kB inactive_anon:32kB active_file:27272kB inactive_file:33728kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21888kB dirty:196kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2272.971296] Node 0 DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2272.971318] lowmem_reserve[]: [ 2272.976135] CPU: 1 PID: 8149 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2272.979894] 0 [ 2272.984458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2272.984463] Call Trace: [ 2272.984481] dump_stack+0x142/0x197 [ 2272.984496] warn_alloc.cold+0x96/0x1af [ 2272.984505] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2272.984523] ? wait_for_completion+0x420/0x420 [ 2272.984540] __alloc_pages_slowpath+0x23c6/0x2930 [ 2272.984565] ? warn_alloc+0xf0/0xf0 [ 2272.984587] ? __might_sleep+0x93/0xb0 [ 2272.984602] __alloc_pages_nodemask+0x62c/0x7a0 [ 2272.984614] ? lock_downgrade+0x740/0x740 [ 2272.984627] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2272.984644] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2272.984661] alloc_pages_current+0xec/0x1e0 [ 2272.984686] ion_page_pool_alloc+0x11f/0x1c0 [ 2272.992435] 0 [ 2272.993216] ion_system_heap_allocate+0x138/0x910 [ 2272.996710] 0 [ 2273.001038] ? ion_alloc+0x19b/0x860 [ 2273.001050] ? rcu_read_lock_sched_held+0x110/0x130 [ 2273.001062] ? ion_system_heap_free+0x250/0x250 [ 2273.001077] ion_alloc+0x222/0x860 [ 2273.001092] ? ion_dma_buf_release+0x50/0x50 [ 2273.001107] ? kasan_check_write+0x14/0x20 [ 2273.001119] ? _copy_from_user+0x99/0x110 [ 2273.008269] 2569 [ 2273.011553] ion_ioctl+0x105/0x217 [ 2273.011564] ? ion_alloc.cold+0x40/0x40 [ 2273.011580] ? ion_alloc.cold+0x40/0x40 [ 2273.011590] do_vfs_ioctl+0x7ae/0x1060 [ 2273.011602] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2273.011612] ? lock_downgrade+0x740/0x740 [ 2273.011622] ? ioctl_preallocate+0x1c0/0x1c0 [ 2273.011636] ? __fget+0x237/0x370 [ 2273.019683] ? security_file_ioctl+0x89/0xb0 [ 2273.019699] SyS_ioctl+0x8f/0xc0 [ 2273.019711] ? do_vfs_ioctl+0x1060/0x1060 [ 2273.024601] 2569 [ 2273.029716] do_syscall_64+0x1e8/0x640 [ 2273.033076] Node 1 [ 2273.041313] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2273.041334] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2273.041342] RIP: 0033:0x45a679 [ 2273.041347] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2273.041357] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2273.041363] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2273.041368] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2273.041373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2273.041379] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2273.127335] syz-executor.2: [ 2273.191754] page allocation failure: order:4 [ 2273.230361] 2569 [ 2273.250485] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2273.260845] 2569 [ 2273.285698] 0 [ 2273.304184] syz-executor.2 cpuset= [ 2273.307341] Node 0 [ 2273.313932] syz2 [ 2273.318030] DMA32 free:58288kB min:36380kB low:45472kB high:54564kB active_anon:1721132kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65524kB bounce:0kB free_pcp:1304kB local_pcp:556kB free_cma:0kB [ 2273.345562] mems_allowed=0-1 [ 2273.349345] lowmem_reserve[]: [ 2273.365967] CPU: 1 PID: 8149 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2273.370703] Normal free:330816kB min:53508kB low:66884kB high:80260kB active_anon:2941104kB inactive_anon:32kB active_file:27272kB inactive_file:33772kB unevictable:0kB writepending:292kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45440kB pagetables:100408kB bounce:0kB free_pcp:992kB local_pcp:340kB free_cma:0kB [ 2273.373978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2273.377417] lowmem_reserve[]: [ 2273.381801] Call Trace: [ 2273.381819] dump_stack+0x142/0x197 [ 2273.381834] warn_alloc.cold+0x96/0x1af [ 2273.381844] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2273.381863] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2273.381876] __alloc_pages_slowpath+0x23c6/0x2930 [ 2273.381896] ? save_trace+0x290/0x290 [ 2273.385252] 0 [ 2273.389395] ? warn_alloc+0xf0/0xf0 [ 2273.391478] 0 [ 2273.395314] ? __might_sleep+0x93/0xb0 [ 2273.397516] 0 [ 2273.402348] __alloc_pages_nodemask+0x62c/0x7a0 [ 2273.402360] ? lock_downgrade+0x740/0x740 [ 2273.402371] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2273.402388] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2273.407559] 0 [ 2273.410732] alloc_pages_current+0xec/0x1e0 [ 2273.410749] ion_page_pool_alloc+0x11f/0x1c0 [ 2273.410760] ion_system_heap_allocate+0x138/0x910 [ 2273.410775] ? ion_system_heap_free+0x250/0x250 [ 2273.410792] ion_alloc+0x68c/0x860 [ 2273.419142] 0 [ 2273.425749] ? ion_dma_buf_release+0x50/0x50 [ 2273.425767] ? kasan_check_write+0x14/0x20 [ 2273.425777] ? _copy_from_user+0x99/0x110 [ 2273.425789] ion_ioctl+0x105/0x217 [ 2273.425803] ? ion_alloc.cold+0x40/0x40 [ 2273.433123] 0 [ 2273.440320] ? ion_alloc.cold+0x40/0x40 [ 2273.440331] do_vfs_ioctl+0x7ae/0x1060 [ 2273.440344] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2273.440353] ? lock_downgrade+0x740/0x740 [ 2273.440365] ? ioctl_preallocate+0x1c0/0x1c0 [ 2273.447624] 0 [ 2273.454891] ? __fget+0x237/0x370 [ 2273.454910] ? security_file_ioctl+0x89/0xb0 [ 2273.454923] SyS_ioctl+0x8f/0xc0 [ 2273.454934] ? do_vfs_ioctl+0x1060/0x1060 [ 2273.457939] 0 [ 2273.462325] do_syscall_64+0x1e8/0x640 [ 2273.462340] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2273.462358] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2273.462368] RIP: 0033:0x45a679 [ 2273.471496] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2273.471508] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2273.471513] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2273.471519] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2273.471525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2273.471531] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2273.603054] Node 0 [ 2273.607854] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2273.616781] 0 [ 2273.618525] lowmem_reserve[]: [ 2273.628397] syz-executor.2: [ 2273.629234] 0 [ 2273.632162] page allocation failure: order:0 [ 2273.635416] 0 [ 2273.639787] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2273.648453] 0 [ 2273.678053] 0 [ 2273.681885] 0 [ 2273.685148] 0 [ 2273.689835] 0 [ 2273.700343] Node 1 Normal free:331116kB min:53508kB low:66884kB high:80260kB active_anon:2941004kB inactive_anon:32kB active_file:27272kB inactive_file:33772kB unevictable:0kB writepending:292kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45344kB pagetables:100408kB bounce:0kB free_pcp:972kB local_pcp:340kB free_cma:0kB [ 2273.700370] lowmem_reserve[]: 0 0 0 0 0 [ 2273.700394] Node 0 DMA: 4*4kB (M) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2273.700478] Node 0 DMA32: 3531*4kB (MEH) 312*8kB (UMEH) [ 2273.703944] Node 0 [ 2273.708336] 103*16kB (UMH) [ 2273.712106] syz-executor.2 cpuset= [ 2273.715913] 0*32kB 0*64kB [ 2273.717715] syz2 [ 2273.740134] 0*128kB [ 2273.746719] DMA: [ 2273.749793] 0*256kB [ 2273.757322] 4*4kB [ 2273.793810] 0*512kB [ 2273.806567] mems_allowed=0-1 [ 2273.833827] 0*1024kB [ 2273.835446] CPU: 1 PID: 8149 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2273.836604] 0*2048kB [ 2273.838393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2273.942497] Call Trace: [ 2273.945081] dump_stack+0x142/0x197 [ 2273.948695] warn_alloc.cold+0x96/0x1af [ 2273.952653] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2273.957481] ? call_timer_fn+0x670/0x670 [ 2273.961535] __alloc_pages_slowpath+0x23c6/0x2930 [ 2273.966374] ? warn_alloc+0xf0/0xf0 [ 2273.969995] ? __might_sleep+0x93/0xb0 [ 2273.973874] __alloc_pages_nodemask+0x62c/0x7a0 [ 2273.978525] ? lock_downgrade+0x740/0x740 [ 2273.982660] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2273.987666] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2273.993297] alloc_pages_current+0xec/0x1e0 [ 2273.997627] ion_page_pool_alloc+0x11f/0x1c0 [ 2274.002026] ion_system_heap_allocate+0x138/0x910 [ 2274.006858] ? ion_system_heap_free+0x250/0x250 [ 2274.011538] ion_alloc+0x68c/0x860 [ 2274.015092] ? ion_dma_buf_release+0x50/0x50 [ 2274.019499] ? kasan_check_write+0x14/0x20 [ 2274.023732] ? _copy_from_user+0x99/0x110 [ 2274.027868] ion_ioctl+0x105/0x217 [ 2274.031426] ? ion_alloc.cold+0x40/0x40 [ 2274.035418] ? ion_alloc.cold+0x40/0x40 [ 2274.039413] do_vfs_ioctl+0x7ae/0x1060 [ 2274.043299] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2274.048053] ? lock_downgrade+0x740/0x740 [ 2274.052199] ? ioctl_preallocate+0x1c0/0x1c0 [ 2274.056597] ? __fget+0x237/0x370 [ 2274.060048] ? security_file_ioctl+0x89/0xb0 [ 2274.064449] SyS_ioctl+0x8f/0xc0 [ 2274.067802] ? do_vfs_ioctl+0x1060/0x1060 [ 2274.071939] do_syscall_64+0x1e8/0x640 [ 2274.075818] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2274.080651] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2274.085838] RIP: 0033:0x45a679 [ 2274.089035] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2274.096744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2274.104003] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2274.111257] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2274.118510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2274.125767] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff 20:58:24 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:24 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:24 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000001a00)) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2274.139405] 0*4096kB = 18268kB [ 2274.142732] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2274.161510] (M) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2274.167606] Node 1 Normal: 5444*4kB (UM) 1757*8kB (UMEH) 2536*16kB (UMEH) 2124*32kB (UMEH) 879*64kB (UMEH) 106*128kB (MEH) 57*256kB (MEH) 108*512kB (ME) 36*1024kB (UMH) 5*2048kB (M) 0*4096kB = 331192kB [ 2274.181582] Node 0 DMA32: 3531*4kB (MEH) 318*8kB (UME) 103*16kB (UMH) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18316kB [ 2274.219273] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2274.232256] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2274.235537] Node 1 Normal: 5382*4kB (UM) 1871*8kB (UMEH) 2539*16kB (UMEH) 2126*32kB (UMEH) 879*64kB (UMEH) 106*128kB (MEH) 57*256kB (MEH) 108*512kB (ME) 36*1024kB (UMH) 5*2048kB (M) 0*4096kB = 331968kB [ 2274.253259] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2274.264808] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2274.280256] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2274.282902] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2274.292989] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2274.306000] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2274.311148] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2274.326303] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2274.328629] syz-executor.4 cpuset= [ 2274.336129] 15380 total pagecache pages [ 2274.340697] 15380 total pagecache pages [ 2274.344752] 0 pages in swap cache [ 2274.348262] syz4 mems_allowed=0-1 [ 2274.355599] 0 pages in swap cache [ 2274.356400] Swap cache stats: add 0, delete 0, find 0/0 [ 2274.362708] CPU: 0 PID: 8215 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2274.365618] Free swap = 0kB [ 2274.372236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2274.372243] Call Trace: [ 2274.372262] dump_stack+0x142/0x197 [ 2274.372284] warn_alloc.cold+0x96/0x1af [ 2274.372298] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2274.372330] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2274.375510] Total swap = 0kB [ 2274.384706] __alloc_pages_slowpath+0x23c6/0x2930 [ 2274.384737] ? save_trace+0x290/0x290 [ 2274.384763] ? warn_alloc+0xf0/0xf0 [ 2274.387460] 1965979 pages RAM [ 2274.390961] ? __might_sleep+0x93/0xb0 [ 2274.390981] __alloc_pages_nodemask+0x62c/0x7a0 [ 2274.390997] ? lock_downgrade+0x740/0x740 [ 2274.395448] 0 pages HighMem/MovableOnly [ 2274.399788] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2274.399814] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2274.399842] alloc_pages_current+0xec/0x1e0 [ 2274.406914] 335854 pages reserved [ 2274.408116] ion_page_pool_alloc+0x11f/0x1c0 [ 2274.408134] ion_system_heap_allocate+0x138/0x910 [ 2274.408146] ? ion_alloc+0x19b/0x860 [ 2274.413178] 0 pages cma reserved [ 2274.416774] ? rcu_read_lock_sched_held+0x110/0x130 [ 2274.416796] ? ion_system_heap_free+0x250/0x250 [ 2274.416820] ion_alloc+0x222/0x860 [ 2274.424358] warn_alloc_show_mem: 3 callbacks suppressed [ 2274.424362] Mem-Info: [ 2274.427427] ? ion_dma_buf_release+0x50/0x50 [ 2274.427455] ? kasan_check_write+0x14/0x20 [ 2274.432308] active_anon:1166714 inactive_anon:200 isolated_anon:0 [ 2274.432308] active_file:6821 inactive_file:8456 isolated_file:0 [ 2274.432308] unevictable:0 dirty:84 writeback:0 unstable:0 [ 2274.432308] slab_reclaimable:18905 slab_unreclaimable:137785 [ 2274.432308] mapped:57727 shmem:255 pagetables:41506 bounce:0 [ 2274.432308] free:89897 free_pcp:487 free_cma:0 [ 2274.436244] ? _copy_from_user+0x99/0x110 [ 2274.436266] ion_ioctl+0x105/0x217 [ 2274.436280] ? ion_alloc.cold+0x40/0x40 [ 2274.436305] ? ion_alloc.cold+0x40/0x40 [ 2274.440430] Node 0 active_anon:1725516kB inactive_anon:768kB active_file:12kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:24kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2274.445260] do_vfs_ioctl+0x7ae/0x1060 [ 2274.445279] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2274.445291] ? lock_downgrade+0x740/0x740 [ 2274.445306] ? ioctl_preallocate+0x1c0/0x1c0 [ 2274.451108] Node 1 active_anon:2941340kB inactive_anon:32kB active_file:27272kB inactive_file:33792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21988kB dirty:312kB writeback:0kB shmem:64kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2274.455226] ? __fget+0x237/0x370 [ 2274.455257] ? security_file_ioctl+0x89/0xb0 [ 2274.455276] SyS_ioctl+0x8f/0xc0 [ 2274.458874] Node 0 [ 2274.463124] ? do_vfs_ioctl+0x1060/0x1060 [ 2274.463145] do_syscall_64+0x1e8/0x640 [ 2274.463157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2274.463182] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2274.463194] RIP: 0033:0x45a679 [ 2274.468213] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2274.471713] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2274.471728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2274.471737] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2274.471745] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2274.471754] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2274.471761] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2274.475015] Swap cache stats: add 0, delete 0, find 0/0 [ 2274.475424] lowmem_reserve[]: [ 2274.480632] Free swap = 0kB [ 2274.496110] 0 [ 2274.496824] Total swap = 0kB [ 2274.515109] 2569 [ 2274.540275] 1965979 pages RAM [ 2274.549527] 2569 [ 2274.551710] 0 pages HighMem/MovableOnly [ 2274.556158] 2569 [ 2274.583950] 335854 pages reserved [ 2274.593803] 2569 [ 2274.597112] 0 pages cma reserved [ 2274.790263] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2274.793627] syz-executor.5 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2274.809759] syz-executor.1 cpuset= [ 2274.826818] IPVS: ftp: loaded support on port[0] = 21 [ 2274.833241] syz1 [ 2274.835667] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2274.841329] mems_allowed=0-1 [ 2274.846916] CPU: 0 PID: 8141 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2274.854729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2274.864089] Call Trace: [ 2274.866669] dump_stack+0x142/0x197 [ 2274.870288] warn_alloc.cold+0x96/0x1af [ 2274.874266] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2274.879109] ? call_timer_fn+0x670/0x670 [ 2274.883184] __alloc_pages_slowpath+0x23c6/0x2930 [ 2274.888053] ? warn_alloc+0xf0/0xf0 [ 2274.891684] ? __might_sleep+0x93/0xb0 [ 2274.895569] __alloc_pages_nodemask+0x62c/0x7a0 [ 2274.900228] ? lock_downgrade+0x740/0x740 [ 2274.904363] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2274.909367] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2274.914983] alloc_pages_current+0xec/0x1e0 [ 2274.919453] ion_page_pool_alloc+0x11f/0x1c0 [ 2274.923876] ion_system_heap_allocate+0x138/0x910 [ 2274.928726] ? ion_system_heap_free+0x250/0x250 [ 2274.933387] ion_alloc+0x68c/0x860 [ 2274.936921] ? ion_dma_buf_release+0x50/0x50 [ 2274.941333] ? kasan_check_write+0x14/0x20 [ 2274.945573] ? _copy_from_user+0x99/0x110 [ 2274.949732] ion_ioctl+0x105/0x217 [ 2274.953269] ? ion_alloc.cold+0x40/0x40 [ 2274.957237] ? ion_alloc.cold+0x40/0x40 [ 2274.961199] do_vfs_ioctl+0x7ae/0x1060 [ 2274.965075] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2274.969815] ? lock_downgrade+0x740/0x740 [ 2274.973959] ? ioctl_preallocate+0x1c0/0x1c0 [ 2274.978356] ? __fget+0x237/0x370 [ 2274.980062] Node 0 DMA32 free:18104kB min:36380kB low:45472kB high:54564kB active_anon:1721132kB inactive_anon:768kB active_file:12kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65524kB bounce:0kB free_pcp:208kB local_pcp:88kB free_cma:0kB [ 2274.981812] ? security_file_ioctl+0x89/0xb0 [ 2274.981829] SyS_ioctl+0x8f/0xc0 [ 2275.018569] ? do_vfs_ioctl+0x1060/0x1060 [ 2275.022710] do_syscall_64+0x1e8/0x640 [ 2275.026618] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2275.031473] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2275.036659] RIP: 0033:0x45a679 [ 2275.039838] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2275.040061] lowmem_reserve[]: [ 2275.047534] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2275.047542] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2275.060044] 0 [ 2275.065150] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2275.065158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2275.066941] 0 [ 2275.074189] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2275.113482] CPU: 1 PID: 8155 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2275.121332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2275.130698] Call Trace: [ 2275.133302] dump_stack+0x142/0x197 [ 2275.136935] dump_header+0x177/0x6cd [ 2275.140171] 0 [ 2275.140636] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2275.140638] 0 0 [ 2275.142431] ? ___ratelimit+0x55/0x537 [ 2275.149492] oom_kill_process.cold+0x10/0xadd [ 2275.157847] ? rcu_read_unlock_special+0x895/0xd40 [ 2275.162813] ? lock_downgrade+0x740/0x740 [ 2275.166983] out_of_memory+0x2ee/0x1180 [ 2275.170969] ? lock_acquire+0x16f/0x430 [ 2275.174956] ? oom_killer_disable+0x1d0/0x1d0 [ 2275.179461] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2275.180175] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2275.184407] __alloc_pages_slowpath+0x2251/0x2930 [ 2275.184431] ? warn_alloc+0xf0/0xf0 [ 2275.218119] ? __might_sleep+0x93/0xb0 [ 2275.222022] __alloc_pages_nodemask+0x62c/0x7a0 [ 2275.224819] lowmem_reserve[]: 0 [ 2275.226723] ? lock_downgrade+0x740/0x740 [ 2275.226737] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2275.229999] 0 [ 2275.234222] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2275.234238] alloc_pages_current+0xec/0x1e0 [ 2275.234252] ion_page_pool_alloc+0x11f/0x1c0 [ 2275.234263] ion_system_heap_allocate+0x138/0x910 [ 2275.234278] ? ion_system_heap_free+0x250/0x250 [ 2275.234291] ion_alloc+0x68c/0x860 [ 2275.234307] ? ion_dma_buf_release+0x50/0x50 [ 2275.234338] ? kasan_check_write+0x14/0x20 [ 2275.234349] ? _copy_from_user+0x99/0x110 [ 2275.234360] ion_ioctl+0x105/0x217 [ 2275.244170] 0 [ 2275.246780] ? ion_alloc.cold+0x40/0x40 [ 2275.251143] 0 [ 2275.255491] ? ion_alloc.cold+0x40/0x40 [ 2275.264986] 0 [ 2275.268506] do_vfs_ioctl+0x7ae/0x1060 [ 2275.277108] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2275.286060] Node 1 [ 2275.286563] ? lock_downgrade+0x740/0x740 [ 2275.290649] Normal free:331328kB min:53508kB low:66884kB high:80260kB active_anon:2941196kB inactive_anon:32kB active_file:27272kB inactive_file:33852kB unevictable:0kB writepending:60kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45344kB pagetables:100448kB bounce:0kB free_pcp:1016kB local_pcp:688kB free_cma:0kB [ 2275.292339] ? ioctl_preallocate+0x1c0/0x1c0 [ 2275.296294] lowmem_reserve[]: [ 2275.298091] ? __fget+0x237/0x370 [ 2275.307305] 0 [ 2275.308933] ? security_file_ioctl+0x89/0xb0 [ 2275.313101] 0 [ 2275.342365] SyS_ioctl+0x8f/0xc0 [ 2275.342376] ? do_vfs_ioctl+0x1060/0x1060 [ 2275.342389] do_syscall_64+0x1e8/0x640 [ 2275.342398] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2275.342415] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2275.342424] RIP: 0033:0x45a679 [ 2275.342430] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2275.342441] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2275.342447] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2275.342453] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2275.342459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2275.342470] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2275.351168] Mem-Info: [ 2275.358992] 0 [ 2275.368239] active_anon:1166678 inactive_anon:199 isolated_anon:0 [ 2275.368239] active_file:6820 inactive_file:8467 isolated_file:0 [ 2275.368239] unevictable:0 dirty:16 writeback:0 unstable:0 [ 2275.368239] slab_reclaimable:18906 slab_unreclaimable:137751 [ 2275.368239] mapped:57694 shmem:255 pagetables:41495 bounce:0 [ 2275.368239] free:99735 free_pcp:52 free_cma:0 [ 2275.374857] 0 [ 2275.385718] Node 0 active_anon:1725516kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2275.387284] 0 [ 2275.405427] Node 0 [ 2275.436666] DMA free:10432kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2275.474386] Node 0 DMA: 4*4kB (M) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10432kB [ 2275.556250] Node 0 DMA32: 3490*4kB (UME) 310*8kB (UME) 91*16kB (UM) 0*32kB 34*64kB (UM) 6*128kB (M) 0*256kB 1*512kB (U) 2*1024kB (U) 24*2048kB (U) 2*4096kB (U) = 80744kB [ 2275.570800] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2275.576456] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2275.584071] Node 0 [ 2275.587633] Node 1 Normal: 5346*4kB (UM) 1780*8kB (UMEH) 2542*16kB (UMEH) 2133*32kB (UMEH) 881*64kB (UMEH) 106*128kB (MEH) 57*256kB (MEH) 108*512kB (ME) 36*1024kB (UMH) 5*2048kB (M) 0*4096kB [ 2275.592224] DMA32 free:62276kB min:36380kB low:45472kB high:54564kB active_anon:1721132kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65524kB bounce:0kB free_pcp:852kB local_pcp:640kB free_cma:0kB [ 2275.595201] = 331496kB [ 2275.642758] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2275.653440] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2275.660328] lowmem_reserve[]: 0 0 0 0 0 [ 2275.666173] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2275.673221] Node 0 [ 2275.679207] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2275.690833] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2275.714636] 15386 total pagecache pages [ 2275.720860] 0 pages in swap cache [ 2275.724331] Swap cache stats: add 0, delete 0, find 0/0 [ 2275.724336] Free swap = 0kB [ 2275.724340] Total swap = 0kB [ 2275.724349] 1965979 pages RAM [ 2275.724353] 0 pages HighMem/MovableOnly [ 2275.724357] 335854 pages reserved [ 2275.724361] 0 pages cma reserved [ 2275.752754] lowmem_reserve[]: 0 0 0 0 0 [ 2275.757012] Node 0 DMA: 4*4kB (M) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10432kB [ 2275.773257] Node 0 DMA32: 4173*4kB (UME) 1250*8kB (UME) 995*16kB (UM) 60*32kB (U) 34*64kB (UM) 6*128kB (M) 1*256kB (U) 0*512kB 1*1024kB (U) 3*2048kB (U) 2*4096kB (U) = 63092kB [ 2275.789450] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2275.800427] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2275.809298] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2275.818087] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2275.826998] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2275.835785] 15386 total pagecache pages [ 2275.839782] 0 pages in swap cache [ 2275.843412] Swap cache stats: add 0, delete 0, find 0/0 [ 2275.848812] Free swap = 0kB [ 2275.851920] Total swap = 0kB [ 2275.854943] 1965979 pages RAM [ 2275.858039] 0 pages HighMem/MovableOnly [ 2275.862179] 335854 pages reserved [ 2275.865790] 0 pages cma reserved [ 2275.869152] Out of memory: Kill process 8867 (syz-executor.0) score 1009 or sacrifice child [ 2275.877761] Killed process 8867 (syz-executor.0) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB [ 2275.890523] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2275.916318] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2275.937670] CPU: 1 PID: 8155 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2275.945528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2275.955244] Call Trace: [ 2275.957853] dump_stack+0x142/0x197 [ 2275.961503] warn_alloc.cold+0x96/0x1af [ 2275.965510] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2275.970401] ? wait_for_completion+0x420/0x420 [ 2275.975026] __alloc_pages_slowpath+0x23c6/0x2930 [ 2275.979909] ? warn_alloc+0xf0/0xf0 [ 2275.983576] ? __might_sleep+0x93/0xb0 [ 2275.987490] __alloc_pages_nodemask+0x62c/0x7a0 [ 2275.992176] ? lock_downgrade+0x740/0x740 [ 2275.996334] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2276.001369] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2276.007016] alloc_pages_current+0xec/0x1e0 [ 2276.011356] ion_page_pool_alloc+0x11f/0x1c0 [ 2276.015782] ion_system_heap_allocate+0x138/0x910 [ 2276.020649] ? ion_system_heap_free+0x250/0x250 [ 2276.025338] ion_alloc+0x68c/0x860 [ 2276.029028] ? ion_dma_buf_release+0x50/0x50 [ 2276.033439] ? kasan_check_write+0x14/0x20 [ 2276.037669] ? _copy_from_user+0x99/0x110 [ 2276.041822] ion_ioctl+0x105/0x217 [ 2276.045503] ? ion_alloc.cold+0x40/0x40 [ 2276.049482] ? ion_alloc.cold+0x40/0x40 [ 2276.053457] do_vfs_ioctl+0x7ae/0x1060 [ 2276.057335] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2276.062097] ? lock_downgrade+0x740/0x740 [ 2276.066259] ? ioctl_preallocate+0x1c0/0x1c0 [ 2276.070678] ? __fget+0x237/0x370 [ 2276.074128] ? security_file_ioctl+0x89/0xb0 [ 2276.078529] SyS_ioctl+0x8f/0xc0 [ 2276.081885] ? do_vfs_ioctl+0x1060/0x1060 [ 2276.086030] do_syscall_64+0x1e8/0x640 [ 2276.089910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2276.094831] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2276.100009] RIP: 0033:0x45a679 [ 2276.103190] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2276.110899] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2276.118171] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2276.125430] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2276.132714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2276.140027] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2276.147910] warn_alloc_show_mem: 2 callbacks suppressed [ 2276.147913] Mem-Info: [ 2276.156162] active_anon:1166678 inactive_anon:199 isolated_anon:0 [ 2276.156162] active_file:6821 inactive_file:8477 isolated_file:0 [ 2276.156162] unevictable:0 dirty:62 writeback:0 unstable:0 [ 2276.156162] slab_reclaimable:18923 slab_unreclaimable:137960 [ 2276.156162] mapped:57694 shmem:255 pagetables:41443 bounce:0 [ 2276.156162] free:94814 free_pcp:585 free_cma:0 [ 2276.190154] Node 0 active_anon:1725544kB inactive_anon:776kB active_file:8kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:28kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2276.218315] Node 1 active_anon:2941168kB inactive_anon:20kB active_file:27272kB inactive_file:33892kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21856kB dirty:220kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2276.247328] Node 0 DMA free:10480kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2276.273949] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2276.279152] Node 0 DMA32 free:36328kB min:36380kB low:45472kB high:54564kB active_anon:1721160kB inactive_anon:776kB active_file:4kB inactive_file:36kB unevictable:0kB writepending:28kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65524kB bounce:0kB free_pcp:1164kB local_pcp:648kB free_cma:0kB [ 2276.308397] lowmem_reserve[]: 0 0 0 0 0 [ 2276.312674] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2276.338437] lowmem_reserve[]: 0 0 0 0 0 [ 2276.342496] Node 1 Normal free:332708kB min:53508kB low:66884kB high:80260kB active_anon:2941168kB inactive_anon:20kB active_file:27272kB inactive_file:33892kB unevictable:0kB writepending:220kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45280kB pagetables:100240kB bounce:0kB free_pcp:968kB local_pcp:308kB free_cma:0kB [ 2276.372534] lowmem_reserve[]: 0 0 0 0 0 [ 2276.376533] Node 0 DMA: 8*4kB (UM) 26*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10480kB [ 2276.392257] Node 0 DMA32: 3634*4kB (ME) 358*8kB (ME) 135*16kB (ME) 34*32kB (UM) 33*64kB (M) 6*128kB (M) 0*256kB 1*512kB (U) 0*1024kB 2*2048kB (U) 2*4096kB (U) = 36328kB [ 2276.407650] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2276.418484] Node 1 Normal: 5437*4kB (UM) 1788*8kB (UMEH) 2565*16kB (UMEH) 2146*32kB (UMEH) 881*64kB (UMEH) 106*128kB (MEH) 57*256kB (MEH) 108*512kB (ME) 36*1024kB (UMH) 5*2048kB (M) 0*4096kB = 332708kB [ 2276.436720] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2276.445633] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2276.454286] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2276.463199] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2276.471874] 15407 total pagecache pages [ 2276.475926] 0 pages in swap cache [ 2276.479363] Swap cache stats: add 0, delete 0, find 0/0 [ 2276.484835] Free swap = 0kB [ 2276.487851] Total swap = 0kB [ 2276.490939] 1965979 pages RAM [ 2276.494039] 0 pages HighMem/MovableOnly [ 2276.498012] 335854 pages reserved [ 2276.501519] 0 pages cma reserved 20:58:27 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:27 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:27 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:27 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) 20:58:27 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2277.005687] oom_reaper: reaped process 8215 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2277.050768] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2277.056376] syz-executor.1: [ 2277.078411] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2277.083825] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2277.088022] CPU: 0 PID: 8232 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2277.101756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2277.102653] syz-executor.1 cpuset= [ 2277.111127] Call Trace: [ 2277.111148] dump_stack+0x142/0x197 [ 2277.111171] warn_alloc.cold+0x96/0x1af [ 2277.111184] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2277.111213] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2277.111234] __alloc_pages_slowpath+0x23c6/0x2930 [ 2277.121620] syz-executor.5: [ 2277.125226] ? save_trace+0x290/0x290 [ 2277.125254] ? warn_alloc+0xf0/0xf0 [ 2277.130574] syz1 [ 2277.135401] ? __might_sleep+0x93/0xb0 [ 2277.140992] page allocation failure: order:4 [ 2277.143234] __alloc_pages_nodemask+0x62c/0x7a0 [ 2277.143251] ? lock_downgrade+0x740/0x740 [ 2277.143269] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2277.147521] mems_allowed=0-1 [ 2277.150744] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2277.150772] alloc_pages_current+0xec/0x1e0 [ 2277.150793] ion_page_pool_alloc+0x11f/0x1c0 [ 2277.150808] ion_system_heap_allocate+0x138/0x910 [ 2277.150819] ? ion_alloc+0x19b/0x860 [ 2277.150833] ? rcu_read_lock_sched_held+0x110/0x130 [ 2277.153073] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2277.156684] ? ion_system_heap_free+0x250/0x250 [ 2277.156711] ion_alloc+0x222/0x860 [ 2277.156734] ? ion_dma_buf_release+0x50/0x50 [ 2277.170227] 0 [ 2277.174924] ? kasan_check_write+0x14/0x20 [ 2277.174940] ? _copy_from_user+0x99/0x110 [ 2277.174960] ion_ioctl+0x105/0x217 [ 2277.184083] syz-executor.5 cpuset= [ 2277.188072] ? ion_alloc.cold+0x40/0x40 [ 2277.188107] ? ion_alloc.cold+0x40/0x40 [ 2277.188122] do_vfs_ioctl+0x7ae/0x1060 [ 2277.188137] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2277.205207] syz5 [ 2277.206075] ? lock_downgrade+0x740/0x740 [ 2277.223637] mems_allowed=0-1 [ 2277.225866] ? ioctl_preallocate+0x1c0/0x1c0 [ 2277.225888] ? __fget+0x237/0x370 [ 2277.225919] ? security_file_ioctl+0x89/0xb0 [ 2277.281248] SyS_ioctl+0x8f/0xc0 [ 2277.284615] ? do_vfs_ioctl+0x1060/0x1060 [ 2277.288771] do_syscall_64+0x1e8/0x640 [ 2277.292665] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2277.297521] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2277.302727] RIP: 0033:0x45a679 [ 2277.305925] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2277.313743] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2277.321021] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2277.328298] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2277.335577] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2277.342963] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2277.351518] CPU: 1 PID: 8234 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2277.359431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2277.361865] Mem-Info: [ 2277.368785] Call Trace: [ 2277.368803] dump_stack+0x142/0x197 [ 2277.368820] warn_alloc.cold+0x96/0x1af [ 2277.368831] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2277.368853] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2277.368868] __alloc_pages_slowpath+0x23c6/0x2930 [ 2277.371672] active_anon:1162644 inactive_anon:198 isolated_anon:0 [ 2277.371672] active_file:6824 inactive_file:8508 isolated_file:0 [ 2277.371672] unevictable:0 dirty:128 writeback:0 unstable:0 [ 2277.371672] slab_reclaimable:18944 slab_unreclaimable:137670 [ 2277.371672] mapped:57700 shmem:255 pagetables:41498 bounce:0 [ 2277.371672] free:94349 free_pcp:347 free_cma:0 [ 2277.373871] ? save_trace+0x290/0x290 [ 2277.373891] ? warn_alloc+0xf0/0xf0 [ 2277.373914] ? __might_sleep+0x93/0xb0 [ 2277.373927] __alloc_pages_nodemask+0x62c/0x7a0 [ 2277.377797] Node 0 active_anon:1725516kB inactive_anon:772kB active_file:24kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:28kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2277.381491] ? lock_downgrade+0x740/0x740 [ 2277.381504] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2277.381522] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2277.381541] alloc_pages_current+0xec/0x1e0 [ 2277.381555] ion_page_pool_alloc+0x11f/0x1c0 [ 2277.381566] ion_system_heap_allocate+0x138/0x910 [ 2277.381575] ? ion_alloc+0x19b/0x860 [ 2277.381587] ? rcu_read_lock_sched_held+0x110/0x130 [ 2277.381604] ? ion_system_heap_free+0x250/0x250 [ 2277.386699] Node 0 [ 2277.391702] ion_alloc+0x222/0x860 [ 2277.391721] ? ion_dma_buf_release+0x50/0x50 [ 2277.391740] ? kasan_check_write+0x14/0x20 [ 2277.391752] ? _copy_from_user+0x99/0x110 [ 2277.391764] ion_ioctl+0x105/0x217 [ 2277.391774] ? ion_alloc.cold+0x40/0x40 [ 2277.391790] ? ion_alloc.cold+0x40/0x40 [ 2277.396882] DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2277.430378] do_vfs_ioctl+0x7ae/0x1060 [ 2277.430393] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2277.430403] ? lock_downgrade+0x740/0x740 [ 2277.430416] ? ioctl_preallocate+0x1c0/0x1c0 [ 2277.430430] ? __fget+0x237/0x370 [ 2277.430450] ? security_file_ioctl+0x89/0xb0 [ 2277.430462] SyS_ioctl+0x8f/0xc0 [ 2277.430471] ? do_vfs_ioctl+0x1060/0x1060 [ 2277.430485] do_syscall_64+0x1e8/0x640 [ 2277.430493] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2277.430511] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2277.436094] lowmem_reserve[]: [ 2277.437916] RIP: 0033:0x45a679 [ 2277.437923] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2277.437935] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2277.437941] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2277.437948] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2277.437955] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2277.437961] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2277.455389] 0 [ 2277.476331] CPU: 1 PID: 8240 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2277.493989] 2569 [ 2277.498212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2277.498217] Call Trace: [ 2277.498234] dump_stack+0x142/0x197 [ 2277.498252] warn_alloc.cold+0x96/0x1af [ 2277.498263] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2277.498283] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2277.503531] 2569 [ 2277.506828] __alloc_pages_slowpath+0x23c6/0x2930 [ 2277.506851] ? save_trace+0x290/0x290 [ 2277.506870] ? warn_alloc+0xf0/0xf0 [ 2277.506891] ? __might_sleep+0x93/0xb0 [ 2277.512208] 2569 [ 2277.516549] __alloc_pages_nodemask+0x62c/0x7a0 [ 2277.516561] ? lock_downgrade+0x740/0x740 [ 2277.516574] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2277.516592] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2277.516609] alloc_pages_current+0xec/0x1e0 [ 2277.516624] ion_page_pool_alloc+0x11f/0x1c0 [ 2277.519107] 2569 [ 2277.522376] ion_system_heap_allocate+0x138/0x910 [ 2277.522386] ? ion_alloc+0x19b/0x860 [ 2277.522399] ? rcu_read_lock_sched_held+0x110/0x130 [ 2277.522412] ? ion_system_heap_free+0x250/0x250 [ 2277.522430] ion_alloc+0x222/0x860 [ 2277.522448] ? ion_dma_buf_release+0x50/0x50 [ 2277.522464] ? kasan_check_write+0x14/0x20 [ 2277.531077] ? _copy_from_user+0x99/0x110 [ 2277.531090] ion_ioctl+0x105/0x217 [ 2277.531102] ? ion_alloc.cold+0x40/0x40 [ 2277.531120] ? ion_alloc.cold+0x40/0x40 [ 2277.531133] do_vfs_ioctl+0x7ae/0x1060 [ 2277.531145] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2277.531155] ? lock_downgrade+0x740/0x740 [ 2277.531167] ? ioctl_preallocate+0x1c0/0x1c0 [ 2277.531182] ? __fget+0x237/0x370 [ 2277.536677] Node 0 [ 2277.538857] ? security_file_ioctl+0x89/0xb0 [ 2277.538874] SyS_ioctl+0x8f/0xc0 [ 2277.538885] ? do_vfs_ioctl+0x1060/0x1060 [ 2277.538900] do_syscall_64+0x1e8/0x640 [ 2277.538910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2277.538927] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2277.543354] DMA32 free:18168kB min:36380kB low:45472kB high:54564kB active_anon:1721132kB inactive_anon:772kB active_file:24kB inactive_file:24kB unevictable:0kB writepending:28kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65508kB bounce:0kB free_pcp:1388kB local_pcp:664kB free_cma:0kB [ 2277.546864] RIP: 0033:0x45a679 [ 2277.546870] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2277.546881] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2277.546887] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2277.546894] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2277.546901] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2277.546907] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2277.574067] lowmem_reserve[]: [ 2277.589504] 0 [ 2277.625523] syz-executor.5 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2277.626914] 0 [ 2277.649817] 0 [ 2277.658161] 0 [ 2277.671796] 0 [ 2277.686747] 0 [ 2277.696211] , order=0, oom_score_adj=1000 [ 2277.714712] Node 0 [ 2277.724207] syz-executor.5 cpuset= [ 2277.724870] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2277.732469] lowmem_reserve[]: [ 2277.738918] syz5 [ 2277.739368] 0 [ 2277.754368] 0 [ 2277.767572] mems_allowed=0-1 [ 2277.770331] 0 [ 2277.779119] 0 [ 2277.793001] CPU: 1 PID: 8240 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2277.796269] 0 [ 2277.799993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2277.799998] Call Trace: [ 2277.800018] dump_stack+0x142/0x197 [ 2277.800037] dump_header+0x177/0x6cd [ 2277.800052] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2277.800064] ? ___ratelimit+0x55/0x537 [ 2277.800079] oom_kill_process.cold+0x10/0xadd [ 2277.800089] ? rcu_read_unlock_special+0x895/0xd40 [ 2277.800103] ? lock_downgrade+0x740/0x740 [ 2277.800118] out_of_memory+0x2ee/0x1180 [ 2277.807605] ? lock_acquire+0x16f/0x430 [ 2277.807625] ? oom_killer_disable+0x1d0/0x1d0 [ 2277.807636] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2277.807650] __alloc_pages_slowpath+0x2251/0x2930 [ 2277.807681] ? warn_alloc+0xf0/0xf0 [ 2277.807702] ? __might_sleep+0x93/0xb0 [ 2277.813980] Node 0 [ 2277.815548] __alloc_pages_nodemask+0x62c/0x7a0 [ 2277.815563] ? lock_downgrade+0x740/0x740 [ 2277.815576] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2277.815594] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2277.815610] alloc_pages_current+0xec/0x1e0 [ 2277.815626] ion_page_pool_alloc+0x11f/0x1c0 [ 2277.823804] DMA: [ 2277.824685] ion_system_heap_allocate+0x138/0x910 [ 2277.824694] ? ion_alloc+0x19b/0x860 [ 2277.824709] ? rcu_read_lock_sched_held+0x110/0x130 [ 2277.829399] 5*4kB [ 2277.832576] ? ion_system_heap_free+0x250/0x250 [ 2277.832603] ion_alloc+0x222/0x860 [ 2277.832622] ? ion_dma_buf_release+0x50/0x50 [ 2277.832640] ? kasan_check_write+0x14/0x20 [ 2277.832650] ? _copy_from_user+0x99/0x110 [ 2277.832661] ion_ioctl+0x105/0x217 [ 2278.166090] ? ion_alloc.cold+0x40/0x40 [ 2278.170080] ? ion_alloc.cold+0x40/0x40 [ 2278.174050] do_vfs_ioctl+0x7ae/0x1060 [ 2278.177986] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2278.184433] ? lock_downgrade+0x740/0x740 [ 2278.188581] ? ioctl_preallocate+0x1c0/0x1c0 [ 2278.192975] ? __fget+0x237/0x370 [ 2278.196436] ? security_file_ioctl+0x89/0xb0 [ 2278.200831] SyS_ioctl+0x8f/0xc0 [ 2278.204184] ? do_vfs_ioctl+0x1060/0x1060 [ 2278.208320] do_syscall_64+0x1e8/0x640 [ 2278.212191] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2278.217025] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2278.222201] RIP: 0033:0x45a679 [ 2278.225377] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2278.233187] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2278.240467] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2278.247729] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2278.254983] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2278.262237] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2278.271225] Mem-Info: [ 2278.273693] active_anon:1162659 inactive_anon:199 isolated_anon:0 [ 2278.273693] active_file:6825 inactive_file:8520 isolated_file:0 [ 2278.273693] unevictable:0 dirty:153 writeback:0 unstable:0 [ 2278.273693] slab_reclaimable:18952 slab_unreclaimable:137763 [ 2278.273693] mapped:57700 shmem:255 pagetables:41489 bounce:0 20:58:28 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2278.273693] free:94281 free_pcp:346 free_cma:0 [ 2278.307726] Node 0 active_anon:1725516kB inactive_anon:772kB active_file:28kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:28kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2278.338799] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2278.365476] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2278.366089] (UM) [ 2278.370621] Node 0 DMA32 free:18168kB min:36380kB low:45472kB high:54564kB active_anon:1721132kB inactive_anon:772kB active_file:28kB inactive_file:20kB unevictable:0kB writepending:28kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65508kB bounce:0kB free_pcp:1396kB local_pcp:720kB free_cma:0kB [ 2278.402128] 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2278.405578] lowmem_reserve[]: [ 2278.429810] Node 0 DMA32: 3494*4kB (UME) 285*8kB (UME) 75*16kB (UME) 22*32kB (UMH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18160kB 20:58:28 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2278.450776] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2278.469787] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2278.478971] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2278.482264] 0 [ 2278.501977] 0 [ 2278.506283] 0 0 0 [ 2278.518651] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2278.518770] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2278.597524] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2278.606795] 15444 total pagecache pages [ 2278.611467] 0 pages in swap cache [ 2278.615245] Swap cache stats: add 0, delete 0, find 0/0 [ 2278.621814] Free swap = 0kB [ 2278.629524] Total swap = 0kB [ 2278.632851] 1965979 pages RAM [ 2278.636846] 0 pages HighMem/MovableOnly [ 2278.638443] lowmem_reserve[]: [ 2278.641972] 335854 pages reserved [ 2278.645338] 0 0 0 0 0 [ 2278.649650] 0 pages cma reserved [ 2278.665991] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2278.699622] Node 0 DMA32: 3557*4kB (UME) 297*8kB (UME) 82*16kB (UME) 14*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18364kB [ 2278.732309] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2278.759054] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2278.770311] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2278.785404] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2278.791376] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2278.807553] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2278.818870] CPU: 0 PID: 8215 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2278.824163] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2278.828617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2278.828622] Call Trace: [ 2278.828641] dump_stack+0x142/0x197 [ 2278.828656] warn_alloc.cold+0x96/0x1af [ 2278.828667] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2278.838093] 15444 total pagecache pages [ 2278.846587] ? trace_hardirqs_on_caller+0x400/0x590 [ 2278.846599] ? call_timer_fn+0x670/0x670 [ 2278.846624] __alloc_pages_slowpath+0x23c6/0x2930 [ 2278.846648] ? warn_alloc+0xf0/0xf0 [ 2278.846669] ? __might_sleep+0x93/0xb0 [ 2278.846680] __alloc_pages_nodemask+0x62c/0x7a0 [ 2278.846691] ? lock_downgrade+0x740/0x740 [ 2278.852982] 0 pages in swap cache [ 2278.856843] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2278.856862] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2278.856882] alloc_pages_current+0xec/0x1e0 [ 2278.867750] Swap cache stats: add 0, delete 0, find 0/0 [ 2278.870708] ion_page_pool_alloc+0x11f/0x1c0 [ 2278.870720] ion_system_heap_allocate+0x138/0x910 [ 2278.870729] ? ion_alloc+0x19b/0x860 [ 2278.870741] ? rcu_read_lock_sched_held+0x110/0x130 [ 2278.870753] ? ion_system_heap_free+0x250/0x250 [ 2278.870767] ion_alloc+0x222/0x860 [ 2278.870783] ? ion_dma_buf_release+0x50/0x50 [ 2278.870800] ? kasan_check_write+0x14/0x20 [ 2278.882632] Free swap = 0kB [ 2278.883334] ? _copy_from_user+0x99/0x110 [ 2278.883349] ion_ioctl+0x105/0x217 [ 2278.883361] ? ion_alloc.cold+0x40/0x40 [ 2278.895366] Total swap = 0kB [ 2278.896041] ? ion_alloc.cold+0x40/0x40 [ 2278.905380] 1965979 pages RAM [ 2278.910098] do_vfs_ioctl+0x7ae/0x1060 [ 2278.910113] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2278.910123] ? lock_downgrade+0x740/0x740 [ 2278.910134] ? ioctl_preallocate+0x1c0/0x1c0 [ 2278.910147] ? __fget+0x237/0x370 [ 2278.910164] ? security_file_ioctl+0x89/0xb0 [ 2278.910177] SyS_ioctl+0x8f/0xc0 [ 2278.910187] ? do_vfs_ioctl+0x1060/0x1060 [ 2278.910199] do_syscall_64+0x1e8/0x640 [ 2278.923526] 0 pages HighMem/MovableOnly [ 2278.924277] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2278.924303] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2278.939709] 335854 pages reserved [ 2278.942632] RIP: 0033:0x45a679 [ 2278.942638] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2278.942647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2278.942652] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2278.942657] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2278.942662] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2278.942667] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2278.984555] warn_alloc_show_mem: 2 callbacks suppressed [ 2278.984559] Mem-Info: [ 2279.056484] 0 pages cma reserved [ 2279.065907] active_anon:1162634 inactive_anon:199 isolated_anon:0 [ 2279.065907] active_file:6825 inactive_file:8520 isolated_file:0 [ 2279.065907] unevictable:0 dirty:3 writeback:0 unstable:0 [ 2279.065907] slab_reclaimable:18952 slab_unreclaimable:137867 [ 2279.065907] mapped:57700 shmem:255 pagetables:41489 bounce:0 [ 2279.065907] free:94303 free_pcp:151 free_cma:0 [ 2279.083865] Out of memory: Kill process 8918 (syz-executor.0) score 1009 or sacrifice child [ 2279.088349] Node 0 active_anon:1725516kB inactive_anon:772kB active_file:28kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:28kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2279.103313] Killed process 8918 (syz-executor.0) total-vm:72980kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB [ 2279.132963] Node 1 active_anon:2925012kB inactive_anon:24kB active_file:27272kB inactive_file:34116kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21880kB dirty:76kB writeback:0kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2279.208394] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2279.239375] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2279.244935] Node 0 DMA32 free:18204kB min:36380kB low:45472kB high:54564kB active_anon:1721108kB inactive_anon:772kB active_file:0kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65508kB bounce:0kB free_pcp:256kB local_pcp:116kB free_cma:0kB [ 2279.278151] lowmem_reserve[]: 0 0 0 0 0 [ 2279.282980] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 20:58:29 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2279.318700] syz-executor.1 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2279.382590] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2279.401676] lowmem_reserve[]: 0 0 0 0 0 [ 2279.404947] CPU: 1 PID: 8234 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2279.413543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2279.417779] Node 1 [ 2279.422915] Call Trace: [ 2279.422937] dump_stack+0x142/0x197 [ 2279.422954] dump_header+0x177/0x6cd [ 2279.422967] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2279.422978] ? ___ratelimit+0x55/0x537 [ 2279.422991] oom_kill_process.cold+0x10/0xadd [ 2279.423000] ? rcu_read_unlock_special+0x639/0xd40 [ 2279.423015] ? lock_downgrade+0x740/0x740 [ 2279.445883] Normal free:366516kB min:53508kB low:66884kB high:80260kB active_anon:2908512kB inactive_anon:24kB active_file:27272kB inactive_file:34116kB unevictable:0kB writepending:4kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45376kB pagetables:100364kB bounce:0kB free_pcp:1260kB local_pcp:628kB free_cma:0kB [ 2279.448622] out_of_memory+0x2ee/0x1180 [ 2279.448635] ? lock_acquire+0x16f/0x430 [ 2279.457331] lowmem_reserve[]: [ 2279.457706] ? oom_killer_disable+0x1d0/0x1d0 [ 2279.491111] 0 [ 2279.494894] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2279.494909] __alloc_pages_slowpath+0x2251/0x2930 [ 2279.494935] ? warn_alloc+0xf0/0xf0 [ 2279.498327] 0 [ 2279.502523] ? __might_sleep+0x93/0xb0 [ 2279.502538] __alloc_pages_nodemask+0x62c/0x7a0 [ 2279.502550] ? lock_downgrade+0x740/0x740 [ 2279.502561] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2279.502576] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2279.504592] 0 [ 2279.509284] alloc_pages_current+0xec/0x1e0 [ 2279.509302] ion_page_pool_alloc+0x11f/0x1c0 [ 2279.509315] ion_system_heap_allocate+0x138/0x910 [ 2279.514380] 0 [ 2279.517751] ? ion_alloc+0x19b/0x860 [ 2279.517765] ? rcu_read_lock_sched_held+0x110/0x130 [ 2279.517778] ? ion_system_heap_free+0x250/0x250 [ 2279.517793] ion_alloc+0x222/0x860 [ 2279.519746] 0 [ 2279.523451] ? ion_dma_buf_release+0x50/0x50 [ 2279.523469] ? kasan_check_write+0x14/0x20 [ 2279.523481] ? _copy_from_user+0x99/0x110 [ 2279.523496] ion_ioctl+0x105/0x217 [ 2279.532279] ? ion_alloc.cold+0x40/0x40 [ 2279.532297] ? ion_alloc.cold+0x40/0x40 [ 2279.532308] do_vfs_ioctl+0x7ae/0x1060 [ 2279.532321] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2279.532333] ? lock_downgrade+0x740/0x740 [ 2279.538151] Node 0 [ 2279.542959] ? ioctl_preallocate+0x1c0/0x1c0 [ 2279.542975] ? __fget+0x237/0x370 [ 2279.542993] ? security_file_ioctl+0x89/0xb0 [ 2279.543010] SyS_ioctl+0x8f/0xc0 [ 2279.545181] DMA: [ 2279.549111] ? do_vfs_ioctl+0x1060/0x1060 [ 2279.549126] do_syscall_64+0x1e8/0x640 [ 2279.549136] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2279.549154] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2279.553799] 5*4kB [ 2279.558367] RIP: 0033:0x45a679 [ 2279.558372] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2279.558384] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2279.558391] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 20:58:29 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x50000000000443) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2279.558396] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2279.558404] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2279.560381] (UM) [ 2279.563880] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2279.707374] 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2279.740940] Node 0 DMA32: 3523*4kB (MEH) 292*8kB (ME) 80*16kB (UME) 12*32kB (UMH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18092kB [ 2279.770101] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2279.809663] Node 1 Normal: 5472*4kB (UME) 2035*8kB (UMEH) 2901*16kB (UMEH) 2353*32kB (UMEH) 928*64kB (UMEH) 164*128kB (MEH) 71*256kB (MEH) 115*512kB (ME) 37*1024kB (UMH) 5*2048kB (M) 0*4096kB = 365448kB [ 2279.844666] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2279.858093] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2279.863821] Mem-Info: [ 2279.867921] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2279.878428] active_anon:1158501 inactive_anon:199 isolated_anon:0 [ 2279.878428] active_file:6815 inactive_file:8538 isolated_file:0 [ 2279.878428] unevictable:0 dirty:53 writeback:0 unstable:0 [ 2279.878428] slab_reclaimable:18964 slab_unreclaimable:137675 [ 2279.878428] mapped:57725 shmem:255 pagetables:41470 bounce:0 [ 2279.878428] free:98474 free_pcp:89 free_cma:0 [ 2279.882197] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2279.927575] 15452 total pagecache pages [ 2279.931994] 0 pages in swap cache [ 2279.935576] Swap cache stats: add 0, delete 0, find 0/0 [ 2279.946335] Free swap = 0kB [ 2279.949488] Total swap = 0kB [ 2279.952658] 1965979 pages RAM [ 2279.955882] 0 pages HighMem/MovableOnly [ 2279.959957] 335854 pages reserved [ 2279.968798] 0 pages cma reserved [ 2279.977719] Node 0 active_anon:1725492kB inactive_anon:772kB active_file:0kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:36kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2280.035388] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2280.079401] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2280.098281] Node 0 DMA32 free:65472kB min:36380kB low:45472kB high:54564kB active_anon:1721088kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65416kB bounce:0kB free_pcp:736kB local_pcp:92kB free_cma:0kB [ 2280.146219] lowmem_reserve[]: 0 0 0 0 0 [ 2280.165383] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2280.223531] lowmem_reserve[]: 0 0 0 0 0 [ 2280.242227] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2280.292855] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2280.314411] Node 0 DMA32: 3560*4kB (UMEH) 310*8kB (UME) 667*16kB (UMEH) 373*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 39328kB [ 2280.341267] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2280.346807] CPU: 0 PID: 8215 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2280.354614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2280.363975] Call Trace: [ 2280.366574] dump_stack+0x142/0x197 [ 2280.370204] warn_alloc.cold+0x96/0x1af [ 2280.374175] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2280.379029] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2280.384317] __alloc_pages_slowpath+0x23c6/0x2930 [ 2280.389177] ? save_trace+0x290/0x290 [ 2280.392990] ? warn_alloc+0xf0/0xf0 [ 2280.396629] ? __might_sleep+0x93/0xb0 [ 2280.400518] __alloc_pages_nodemask+0x62c/0x7a0 [ 2280.405191] ? lock_downgrade+0x740/0x740 [ 2280.409339] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2280.414364] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2280.419994] alloc_pages_current+0xec/0x1e0 [ 2280.424323] ion_page_pool_alloc+0x11f/0x1c0 [ 2280.428729] ion_system_heap_allocate+0x138/0x910 [ 2280.433581] ? ion_system_heap_free+0x250/0x250 [ 2280.434923] Node 0 Normal: [ 2280.438251] ion_alloc+0x68c/0x860 [ 2280.438253] 0*4kB 0*8kB [ 2280.441176] ? ion_dma_buf_release+0x50/0x50 [ 2280.441192] ? kasan_check_write+0x14/0x20 [ 2280.441203] ? _copy_from_user+0x99/0x110 [ 2280.441214] ion_ioctl+0x105/0x217 [ 2280.441225] ? ion_alloc.cold+0x40/0x40 [ 2280.441240] ? ion_alloc.cold+0x40/0x40 [ 2280.460098] 0*16kB [ 2280.460206] do_vfs_ioctl+0x7ae/0x1060 [ 2280.463731] 0*32kB 0*64kB [ 2280.467726] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2280.485373] ? lock_downgrade+0x740/0x740 [ 2280.489525] ? ioctl_preallocate+0x1c0/0x1c0 [ 2280.493942] ? __fget+0x237/0x370 [ 2280.494921] 0*128kB 0*256kB [ 2280.497406] ? security_file_ioctl+0x89/0xb0 [ 2280.497414] 0*512kB [ 2280.500446] SyS_ioctl+0x8f/0xc0 [ 2280.500457] ? do_vfs_ioctl+0x1060/0x1060 [ 2280.500470] do_syscall_64+0x1e8/0x640 [ 2280.500479] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2280.500497] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2280.500505] RIP: 0033:0x45a679 [ 2280.500510] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2280.500523] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2280.504976] 0*1024kB [ 2280.507241] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2280.507248] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2280.534918] 0*2048kB [ 2280.539499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2280.554850] 0*4096kB [ 2280.556405] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2280.568239] Mem-Info: [ 2280.591656] active_anon:1158478 inactive_anon:199 isolated_anon:0 [ 2280.591656] active_file:6820 inactive_file:8544 isolated_file:0 [ 2280.591656] unevictable:0 dirty:59 writeback:0 unstable:0 [ 2280.591656] slab_reclaimable:18986 slab_unreclaimable:137362 [ 2280.591656] mapped:57700 shmem:255 pagetables:41419 bounce:0 [ 2280.591656] free:103350 free_pcp:701 free_cma:0 [ 2280.614902] = 0kB [ 2280.630870] Node 0 active_anon:1725472kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2280.655010] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2280.673022] Node 1 active_anon:2908440kB inactive_anon:24kB active_file:27272kB inactive_file:34160kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21880kB dirty:232kB writeback:0kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2280.675467] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2280.730116] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2280.734662] Node 0 [ 2280.739001] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2280.739007] 15463 total pagecache pages [ 2280.739023] 0 pages in swap cache [ 2280.759258] DMA free:10396kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2280.785766] Swap cache stats: add 0, delete 0, find 0/0 [ 2280.800123] Free swap = 0kB [ 2280.803391] Total swap = 0kB [ 2280.806421] 1965979 pages RAM [ 2280.809533] 0 pages HighMem/MovableOnly [ 2280.833241] 335854 pages reserved [ 2280.836741] 0 pages cma reserved [ 2280.842730] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2280.847829] Node 0 DMA32 free:36204kB min:36380kB low:45472kB high:54564kB active_anon:1721088kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65416kB bounce:0kB free_pcp:1400kB local_pcp:768kB free_cma:0kB [ 2280.860195] Out of memory: Kill process 13185 (syz-executor.0) score 1009 or sacrifice child [ 2280.887000] lowmem_reserve[]: 0 0 0 0 0 [ 2280.897141] Killed process 13185 (syz-executor.0) total-vm:72980kB, anon-rss:16408kB, file-rss:34816kB, shmem-rss:0kB [ 2280.915398] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2280.943890] lowmem_reserve[]: 0 0 0 0 0 [ 2280.947934] Node 1 Normal free:366416kB min:53508kB low:66884kB high:80260kB active_anon:2908360kB inactive_anon:24kB active_file:27272kB inactive_file:34160kB unevictable:0kB writepending:232kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45248kB pagetables:100192kB bounce:0kB free_pcp:1332kB local_pcp:636kB free_cma:0kB [ 2280.978678] lowmem_reserve[]: 0 0 0 0 0 [ 2280.988043] Node 0 DMA: 8*4kB (UM) 25*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10408kB [ 2281.008742] Node 0 DMA32: 3588*4kB (MEH) 310*8kB (ME) 470*16kB (UMEH) 375*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36352kB [ 2281.025776] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2281.062422] Node 1 Normal: 5779*4kB (UME) 2037*8kB (UMEH) 2910*16kB (UMEH) 2359*32kB (UMEH) 928*64kB (UMEH) 164*128kB (MEH) 69*256kB (MEH) 113*512kB (ME) 37*1024kB (UMH) 6*2048kB (M) 0*4096kB = 367540kB [ 2281.089224] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2281.099104] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2281.111066] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2281.120142] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2281.128723] 15470 total pagecache pages [ 2281.133630] 0 pages in swap cache [ 2281.137132] Swap cache stats: add 0, delete 0, find 0/0 [ 2281.145779] Free swap = 0kB [ 2281.148825] Total swap = 0kB [ 2281.154023] 1965979 pages RAM [ 2281.157255] 0 pages HighMem/MovableOnly [ 2281.163398] 335854 pages reserved [ 2281.166891] 0 pages cma reserved [ 2281.313306] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2281.324816] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2281.333237] CPU: 0 PID: 8215 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2281.341201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2281.350570] Call Trace: [ 2281.353170] dump_stack+0x142/0x197 [ 2281.356802] warn_alloc.cold+0x96/0x1af [ 2281.360779] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2281.365620] ? trace_hardirqs_on_caller+0x400/0x590 [ 2281.370630] ? call_timer_fn+0x670/0x670 [ 2281.374709] __alloc_pages_slowpath+0x23c6/0x2930 [ 2281.379551] ? warn_alloc+0xf0/0xf0 [ 2281.383269] ? __might_sleep+0x93/0xb0 [ 2281.387152] __alloc_pages_nodemask+0x62c/0x7a0 [ 2281.391818] ? lock_downgrade+0x740/0x740 [ 2281.395970] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2281.401008] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2281.406633] alloc_pages_current+0xec/0x1e0 [ 2281.410956] ion_page_pool_alloc+0x11f/0x1c0 [ 2281.415371] ion_system_heap_allocate+0x138/0x910 [ 2281.425258] ? ion_system_heap_free+0x250/0x250 [ 2281.429919] ion_alloc+0x68c/0x860 [ 2281.433468] ? ion_dma_buf_release+0x50/0x50 [ 2281.437890] ? kasan_check_write+0x14/0x20 [ 2281.442136] ? _copy_from_user+0x99/0x110 [ 2281.446290] ion_ioctl+0x105/0x217 [ 2281.449815] ? ion_alloc.cold+0x40/0x40 [ 2281.453791] ? ion_alloc.cold+0x40/0x40 [ 2281.457763] do_vfs_ioctl+0x7ae/0x1060 [ 2281.461647] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2281.466420] ? lock_downgrade+0x740/0x740 [ 2281.470569] ? ioctl_preallocate+0x1c0/0x1c0 [ 2281.474987] ? __fget+0x237/0x370 [ 2281.478437] ? security_file_ioctl+0x89/0xb0 [ 2281.482842] SyS_ioctl+0x8f/0xc0 [ 2281.486196] ? do_vfs_ioctl+0x1060/0x1060 [ 2281.490341] do_syscall_64+0x1e8/0x640 [ 2281.494230] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2281.499074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2281.504269] RIP: 0033:0x45a679 [ 2281.507444] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2281.515150] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2281.522429] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2281.529702] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2281.537064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2281.544429] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff 20:58:32 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:32 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:32 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2282.014571] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2282.029651] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2282.035198] CPU: 0 PID: 8286 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2282.043002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2282.052366] Call Trace: [ 2282.054997] dump_stack+0x142/0x197 [ 2282.058649] warn_alloc.cold+0x96/0x1af [ 2282.062650] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2282.067545] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2282.072848] __alloc_pages_slowpath+0x23c6/0x2930 [ 2282.077732] ? save_trace+0x290/0x290 [ 2282.081554] ? warn_alloc+0xf0/0xf0 [ 2282.085215] ? __might_sleep+0x93/0xb0 [ 2282.089108] __alloc_pages_nodemask+0x62c/0x7a0 [ 2282.093791] ? lock_downgrade+0x740/0x740 [ 2282.097938] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2282.102968] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2282.108602] alloc_pages_current+0xec/0x1e0 [ 2282.112928] ion_page_pool_alloc+0x11f/0x1c0 [ 2282.117340] ion_system_heap_allocate+0x138/0x910 [ 2282.122214] ? ion_alloc+0x19b/0x860 [ 2282.125968] ? rcu_read_lock_sched_held+0x110/0x130 [ 2282.131036] ? ion_system_heap_free+0x250/0x250 [ 2282.135730] ion_alloc+0x222/0x860 [ 2282.139294] ? ion_dma_buf_release+0x50/0x50 [ 2282.143728] ? kasan_check_write+0x14/0x20 [ 2282.147982] ? _copy_from_user+0x99/0x110 [ 2282.152191] ion_ioctl+0x105/0x217 [ 2282.155750] ? ion_alloc.cold+0x40/0x40 [ 2282.159741] ? ion_alloc.cold+0x40/0x40 [ 2282.163744] do_vfs_ioctl+0x7ae/0x1060 [ 2282.167645] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2282.172531] ? lock_downgrade+0x740/0x740 [ 2282.176711] ? ioctl_preallocate+0x1c0/0x1c0 [ 2282.181128] ? __fget+0x237/0x370 [ 2282.184593] ? security_file_ioctl+0x89/0xb0 [ 2282.189182] SyS_ioctl+0x8f/0xc0 [ 2282.192589] ? do_vfs_ioctl+0x1060/0x1060 [ 2282.196743] do_syscall_64+0x1e8/0x640 [ 2282.200637] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2282.205496] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2282.210684] RIP: 0033:0x45a679 [ 2282.213883] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2282.221592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2282.228858] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2282.236269] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2282.243555] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2282.250836] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2282.263522] warn_alloc_show_mem: 1 callbacks suppressed [ 2282.263528] Mem-Info: [ 2282.271461] active_anon:1154446 inactive_anon:199 isolated_anon:0 [ 2282.271461] active_file:6820 inactive_file:8558 isolated_file:0 [ 2282.271461] unevictable:0 dirty:58 writeback:0 unstable:0 [ 2282.271461] slab_reclaimable:19005 slab_unreclaimable:137333 [ 2282.271461] mapped:57704 shmem:255 pagetables:41423 bounce:0 [ 2282.271461] free:105990 free_pcp:244 free_cma:0 [ 2282.307573] Node 0 active_anon:1719848kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2282.335429] Node 0 DMA free:10416kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2282.362191] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2282.367290] Node 0 DMA32 free:36292kB min:36380kB low:45472kB high:54564kB active_anon:1715464kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:976kB local_pcp:264kB free_cma:0kB [ 2282.397584] lowmem_reserve[]: 0 0 0 0 0 [ 2282.401694] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2282.427243] lowmem_reserve[]: 0 0 0 0 0 [ 2282.431379] Node 0 DMA: 4*4kB (M) 20*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10416kB [ 2282.447124] Node 0 DMA32: 3537*4kB (MEH) 364*8kB (MEH) 104*16kB (MEH) 19*32kB (M) 37*64kB (M) 4*128kB (M) 1*256kB (H) 1*512kB (H) 1*1024kB (H) 6*2048kB (U) 0*4096kB = 36292kB [ 2282.463295] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2282.474441] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2282.483415] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2282.492095] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2282.501165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2282.509760] 15480 total pagecache pages [ 2282.513820] 0 pages in swap cache [ 2282.517280] Swap cache stats: add 0, delete 0, find 0/0 [ 2282.523406] Free swap = 0kB [ 2282.526443] Total swap = 0kB [ 2282.529465] 1965979 pages RAM [ 2282.532648] 0 pages HighMem/MovableOnly [ 2282.536633] 335854 pages reserved [ 2282.545490] 0 pages cma reserved [ 2282.555510] IPVS: ftp: loaded support on port[0] = 21 [ 2282.979176] oom_reaper: reaped process 8240 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2283.015875] syz-executor.5 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2283.029216] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2283.034751] CPU: 0 PID: 8240 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2283.042558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2283.051918] Call Trace: [ 2283.054500] dump_stack+0x142/0x197 [ 2283.058148] dump_header+0x177/0x6cd [ 2283.061921] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2283.067032] ? ___ratelimit+0x55/0x537 [ 2283.070921] oom_kill_process.cold+0x10/0xadd [ 2283.075409] ? rcu_read_unlock_special+0x895/0xd40 [ 2283.080332] ? lock_downgrade+0x740/0x740 [ 2283.084472] out_of_memory+0x2ee/0x1180 [ 2283.088445] ? lock_acquire+0x16f/0x430 [ 2283.092412] ? oom_killer_disable+0x1d0/0x1d0 [ 2283.096895] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2283.101814] __alloc_pages_slowpath+0x2251/0x2930 [ 2283.106654] ? warn_alloc+0xf0/0xf0 [ 2283.110275] ? __might_sleep+0x93/0xb0 [ 2283.114151] __alloc_pages_nodemask+0x62c/0x7a0 [ 2283.118828] ? lock_downgrade+0x740/0x740 [ 2283.122968] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2283.127977] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2283.133595] alloc_pages_current+0xec/0x1e0 [ 2283.137908] ion_page_pool_alloc+0x11f/0x1c0 [ 2283.142320] ion_system_heap_allocate+0x138/0x910 [ 2283.147168] ? ion_alloc+0x19b/0x860 [ 2283.150879] ? rcu_read_lock_sched_held+0x110/0x130 [ 2283.155881] ? ion_system_heap_free+0x250/0x250 [ 2283.160546] ion_alloc+0x222/0x860 [ 2283.164094] ? ion_dma_buf_release+0x50/0x50 [ 2283.168491] ? kasan_check_write+0x14/0x20 [ 2283.172720] ? _copy_from_user+0x99/0x110 [ 2283.176864] ion_ioctl+0x105/0x217 [ 2283.180393] ? ion_alloc.cold+0x40/0x40 [ 2283.184360] ? ion_alloc.cold+0x40/0x40 [ 2283.188332] do_vfs_ioctl+0x7ae/0x1060 [ 2283.192212] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2283.196952] ? lock_downgrade+0x740/0x740 [ 2283.201089] ? ioctl_preallocate+0x1c0/0x1c0 [ 2283.205490] ? __fget+0x237/0x370 [ 2283.208934] ? security_file_ioctl+0x89/0xb0 [ 2283.213335] SyS_ioctl+0x8f/0xc0 [ 2283.216705] ? do_vfs_ioctl+0x1060/0x1060 [ 2283.220844] do_syscall_64+0x1e8/0x640 [ 2283.224719] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2283.229557] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2283.234747] RIP: 0033:0x45a679 [ 2283.237923] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2283.245622] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2283.252882] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2283.260140] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2283.267492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2283.275435] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2283.283942] Mem-Info: [ 2283.286370] active_anon:1154384 inactive_anon:199 isolated_anon:0 [ 2283.286370] active_file:6820 inactive_file:8564 isolated_file:0 [ 2283.286370] unevictable:0 dirty:77 writeback:0 unstable:0 [ 2283.286370] slab_reclaimable:19007 slab_unreclaimable:137328 [ 2283.286370] mapped:57704 shmem:255 pagetables:41396 bounce:0 [ 2283.286370] free:101545 free_pcp:229 free_cma:0 [ 2283.320342] Node 0 active_anon:1719848kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2283.347913] Node 0 DMA free:10376kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2283.374470] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2283.379525] Node 0 DMA32 free:18208kB min:36380kB low:45472kB high:54564kB active_anon:1715464kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:916kB local_pcp:180kB free_cma:0kB [ 2283.408782] lowmem_reserve[]: 0 0 0 0 0 [ 2283.413844] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2283.439244] lowmem_reserve[]: 0 0 0 0 0 [ 2283.443306] Node 0 DMA: 4*4kB (M) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10376kB [ 2283.459164] Node 0 DMA32: 3294*4kB (UMEH) 293*8kB (UME) 48*16kB (UMH) 0*32kB 0*64kB 1*128kB (U) 1*256kB (H) 1*512kB (H) 1*1024kB (H) 0*2048kB 0*4096kB = 18208kB [ 2283.473840] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2283.485191] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2283.494318] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2283.502982] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2283.511989] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2283.520650] 15489 total pagecache pages [ 2283.524635] 0 pages in swap cache [ 2283.528076] Swap cache stats: add 0, delete 0, find 0/0 [ 2283.533517] Free swap = 0kB [ 2283.536537] Total swap = 0kB [ 2283.539543] 1965979 pages RAM [ 2283.543542] 0 pages HighMem/MovableOnly [ 2283.547526] 335854 pages reserved [ 2283.551102] 0 pages cma reserved [ 2283.554470] Out of memory: Kill process 8553 (syz-executor.0) score 1009 or sacrifice child [ 2283.563080] Killed process 8553 (syz-executor.0) total-vm:72980kB, anon-rss:16232kB, file-rss:34816kB, shmem-rss:0kB [ 2283.564009] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2283.579880] syz-executor.4: [ 2283.585288] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2283.589940] syz-executor.2: [ 2283.593819] CPU: 0 PID: 8240 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2283.604630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2283.607441] oom_reaper: reaped process 8232 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2283.613993] Call Trace: [ 2283.614013] dump_stack+0x142/0x197 [ 2283.614028] warn_alloc.cold+0x96/0x1af [ 2283.614038] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2283.614055] ? wait_for_completion+0x420/0x420 [ 2283.614075] __alloc_pages_slowpath+0x23c6/0x2930 [ 2283.625492] page allocation failure: order:0 [ 2283.626555] ? warn_alloc+0xf0/0xf0 [ 2283.626577] ? __might_sleep+0x93/0xb0 [ 2283.634008] page allocation failure: order:0 [ 2283.634173] __alloc_pages_nodemask+0x62c/0x7a0 [ 2283.640090] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2283.643579] ? lock_downgrade+0x740/0x740 [ 2283.643593] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2283.643609] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2283.648696] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2283.652843] alloc_pages_current+0xec/0x1e0 [ 2283.652860] ion_page_pool_alloc+0x11f/0x1c0 [ 2283.652872] ion_system_heap_allocate+0x138/0x910 [ 2283.652880] ? ion_alloc+0x19b/0x860 [ 2283.652891] ? rcu_read_lock_sched_held+0x110/0x130 [ 2283.652903] ? ion_system_heap_free+0x250/0x250 [ 2283.657271] 0 [ 2283.660402] ion_alloc+0x222/0x860 [ 2283.660420] ? ion_dma_buf_release+0x50/0x50 [ 2283.660436] ? kasan_check_write+0x14/0x20 [ 2283.660446] ? _copy_from_user+0x99/0x110 [ 2283.660457] ion_ioctl+0x105/0x217 [ 2283.665128] syz-executor.2 cpuset= [ 2283.669537] ? ion_alloc.cold+0x40/0x40 [ 2283.669554] ? ion_alloc.cold+0x40/0x40 [ 2283.669567] do_vfs_ioctl+0x7ae/0x1060 [ 2283.669580] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2283.669594] ? lock_downgrade+0x740/0x740 [ 2283.677583] 0 [ 2283.680853] ? ioctl_preallocate+0x1c0/0x1c0 [ 2283.680868] ? __fget+0x237/0x370 [ 2283.680888] ? security_file_ioctl+0x89/0xb0 [ 2283.680900] SyS_ioctl+0x8f/0xc0 [ 2283.680910] ? do_vfs_ioctl+0x1060/0x1060 [ 2283.680925] do_syscall_64+0x1e8/0x640 [ 2283.691549] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2283.691569] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2283.691579] RIP: 0033:0x45a679 [ 2283.691583] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2283.691593] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2283.691599] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2283.691605] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2283.691611] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2283.691616] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2283.693137] Mem-Info: [ 2283.699275] syz-executor.4 cpuset= [ 2283.721375] syz2 [ 2283.741355] active_anon:1154334 inactive_anon:199 isolated_anon:0 [ 2283.741355] active_file:6820 inactive_file:8570 isolated_file:0 [ 2283.741355] unevictable:0 dirty:80 writeback:0 unstable:0 [ 2283.741355] slab_reclaimable:19007 slab_unreclaimable:137330 [ 2283.741355] mapped:57704 shmem:255 pagetables:41396 bounce:0 [ 2283.741355] free:101562 free_pcp:549 free_cma:0 [ 2283.763005] oom_reaper: reaped process 8286 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2283.771623] Node 0 active_anon:1719848kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2283.773088] syz4 [ 2283.775660] Node 1 active_anon:2897488kB inactive_anon:24kB active_file:27272kB inactive_file:34264kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21896kB dirty:316kB writeback:0kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2283.793064] mems_allowed=0-1 [ 2283.799221] mems_allowed=0-1 [ 2283.809424] CPU: 0 PID: 8232 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2283.827189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2283.827194] Call Trace: [ 2283.827209] dump_stack+0x142/0x197 [ 2283.827225] warn_alloc.cold+0x96/0x1af [ 2283.856316] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2283.856336] ? wait_for_completion+0x420/0x420 [ 2283.856356] __alloc_pages_slowpath+0x23c6/0x2930 [ 2283.898023] ? warn_alloc+0xf0/0xf0 [ 2283.898044] ? __might_sleep+0x93/0xb0 [ 2283.898056] __alloc_pages_nodemask+0x62c/0x7a0 [ 2283.898069] ? lock_downgrade+0x740/0x740 [ 2283.965050] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2283.965067] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2283.965083] alloc_pages_current+0xec/0x1e0 [ 2283.965099] ion_page_pool_alloc+0x11f/0x1c0 [ 2283.988456] ion_system_heap_allocate+0x138/0x910 [ 2283.988465] ? ion_alloc+0x19b/0x860 [ 2283.988478] ? rcu_read_lock_sched_held+0x110/0x130 [ 2283.988490] ? ion_system_heap_free+0x250/0x250 [ 2284.008077] ion_alloc+0x222/0x860 [ 2284.008095] ? ion_dma_buf_release+0x50/0x50 [ 2284.008111] ? kasan_check_write+0x14/0x20 [ 2284.008126] ? _copy_from_user+0x99/0x110 [ 2284.029396] ion_ioctl+0x105/0x217 [ 2284.029408] ? ion_alloc.cold+0x40/0x40 [ 2284.044507] ? ion_alloc.cold+0x40/0x40 [ 2284.057464] do_vfs_ioctl+0x7ae/0x1060 [ 2284.057478] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2284.057491] ? lock_downgrade+0x740/0x740 [ 2284.075251] ? ioctl_preallocate+0x1c0/0x1c0 [ 2284.075267] ? __fget+0x237/0x370 [ 2284.075289] ? security_file_ioctl+0x89/0xb0 [ 2284.083775] SyS_ioctl+0x8f/0xc0 [ 2284.095232] ? do_vfs_ioctl+0x1060/0x1060 [ 2284.095247] do_syscall_64+0x1e8/0x640 [ 2284.095259] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2284.104026] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2284.104042] RIP: 0033:0x45a679 [ 2284.120516] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 [ 2284.128001] ORIG_RAX: 0000000000000010 [ 2284.128008] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2284.128013] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2284.128019] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2284.128024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2284.128030] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2284.136677] Node 0 [ 2284.140456] CPU: 1 PID: 8286 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2284.142937] DMA free:10376kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2284.145511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2284.145517] Call Trace: [ 2284.145533] dump_stack+0x142/0x197 [ 2284.145549] warn_alloc.cold+0x96/0x1af [ 2284.151136] lowmem_reserve[]: [ 2284.154866] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2284.154889] ? wait_for_completion+0x420/0x420 [ 2284.162962] 0 [ 2284.169476] __alloc_pages_slowpath+0x23c6/0x2930 [ 2284.169503] ? warn_alloc+0xf0/0xf0 [ 2284.177058] 2569 [ 2284.184117] ? __might_sleep+0x93/0xb0 [ 2284.184132] __alloc_pages_nodemask+0x62c/0x7a0 [ 2284.184144] ? lock_downgrade+0x740/0x740 [ 2284.184154] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2284.184170] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2284.184186] alloc_pages_current+0xec/0x1e0 [ 2284.184201] ion_page_pool_alloc+0x11f/0x1c0 [ 2284.184213] ion_system_heap_allocate+0x138/0x910 [ 2284.184224] ? ion_alloc+0x19b/0x860 [ 2284.192184] 2569 [ 2284.193769] ? rcu_read_lock_sched_held+0x110/0x130 [ 2284.193785] ? ion_system_heap_free+0x250/0x250 [ 2284.193801] ion_alloc+0x222/0x860 [ 2284.201851] 2569 [ 2284.227382] ? ion_dma_buf_release+0x50/0x50 [ 2284.227400] ? kasan_check_write+0x14/0x20 [ 2284.227410] ? _copy_from_user+0x99/0x110 [ 2284.227421] ion_ioctl+0x105/0x217 [ 2284.227430] ? ion_alloc.cold+0x40/0x40 [ 2284.227446] ? ion_alloc.cold+0x40/0x40 [ 2284.227463] do_vfs_ioctl+0x7ae/0x1060 [ 2284.227474] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2284.227483] ? lock_downgrade+0x740/0x740 [ 2284.227497] ? ioctl_preallocate+0x1c0/0x1c0 [ 2284.237735] 2569 [ 2284.239580] ? __fget+0x237/0x370 [ 2284.239600] ? security_file_ioctl+0x89/0xb0 [ 2284.247202] SyS_ioctl+0x8f/0xc0 [ 2284.247214] ? do_vfs_ioctl+0x1060/0x1060 [ 2284.247227] do_syscall_64+0x1e8/0x640 [ 2284.247239] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2284.250961] Node 0 [ 2284.255212] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2284.255221] RIP: 0033:0x45a679 [ 2284.255229] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 [ 2284.261241] DMA32 free:18084kB min:36380kB low:45472kB high:54564kB active_anon:1715464kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:904kB local_pcp:176kB free_cma:0kB [ 2284.261622] ORIG_RAX: 0000000000000010 [ 2284.266584] lowmem_reserve[]: [ 2284.270089] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2284.270095] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2284.270100] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2284.270106] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2284.270112] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2284.281782] 0 [ 2284.290810] 0 [ 2284.305261] 0 [ 2284.313877] 0 [ 2284.320979] 0 [ 2284.344457] Node 0 [ 2284.352107] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2284.359669] lowmem_reserve[]: [ 2284.373455] 0 [ 2284.378660] 0 [ 2284.391696] 0 [ 2284.402061] 0 [ 2284.415894] 0 [ 2284.480980] Node 1 [ 2284.498085] Normal free:393920kB min:53508kB low:66884kB high:80260kB active_anon:2881284kB inactive_anon:24kB active_file:27272kB inactive_file:34280kB unevictable:0kB writepending:336kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45216kB pagetables:100144kB bounce:0kB free_pcp:1176kB local_pcp:592kB free_cma:0kB [ 2284.546030] lowmem_reserve[]: [ 2284.613550] 0 0 0 0 0 [ 2284.617362] Node 0 DMA: 8*4kB (UM) 18*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10416kB [ 2284.633751] Node 0 DMA32: 3948*4kB (UMEH) 1027*8kB (UME) 883*16kB (UMH) 464*32kB (UM) 123*64kB (UM) 60*128kB (UM) 25*256kB (UH) 7*512kB (UH) 3*1024kB (UH) 0*2048kB 0*4096kB = 81592kB [ 2284.654848] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2284.658693] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2284.671639] syz-executor.4 cpuset= [ 2284.687892] syz4 mems_allowed=0-1 [ 2284.690472] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2284.702644] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2284.707511] CPU: 1 PID: 8286 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2284.715969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2284.725343] Call Trace: [ 2284.728037] dump_stack+0x142/0x197 [ 2284.730094] Node 1 Normal: [ 2284.731667] warn_alloc.cold+0x96/0x1af [ 2284.731676] 5804*4kB [ 2284.734609] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2284.738576] (UME) [ 2284.740980] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2284.740993] __alloc_pages_slowpath+0x23c6/0x2930 [ 2284.741013] ? save_trace+0x290/0x290 [ 2284.741029] ? warn_alloc+0xf0/0xf0 [ 2284.761176] 2241*8kB [ 2284.761914] ? __might_sleep+0x93/0xb0 [ 2284.765519] (UMEH) [ 2284.767923] __alloc_pages_nodemask+0x62c/0x7a0 [ 2284.778658] ? lock_downgrade+0x740/0x740 [ 2284.782810] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2284.787829] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2284.790090] 3188*16kB (UMEH) [ 2284.793446] alloc_pages_current+0xec/0x1e0 [ 2284.793454] 2529*32kB [ 2284.796546] ion_page_pool_alloc+0x11f/0x1c0 [ 2284.807733] ion_system_heap_allocate+0x138/0x910 [ 2284.810079] (UMEH) 1028*64kB [ 2284.812568] ? ion_system_heap_free+0x250/0x250 [ 2284.812574] (UMEH) [ 2284.815668] ion_alloc+0x68c/0x860 [ 2284.826074] ? ion_dma_buf_release+0x50/0x50 [ 2284.830477] ? kasan_check_write+0x14/0x20 [ 2284.834696] ? _copy_from_user+0x99/0x110 [ 2284.838849] ion_ioctl+0x105/0x217 [ 2284.842387] ? ion_alloc.cold+0x40/0x40 [ 2284.842563] 199*128kB (MEH) [ 2284.846363] ? ion_alloc.cold+0x40/0x40 [ 2284.846365] 76*256kB (MEH) [ 2284.849376] do_vfs_ioctl+0x7ae/0x1060 [ 2284.860304] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2284.862569] 117*512kB [ 2284.865054] ? lock_downgrade+0x740/0x740 [ 2284.865060] (ME) [ 2284.867571] ? ioctl_preallocate+0x1c0/0x1c0 [ 2284.878177] ? __fget+0x237/0x370 [ 2284.881637] ? security_file_ioctl+0x89/0xb0 [ 2284.882665] 37*1024kB (UMH) [ 2284.886082] SyS_ioctl+0x8f/0xc0 [ 2284.886094] ? do_vfs_ioctl+0x1060/0x1060 [ 2284.889106] 6*2048kB [ 2284.892468] do_syscall_64+0x1e8/0x640 [ 2284.892478] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2284.892495] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2284.892504] RIP: 0033:0x45a679 [ 2284.892508] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2284.892518] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2284.892523] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2284.892528] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2284.892534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2284.892540] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2284.908291] CPU: 0 PID: 8232 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2284.908299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2284.908304] Call Trace: [ 2284.908320] dump_stack+0x142/0x197 [ 2284.908338] warn_alloc.cold+0x96/0x1af [ 2284.908347] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2284.908369] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2284.908385] __alloc_pages_slowpath+0x23c6/0x2930 [ 2284.908414] ? save_trace+0x290/0x290 [ 2284.908443] ? warn_alloc+0xf0/0xf0 [ 2284.908467] ? __might_sleep+0x93/0xb0 [ 2284.908481] __alloc_pages_nodemask+0x62c/0x7a0 [ 2284.908490] ? lock_downgrade+0x740/0x740 [ 2284.908501] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2284.924617] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2284.924635] alloc_pages_current+0xec/0x1e0 [ 2284.924651] ion_page_pool_alloc+0x11f/0x1c0 [ 2284.924663] ion_system_heap_allocate+0x138/0x910 [ 2284.924686] ? ion_system_heap_free+0x250/0x250 [ 2284.939223] ion_alloc+0x68c/0x860 [ 2284.939241] ? ion_dma_buf_release+0x50/0x50 [ 2284.939257] ? kasan_check_write+0x14/0x20 [ 2284.953774] ? _copy_from_user+0x99/0x110 [ 2284.953789] ion_ioctl+0x105/0x217 [ 2284.953800] ? ion_alloc.cold+0x40/0x40 [ 2284.953816] ? ion_alloc.cold+0x40/0x40 [ 2284.953829] do_vfs_ioctl+0x7ae/0x1060 [ 2284.969228] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2284.969240] ? lock_downgrade+0x740/0x740 [ 2284.969252] ? ioctl_preallocate+0x1c0/0x1c0 [ 2284.969265] ? __fget+0x237/0x370 [ 2284.981192] ? security_file_ioctl+0x89/0xb0 [ 2284.981207] SyS_ioctl+0x8f/0xc0 [ 2284.981217] ? do_vfs_ioctl+0x1060/0x1060 [ 2284.981233] do_syscall_64+0x1e8/0x640 [ 2284.988803] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2284.988823] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2284.988835] RIP: 0033:0x45a679 [ 2284.998916] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2284.998927] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2284.998934] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2284.998940] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2284.998946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2284.998954] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2285.012147] (M) [ 2285.024427] 0*4096kB [ 2285.037759] = 393880kB [ 2285.049143] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2285.064298] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2285.069790] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2285.069798] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2285.069802] 15493 total pagecache pages [ 2285.069814] 0 pages in swap cache [ 2285.069820] Swap cache stats: add 0, delete 0, find 0/0 [ 2285.069824] Free swap = 0kB [ 2285.069830] Total swap = 0kB [ 2285.079131] 1965979 pages RAM [ 2285.093227] 0 pages HighMem/MovableOnly [ 2285.098710] 335854 pages reserved [ 2285.098715] 0 pages cma reserved [ 2285.135618] warn_alloc_show_mem: 2 callbacks suppressed [ 2285.135622] Mem-Info: [ 2285.155562] syz-executor.5: [ 2285.195831] active_anon:1150280 inactive_anon:199 isolated_anon:0 [ 2285.195831] active_file:6821 inactive_file:8598 isolated_file:0 [ 2285.195831] unevictable:0 dirty:111 writeback:0 unstable:0 [ 2285.195831] slab_reclaimable:19007 slab_unreclaimable:137517 [ 2285.195831] mapped:57690 shmem:255 pagetables:41363 bounce:0 [ 2285.195831] free:107312 free_pcp:536 free_cma:0 [ 2285.228654] oom_reaper: reaped process 8234 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2285.246852] Node 0 active_anon:1719848kB inactive_anon:772kB active_file:12kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:20kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2285.250827] Node 1 active_anon:2881172kB inactive_anon:24kB active_file:27272kB inactive_file:34364kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21840kB dirty:424kB writeback:0kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2285.250834] Node 0 DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2285.250856] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2285.256739] syz-executor.4: [ 2285.259026] page allocation failure: order:4 [ 2285.266575] page allocation failure: order:0 [ 2285.295845] syz-executor.1: [ 2285.334298] Node 0 [ 2285.366519] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2285.388012] page allocation failure: order:0 [ 2285.400261] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2285.407871] 0 [ 2285.417244] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2285.421877] 0 [ 2285.433175] syz-executor.5 cpuset= [ 2285.439209] syz5 mems_allowed=0-1 [ 2285.439230] CPU: 0 PID: 8240 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2285.439236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2285.439240] Call Trace: [ 2285.439256] dump_stack+0x142/0x197 [ 2285.443482] syz-executor.4 cpuset= [ 2285.446229] warn_alloc.cold+0x96/0x1af [ 2285.446241] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2285.446261] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2285.463388] __alloc_pages_slowpath+0x23c6/0x2930 [ 2285.463410] ? save_trace+0x290/0x290 [ 2285.463427] ? warn_alloc+0xf0/0xf0 [ 2285.463452] ? __might_sleep+0x93/0xb0 [ 2285.469660] __alloc_pages_nodemask+0x62c/0x7a0 [ 2285.469674] ? lock_downgrade+0x740/0x740 [ 2285.469683] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2285.469699] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2285.473527] syz4 [ 2285.477189] alloc_pages_current+0xec/0x1e0 [ 2285.487720] ion_page_pool_alloc+0x11f/0x1c0 [ 2285.487733] ion_system_heap_allocate+0x138/0x910 [ 2285.487749] ? ion_system_heap_free+0x250/0x250 [ 2285.492878] mems_allowed=0-1 [ 2285.496372] ion_alloc+0x68c/0x860 [ 2285.496389] ? ion_dma_buf_release+0x50/0x50 [ 2285.496406] ? kasan_check_write+0x14/0x20 [ 2285.503887] ? _copy_from_user+0x99/0x110 [ 2285.503902] ion_ioctl+0x105/0x217 [ 2285.503912] ? ion_alloc.cold+0x40/0x40 [ 2285.503927] ? ion_alloc.cold+0x40/0x40 [ 2285.517712] do_vfs_ioctl+0x7ae/0x1060 [ 2285.517726] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2285.517737] ? lock_downgrade+0x740/0x740 [ 2285.538846] ? ioctl_preallocate+0x1c0/0x1c0 [ 2285.538860] ? __fget+0x237/0x370 [ 2285.554538] ? security_file_ioctl+0x89/0xb0 [ 2285.566406] SyS_ioctl+0x8f/0xc0 [ 2285.566417] ? do_vfs_ioctl+0x1060/0x1060 [ 2285.578209] do_syscall_64+0x1e8/0x640 [ 2285.578221] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2285.602961] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2285.610957] RIP: 0033:0x45a679 [ 2285.610962] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2285.610971] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2285.610977] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2285.610982] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2285.610987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2285.610992] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2285.615980] 0 [ 2285.621646] CPU: 1 PID: 8286 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2285.624952] syz-executor.1 cpuset= [ 2285.631973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2285.631978] Call Trace: [ 2285.631994] dump_stack+0x142/0x197 [ 2285.632013] warn_alloc.cold+0x96/0x1af [ 2285.632024] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2285.632036] ? call_timer_fn+0x670/0x670 [ 2285.632056] __alloc_pages_slowpath+0x23c6/0x2930 [ 2285.632085] ? warn_alloc+0xf0/0xf0 [ 2285.632106] ? __might_sleep+0x93/0xb0 [ 2285.632118] __alloc_pages_nodemask+0x62c/0x7a0 [ 2285.632129] ? lock_downgrade+0x740/0x740 [ 2285.632139] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2285.632155] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2285.640090] syz1 [ 2285.646674] alloc_pages_current+0xec/0x1e0 [ 2285.657830] mems_allowed=0-1 [ 2285.661185] ion_page_pool_alloc+0x11f/0x1c0 [ 2285.661198] ion_system_heap_allocate+0x138/0x910 [ 2285.661213] ? ion_system_heap_free+0x250/0x250 [ 2285.758922] DMA32 free:18072kB min:36380kB low:45472kB high:54564kB active_anon:1715464kB inactive_anon:772kB active_file:12kB inactive_file:28kB unevictable:0kB writepending:20kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:896kB local_pcp:700kB free_cma:0kB [ 2285.760132] ion_alloc+0x68c/0x860 [ 2285.760149] ? ion_dma_buf_release+0x50/0x50 [ 2285.760169] ? kasan_check_write+0x14/0x20 [ 2285.764821] lowmem_reserve[]: 0 0 [ 2285.793628] ? _copy_from_user+0x99/0x110 [ 2285.793640] ion_ioctl+0x105/0x217 [ 2285.793650] ? ion_alloc.cold+0x40/0x40 [ 2285.793665] ? ion_alloc.cold+0x40/0x40 [ 2285.793676] do_vfs_ioctl+0x7ae/0x1060 [ 2285.793688] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2285.793698] ? lock_downgrade+0x740/0x740 [ 2285.793710] ? ioctl_preallocate+0x1c0/0x1c0 [ 2285.793724] ? __fget+0x237/0x370 [ 2285.793740] ? security_file_ioctl+0x89/0xb0 [ 2285.793752] SyS_ioctl+0x8f/0xc0 [ 2285.835034] 0 [ 2285.837764] ? do_vfs_ioctl+0x1060/0x1060 [ 2285.854505] 0 [ 2285.855211] do_syscall_64+0x1e8/0x640 [ 2285.859331] 0 [ 2285.861116] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2285.861135] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2285.861143] RIP: 0033:0x45a679 [ 2285.861151] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2285.887666] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2285.887673] Node 0 [ 2285.894925] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2285.894930] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2285.894936] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2285.894942] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2285.909246] CPU: 0 PID: 8234 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2285.919175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2285.919182] Call Trace: [ 2285.934374] dump_stack+0x142/0x197 [ 2285.934390] warn_alloc.cold+0x96/0x1af [ 2285.934399] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2285.934412] ? call_timer_fn+0x670/0x670 [ 2285.934435] __alloc_pages_slowpath+0x23c6/0x2930 [ 2285.946387] ? warn_alloc+0xf0/0xf0 [ 2285.953967] ? __might_sleep+0x93/0xb0 [ 2285.962876] __alloc_pages_nodemask+0x62c/0x7a0 [ 2285.962888] ? lock_downgrade+0x740/0x740 [ 2285.962899] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2285.962914] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2285.962929] alloc_pages_current+0xec/0x1e0 [ 2285.963014] ion_page_pool_alloc+0x11f/0x1c0 [ 2285.984223] ion_system_heap_allocate+0x138/0x910 [ 2285.994971] ? ion_alloc+0x19b/0x860 [ 2285.994987] ? rcu_read_lock_sched_held+0x110/0x130 [ 2285.994999] ? ion_system_heap_free+0x250/0x250 [ 2285.995013] ion_alloc+0x222/0x860 [ 2285.995029] ? ion_dma_buf_release+0x50/0x50 [ 2285.995046] ? kasan_check_write+0x14/0x20 [ 2286.034143] ? _copy_from_user+0x99/0x110 [ 2286.038428] ion_ioctl+0x105/0x217 [ 2286.041999] ? ion_alloc.cold+0x40/0x40 [ 2286.046629] ? ion_alloc.cold+0x40/0x40 [ 2286.050610] do_vfs_ioctl+0x7ae/0x1060 [ 2286.054495] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2286.059270] ? lock_downgrade+0x740/0x740 [ 2286.063432] ? ioctl_preallocate+0x1c0/0x1c0 [ 2286.067848] ? __fget+0x237/0x370 [ 2286.071331] ? security_file_ioctl+0x89/0xb0 [ 2286.075748] SyS_ioctl+0x8f/0xc0 [ 2286.079232] ? do_vfs_ioctl+0x1060/0x1060 [ 2286.083397] do_syscall_64+0x1e8/0x640 [ 2286.087289] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2286.092150] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2286.097350] RIP: 0033:0x45a679 [ 2286.100531] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2286.108248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2286.115525] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2286.122805] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2286.130075] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2286.137335] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2286.161049] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2286.164797] warn_alloc_show_mem: 2 callbacks suppressed [ 2286.164801] Mem-Info: [ 2286.193888] active_anon:1150142 inactive_anon:197 isolated_anon:0 [ 2286.193888] active_file:6821 inactive_file:8611 isolated_file:0 [ 2286.193888] unevictable:0 dirty:125 writeback:0 unstable:0 [ 2286.193888] slab_reclaimable:19010 slab_unreclaimable:137592 [ 2286.193888] mapped:57677 shmem:255 pagetables:41309 bounce:0 [ 2286.193888] free:105595 free_pcp:594 free_cma:0 [ 2286.228798] lowmem_reserve[]: 0 0 0 0 0 [ 2286.237819] Node 0 active_anon:1719720kB inactive_anon:772kB active_file:12kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:20kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2286.271246] Node 1 Normal free:394808kB min:53508kB low:66884kB high:80260kB active_anon:2880848kB inactive_anon:16kB active_file:27272kB inactive_file:34416kB unevictable:0kB writepending:480kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45120kB pagetables:99928kB bounce:0kB free_pcp:1344kB local_pcp:700kB free_cma:0kB [ 2286.300145] Node 1 active_anon:2880848kB inactive_anon:16kB active_file:27272kB inactive_file:34416kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21788kB dirty:480kB writeback:0kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2286.329432] Node 0 DMA free:10448kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2286.334641] lowmem_reserve[]: [ 2286.361563] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2286.369741] Node 0 DMA32 free:72632kB min:36380kB low:45472kB high:54564kB active_anon:1715336kB inactive_anon:772kB active_file:12kB inactive_file:28kB unevictable:0kB writepending:20kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:1416kB local_pcp:672kB free_cma:0kB [ 2286.380079] 0 [ 2286.405541] lowmem_reserve[]: 0 0 0 0 0 [ 2286.410143] 0 0 0 0 [ 2286.411771] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2286.420121] Node 0 [ 2286.444640] lowmem_reserve[]: 0 0 0 0 0 [ 2286.451117] Node 1 Normal free:394808kB min:53508kB low:66884kB high:80260kB active_anon:2880848kB inactive_anon:16kB active_file:27272kB inactive_file:34416kB unevictable:0kB writepending:480kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45120kB pagetables:99928kB bounce:0kB free_pcp:1344kB local_pcp:644kB free_cma:0kB [ 2286.460124] DMA: [ 2286.487023] lowmem_reserve[]: 0 0 0 0 0 [ 2286.493869] Node 0 [ 2286.498065] DMA: 8*4kB (UM) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10448kB [ 2286.500135] 8*4kB [ 2286.517681] Node 0 DMA32: 4638*4kB (UMEH) 1711*8kB (UMEH) 1120*16kB (UMEH) 401*32kB (UMH) 35*64kB (MH) 6*128kB (UMH) 1*256kB (U) 14*512kB (UH) 14*1024kB (UH) 8*2048kB (U) 0*4096kB = 104144kB [ 2286.530116] (UM) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10448kB [ 2286.542910] Node 0 [ 2286.557575] syz-executor.1: [ 2286.559844] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2286.563159] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2286.578608] CPU: 1 PID: 8234 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2286.586930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2286.586935] Call Trace: [ 2286.586959] dump_stack+0x142/0x197 [ 2286.586974] warn_alloc.cold+0x96/0x1af [ 2286.586983] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2286.587002] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2286.587016] __alloc_pages_slowpath+0x23c6/0x2930 [ 2286.587034] ? save_trace+0x290/0x290 [ 2286.587049] ? warn_alloc+0xf0/0xf0 [ 2286.596640] Normal: [ 2286.599017] ? __might_sleep+0x93/0xb0 [ 2286.607110] Node 0 [ 2286.611402] __alloc_pages_nodemask+0x62c/0x7a0 [ 2286.611415] ? lock_downgrade+0x740/0x740 [ 2286.611426] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2286.611442] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2286.611457] alloc_pages_current+0xec/0x1e0 [ 2286.611473] ion_page_pool_alloc+0x11f/0x1c0 [ 2286.616774] 0*4kB [ 2286.621562] ion_system_heap_allocate+0x138/0x910 [ 2286.621578] ? ion_system_heap_free+0x250/0x250 [ 2286.621593] ion_alloc+0x68c/0x860 [ 2286.621609] ? ion_dma_buf_release+0x50/0x50 [ 2286.621626] ? kasan_check_write+0x14/0x20 [ 2286.621637] ? _copy_from_user+0x99/0x110 [ 2286.621649] ion_ioctl+0x105/0x217 [ 2286.621661] ? ion_alloc.cold+0x40/0x40 [ 2286.630149] DMA32: [ 2286.631389] ? ion_alloc.cold+0x40/0x40 [ 2286.635385] 4638*4kB [ 2286.637627] do_vfs_ioctl+0x7ae/0x1060 [ 2286.642444] 0*8kB [ 2286.646407] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2286.655445] 0*16kB [ 2286.657030] ? lock_downgrade+0x740/0x740 [ 2286.661429] 0*32kB [ 2286.665768] ? ioctl_preallocate+0x1c0/0x1c0 [ 2286.667899] 0*64kB 0*128kB [ 2286.672790] ? __fget+0x237/0x370 [ 2286.672810] ? security_file_ioctl+0x89/0xb0 [ 2286.672823] SyS_ioctl+0x8f/0xc0 [ 2286.672833] ? do_vfs_ioctl+0x1060/0x1060 [ 2286.672846] do_syscall_64+0x1e8/0x640 [ 2286.672854] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2286.672872] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2286.672881] RIP: 0033:0x45a679 [ 2286.672886] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2286.672898] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2286.672904] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2286.672910] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2286.672915] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2286.672921] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2286.754740] (UMEH) [ 2286.757481] 0*256kB [ 2286.764731] 1710*8kB [ 2286.779551] (UMEH) [ 2286.785283] 0*512kB [ 2286.797844] 1120*16kB [ 2286.810201] 0*1024kB [ 2286.825837] syz-executor.1 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2286.829044] 0 [ 2286.842161] 0*2048kB 0*4096kB = 0kB [ 2286.844064] (UMEH) [ 2286.847366] Node 1 [ 2286.847377] 401*32kB [ 2286.849612] Normal: 5802*4kB [ 2286.854573] (UM) 2252*8kB (UMH) 3199*16kB (UMEH) 2537*32kB (UMEH) 1029*64kB (UMEH) 200*128kB (MEH) 77*256kB (MEH) 117*512kB (ME) 37*1024kB (UMH) 6*2048kB (M) 0*4096kB = 394840kB [ 2286.873820] , order=0, oom_score_adj=1000 [ 2286.878088] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2286.878685] (UMH) 3*64kB (H) 1*128kB (H) 0*256kB 1*512kB (H) 1*1024kB (H) 0*2048kB 0*4096kB = 64840kB [ 2286.884573] CPU: 0 PID: 8234 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2286.900922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2286.900927] Call Trace: [ 2286.900943] dump_stack+0x142/0x197 [ 2286.900959] dump_header+0x177/0x6cd [ 2286.900973] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2286.900983] ? ___ratelimit+0x55/0x537 [ 2286.900997] oom_kill_process.cold+0x10/0xadd [ 2286.901007] ? rcu_read_unlock_special+0x895/0xd40 [ 2286.901022] ? lock_downgrade+0x740/0x740 [ 2286.910619] Node 0 [ 2286.913094] out_of_memory+0x2ee/0x1180 [ 2286.916682] Normal: 0*4kB [ 2286.920422] ? lock_acquire+0x16f/0x430 [ 2286.920448] ? oom_killer_disable+0x1d0/0x1d0 [ 2286.920458] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2286.920470] __alloc_pages_slowpath+0x2251/0x2930 [ 2286.920494] ? warn_alloc+0xf0/0xf0 [ 2286.920514] ? __might_sleep+0x93/0xb0 [ 2286.920531] __alloc_pages_nodemask+0x62c/0x7a0 [ 2286.925679] 0*8kB [ 2286.929567] ? lock_downgrade+0x740/0x740 [ 2286.939101] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2286.943319] 0*16kB [ 2286.945477] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2286.949423] 0*32kB [ 2286.952285] alloc_pages_current+0xec/0x1e0 [ 2286.952303] ion_page_pool_alloc+0x11f/0x1c0 [ 2286.952314] ion_system_heap_allocate+0x138/0x910 [ 2286.952330] ? ion_system_heap_free+0x250/0x250 [ 2286.960792] ion_alloc+0x68c/0x860 [ 2286.960808] ? ion_dma_buf_release+0x50/0x50 [ 2286.960826] ? kasan_check_write+0x14/0x20 [ 2286.970553] ? _copy_from_user+0x99/0x110 [ 2286.970565] ion_ioctl+0x105/0x217 [ 2286.970575] ? ion_alloc.cold+0x40/0x40 [ 2286.970591] ? ion_alloc.cold+0x40/0x40 [ 2286.974209] 0*64kB [ 2286.978069] do_vfs_ioctl+0x7ae/0x1060 [ 2286.984855] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2286.993987] ? lock_downgrade+0x740/0x740 [ 2286.994001] ? ioctl_preallocate+0x1c0/0x1c0 [ 2286.994014] ? __fget+0x237/0x370 [ 2286.996247] 0*128kB [ 2287.001879] ? security_file_ioctl+0x89/0xb0 [ 2287.001893] SyS_ioctl+0x8f/0xc0 [ 2287.001903] ? do_vfs_ioctl+0x1060/0x1060 [ 2287.004139] 0*256kB [ 2287.008474] do_syscall_64+0x1e8/0x640 [ 2287.017718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2287.022427] 0*512kB [ 2287.025937] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2287.034535] RIP: 0033:0x45a679 [ 2287.034542] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 [ 2287.042186] ORIG_RAX: 0000000000000010 [ 2287.042193] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2287.042198] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2287.042204] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2287.042210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2287.042215] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2287.043751] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2287.047408] 0*1024kB [ 2287.050341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2287.050350] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2287.050356] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2287.050360] 15532 total pagecache pages [ 2287.050372] 0 pages in swap cache [ 2287.058162] 0*2048kB [ 2287.061464] Swap cache stats: add 0, delete 0, find 0/0 [ 2287.065754] 0*4096kB [ 2287.069889] Free swap = 0kB [ 2287.080493] Total swap = 0kB [ 2287.087749] 1965979 pages RAM [ 2287.094726] = 0kB [ 2287.098937] 0 pages HighMem/MovableOnly [ 2287.106339] 335854 pages reserved [ 2287.106346] 0 pages cma reserved [ 2287.117926] Mem-Info: [ 2287.124005] Node 1 [ 2287.126627] active_anon:1150140 inactive_anon:199 isolated_anon:0 [ 2287.126627] active_file:6823 inactive_file:8615 isolated_file:0 [ 2287.126627] unevictable:0 dirty:140 writeback:0 unstable:0 [ 2287.126627] slab_reclaimable:19001 slab_unreclaimable:137418 [ 2287.126627] mapped:57677 shmem:255 pagetables:41296 bounce:0 [ 2287.126627] free:105847 free_pcp:238 free_cma:0 [ 2287.138419] Normal: [ 2287.141085] syz-executor.5: [ 2287.148340] 5812*4kB [ 2287.155863] Node 0 active_anon:1719720kB inactive_anon:772kB active_file:20kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:32kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2287.169438] (UME) [ 2287.176500] page allocation failure: order:0 [ 2287.193240] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2287.200866] Node 0 [ 2287.211162] 0 [ 2287.216463] 2255*8kB [ 2287.216970] syz-executor.5 cpuset= [ 2287.222798] (UMEH) [ 2287.226288] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2287.229736] 3199*16kB [ 2287.233063] syz5 [ 2287.236221] (UMEH) [ 2287.237658] mems_allowed=0-1 [ 2287.276904] 2537*32kB [ 2287.276985] lowmem_reserve[]: [ 2287.279352] (UMEH) [ 2287.307982] 0 [ 2287.314649] 1028*64kB [ 2287.321103] CPU: 0 PID: 8240 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2287.321110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2287.321116] Call Trace: [ 2287.330971] dump_stack+0x142/0x197 [ 2287.330987] warn_alloc.cold+0x96/0x1af [ 2287.330997] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2287.331009] ? call_timer_fn+0x670/0x670 [ 2287.331030] __alloc_pages_slowpath+0x23c6/0x2930 [ 2287.331056] ? warn_alloc+0xf0/0xf0 [ 2287.359047] ? __might_sleep+0x93/0xb0 [ 2287.359063] __alloc_pages_nodemask+0x62c/0x7a0 [ 2287.359075] ? lock_downgrade+0x740/0x740 [ 2287.359087] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2287.361610] (UMEH) [ 2287.363541] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2287.365749] 201*128kB [ 2287.368840] alloc_pages_current+0xec/0x1e0 [ 2287.371698] (MEH) [ 2287.374408] ion_page_pool_alloc+0x11f/0x1c0 [ 2287.376616] 77*256kB [ 2287.378402] ion_system_heap_allocate+0x138/0x910 [ 2287.380901] (MEH) [ 2287.388655] ? ion_system_heap_free+0x250/0x250 [ 2287.400576] ion_alloc+0x68c/0x860 [ 2287.400595] ? ion_dma_buf_release+0x50/0x50 [ 2287.408172] ? kasan_check_write+0x14/0x20 [ 2287.413454] 117*512kB [ 2287.417055] ? _copy_from_user+0x99/0x110 [ 2287.425515] ion_ioctl+0x105/0x217 [ 2287.434047] ? ion_alloc.cold+0x40/0x40 [ 2287.434062] ? ion_alloc.cold+0x40/0x40 [ 2287.434073] do_vfs_ioctl+0x7ae/0x1060 [ 2287.434085] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2287.434096] ? lock_downgrade+0x740/0x740 [ 2287.434106] ? ioctl_preallocate+0x1c0/0x1c0 [ 2287.434119] ? __fget+0x237/0x370 [ 2287.434137] ? security_file_ioctl+0x89/0xb0 [ 2287.440149] (ME) [ 2287.443287] SyS_ioctl+0x8f/0xc0 [ 2287.445497] 37*1024kB [ 2287.451103] ? do_vfs_ioctl+0x1060/0x1060 [ 2287.451116] do_syscall_64+0x1e8/0x640 [ 2287.451126] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2287.451145] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2287.457929] RIP: 0033:0x45a679 [ 2287.460524] (UMH) [ 2287.464465] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2287.466869] 6*2048kB [ 2287.471702] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2287.471708] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2287.471712] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2287.471718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2287.471723] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2287.472558] 2569 [ 2287.478566] 2569 [ 2287.490962] 2569 2569 [ 2287.490976] Node 0 DMA32 free:18092kB min:36380kB low:45472kB high:54564kB active_anon:1715336kB inactive_anon:772kB active_file:20kB inactive_file:32kB unevictable:0kB writepending:32kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:952kB local_pcp:780kB free_cma:0kB [ 2287.491000] lowmem_reserve[]: 0 0 0 0 0 [ 2287.494643] (M) [ 2287.509178] Node 0 [ 2287.516315] 0*4096kB [ 2287.517883] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2287.529898] lowmem_reserve[]: [ 2287.534693] = 394968kB [ 2287.536409] 0 [ 2287.539759] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2287.542299] 0 0 0 0 [ 2287.542319] Node 0 DMA: 8*4kB (UM) 22*8kB (UM) 20*16kB [ 2287.555236] (UME) [ 2287.564224] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2287.565768] 2*32kB [ 2287.575908] (U) [ 2287.587025] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2287.590530] 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) [ 2287.598936] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2287.609684] 2*2048kB [ 2287.615430] (UE) [ 2287.619203] 0*4096kB [ 2287.650078] 15547 total pagecache pages [ 2287.657085] warn_alloc_show_mem: 2 callbacks suppressed [ 2287.657089] Mem-Info: [ 2287.659158] 0 pages in swap cache [ 2287.688562] active_anon:1150140 inactive_anon:199 isolated_anon:0 [ 2287.688562] active_file:6823 inactive_file:8615 isolated_file:0 [ 2287.688562] unevictable:0 dirty:140 writeback:0 unstable:0 [ 2287.688562] slab_reclaimable:19001 slab_unreclaimable:137418 [ 2287.688562] mapped:57677 shmem:255 pagetables:41296 bounce:0 [ 2287.688562] free:105847 free_pcp:564 free_cma:0 [ 2287.691407] = 10384kB [ 2287.707396] Node 0 active_anon:1719720kB inactive_anon:772kB active_file:20kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:32kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2287.710152] Node 1 active_anon:2880840kB inactive_anon:24kB active_file:27272kB inactive_file:34428kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21788kB dirty:528kB writeback:0kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2287.718846] Swap cache stats: add 0, delete 0, find 0/0 [ 2287.725500] Node 0 [ 2287.744831] Node 0 [ 2287.748123] Free swap = 0kB [ 2287.750517] DMA32: [ 2287.752996] Total swap = 0kB [ 2287.754907] 3253*4kB [ 2287.758870] 1965979 pages RAM [ 2287.768892] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2287.808636] (UMEH) [ 2287.834622] 0 pages HighMem/MovableOnly [ 2287.868400] lowmem_reserve[]: [ 2287.870355] 335854 pages reserved [ 2287.872572] 0 [ 2287.875570] 0 pages cma reserved [ 2287.877782] 2569 [ 2287.913084] 2569 [ 2287.918653] 2569 2569 [ 2287.918666] Node 0 DMA32 free:18092kB min:36380kB low:45472kB high:54564kB active_anon:1715336kB inactive_anon:772kB active_file:20kB inactive_file:32kB unevictable:0kB writepending:32kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:948kB local_pcp:776kB free_cma:0kB [ 2287.918755] lowmem_reserve[]: 0 0 0 0 0 [ 2287.918780] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2287.918801] lowmem_reserve[]: 0 0 0 0 0 [ 2287.918824] Node 1 Normal free:394912kB min:53508kB low:66884kB high:80260kB active_anon:2880840kB inactive_anon:24kB active_file:27272kB inactive_file:34428kB unevictable:0kB writepending:528kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45120kB pagetables:99876kB bounce:0kB free_pcp:1308kB local_pcp:668kB free_cma:0kB [ 2287.918847] lowmem_reserve[]: 0 0 0 0 0 [ 2287.918869] Node 0 DMA: 8*4kB (UM) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10384kB [ 2287.918963] Node 0 DMA32: 3253*4kB (UMEH) 335*8kB (UMEH) 31*16kB (UMH) 2*32kB (H) 3*64kB (H) 1*128kB (H) 0*256kB 1*512kB (H) 1*1024kB (H) 0*2048kB 0*4096kB = 18108kB [ 2287.919050] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2287.919109] Node 1 Normal: 5812*4kB (UME) 2252*8kB (UMEH) 3199*16kB (UMEH) 2537*32kB (UMEH) 1028*64kB (UMEH) 201*128kB (MEH) 77*256kB (MEH) 117*512kB (ME) 37*1024kB (UMH) 6*2048kB (M) 0*4096kB = 394944kB [ 2287.919209] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2287.919217] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2287.919225] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2287.919232] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2287.919237] 15547 total pagecache pages [ 2287.919249] 0 pages in swap cache [ 2287.919256] Swap cache stats: add 0, delete 0, find 0/0 [ 2287.919260] Free swap = 0kB [ 2287.919264] Total swap = 0kB [ 2287.919272] 1965979 pages RAM [ 2287.919276] 0 pages HighMem/MovableOnly [ 2287.919280] 335854 pages reserved [ 2287.919284] 0 pages cma reserved [ 2287.921226] 335*8kB [ 2287.967393] (UMEH) 31*16kB (UMH) 2*32kB [ 2288.166767] (H) 3*64kB (H) 1*128kB (H) 0*256kB 1*512kB (H) 1*1024kB (H) 0*2048kB 0*4096kB = 18108kB [ 2288.180058] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2288.190874] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2288.190883] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2288.190890] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2288.190897] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2288.190902] 15562 total pagecache pages [ 2288.190917] 0 pages in swap cache [ 2288.208462] Swap cache stats: add 0, delete 0, find 0/0 [ 2288.225883] Free swap = 0kB [ 2288.233554] Total swap = 0kB [ 2288.244825] 1965979 pages RAM [ 2288.247925] 0 pages HighMem/MovableOnly [ 2288.251943] 335854 pages reserved [ 2288.255401] 0 pages cma reserved [ 2288.258755] Out of memory: Kill process 15051 (syz-executor.1) score 1009 or sacrifice child 20:58:38 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:38 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2288.267409] Killed process 15051 (syz-executor.1) total-vm:72980kB, anon-rss:16060kB, file-rss:34816kB, shmem-rss:0kB 20:58:39 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 20:58:39 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:39 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:39 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) 20:58:39 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2289.461709] oom_reaper: reaped process 8304 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2289.486818] warn_alloc: 3 callbacks suppressed [ 2289.486824] syz-executor.2: [ 2289.506418] syz-executor.4: [ 2289.519409] page allocation failure: order:4 [ 2289.528173] page allocation failure: order:4 [ 2289.539213] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2289.556909] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2289.559671] syz-executor.1: [ 2289.567129] 0 [ 2289.583853] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2289.592881] 0 [ 2289.595709] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2289.600118] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2289.605720] CPU: 1 PID: 8315 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2289.621436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2289.630797] Call Trace: [ 2289.633402] dump_stack+0x142/0x197 [ 2289.635659] syz-executor.1 cpuset= [ 2289.637039] warn_alloc.cold+0x96/0x1af [ 2289.637052] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2289.637074] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2289.637088] __alloc_pages_slowpath+0x23c6/0x2930 [ 2289.647825] syz1 [ 2289.649455] ? save_trace+0x290/0x290 [ 2289.662984] mems_allowed=0-1 [ 2289.665329] ? warn_alloc+0xf0/0xf0 [ 2289.665355] ? __might_sleep+0x93/0xb0 [ 2289.665368] __alloc_pages_nodemask+0x62c/0x7a0 [ 2289.680626] ? lock_downgrade+0x740/0x740 [ 2289.684788] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2289.689820] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2289.695456] alloc_pages_current+0xec/0x1e0 [ 2289.699787] ion_page_pool_alloc+0x11f/0x1c0 [ 2289.704228] ion_system_heap_allocate+0x138/0x910 [ 2289.709076] ? ion_alloc+0x19b/0x860 [ 2289.712792] ? rcu_read_lock_sched_held+0x110/0x130 [ 2289.716575] syz-executor.5 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2289.717813] ? ion_system_heap_free+0x250/0x250 [ 2289.717832] ion_alloc+0x222/0x860 [ 2289.717851] ? ion_dma_buf_release+0x50/0x50 [ 2289.740732] ? kasan_check_write+0x14/0x20 [ 2289.742220] 0 [ 2289.744978] ? _copy_from_user+0x99/0x110 [ 2289.744995] ion_ioctl+0x105/0x217 [ 2289.745007] ? ion_alloc.cold+0x40/0x40 [ 2289.745023] ? ion_alloc.cold+0x40/0x40 [ 2289.750125] , order=0, oom_score_adj=1000 [ 2289.750863] do_vfs_ioctl+0x7ae/0x1060 [ 2289.750879] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2289.750890] ? lock_downgrade+0x740/0x740 [ 2289.750903] ? ioctl_preallocate+0x1c0/0x1c0 [ 2289.754552] syz-executor.5 cpuset= [ 2289.758383] ? __fget+0x237/0x370 [ 2289.758403] ? security_file_ioctl+0x89/0xb0 [ 2289.758417] SyS_ioctl+0x8f/0xc0 [ 2289.758428] ? do_vfs_ioctl+0x1060/0x1060 [ 2289.771415] syz5 [ 2289.775375] do_syscall_64+0x1e8/0x640 [ 2289.788899] mems_allowed=0-1 [ 2289.790846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2289.790870] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2289.790878] RIP: 0033:0x45a679 [ 2289.790883] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2289.790894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2289.790900] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2289.790905] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2289.790911] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2289.790917] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2289.799966] CPU: 1 PID: 8318 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2289.876818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2289.886176] Call Trace: [ 2289.888767] dump_stack+0x142/0x197 [ 2289.892394] warn_alloc.cold+0x96/0x1af [ 2289.896359] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2289.901212] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2289.906492] __alloc_pages_slowpath+0x23c6/0x2930 [ 2289.911340] ? save_trace+0x290/0x290 [ 2289.915150] ? warn_alloc+0xf0/0xf0 [ 2289.918802] ? __might_sleep+0x93/0xb0 [ 2289.922685] __alloc_pages_nodemask+0x62c/0x7a0 [ 2289.927346] ? lock_downgrade+0x740/0x740 [ 2289.931487] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2289.936501] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2289.942125] alloc_pages_current+0xec/0x1e0 [ 2289.946455] ion_page_pool_alloc+0x11f/0x1c0 [ 2289.950865] ion_system_heap_allocate+0x138/0x910 [ 2289.955725] ? ion_alloc+0x19b/0x860 [ 2289.959435] ? rcu_read_lock_sched_held+0x110/0x130 [ 2289.964456] ? ion_system_heap_free+0x250/0x250 [ 2289.969119] ion_alloc+0x222/0x860 [ 2289.972656] ? ion_dma_buf_release+0x50/0x50 [ 2289.977059] ? kasan_check_write+0x14/0x20 [ 2289.981294] ? _copy_from_user+0x99/0x110 [ 2289.985443] ion_ioctl+0x105/0x217 [ 2289.988989] ? ion_alloc.cold+0x40/0x40 [ 2289.992965] ? ion_alloc.cold+0x40/0x40 [ 2289.996929] do_vfs_ioctl+0x7ae/0x1060 [ 2290.000900] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2290.005657] ? lock_downgrade+0x740/0x740 [ 2290.009806] ? ioctl_preallocate+0x1c0/0x1c0 [ 2290.014232] ? __fget+0x237/0x370 [ 2290.017682] ? security_file_ioctl+0x89/0xb0 [ 2290.022089] SyS_ioctl+0x8f/0xc0 [ 2290.025447] ? do_vfs_ioctl+0x1060/0x1060 [ 2290.029589] do_syscall_64+0x1e8/0x640 [ 2290.033470] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2290.038309] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2290.043487] RIP: 0033:0x45a679 [ 2290.046669] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2290.054408] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2290.061684] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2290.068957] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2290.076227] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2290.083503] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2290.090788] CPU: 0 PID: 8323 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2290.093346] Mem-Info: [ 2290.098610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2290.098617] Call Trace: [ 2290.098638] dump_stack+0x142/0x197 [ 2290.098662] warn_alloc.cold+0x96/0x1af [ 2290.098680] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2290.101696] active_anon:1146281 inactive_anon:199 isolated_anon:0 [ 2290.101696] active_file:6820 inactive_file:8649 isolated_file:0 [ 2290.101696] unevictable:0 dirty:83 writeback:0 unstable:0 [ 2290.101696] slab_reclaimable:19014 slab_unreclaimable:137438 [ 2290.101696] mapped:57704 shmem:255 pagetables:41341 bounce:0 [ 2290.101696] free:109546 free_pcp:69 free_cma:0 [ 2290.110480] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2290.110505] __alloc_pages_slowpath+0x23c6/0x2930 [ 2290.110536] ? save_trace+0x290/0x290 [ 2290.110562] ? warn_alloc+0xf0/0xf0 [ 2290.110595] ? __might_sleep+0x93/0xb0 [ 2290.114432] Node 0 active_anon:1719720kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2290.116820] __alloc_pages_nodemask+0x62c/0x7a0 [ 2290.116838] ? lock_downgrade+0x740/0x740 [ 2290.116856] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2290.116880] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2290.116903] alloc_pages_current+0xec/0x1e0 [ 2290.121590] Node 0 [ 2290.125716] ion_page_pool_alloc+0x11f/0x1c0 [ 2290.125734] ion_system_heap_allocate+0x138/0x910 [ 2290.125747] ? ion_alloc+0x19b/0x860 [ 2290.125764] ? rcu_read_lock_sched_held+0x110/0x130 [ 2290.125792] ? ion_system_heap_free+0x250/0x250 [ 2290.160596] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2290.164736] ion_alloc+0x222/0x860 [ 2290.164764] ? ion_dma_buf_release+0x50/0x50 [ 2290.164789] ? kasan_check_write+0x14/0x20 [ 2290.164802] ? _copy_from_user+0x99/0x110 [ 2290.170578] lowmem_reserve[]: [ 2290.173440] ion_ioctl+0x105/0x217 [ 2290.173456] ? ion_alloc.cold+0x40/0x40 [ 2290.173485] ? ion_alloc.cold+0x40/0x40 [ 2290.173500] do_vfs_ioctl+0x7ae/0x1060 [ 2290.173515] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2290.177751] 0 [ 2290.181006] ? lock_downgrade+0x740/0x740 [ 2290.181024] ? ioctl_preallocate+0x1c0/0x1c0 [ 2290.181044] ? __fget+0x237/0x370 [ 2290.181073] ? security_file_ioctl+0x89/0xb0 [ 2290.181092] SyS_ioctl+0x8f/0xc0 [ 2290.181103] ? do_vfs_ioctl+0x1060/0x1060 [ 2290.181120] do_syscall_64+0x1e8/0x640 [ 2290.209559] 2569 [ 2290.213186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2290.213215] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2290.213226] RIP: 0033:0x45a679 [ 2290.213233] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2290.213248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2290.213257] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2290.213264] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2290.213272] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2290.218070] 2569 [ 2290.222438] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2290.229637] CPU: 0 PID: 8304 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2290.233334] 2569 [ 2290.234700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2290.234704] Call Trace: [ 2290.234719] dump_stack+0x142/0x197 [ 2290.234737] dump_header+0x177/0x6cd [ 2290.234751] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2290.234763] ? ___ratelimit+0x55/0x537 [ 2290.234777] oom_kill_process.cold+0x10/0xadd [ 2290.239719] 2569 [ 2290.244005] ? rcu_read_unlock_special+0x639/0xd40 [ 2290.244020] ? lock_downgrade+0x740/0x740 [ 2290.244037] out_of_memory+0x2ee/0x1180 [ 2290.244045] ? lock_acquire+0x16f/0x430 [ 2290.244062] ? oom_killer_disable+0x1d0/0x1d0 [ 2290.244073] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2290.244087] __alloc_pages_slowpath+0x2251/0x2930 [ 2290.244114] ? warn_alloc+0xf0/0xf0 [ 2290.244135] ? __might_sleep+0x93/0xb0 [ 2290.252839] __alloc_pages_nodemask+0x62c/0x7a0 [ 2290.252851] ? lock_downgrade+0x740/0x740 [ 2290.252864] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2290.252881] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2290.252898] alloc_pages_current+0xec/0x1e0 [ 2290.252959] ion_page_pool_alloc+0x11f/0x1c0 [ 2290.252971] ion_system_heap_allocate+0x138/0x910 [ 2290.258202] Node 0 [ 2290.283565] ? ion_alloc+0x19b/0x860 [ 2290.283579] ? rcu_read_lock_sched_held+0x110/0x130 [ 2290.283593] ? ion_system_heap_free+0x250/0x250 [ 2290.283610] ion_alloc+0x222/0x860 [ 2290.283628] ? ion_dma_buf_release+0x50/0x50 [ 2290.283643] ? kasan_check_write+0x14/0x20 [ 2290.283654] ? _copy_from_user+0x99/0x110 [ 2290.283666] ion_ioctl+0x105/0x217 [ 2290.290341] DMA32 free:18172kB min:36380kB low:45472kB high:54564kB active_anon:1715336kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:276kB local_pcp:128kB free_cma:0kB [ 2290.291620] ? ion_alloc.cold+0x40/0x40 [ 2290.291643] ? ion_alloc.cold+0x40/0x40 [ 2290.291657] do_vfs_ioctl+0x7ae/0x1060 [ 2290.291677] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2290.296346] lowmem_reserve[]: [ 2290.300052] ? lock_downgrade+0x740/0x740 20:58:40 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:40 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2290.300066] ? ioctl_preallocate+0x1c0/0x1c0 [ 2290.300080] ? __fget+0x237/0x370 [ 2290.300100] ? security_file_ioctl+0x89/0xb0 [ 2290.300112] SyS_ioctl+0x8f/0xc0 [ 2290.300121] ? do_vfs_ioctl+0x1060/0x1060 [ 2290.300135] do_syscall_64+0x1e8/0x640 [ 2290.310616] 0 [ 2290.310720] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2290.320517] 0 [ 2290.323318] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2290.323329] RIP: 0033:0x45a679 [ 2290.323335] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2290.323350] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2290.330155] 0 [ 2290.333675] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2290.333681] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2290.333688] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2290.333694] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2290.599615] Mem-Info: [ 2290.627107] active_anon:1146231 inactive_anon:199 isolated_anon:0 [ 2290.627107] active_file:6820 inactive_file:8649 isolated_file:0 [ 2290.627107] unevictable:0 dirty:83 writeback:0 unstable:0 [ 2290.627107] slab_reclaimable:19014 slab_unreclaimable:137490 [ 2290.627107] mapped:57704 shmem:255 pagetables:41304 bounce:0 [ 2290.627107] free:109809 free_pcp:0 free_cma:0 [ 2290.637419] Node 0 active_anon:1719720kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2290.672633] Node 0 [ 2290.704930] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2290.745296] 0 [ 2290.773206] lowmem_reserve[]: [ 2290.787539] 0 [ 2290.809082] 0 2569 2569 2569 2569 [ 2290.815006] Node 0 DMA32 free:18172kB min:36380kB low:45472kB high:54564kB active_anon:1715336kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65300kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2290.815169] Node 0 [ 2290.849731] lowmem_reserve[]: [ 2290.851702] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2290.852519] 0 [ 2290.856908] lowmem_reserve[]: [ 2290.881255] 0 0 0 0 [ 2290.888131] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2290.904652] 0 [ 2290.939935] lowmem_reserve[]: [ 2290.941338] 0 [ 2290.942211] 0 0 0 0 0 [ 2290.949819] 0 0 0 [ 2290.950385] Node 0 DMA: 8*4kB (UM) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10384kB [ 2290.962739] Node 0 [ 2290.981285] Node 0 DMA32: 3414*4kB (UME) 403*8kB (UME) 92*16kB (UM) 3*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18448kB [ 2290.991506] DMA: 8*4kB (UM) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10384kB [ 2291.009258] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2291.040566] Node 0 DMA32: 3414*4kB (UME) 403*8kB (UME) 92*16kB (UM) 3*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18448kB [ 2291.053693] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2291.079730] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB [ 2291.079785] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2291.079787] 0*256kB 0*512kB [ 2291.088595] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2291.095890] 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2291.108533] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2291.114176] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2291.121408] 15587 total pagecache pages [ 2291.134258] 0 pages in swap cache [ 2291.138010] Swap cache stats: add 0, delete 0, find 0/0 [ 2291.139932] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2291.143744] Free swap = 0kB [ 2291.155703] Total swap = 0kB [ 2291.157339] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2291.159030] 1965979 pages RAM [ 2291.171204] 0 pages HighMem/MovableOnly [ 2291.175490] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2291.175493] 335854 pages reserved [ 2291.175499] 0 pages cma reserved [ 2291.189842] 15587 total pagecache pages [ 2291.192213] Out of memory: Kill process 22547 (syz-executor.0) score 1009 or sacrifice child [ 2291.203210] 0 pages in swap cache [ 2291.204363] Killed process 22547 (syz-executor.0) total-vm:72980kB, anon-rss:15984kB, file-rss:34816kB, shmem-rss:0kB [ 2291.208150] Swap cache stats: add 0, delete 0, find 0/0 [ 2291.230390] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2291.235458] Free swap = 0kB [ 2291.245451] Total swap = 0kB [ 2291.249041] 1965979 pages RAM [ 2291.251459] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2291.263992] 0 pages HighMem/MovableOnly [ 2291.265012] CPU: 0 PID: 8304 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2291.268639] 335854 pages reserved [ 2291.275791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2291.275796] Call Trace: [ 2291.275813] dump_stack+0x142/0x197 [ 2291.275831] warn_alloc.cold+0x96/0x1af [ 2291.275840] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2291.275858] ? wait_for_completion+0x420/0x420 [ 2291.275874] __alloc_pages_slowpath+0x23c6/0x2930 [ 2291.275899] ? warn_alloc+0xf0/0xf0 [ 2291.280157] 0 pages cma reserved [ 2291.288716] ? __might_sleep+0x93/0xb0 [ 2291.288733] __alloc_pages_nodemask+0x62c/0x7a0 [ 2291.288744] ? lock_downgrade+0x740/0x740 [ 2291.288755] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2291.338100] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2291.343994] alloc_pages_current+0xec/0x1e0 [ 2291.348322] ion_page_pool_alloc+0x11f/0x1c0 [ 2291.352731] ion_system_heap_allocate+0x138/0x910 [ 2291.357566] ? ion_alloc+0x19b/0x860 [ 2291.361274] ? rcu_read_lock_sched_held+0x110/0x130 [ 2291.366289] ? ion_system_heap_free+0x250/0x250 [ 2291.370969] ion_alloc+0x222/0x860 [ 2291.374511] ? ion_dma_buf_release+0x50/0x50 [ 2291.378914] ? kasan_check_write+0x14/0x20 [ 2291.383156] ? _copy_from_user+0x99/0x110 [ 2291.387308] ion_ioctl+0x105/0x217 [ 2291.390850] ? ion_alloc.cold+0x40/0x40 [ 2291.394828] ? ion_alloc.cold+0x40/0x40 [ 2291.398793] do_vfs_ioctl+0x7ae/0x1060 [ 2291.402678] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2291.407421] ? lock_downgrade+0x740/0x740 [ 2291.411623] ? ioctl_preallocate+0x1c0/0x1c0 [ 2291.416178] ? __fget+0x237/0x370 [ 2291.419651] ? security_file_ioctl+0x89/0xb0 [ 2291.424068] SyS_ioctl+0x8f/0xc0 [ 2291.427432] ? do_vfs_ioctl+0x1060/0x1060 [ 2291.431640] do_syscall_64+0x1e8/0x640 [ 2291.435528] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2291.440418] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2291.445630] RIP: 0033:0x45a679 [ 2291.448807] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2291.456510] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2291.463908] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2291.471185] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2291.478458] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2291.485735] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff 20:58:41 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2291.506257] warn_alloc_show_mem: 2 callbacks suppressed [ 2291.506261] Mem-Info: [ 2291.514726] active_anon:1142287 inactive_anon:199 isolated_anon:0 [ 2291.514726] active_file:6820 inactive_file:8671 isolated_file:0 [ 2291.514726] unevictable:0 dirty:108 writeback:0 unstable:0 [ 2291.514726] slab_reclaimable:19014 slab_unreclaimable:137207 [ 2291.514726] mapped:57704 shmem:255 pagetables:41341 bounce:0 [ 2291.514726] free:113836 free_pcp:406 free_cma:0 [ 2291.549100] Node 0 active_anon:1719520kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2291.582294] IPVS: ftp: loaded support on port[0] = 21 [ 2291.588117] Node 1 active_anon:2849588kB inactive_anon:32kB active_file:27272kB inactive_file:34680kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21844kB dirty:440kB writeback:0kB shmem:68kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2291.629842] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2291.663687] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2291.669225] Node 0 DMA32 free:18316kB min:36380kB low:45472kB high:54564kB active_anon:1715112kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65220kB bounce:0kB free_pcp:440kB local_pcp:116kB free_cma:0kB [ 2291.705308] lowmem_reserve[]: 0 0 0 0 0 [ 2291.709545] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2291.736995] lowmem_reserve[]: 0 0 0 0 0 [ 2291.741248] Node 1 Normal free:425836kB min:53508kB low:66884kB high:80260kB active_anon:2849672kB inactive_anon:32kB active_file:27272kB inactive_file:34680kB unevictable:0kB writepending:452kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45184kB pagetables:100004kB bounce:0kB free_pcp:1208kB local_pcp:372kB free_cma:0kB [ 2291.774047] lowmem_reserve[]: 0 0 0 0 0 [ 2291.779197] Node 0 DMA: 8*4kB (UM) 22*8kB (UM) 20*16kB (UME) 2*32kB (U) 1*64kB (E) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10384kB [ 2291.797308] Node 0 DMA32: 3387*4kB (UME) 400*8kB (ME) 92*16kB (UMH) 3*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18316kB [ 2291.813397] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2291.824787] Node 1 Normal: 5711*4kB (UME) 2192*8kB (UMEH) 3392*16kB (UMEH) 2688*32kB (UMEH) 1170*64kB (UMEH) 240*128kB (MEH) 90*256kB (MEH) 121*512kB (ME) 39*1024kB (UMH) 7*2048kB (M) 0*4096kB = 425532kB [ 2291.846886] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2291.860735] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2291.869364] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2291.880583] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2291.895674] 15596 total pagecache pages [ 2291.899778] 0 pages in swap cache [ 2291.906150] Swap cache stats: add 0, delete 0, find 0/0 [ 2291.911693] Free swap = 0kB [ 2291.914715] Total swap = 0kB [ 2291.917728] 1965979 pages RAM [ 2291.923927] 0 pages HighMem/MovableOnly [ 2291.927914] 335854 pages reserved [ 2291.931728] 0 pages cma reserved [ 2292.006923] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2292.018490] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2292.028517] CPU: 1 PID: 8304 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2292.036345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2292.045707] Call Trace: [ 2292.048309] dump_stack+0x142/0x197 [ 2292.051943] warn_alloc.cold+0x96/0x1af [ 2292.055921] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2292.060780] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2292.066071] __alloc_pages_slowpath+0x23c6/0x2930 [ 2292.070940] ? save_trace+0x290/0x290 [ 2292.074746] ? warn_alloc+0xf0/0xf0 [ 2292.078494] ? __might_sleep+0x93/0xb0 [ 2292.082403] __alloc_pages_nodemask+0x62c/0x7a0 [ 2292.087078] ? lock_downgrade+0x740/0x740 [ 2292.091235] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2292.096255] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2292.101888] alloc_pages_current+0xec/0x1e0 [ 2292.106221] ion_page_pool_alloc+0x11f/0x1c0 [ 2292.110644] ion_system_heap_allocate+0x138/0x910 [ 2292.115594] ? ion_system_heap_free+0x250/0x250 [ 2292.120269] ion_alloc+0x68c/0x860 [ 2292.123824] ? ion_dma_buf_release+0x50/0x50 [ 2292.128242] ? kasan_check_write+0x14/0x20 [ 2292.132484] ? _copy_from_user+0x99/0x110 [ 2292.136644] ion_ioctl+0x105/0x217 [ 2292.140195] ? ion_alloc.cold+0x40/0x40 [ 2292.144183] ? ion_alloc.cold+0x40/0x40 [ 2292.148232] do_vfs_ioctl+0x7ae/0x1060 [ 2292.152245] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2292.157013] ? lock_downgrade+0x740/0x740 [ 2292.161171] ? ioctl_preallocate+0x1c0/0x1c0 [ 2292.165599] ? __fget+0x237/0x370 [ 2292.169059] ? security_file_ioctl+0x89/0xb0 [ 2292.173472] SyS_ioctl+0x8f/0xc0 [ 2292.176836] ? do_vfs_ioctl+0x1060/0x1060 [ 2292.180987] do_syscall_64+0x1e8/0x640 [ 2292.184885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2292.189732] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2292.194914] RIP: 0033:0x45a679 [ 2292.198096] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2292.205814] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2292.213104] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2292.220390] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2292.227668] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2292.234947] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2292.270195] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2292.285487] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2292.291706] CPU: 0 PID: 8304 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2292.299523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2292.308894] Call Trace: [ 2292.311475] dump_stack+0x142/0x197 [ 2292.315096] warn_alloc.cold+0x96/0x1af [ 2292.319136] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2292.323969] ? call_timer_fn+0x670/0x670 [ 2292.328025] __alloc_pages_slowpath+0x23c6/0x2930 [ 2292.332882] ? warn_alloc+0xf0/0xf0 [ 2292.336517] ? __might_sleep+0x93/0xb0 [ 2292.340448] __alloc_pages_nodemask+0x62c/0x7a0 [ 2292.345105] ? lock_downgrade+0x740/0x740 [ 2292.349240] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2292.354245] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2292.359861] alloc_pages_current+0xec/0x1e0 [ 2292.364185] ion_page_pool_alloc+0x11f/0x1c0 [ 2292.368580] ion_system_heap_allocate+0x138/0x910 [ 2292.373415] ? ion_system_heap_free+0x250/0x250 [ 2292.378073] ion_alloc+0x68c/0x860 [ 2292.381601] ? ion_dma_buf_release+0x50/0x50 [ 2292.385999] ? kasan_check_write+0x14/0x20 [ 2292.390217] ? _copy_from_user+0x99/0x110 [ 2292.394363] ion_ioctl+0x105/0x217 [ 2292.397898] ? ion_alloc.cold+0x40/0x40 [ 2292.401860] ? ion_alloc.cold+0x40/0x40 [ 2292.405824] do_vfs_ioctl+0x7ae/0x1060 [ 2292.409694] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2292.414439] ? lock_downgrade+0x740/0x740 [ 2292.418576] ? ioctl_preallocate+0x1c0/0x1c0 [ 2292.422981] ? __fget+0x237/0x370 [ 2292.426438] ? security_file_ioctl+0x89/0xb0 [ 2292.430854] SyS_ioctl+0x8f/0xc0 [ 2292.434210] ? do_vfs_ioctl+0x1060/0x1060 [ 2292.438474] do_syscall_64+0x1e8/0x640 [ 2292.442368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2292.447349] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2292.452549] RIP: 0033:0x45a679 [ 2292.455734] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:58:42 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:42 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2292.463444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2292.475045] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2292.482439] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2292.489747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2292.497011] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2292.648385] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2292.668217] oom_reaper: reaped process 8323 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2292.678975] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2292.686990] CPU: 0 PID: 8366 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2292.694828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2292.704203] Call Trace: [ 2292.706825] dump_stack+0x142/0x197 [ 2292.710474] warn_alloc.cold+0x96/0x1af [ 2292.714491] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2292.719370] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2292.724681] __alloc_pages_slowpath+0x23c6/0x2930 [ 2292.729566] ? save_trace+0x290/0x290 [ 2292.733406] ? warn_alloc+0xf0/0xf0 [ 2292.737071] ? __might_sleep+0x93/0xb0 [ 2292.740984] __alloc_pages_nodemask+0x62c/0x7a0 [ 2292.745671] ? lock_downgrade+0x740/0x740 [ 2292.747360] syz-executor.1: [ 2292.749828] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2292.749850] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2292.752936] page allocation failure: order:0 [ 2292.757867] alloc_pages_current+0xec/0x1e0 [ 2292.757891] ion_page_pool_alloc+0x11f/0x1c0 [ 2292.763571] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2292.767886] ion_system_heap_allocate+0x138/0x910 [ 2292.767901] ? ion_alloc+0x19b/0x860 [ 2292.772270] 0 [ 2292.776629] ? rcu_read_lock_sched_held+0x110/0x130 [ 2292.776648] ? ion_system_heap_free+0x250/0x250 [ 2292.783787] syz-executor.1 cpuset= [ 2292.788568] ion_alloc+0x222/0x860 [ 2292.788592] ? ion_dma_buf_release+0x50/0x50 [ 2292.792354] syz1 [ 2292.793998] ? kasan_check_write+0x14/0x20 [ 2292.799044] mems_allowed=0-1 [ 2292.803646] ? _copy_from_user+0x99/0x110 [ 2292.803667] ion_ioctl+0x105/0x217 [ 2292.803681] ? ion_alloc.cold+0x40/0x40 [ 2292.835985] ? ion_alloc.cold+0x40/0x40 [ 2292.839955] do_vfs_ioctl+0x7ae/0x1060 [ 2292.843837] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2292.848586] ? lock_downgrade+0x740/0x740 [ 2292.852728] ? ioctl_preallocate+0x1c0/0x1c0 [ 2292.857137] ? __fget+0x237/0x370 [ 2292.860599] ? security_file_ioctl+0x89/0xb0 [ 2292.865007] SyS_ioctl+0x8f/0xc0 [ 2292.868394] ? do_vfs_ioctl+0x1060/0x1060 [ 2292.872541] do_syscall_64+0x1e8/0x640 [ 2292.876422] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2292.881268] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2292.886466] RIP: 0033:0x45a679 [ 2292.889647] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2292.897361] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2292.904636] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2292.911911] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2292.919194] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2292.926461] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2292.933753] CPU: 1 PID: 8323 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2292.941564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2292.944832] oom_reaper: reaped process 8315 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2292.950919] Call Trace: [ 2292.950939] dump_stack+0x142/0x197 [ 2292.950955] warn_alloc.cold+0x96/0x1af [ 2292.950964] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2292.950982] ? wait_for_completion+0x420/0x420 [ 2292.950998] __alloc_pages_slowpath+0x23c6/0x2930 [ 2292.951027] ? warn_alloc+0xf0/0xf0 [ 2292.969413] oom_reaper: reaped process 8318 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2292.971075] ? __might_sleep+0x93/0xb0 [ 2292.971089] __alloc_pages_nodemask+0x62c/0x7a0 [ 2292.971102] ? lock_downgrade+0x740/0x740 [ 2292.971113] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2292.971128] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2292.971143] alloc_pages_current+0xec/0x1e0 [ 2292.971158] ion_page_pool_alloc+0x11f/0x1c0 [ 2292.976825] warn_alloc_show_mem: 2 callbacks suppressed [ 2292.976829] Mem-Info: [ 2292.980594] ion_system_heap_allocate+0x138/0x910 [ 2292.980604] ? ion_alloc+0x19b/0x860 [ 2292.980618] ? rcu_read_lock_sched_held+0x110/0x130 [ 2292.980632] ? ion_system_heap_free+0x250/0x250 [ 2292.980646] ion_alloc+0x222/0x860 [ 2292.980661] ? ion_dma_buf_release+0x50/0x50 [ 2292.980678] ? kasan_check_write+0x14/0x20 [ 2292.980689] ? _copy_from_user+0x99/0x110 [ 2292.980701] ion_ioctl+0x105/0x217 [ 2292.980712] ? ion_alloc.cold+0x40/0x40 [ 2292.980728] ? ion_alloc.cold+0x40/0x40 [ 2292.985983] active_anon:1142249 inactive_anon:199 isolated_anon:0 [ 2292.985983] active_file:6820 inactive_file:8678 isolated_file:0 [ 2292.985983] unevictable:0 dirty:117 writeback:0 unstable:0 [ 2292.985983] slab_reclaimable:19022 slab_unreclaimable:137326 [ 2292.985983] mapped:57704 shmem:255 pagetables:41308 bounce:0 [ 2292.985983] free:113788 free_pcp:88 free_cma:0 [ 2292.989185] do_vfs_ioctl+0x7ae/0x1060 [ 2292.989200] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2292.989211] ? lock_downgrade+0x740/0x740 [ 2292.989224] ? ioctl_preallocate+0x1c0/0x1c0 [ 2292.989243] ? __fget+0x237/0x370 [ 2292.989262] ? security_file_ioctl+0x89/0xb0 [ 2293.000636] Node 0 active_anon:1719696kB inactive_anon:764kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:952kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2293.003013] SyS_ioctl+0x8f/0xc0 [ 2293.003025] ? do_vfs_ioctl+0x1060/0x1060 [ 2293.003040] do_syscall_64+0x1e8/0x640 [ 2293.003049] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2293.003067] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2293.008057] Node 0 [ 2293.011861] RIP: 0033:0x45a679 [ 2293.011867] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2293.011878] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2293.011885] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2293.011892] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2293.011898] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2293.011904] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2293.012318] syz-executor.4: [ 2293.017839] DMA free:10368kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2293.022808] syz-executor.2: [ 2293.027484] lowmem_reserve[]: [ 2293.036849] page allocation failure: order:0 [ 2293.037947] 0 [ 2293.039635] page allocation failure: order:0 [ 2293.045146] 2569 [ 2293.048729] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2293.054066] 2569 [ 2293.063396] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2293.066992] 0 [ 2293.078045] 0 [ 2293.079917] 2569 [ 2293.088642] syz-executor.4 cpuset= [ 2293.121284] syz-executor.2 cpuset= [ 2293.129088] syz4 [ 2293.320819] syz2 [ 2293.325075] 2569 [ 2293.329717] Node 0 DMA32 free:18120kB min:36380kB low:45472kB high:54564kB active_anon:1715348kB inactive_anon:776kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65428kB bounce:0kB free_pcp:352kB local_pcp:76kB free_cma:0kB [ 2293.359736] lowmem_reserve[]: 0 0 0 0 0 [ 2293.364371] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2293.390700] lowmem_reserve[]: 0 0 0 0 0 [ 2293.395259] Node 0 DMA: 4*4kB (M) 14*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10368kB [ 2293.412061] Node 0 DMA32: 4601*4kB (UME) 1711*8kB (UME) 1111*16kB (UME) 443*32kB (UM) 20*64kB (M) 2*128kB (UM) 15*256kB (U) 6*512kB (U) 2*1024kB (U) 0*2048kB 0*4096kB = 74540kB [ 2293.428973] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 20:58:43 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2293.451452] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2293.477269] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2293.509200] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2293.529296] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2293.538564] 15611 total pagecache pages [ 2293.543406] 0 pages in swap cache [ 2293.547634] Swap cache stats: add 0, delete 0, find 0/0 [ 2293.553874] Free swap = 0kB [ 2293.557603] Total swap = 0kB [ 2293.561508] 1965979 pages RAM [ 2293.565976] mems_allowed=0-1 [ 2293.567400] syz-executor.1 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2293.569608] 0 pages HighMem/MovableOnly [ 2293.587101] mems_allowed=0-1 [ 2293.588684] CPU: 0 PID: 8315 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2293.595822] syz-executor.1 cpuset= [ 2293.598009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2293.598014] Call Trace: [ 2293.598030] dump_stack+0x142/0x197 [ 2293.598046] warn_alloc.cold+0x96/0x1af [ 2293.608365] syz1 [ 2293.610915] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2293.619059] mems_allowed=0-1 [ 2293.621075] ? call_timer_fn+0x670/0x670 [ 2293.621100] __alloc_pages_slowpath+0x23c6/0x2930 [ 2293.621136] ? warn_alloc+0xf0/0xf0 [ 2293.643469] ? __might_sleep+0x93/0xb0 [ 2293.647346] __alloc_pages_nodemask+0x62c/0x7a0 [ 2293.652001] ? lock_downgrade+0x740/0x740 [ 2293.656137] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2293.661165] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2293.666786] alloc_pages_current+0xec/0x1e0 [ 2293.671100] ion_page_pool_alloc+0x11f/0x1c0 [ 2293.675503] ion_system_heap_allocate+0x138/0x910 [ 2293.680345] ? ion_alloc+0x19b/0x860 [ 2293.684047] ? rcu_read_lock_sched_held+0x110/0x130 [ 2293.689064] ? ion_system_heap_free+0x250/0x250 [ 2293.693731] ion_alloc+0x222/0x860 [ 2293.697264] ? ion_dma_buf_release+0x50/0x50 [ 2293.701668] ? kasan_check_write+0x14/0x20 [ 2293.705897] ? _copy_from_user+0x99/0x110 [ 2293.710038] ion_ioctl+0x105/0x217 [ 2293.713574] ? ion_alloc.cold+0x40/0x40 [ 2293.717551] ? ion_alloc.cold+0x40/0x40 [ 2293.721536] do_vfs_ioctl+0x7ae/0x1060 [ 2293.725430] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2293.730234] ? lock_downgrade+0x740/0x740 [ 2293.734387] ? ioctl_preallocate+0x1c0/0x1c0 [ 2293.738807] ? __fget+0x237/0x370 [ 2293.742259] ? security_file_ioctl+0x89/0xb0 [ 2293.746663] SyS_ioctl+0x8f/0xc0 [ 2293.750030] ? do_vfs_ioctl+0x1060/0x1060 [ 2293.754168] do_syscall_64+0x1e8/0x640 [ 2293.758041] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2293.762879] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2293.768053] RIP: 0033:0x45a679 [ 2293.771230] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2293.778926] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2293.786184] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2293.793442] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2293.800702] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2293.807957] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2293.815273] CPU: 1 PID: 8323 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2293.817755] 335854 pages reserved [ 2293.823078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2293.823083] Call Trace: [ 2293.823099] dump_stack+0x142/0x197 [ 2293.823115] dump_header+0x177/0x6cd [ 2293.823128] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2293.823139] ? ___ratelimit+0x55/0x537 [ 2293.823153] oom_kill_process.cold+0x10/0xadd [ 2293.823162] ? rcu_read_unlock_special+0x639/0xd40 [ 2293.823176] ? lock_downgrade+0x740/0x740 [ 2293.823192] out_of_memory+0x2ee/0x1180 [ 2293.823203] ? lock_acquire+0x16f/0x430 [ 2293.826917] 0 pages cma reserved [ 2293.836000] ? oom_killer_disable+0x1d0/0x1d0 [ 2293.836012] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2293.836023] __alloc_pages_slowpath+0x2251/0x2930 [ 2293.836049] ? warn_alloc+0xf0/0xf0 [ 2293.836070] ? __might_sleep+0x93/0xb0 [ 2293.836082] __alloc_pages_nodemask+0x62c/0x7a0 [ 2293.836094] ? lock_downgrade+0x740/0x740 [ 2293.910460] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2293.915494] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2293.921151] alloc_pages_current+0xec/0x1e0 [ 2293.925512] ion_page_pool_alloc+0x11f/0x1c0 [ 2293.929934] ion_system_heap_allocate+0x138/0x910 [ 2293.934804] ? ion_system_heap_free+0x250/0x250 [ 2293.939491] ion_alloc+0x68c/0x860 [ 2293.943050] ? ion_dma_buf_release+0x50/0x50 [ 2293.947476] ? kasan_check_write+0x14/0x20 [ 2293.951716] ? _copy_from_user+0x99/0x110 [ 2293.955879] ion_ioctl+0x105/0x217 [ 2293.959429] ? ion_alloc.cold+0x40/0x40 [ 2293.963419] ? ion_alloc.cold+0x40/0x40 [ 2293.967386] do_vfs_ioctl+0x7ae/0x1060 [ 2293.971275] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2293.976032] ? lock_downgrade+0x740/0x740 [ 2293.980178] ? ioctl_preallocate+0x1c0/0x1c0 [ 2293.984764] ? __fget+0x237/0x370 [ 2293.988217] ? security_file_ioctl+0x89/0xb0 [ 2293.992631] SyS_ioctl+0x8f/0xc0 [ 2293.995998] ? do_vfs_ioctl+0x1060/0x1060 [ 2294.000146] do_syscall_64+0x1e8/0x640 [ 2294.004029] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2294.008875] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2294.014064] RIP: 0033:0x45a679 [ 2294.017254] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2294.024967] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2294.032239] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2294.039621] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2294.046910] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2294.054177] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2294.073113] CPU: 0 PID: 8318 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2294.077096] Mem-Info: [ 2294.080947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2294.080953] Call Trace: [ 2294.080970] dump_stack+0x142/0x197 [ 2294.080986] warn_alloc.cold+0x96/0x1af [ 2294.080995] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2294.081008] ? call_timer_fn+0x670/0x670 [ 2294.083471] active_anon:1142248 inactive_anon:199 isolated_anon:0 [ 2294.083471] active_file:6821 inactive_file:8698 isolated_file:0 [ 2294.083471] unevictable:0 dirty:146 writeback:0 unstable:0 [ 2294.083471] slab_reclaimable:19034 slab_unreclaimable:137425 [ 2294.083471] mapped:57690 shmem:255 pagetables:41308 bounce:0 [ 2294.083471] free:118505 free_pcp:219 free_cma:0 [ 2294.093035] __alloc_pages_slowpath+0x23c6/0x2930 [ 2294.093061] ? warn_alloc+0xf0/0xf0 [ 2294.093083] ? __might_sleep+0x93/0xb0 [ 2294.093096] __alloc_pages_nodemask+0x62c/0x7a0 [ 2294.095704] Node 0 active_anon:1719636kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2294.099272] ? lock_downgrade+0x740/0x740 [ 2294.099283] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2294.099299] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2294.103305] Node 0 [ 2294.108097] alloc_pages_current+0xec/0x1e0 [ 2294.108114] ion_page_pool_alloc+0x11f/0x1c0 [ 2294.112213] DMA free:10436kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2294.146006] ion_system_heap_allocate+0x138/0x910 [ 2294.146020] ? ion_alloc+0x19b/0x860 [ 2294.146032] ? rcu_read_lock_sched_held+0x110/0x130 [ 2294.146045] ? ion_system_heap_free+0x250/0x250 [ 2294.146059] ion_alloc+0x222/0x860 [ 2294.151106] lowmem_reserve[]: [ 2294.154648] ? ion_dma_buf_release+0x50/0x50 [ 2294.154667] ? kasan_check_write+0x14/0x20 [ 2294.158690] 0 [ 2294.163290] ? _copy_from_user+0x99/0x110 [ 2294.163305] ion_ioctl+0x105/0x217 [ 2294.163316] ? ion_alloc.cold+0x40/0x40 [ 2294.163331] ? ion_alloc.cold+0x40/0x40 [ 2294.163347] do_vfs_ioctl+0x7ae/0x1060 [ 2294.191086] 2569 [ 2294.195121] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2294.195132] ? lock_downgrade+0x740/0x740 [ 2294.195151] ? ioctl_preallocate+0x1c0/0x1c0 [ 2294.200200] 2569 [ 2294.205765] ? __fget+0x237/0x370 [ 2294.205783] ? security_file_ioctl+0x89/0xb0 [ 2294.205797] SyS_ioctl+0x8f/0xc0 [ 2294.208073] 2569 [ 2294.212344] ? do_vfs_ioctl+0x1060/0x1060 [ 2294.212363] do_syscall_64+0x1e8/0x640 [ 2294.212373] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2294.212392] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2294.216805] 2569 [ 2294.242535] RIP: 0033:0x45a679 [ 2294.242541] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2294.242551] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2294.242556] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2294.242561] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2294.242566] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2294.242572] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2294.250599] warn_alloc_show_mem: 2 callbacks suppressed [ 2294.250602] Mem-Info: [ 2294.261695] active_anon:1142248 inactive_anon:199 isolated_anon:0 [ 2294.261695] active_file:6821 inactive_file:8698 isolated_file:0 [ 2294.261695] unevictable:0 dirty:146 writeback:0 unstable:0 20:58:44 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2294.261695] slab_reclaimable:19034 slab_unreclaimable:137425 [ 2294.261695] mapped:57690 shmem:255 pagetables:41308 bounce:0 [ 2294.261695] free:118288 free_pcp:468 free_cma:0 [ 2294.264484] Node 0 [ 2294.267911] Node 0 active_anon:1719636kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2294.272118] DMA32 free:36260kB min:36380kB low:45472kB high:54564kB active_anon:1715252kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65324kB bounce:0kB free_pcp:948kB local_pcp:676kB free_cma:0kB [ 2294.279724] Node 1 active_anon:2849356kB inactive_anon:28kB active_file:27272kB inactive_file:34776kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21840kB dirty:576kB writeback:0kB shmem:64kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2294.287287] lowmem_reserve[]: [ 2294.293091] Node 0 [ 2294.298333] DMA free:10436kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2294.305302] lowmem_reserve[]: [ 2294.316543] 0 [ 2294.320113] 0 [ 2294.323776] 2569 [ 2294.336234] 2569 [ 2294.336762] 0 [ 2294.342084] 2569 [ 2294.363865] 2569 [ 2294.367437] 0 [ 2294.406605] Node 0 [ 2294.475910] DMA32 free:36260kB min:36380kB low:45472kB high:54564kB active_anon:1715252kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65324kB bounce:0kB free_pcp:960kB local_pcp:284kB free_cma:0kB [ 2294.514082] 0 [ 2294.539535] lowmem_reserve[]: [ 2294.567513] 0 [ 2294.588014] 0 [ 2294.608285] 0 [ 2294.619407] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2294.622071] 0 [ 2294.652743] 0 0 [ 2294.654749] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2294.654774] lowmem_reserve[]: 0 0 [ 2294.681066] lowmem_reserve[]: 0 0 0 0 0 [ 2294.688606] 0 0 0 [ 2294.689156] Node 0 [ 2294.691109] Node 1 Normal free:426564kB min:53508kB low:66884kB high:80260kB active_anon:2849356kB inactive_anon:28kB active_file:27272kB inactive_file:34776kB unevictable:0kB writepending:576kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45216kB pagetables:99900kB bounce:0kB free_pcp:904kB local_pcp:712kB free_cma:0kB [ 2294.691133] lowmem_reserve[]: 0 0 0 0 [ 2294.694378] DMA: [ 2294.732855] 0 [ 2294.734684] Node 0 DMA: 7*4kB (UM) 21*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10436kB [ 2294.758699] Node 0 DMA32: 3467*4kB (MEH) 403*8kB (UMEH) 83*16kB (UMEH) 1*32kB (M) 2*64kB (UM) 48*128kB (U) 23*256kB (U) 11*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 36244kB [ 2294.779798] 7*4kB (UM) 21*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10436kB [ 2294.797853] Node 0 DMA32: 3467*4kB (MEH) 403*8kB (UMEH) 83*16kB (UMEH) 1*32kB (M) 2*64kB (UM) 48*128kB (U) 23*256kB (U) 11*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 36244kB [ 2294.814136] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2294.825035] Node 1 Normal: 5853*4kB (UM) 2189*8kB (UMH) 3420*16kB (UMEH) 2707*32kB (UMEH) 1170*64kB (UMEH) 240*128kB (MEH) 90*256kB (MEH) 121*512kB (ME) 39*1024kB (UMH) 7*2048kB (M) 0*4096kB = 427132kB [ 2294.843347] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2294.854206] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2294.863198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2294.863206] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2294.863212] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2294.863219] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2294.863226] 15618 total pagecache pages [ 2294.889657] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2294.911017] 0 pages in swap cache [ 2294.914531] Swap cache stats: add 0, delete 0, find 0/0 [ 2294.919942] Free swap = 0kB [ 2294.923066] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2294.932016] Total swap = 0kB [ 2294.932026] 1965979 pages RAM [ 2294.932030] 0 pages HighMem/MovableOnly [ 2294.932034] 335854 pages reserved [ 2294.932037] 0 pages cma reserved [ 2294.939615] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2294.967041] 15618 total pagecache pages [ 2294.977756] 0 pages in swap cache [ 2294.993524] Swap cache stats: add 0, delete 0, find 0/0 [ 2295.016793] Free swap = 0kB [ 2295.028626] Total swap = 0kB [ 2295.038208] 1965979 pages RAM [ 2295.041952] warn_alloc: 3 callbacks suppressed [ 2295.041956] syz-executor.4: [ 2295.046628] 0 pages HighMem/MovableOnly [ 2295.059288] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2295.076713] 335854 pages reserved [ 2295.080511] 0 pages cma reserved [ 2295.083968] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2295.089043] Out of memory: Kill process 20303 (syz-executor.1) score 1009 or sacrifice child [ 2295.089434] CPU: 0 PID: 8318 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2295.098452] Killed process 20303 (syz-executor.1) total-vm:72980kB, anon-rss:14520kB, file-rss:35632kB, shmem-rss:0kB [ 2295.105725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2295.105730] Call Trace: [ 2295.105750] dump_stack+0x142/0x197 [ 2295.105766] warn_alloc.cold+0x96/0x1af [ 2295.105777] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2295.105798] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2295.118438] syz-executor.1: [ 2295.125897] __alloc_pages_slowpath+0x23c6/0x2930 [ 2295.125916] ? save_trace+0x290/0x290 [ 2295.125931] ? warn_alloc+0xf0/0xf0 [ 2295.125951] ? __might_sleep+0x93/0xb0 [ 2295.128844] page allocation failure: order:0 [ 2295.132142] __alloc_pages_nodemask+0x62c/0x7a0 [ 2295.132155] ? lock_downgrade+0x740/0x740 [ 2295.132166] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2295.132184] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2295.132201] alloc_pages_current+0xec/0x1e0 [ 2295.136782] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2295.141018] ion_page_pool_alloc+0x11f/0x1c0 [ 2295.141031] ion_system_heap_allocate+0x138/0x910 [ 2295.141046] ? ion_system_heap_free+0x250/0x250 [ 2295.141063] ion_alloc+0x68c/0x860 [ 2295.146627] 0 [ 2295.149340] ? ion_dma_buf_release+0x50/0x50 [ 2295.149357] ? kasan_check_write+0x14/0x20 [ 2295.149370] ? _copy_from_user+0x99/0x110 [ 2295.154758] syz-executor.1 cpuset= [ 2295.157988] ion_ioctl+0x105/0x217 [ 2295.158005] ? ion_alloc.cold+0x40/0x40 [ 2295.158020] ? ion_alloc.cold+0x40/0x40 [ 2295.161856] syz1 [ 2295.165510] do_vfs_ioctl+0x7ae/0x1060 [ 2295.170393] mems_allowed=0-1 [ 2295.174559] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2295.174571] ? lock_downgrade+0x740/0x740 [ 2295.174583] ? ioctl_preallocate+0x1c0/0x1c0 [ 2295.174596] ? __fget+0x237/0x370 [ 2295.273213] ? security_file_ioctl+0x89/0xb0 [ 2295.277623] SyS_ioctl+0x8f/0xc0 [ 2295.280991] ? do_vfs_ioctl+0x1060/0x1060 [ 2295.285135] do_syscall_64+0x1e8/0x640 [ 2295.289012] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2295.293852] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2295.299030] RIP: 0033:0x45a679 [ 2295.302210] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2295.309921] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2295.317177] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2295.324437] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2295.331695] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2295.339039] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2295.346319] CPU: 1 PID: 8323 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2295.354133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2295.358095] Mem-Info: [ 2295.363489] Call Trace: [ 2295.363506] dump_stack+0x142/0x197 [ 2295.363521] warn_alloc.cold+0x96/0x1af [ 2295.363531] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2295.363548] ? wait_for_completion+0x420/0x420 [ 2295.363568] __alloc_pages_slowpath+0x23c6/0x2930 [ 2295.365989] active_anon:1142213 inactive_anon:197 isolated_anon:0 [ 2295.365989] active_file:6821 inactive_file:8721 isolated_file:0 [ 2295.365989] unevictable:0 dirty:171 writeback:0 unstable:0 [ 2295.365989] slab_reclaimable:19034 slab_unreclaimable:137562 [ 2295.365989] mapped:57690 shmem:255 pagetables:41282 bounce:0 [ 2295.365989] free:118174 free_pcp:663 free_cma:0 [ 2295.368564] ? warn_alloc+0xf0/0xf0 [ 2295.379227] Node 0 active_anon:1719600kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2295.380951] ? __might_sleep+0x93/0xb0 [ 2295.380982] __alloc_pages_nodemask+0x62c/0x7a0 [ 2295.380995] ? lock_downgrade+0x740/0x740 [ 2295.381008] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2295.385588] Node 1 active_anon:2849252kB inactive_anon:20kB active_file:27272kB inactive_file:34868kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21840kB dirty:676kB writeback:0kB shmem:64kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2295.390410] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2295.390427] alloc_pages_current+0xec/0x1e0 [ 2295.390443] ion_page_pool_alloc+0x11f/0x1c0 [ 2295.390454] ion_system_heap_allocate+0x138/0x910 [ 2295.390470] ? ion_system_heap_free+0x250/0x250 [ 2295.390485] ion_alloc+0x68c/0x860 [ 2295.390502] ? ion_dma_buf_release+0x50/0x50 [ 2295.390532] ? kasan_check_write+0x14/0x20 [ 2295.431388] Node 0 [ 2295.455761] ? _copy_from_user+0x99/0x110 [ 2295.455776] ion_ioctl+0x105/0x217 [ 2295.455787] ? ion_alloc.cold+0x40/0x40 [ 2295.455802] ? ion_alloc.cold+0x40/0x40 [ 2295.455813] do_vfs_ioctl+0x7ae/0x1060 [ 2295.455824] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2295.455835] ? lock_downgrade+0x740/0x740 [ 2295.455846] ? ioctl_preallocate+0x1c0/0x1c0 [ 2295.455860] ? __fget+0x237/0x370 [ 2295.455877] ? security_file_ioctl+0x89/0xb0 [ 2295.455889] SyS_ioctl+0x8f/0xc0 [ 2295.455899] ? do_vfs_ioctl+0x1060/0x1060 [ 2295.455912] do_syscall_64+0x1e8/0x640 [ 2295.455924] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2295.467085] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2295.468780] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2295.473967] lowmem_reserve[]: [ 2295.501900] RIP: 0033:0x45a679 [ 2295.501907] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2295.501916] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2295.501921] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2295.501925] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2295.501934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2295.501939] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2295.679999] 0 2569 2569 2569 2569 [ 2295.684914] Node 0 DMA32 free:36292kB min:36380kB low:45472kB high:54564kB active_anon:1715216kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12512kB pagetables:65324kB bounce:0kB free_pcp:1616kB local_pcp:764kB free_cma:0kB [ 2295.714357] lowmem_reserve[]: 0 0 0 0 0 [ 2295.718443] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2295.743948] lowmem_reserve[]: 0 0 0 0 0 [ 2295.748008] Node 1 Normal free:425920kB min:53508kB low:66884kB high:80260kB active_anon:2849240kB inactive_anon:28kB active_file:27272kB inactive_file:34904kB unevictable:0kB writepending:712kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45088kB pagetables:99792kB bounce:0kB free_pcp:1236kB local_pcp:620kB free_cma:0kB [ 2295.778042] lowmem_reserve[]: 0 0 0 0 0 [ 2295.782097] Node 0 DMA: 8*4kB (UM) 21*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2295.797834] Node 0 DMA32: 3727*4kB (MEH) 497*8kB (ME) 180*16kB (UMEH) 44*32kB (UM) 31*64kB (M) 5*128kB (UM) 9*256kB (U) 10*512kB (U) 3*1024kB (U) 0*2048kB 0*4096kB = 36292kB [ 2295.814078] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2295.824946] Node 1 Normal: 5822*4kB (UM) 2037*8kB (UMH) 3423*16kB (UMEH) 2711*32kB (UMEH) 1169*64kB (UMEH) 240*128kB (MEH) 90*256kB (MEH) 121*512kB (ME) 39*1024kB (UMH) 7*2048kB (M) 0*4096kB = 425904kB [ 2295.843233] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2295.852228] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2295.860958] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2295.869812] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2295.879150] 15652 total pagecache pages [ 2295.879808] IPVS: ftp: loaded support on port[0] = 21 [ 2295.891803] 0 pages in swap cache [ 2295.895593] Swap cache stats: add 0, delete 0, find 0/0 [ 2295.904580] Free swap = 0kB [ 2295.907651] Total swap = 0kB [ 2295.910728] 1965979 pages RAM [ 2295.913827] 0 pages HighMem/MovableOnly [ 2295.917798] 335854 pages reserved [ 2295.922331] 0 pages cma reserved [ 2296.000161] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2296.011697] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2296.017071] CPU: 0 PID: 8318 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2296.024850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2296.034192] Call Trace: [ 2296.036779] dump_stack+0x142/0x197 [ 2296.040448] warn_alloc.cold+0x96/0x1af [ 2296.044426] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2296.049263] ? trace_hardirqs_on_caller+0x400/0x590 [ 2296.054281] ? call_timer_fn+0x670/0x670 [ 2296.058349] __alloc_pages_slowpath+0x23c6/0x2930 [ 2296.063200] ? warn_alloc+0xf0/0xf0 [ 2296.066830] ? __might_sleep+0x93/0xb0 [ 2296.070711] __alloc_pages_nodemask+0x62c/0x7a0 [ 2296.075365] ? lock_downgrade+0x740/0x740 [ 2296.079502] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2296.084511] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2296.090203] alloc_pages_current+0xec/0x1e0 [ 2296.094516] ion_page_pool_alloc+0x11f/0x1c0 [ 2296.098914] ion_system_heap_allocate+0x138/0x910 [ 2296.103811] ? ion_system_heap_free+0x250/0x250 [ 2296.108495] ion_alloc+0x68c/0x860 [ 2296.112024] ? ion_dma_buf_release+0x50/0x50 [ 2296.116425] ? kasan_check_write+0x14/0x20 [ 2296.120649] ? _copy_from_user+0x99/0x110 [ 2296.124790] ion_ioctl+0x105/0x217 [ 2296.128317] ? ion_alloc.cold+0x40/0x40 [ 2296.132281] ? ion_alloc.cold+0x40/0x40 [ 2296.136246] do_vfs_ioctl+0x7ae/0x1060 [ 2296.140126] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2296.144867] ? lock_downgrade+0x740/0x740 [ 2296.148998] ? ioctl_preallocate+0x1c0/0x1c0 [ 2296.153396] ? __fget+0x237/0x370 [ 2296.156839] ? security_file_ioctl+0x89/0xb0 [ 2296.161236] SyS_ioctl+0x8f/0xc0 [ 2296.164586] ? do_vfs_ioctl+0x1060/0x1060 [ 2296.168723] do_syscall_64+0x1e8/0x640 [ 2296.172599] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2296.177434] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2296.182611] RIP: 0033:0x45a679 [ 2296.185790] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2296.193497] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2296.200752] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2296.208008] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2296.215266] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2296.222532] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff 20:58:46 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 20:58:46 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:46 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) 20:58:46 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) [ 2296.455987] oom_reaper: reaped process 8366 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2296.540679] syz-executor.5 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2296.578774] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2296.587394] CPU: 0 PID: 8366 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2296.595240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2296.604610] Call Trace: [ 2296.606461] syz-executor.4: [ 2296.607212] dump_stack+0x142/0x197 [ 2296.607231] dump_header+0x177/0x6cd [ 2296.607246] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2296.613351] page allocation failure: order:4 [ 2296.613929] ? ___ratelimit+0x55/0x537 [ 2296.618206] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2296.622772] oom_kill_process.cold+0x10/0xadd [ 2296.622786] ? rcu_read_unlock_special+0x895/0xd40 [ 2296.622800] ? lock_downgrade+0x740/0x740 [ 2296.622813] out_of_memory+0x2ee/0x1180 [ 2296.622821] ? lock_acquire+0x16f/0x430 [ 2296.622836] ? oom_killer_disable+0x1d0/0x1d0 [ 2296.622846] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2296.622858] __alloc_pages_slowpath+0x2251/0x2930 [ 2296.622882] ? warn_alloc+0xf0/0xf0 [ 2296.622904] ? __might_sleep+0x93/0xb0 [ 2296.622916] __alloc_pages_nodemask+0x62c/0x7a0 [ 2296.622933] ? lock_downgrade+0x740/0x740 [ 2296.632814] 0 [ 2296.638311] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2296.638330] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2296.638347] alloc_pages_current+0xec/0x1e0 [ 2296.638363] ion_page_pool_alloc+0x11f/0x1c0 [ 2296.647287] syz-executor.4 cpuset= [ 2296.647773] ion_system_heap_allocate+0x138/0x910 [ 2296.655819] syz4 [ 2296.655873] ? ion_alloc+0x19b/0x860 [ 2296.664262] mems_allowed=0-1 [ 2296.664323] ? rcu_read_lock_sched_held+0x110/0x130 [ 2296.734001] ? ion_system_heap_free+0x250/0x250 [ 2296.738702] ion_alloc+0x222/0x860 [ 2296.742269] ? ion_dma_buf_release+0x50/0x50 [ 2296.746699] ? kasan_check_write+0x14/0x20 [ 2296.750948] ? _copy_from_user+0x99/0x110 [ 2296.755103] ion_ioctl+0x105/0x217 [ 2296.758655] ? ion_alloc.cold+0x40/0x40 [ 2296.762637] ? ion_alloc.cold+0x40/0x40 [ 2296.766609] do_vfs_ioctl+0x7ae/0x1060 [ 2296.770498] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2296.775253] ? lock_downgrade+0x740/0x740 [ 2296.779404] ? ioctl_preallocate+0x1c0/0x1c0 [ 2296.783828] ? __fget+0x237/0x370 [ 2296.787283] ? security_file_ioctl+0x89/0xb0 [ 2296.791696] SyS_ioctl+0x8f/0xc0 [ 2296.795061] ? do_vfs_ioctl+0x1060/0x1060 [ 2296.799206] do_syscall_64+0x1e8/0x640 [ 2296.803099] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2296.807949] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2296.813139] RIP: 0033:0x45a679 [ 2296.816325] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2296.824030] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2296.831330] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2296.838601] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2296.845867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2296.853139] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2296.860488] CPU: 1 PID: 8403 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2296.868305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2296.877664] Call Trace: [ 2296.877680] dump_stack+0x142/0x197 [ 2296.877694] warn_alloc.cold+0x96/0x1af [ 2296.877708] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2296.883923] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2296.883937] __alloc_pages_slowpath+0x23c6/0x2930 [ 2296.902875] ? save_trace+0x290/0x290 [ 2296.906702] ? warn_alloc+0xf0/0xf0 [ 2296.910356] ? __might_sleep+0x93/0xb0 [ 2296.910937] Mem-Info: [ 2296.914251] __alloc_pages_nodemask+0x62c/0x7a0 [ 2296.914263] ? lock_downgrade+0x740/0x740 [ 2296.914275] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2296.916802] active_anon:1138729 inactive_anon:199 isolated_anon:0 [ 2296.916802] active_file:6821 inactive_file:8735 isolated_file:0 [ 2296.916802] unevictable:0 dirty:185 writeback:0 unstable:0 [ 2296.916802] slab_reclaimable:19033 slab_unreclaimable:137441 [ 2296.916802] mapped:57715 shmem:255 pagetables:41281 bounce:0 [ 2296.916802] free:113404 free_pcp:349 free_cma:0 [ 2296.921384] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2296.921403] alloc_pages_current+0xec/0x1e0 [ 2296.921419] ion_page_pool_alloc+0x11f/0x1c0 [ 2296.921430] ion_system_heap_allocate+0x138/0x910 [ 2296.921442] ? ion_alloc+0x19b/0x860 [ 2296.925686] Node 0 active_anon:1705072kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 669696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2296.930582] ? rcu_read_lock_sched_held+0x110/0x130 [ 2296.930596] ? ion_system_heap_free+0x250/0x250 [ 2296.930613] ion_alloc+0x222/0x860 [ 2296.930628] ? ion_dma_buf_release+0x50/0x50 [ 2296.930652] ? kasan_check_write+0x14/0x20 [ 2296.965152] Node 0 20:58:47 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) [ 2296.970144] ? _copy_from_user+0x99/0x110 [ 2296.970159] ion_ioctl+0x105/0x217 [ 2296.970171] ? ion_alloc.cold+0x40/0x40 [ 2296.970187] ? ion_alloc.cold+0x40/0x40 [ 2296.970198] do_vfs_ioctl+0x7ae/0x1060 [ 2296.970210] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2296.970219] ? lock_downgrade+0x740/0x740 [ 2296.970232] ? ioctl_preallocate+0x1c0/0x1c0 [ 2296.974708] DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2296.978945] ? __fget+0x237/0x370 [ 2296.978965] ? security_file_ioctl+0x89/0xb0 [ 2296.978977] SyS_ioctl+0x8f/0xc0 [ 2296.978988] ? do_vfs_ioctl+0x1060/0x1060 [ 2296.983892] lowmem_reserve[]: [ 2296.987509] do_syscall_64+0x1e8/0x640 [ 2296.987520] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2296.987540] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2297.015323] 0 [ 2297.020142] RIP: 0033:0x45a679 [ 2297.020149] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2297.020159] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2297.020164] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2297.020170] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2297.020176] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2297.020182] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2297.047927] warn_alloc_show_mem: 2 callbacks suppressed [ 2297.047931] Mem-Info: 20:58:47 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 20:58:47 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) [ 2297.070943] 2569 2569 2569 2569 [ 2297.207124] active_anon:1138701 inactive_anon:199 isolated_anon:0 [ 2297.207124] active_file:6822 inactive_file:8738 isolated_file:0 [ 2297.207124] unevictable:0 dirty:199 writeback:0 unstable:0 [ 2297.207124] slab_reclaimable:19062 slab_unreclaimable:137486 [ 2297.207124] mapped:57694 shmem:255 pagetables:41262 bounce:0 [ 2297.207124] free:113494 free_pcp:350 free_cma:0 20:58:47 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2297.209519] Node 0 DMA32 free:18040kB min:36380kB low:45472kB high:54564kB active_anon:1700652kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12480kB pagetables:65192kB bounce:0kB free_pcp:1400kB local_pcp:716kB free_cma:0kB [ 2297.321930] lowmem_reserve[]: 0 0 0 0 0 [ 2297.335491] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2297.353418] Node 0 active_anon:1705036kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:956kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 655360kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2297.404542] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2297.444027] lowmem_reserve[]: 0 0 0 0 0 [ 2297.446239] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2297.456903] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2297.484927] Node 0 DMA32 free:18040kB min:36380kB low:45472kB high:54564kB active_anon:1700652kB inactive_anon:768kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12480kB pagetables:65192kB bounce:0kB free_pcp:1408kB local_pcp:692kB free_cma:0kB [ 2297.501347] Node 0 DMA32: 3430*4kB (UME) 386*8kB (ME) 69*16kB (M) 0*32kB 0*64kB 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18040kB [ 2297.539272] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2297.561034] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2297.575137] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2297.584741] lowmem_reserve[]: 0 0 0 0 0 [ 2297.584821] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2297.598053] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2297.598380] Node 0 [ 2297.609552] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2297.613331] 15665 total pagecache pages [ 2297.644148] 0 pages in swap cache [ 2297.647807] Swap cache stats: add 0, delete 0, find 0/0 [ 2297.653730] Free swap = 0kB [ 2297.656952] Total swap = 0kB [ 2297.662141] lowmem_reserve[]: 0 0 0 0 0 [ 2297.665939] 1965979 pages RAM [ 2297.669499] 0 pages HighMem/MovableOnly [ 2297.674100] 335854 pages reserved [ 2297.676273] Node 0 [ 2297.677782] 0 pages cma reserved [ 2297.681432] Out of memory: Kill process 20713 (syz-executor.1) score 1009 or sacrifice child [ 2297.683836] DMA: [ 2297.700420] Killed process 20713 (syz-executor.1) total-vm:72980kB, anon-rss:14520kB, file-rss:35632kB, shmem-rss:0kB [ 2297.716376] 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2297.718112] syz-executor.5: [ 2297.737957] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2297.748108] Node 0 DMA32: 3430*4kB (UME) 386*8kB (ME) 69*16kB (M) 0*32kB 0*64kB 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18040kB [ 2297.749048] syz-executor.5 cpuset= [ 2297.771485] syz5 mems_allowed=0-1 [ 2297.776898] CPU: 0 PID: 8366 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2297.784710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2297.784715] Call Trace: [ 2297.784730] dump_stack+0x142/0x197 [ 2297.784744] warn_alloc.cold+0x96/0x1af [ 2297.784754] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2297.784771] ? wait_for_completion+0x420/0x420 [ 2297.784786] __alloc_pages_slowpath+0x23c6/0x2930 [ 2297.784815] ? warn_alloc+0xf0/0xf0 [ 2297.794460] Node 0 [ 2297.796751] ? __might_sleep+0x93/0xb0 [ 2297.800384] Normal: [ 2297.804316] __alloc_pages_nodemask+0x62c/0x7a0 [ 2297.809134] 0*4kB [ 2297.813700] ? lock_downgrade+0x740/0x740 [ 2297.813712] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2297.813729] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2297.813745] alloc_pages_current+0xec/0x1e0 [ 2297.813761] ion_page_pool_alloc+0x11f/0x1c0 [ 2297.818616] 0*8kB [ 2297.822194] ion_system_heap_allocate+0x138/0x910 [ 2297.822203] ? ion_alloc+0x19b/0x860 [ 2297.822215] ? rcu_read_lock_sched_held+0x110/0x130 [ 2297.822230] ? ion_system_heap_free+0x250/0x250 [ 2297.824447] 0*16kB 0*32kB [ 2297.828334] ion_alloc+0x222/0x860 [ 2297.835298] ? ion_dma_buf_release+0x50/0x50 [ 2297.841565] ? kasan_check_write+0x14/0x20 [ 2297.841576] ? _copy_from_user+0x99/0x110 [ 2297.841589] ion_ioctl+0x105/0x217 [ 2297.841599] ? ion_alloc.cold+0x40/0x40 [ 2297.841613] ? ion_alloc.cold+0x40/0x40 [ 2297.841626] do_vfs_ioctl+0x7ae/0x1060 [ 2297.846641] 0*64kB [ 2297.852237] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2297.852248] ? lock_downgrade+0x740/0x740 [ 2297.852259] ? ioctl_preallocate+0x1c0/0x1c0 [ 2297.852272] ? __fget+0x237/0x370 [ 2297.852292] ? security_file_ioctl+0x89/0xb0 [ 2297.856640] 0*128kB [ 2297.861014] SyS_ioctl+0x8f/0xc0 [ 2297.861024] ? do_vfs_ioctl+0x1060/0x1060 [ 2297.861037] do_syscall_64+0x1e8/0x640 [ 2297.861046] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2297.861064] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2297.863199] 0*256kB [ 2297.868040] RIP: 0033:0x45a679 [ 2297.868049] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 [ 2297.882375] 0*512kB [ 2297.884263] ORIG_RAX: 0000000000000010 [ 2297.884271] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2297.887801] 0*1024kB [ 2297.892204] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2297.892211] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2297.892216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2297.892221] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2297.908412] 0*2048kB [ 2297.927700] 0*4096kB = 0kB [ 2298.070649] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2298.079630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2298.088426] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2298.097630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2298.106319] 15685 total pagecache pages [ 2298.112175] 0 pages in swap cache [ 2298.115636] Swap cache stats: add 0, delete 0, find 0/0 [ 2298.121089] Free swap = 0kB [ 2298.124112] Total swap = 0kB [ 2298.127133] 1965979 pages RAM [ 2298.130338] 0 pages HighMem/MovableOnly [ 2298.134312] 335854 pages reserved [ 2298.137770] 0 pages cma reserved [ 2298.192779] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2298.204424] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2298.209866] CPU: 0 PID: 8366 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2298.217663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2298.227015] Call Trace: [ 2298.229596] dump_stack+0x142/0x197 [ 2298.233219] warn_alloc.cold+0x96/0x1af [ 2298.237254] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2298.242103] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2298.247379] __alloc_pages_slowpath+0x23c6/0x2930 [ 2298.252218] ? save_trace+0x290/0x290 [ 2298.256014] ? warn_alloc+0xf0/0xf0 [ 2298.259644] ? __might_sleep+0x93/0xb0 [ 2298.263518] __alloc_pages_nodemask+0x62c/0x7a0 [ 2298.268173] ? lock_downgrade+0x740/0x740 [ 2298.272344] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2298.277357] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2298.282974] alloc_pages_current+0xec/0x1e0 [ 2298.287285] ion_page_pool_alloc+0x11f/0x1c0 [ 2298.291680] ion_system_heap_allocate+0x138/0x910 [ 2298.296509] ? ion_system_heap_free+0x250/0x250 [ 2298.301166] ion_alloc+0x68c/0x860 [ 2298.304697] ? ion_dma_buf_release+0x50/0x50 [ 2298.309094] ? kasan_check_write+0x14/0x20 [ 2298.313313] ? _copy_from_user+0x99/0x110 [ 2298.317448] ion_ioctl+0x105/0x217 [ 2298.320972] ? ion_alloc.cold+0x40/0x40 [ 2298.324932] ? ion_alloc.cold+0x40/0x40 [ 2298.328889] do_vfs_ioctl+0x7ae/0x1060 [ 2298.332767] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2298.337506] ? lock_downgrade+0x740/0x740 [ 2298.341643] ? ioctl_preallocate+0x1c0/0x1c0 [ 2298.346037] ? __fget+0x237/0x370 [ 2298.349478] ? security_file_ioctl+0x89/0xb0 [ 2298.353876] SyS_ioctl+0x8f/0xc0 [ 2298.357231] ? do_vfs_ioctl+0x1060/0x1060 [ 2298.361366] do_syscall_64+0x1e8/0x640 [ 2298.365242] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2298.370075] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2298.375246] RIP: 0033:0x45a679 [ 2298.378420] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2298.386113] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2298.393369] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2298.400640] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2298.407896] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2298.415162] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2298.428672] warn_alloc_show_mem: 1 callbacks suppressed [ 2298.428676] Mem-Info: [ 2298.436647] active_anon:1138661 inactive_anon:199 isolated_anon:0 [ 2298.436647] active_file:6823 inactive_file:8763 isolated_file:0 [ 2298.436647] unevictable:0 dirty:219 writeback:0 unstable:0 [ 2298.436647] slab_reclaimable:19062 slab_unreclaimable:137634 [ 2298.436647] mapped:57681 shmem:255 pagetables:41212 bounce:0 [ 2298.436647] free:117891 free_pcp:604 free_cma:0 [ 2298.475549] Node 0 active_anon:1705040kB inactive_anon:776kB active_file:16kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:8kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 655360kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2298.513353] Node 1 active_anon:2849504kB inactive_anon:20kB active_file:27276kB inactive_file:35040kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:21804kB dirty:868kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2298.544516] Node 0 DMA free:10392kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2298.571499] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2298.576579] Node 0 DMA32 free:36316kB min:36380kB low:45472kB high:54564kB active_anon:1700648kB inactive_anon:776kB active_file:16kB inactive_file:16kB unevictable:0kB writepending:12kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12480kB pagetables:65192kB bounce:0kB free_pcp:1332kB local_pcp:612kB free_cma:0kB [ 2298.605970] lowmem_reserve[]: 0 0 0 0 0 [ 2298.609990] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2298.635699] lowmem_reserve[]: 0 0 0 0 0 [ 2298.639703] Node 1 Normal free:426156kB min:53508kB low:66884kB high:80260kB active_anon:2849480kB inactive_anon:28kB active_file:27276kB inactive_file:35076kB unevictable:0kB writepending:904kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45024kB pagetables:99448kB bounce:0kB free_pcp:976kB local_pcp:656kB free_cma:0kB [ 2298.639727] lowmem_reserve[]: 0 0 0 0 0 [ 2298.673884] Node 0 DMA: 8*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10392kB [ 2298.689646] Node 0 DMA32: 3755*4kB (MEH) 420*8kB (MEH) 285*16kB (UMH) 388*32kB (UMH) 3*64kB (H) 2*128kB (H) 0*256kB 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 36316kB [ 2298.704625] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2298.704687] Node 1 Normal: 5755*4kB (UM) 1989*8kB (UMEH) 3441*16kB (UMEH) 2728*32kB (UMEH) 1169*64kB (UMEH) 240*128kB (MEH) 90*256kB (MEH) 121*512kB (ME) 39*1024kB (UMH) 7*2048kB (M) 0*4096kB = 426084kB [ 2298.735176] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2298.744146] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2298.752801] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2298.761722] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2298.761729] 15696 total pagecache pages [ 2298.761741] 0 pages in swap cache [ 2298.761747] Swap cache stats: add 0, delete 0, find 0/0 [ 2298.761751] Free swap = 0kB [ 2298.761755] Total swap = 0kB [ 2298.761763] 1965979 pages RAM [ 2298.761767] 0 pages HighMem/MovableOnly [ 2298.761771] 335854 pages reserved [ 2298.761774] 0 pages cma reserved [ 2298.813162] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2298.824841] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2298.830516] CPU: 1 PID: 8366 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2298.838330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2298.847700] Call Trace: [ 2298.850314] dump_stack+0x142/0x197 [ 2298.853972] warn_alloc.cold+0x96/0x1af [ 2298.857970] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2298.862844] ? call_timer_fn+0x670/0x670 [ 2298.866946] __alloc_pages_slowpath+0x23c6/0x2930 [ 2298.869412] syz-executor.4: [ 2298.871996] ? warn_alloc+0xf0/0xf0 [ 2298.872023] ? __might_sleep+0x93/0xb0 [ 2298.875138] page allocation failure: order:0 [ 2298.878655] __alloc_pages_nodemask+0x62c/0x7a0 [ 2298.878667] ? lock_downgrade+0x740/0x740 [ 2298.878679] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2298.882656] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2298.886944] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2298.886963] alloc_pages_current+0xec/0x1e0 [ 2298.891699] 0 [ 2298.895822] ion_page_pool_alloc+0x11f/0x1c0 [ 2298.895834] ion_system_heap_allocate+0x138/0x910 [ 2298.895849] ? ion_system_heap_free+0x250/0x250 [ 2298.895863] ion_alloc+0x68c/0x860 [ 2298.895880] ? ion_dma_buf_release+0x50/0x50 [ 2298.901112] syz-executor.4 cpuset= [ 2298.908010] ? kasan_check_write+0x14/0x20 [ 2298.908021] ? _copy_from_user+0x99/0x110 [ 2298.908033] ion_ioctl+0x105/0x217 [ 2298.913770] syz4 [ 2298.917951] ? ion_alloc.cold+0x40/0x40 [ 2298.919727] mems_allowed=0-1 [ 2298.924045] ? ion_alloc.cold+0x40/0x40 [ 2298.924059] do_vfs_ioctl+0x7ae/0x1060 [ 2298.924072] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2298.924084] ? lock_downgrade+0x740/0x740 [ 2298.982695] ? ioctl_preallocate+0x1c0/0x1c0 [ 2298.987100] ? __fget+0x237/0x370 [ 2298.990546] ? security_file_ioctl+0x89/0xb0 [ 2298.994944] SyS_ioctl+0x8f/0xc0 [ 2298.998298] ? do_vfs_ioctl+0x1060/0x1060 [ 2299.002452] do_syscall_64+0x1e8/0x640 [ 2299.006328] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2299.011167] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2299.016356] RIP: 0033:0x45a679 [ 2299.019546] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2299.027263] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2299.034540] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2299.041805] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2299.049064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2299.056322] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2299.063605] CPU: 0 PID: 8403 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2299.071530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2299.081054] Call Trace: [ 2299.083640] dump_stack+0x142/0x197 [ 2299.087273] warn_alloc.cold+0x96/0x1af [ 2299.091237] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2299.096073] ? wait_for_completion+0x420/0x420 [ 2299.100656] __alloc_pages_slowpath+0x23c6/0x2930 [ 2299.105500] ? warn_alloc+0xf0/0xf0 [ 2299.109118] ? __might_sleep+0x93/0xb0 [ 2299.113006] __alloc_pages_nodemask+0x62c/0x7a0 [ 2299.117666] ? lock_downgrade+0x740/0x740 [ 2299.121801] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2299.126808] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2299.132422] alloc_pages_current+0xec/0x1e0 [ 2299.136744] ion_page_pool_alloc+0x11f/0x1c0 [ 2299.141152] ion_system_heap_allocate+0x138/0x910 [ 2299.146175] ? ion_alloc+0x19b/0x860 [ 2299.149886] ? rcu_read_lock_sched_held+0x110/0x130 [ 2299.154893] ? ion_system_heap_free+0x250/0x250 [ 2299.159552] ion_alloc+0x222/0x860 [ 2299.163085] ? ion_dma_buf_release+0x50/0x50 [ 2299.167484] ? kasan_check_write+0x14/0x20 [ 2299.171706] ? _copy_from_user+0x99/0x110 [ 2299.175838] ion_ioctl+0x105/0x217 [ 2299.179376] ? ion_alloc.cold+0x40/0x40 [ 2299.183340] ? ion_alloc.cold+0x40/0x40 [ 2299.187303] do_vfs_ioctl+0x7ae/0x1060 [ 2299.191178] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2299.195918] ? lock_downgrade+0x740/0x740 [ 2299.200052] ? ioctl_preallocate+0x1c0/0x1c0 [ 2299.204456] ? __fget+0x237/0x370 [ 2299.207911] ? security_file_ioctl+0x89/0xb0 [ 2299.212321] SyS_ioctl+0x8f/0xc0 [ 2299.215672] ? do_vfs_ioctl+0x1060/0x1060 [ 2299.219807] do_syscall_64+0x1e8/0x640 [ 2299.223682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2299.228518] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2299.233715] RIP: 0033:0x45a679 [ 2299.236888] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2299.244582] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2299.251837] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2299.259106] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2299.266378] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2299.273639] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff 20:58:49 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:49 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) 20:58:49 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 20:58:49 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) 20:58:49 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2299.299989] oom_reaper: reaped process 8403 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 20:58:49 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 2299.573356] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2299.578354] syz-executor.5: [ 2299.614475] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2299.620509] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2299.646352] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2299.655833] CPU: 1 PID: 8403 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2299.663677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2299.673054] Call Trace: [ 2299.675666] dump_stack+0x142/0x197 [ 2299.679322] warn_alloc.cold+0x96/0x1af [ 2299.683318] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2299.688201] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2299.693499] __alloc_pages_slowpath+0x23c6/0x2930 [ 2299.698366] ? save_trace+0x290/0x290 [ 2299.702197] ? warn_alloc+0xf0/0xf0 [ 2299.705870] ? __might_sleep+0x93/0xb0 [ 2299.709786] __alloc_pages_nodemask+0x62c/0x7a0 [ 2299.714478] ? lock_downgrade+0x740/0x740 [ 2299.718654] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2299.723704] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2299.729352] alloc_pages_current+0xec/0x1e0 [ 2299.733696] ion_page_pool_alloc+0x11f/0x1c0 [ 2299.738160] ion_system_heap_allocate+0x138/0x910 [ 2299.743031] ? ion_system_heap_free+0x250/0x250 [ 2299.747718] ion_alloc+0x68c/0x860 [ 2299.751277] ? ion_dma_buf_release+0x50/0x50 [ 2299.755703] ? kasan_check_write+0x14/0x20 [ 2299.759950] ? _copy_from_user+0x99/0x110 [ 2299.764114] ion_ioctl+0x105/0x217 [ 2299.767671] ? ion_alloc.cold+0x40/0x40 [ 2299.771676] ? ion_alloc.cold+0x40/0x40 [ 2299.775698] do_vfs_ioctl+0x7ae/0x1060 [ 2299.779608] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2299.784481] ? lock_downgrade+0x740/0x740 [ 2299.788649] ? ioctl_preallocate+0x1c0/0x1c0 [ 2299.793066] ? __fget+0x237/0x370 [ 2299.796541] ? security_file_ioctl+0x89/0xb0 [ 2299.800969] SyS_ioctl+0x8f/0xc0 [ 2299.804353] ? do_vfs_ioctl+0x1060/0x1060 [ 2299.808518] do_syscall_64+0x1e8/0x640 [ 2299.812425] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2299.817298] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2299.822502] RIP: 0033:0x45a679 [ 2299.825697] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2299.833418] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2299.840698] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2299.847983] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2299.855267] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2299.862552] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2299.870393] warn_alloc_show_mem: 2 callbacks suppressed [ 2299.870397] Mem-Info: [ 2299.878203] active_anon:1135096 inactive_anon:199 isolated_anon:49 [ 2299.878203] active_file:6898 inactive_file:8270 isolated_file:38 [ 2299.878203] unevictable:0 dirty:70 writeback:50 unstable:0 [ 2299.878203] slab_reclaimable:19069 slab_unreclaimable:137539 [ 2299.878203] mapped:57712 shmem:255 pagetables:41252 bounce:0 [ 2299.878203] free:65320 free_pcp:533 free_cma:0 [ 2299.882641] CPU: 0 PID: 8446 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2299.913223] Node 0 active_anon:1690868kB inactive_anon:780kB active_file:16kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:12kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 641024kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2299.920099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2299.920105] Call Trace: [ 2299.920124] dump_stack+0x142/0x197 [ 2299.920145] warn_alloc.cold+0x96/0x1af [ 2299.920158] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2299.920189] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2299.947924] Node 1 active_anon:2849516kB inactive_anon:16kB active_file:27576kB inactive_file:33064kB unevictable:0kB isolated(anon):196kB isolated(file):24kB mapped:21928kB dirty:268kB writeback:200kB shmem:52kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2299.957224] __alloc_pages_slowpath+0x23c6/0x2930 [ 2299.957254] ? save_trace+0x290/0x290 [ 2299.959807] Node 0 DMA free:10432kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2299.963442] ? warn_alloc+0xf0/0xf0 [ 2299.963479] ? __might_sleep+0x93/0xb0 [ 2299.967414] lowmem_reserve[]: 0 [ 2299.972258] __alloc_pages_nodemask+0x62c/0x7a0 [ 2299.972273] ? lock_downgrade+0x740/0x740 [ 2299.972288] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2299.972312] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2299.977555] 2569 2569 [ 2300.005799] alloc_pages_current+0xec/0x1e0 [ 2300.005823] ion_page_pool_alloc+0x11f/0x1c0 [ 2300.005838] ion_system_heap_allocate+0x138/0x910 [ 2300.005850] ? ion_alloc+0x19b/0x860 [ 2300.005862] ? rcu_read_lock_sched_held+0x110/0x130 [ 2300.005878] ? ion_system_heap_free+0x250/0x250 [ 2300.005901] ion_alloc+0x222/0x860 [ 2300.005924] ? ion_dma_buf_release+0x50/0x50 [ 2300.005945] ? kasan_check_write+0x14/0x20 [ 2300.005958] ? _copy_from_user+0x99/0x110 [ 2300.005974] ion_ioctl+0x105/0x217 [ 2300.030117] 2569 [ 2300.041175] ? ion_alloc.cold+0x40/0x40 [ 2300.041199] ? ion_alloc.cold+0x40/0x40 [ 2300.041214] do_vfs_ioctl+0x7ae/0x1060 [ 2300.060124] 2569 [ 2300.060930] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2300.071544] ? lock_downgrade+0x740/0x740 [ 2300.071563] ? ioctl_preallocate+0x1c0/0x1c0 [ 2300.071579] ? __fget+0x237/0x370 [ 2300.071603] ? security_file_ioctl+0x89/0xb0 [ 2300.071621] SyS_ioctl+0x8f/0xc0 [ 2300.071633] ? do_vfs_ioctl+0x1060/0x1060 [ 2300.071653] do_syscall_64+0x1e8/0x640 [ 2300.071662] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2300.071687] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2300.071697] RIP: 0033:0x45a679 [ 2300.071711] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2300.190177] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2300.197452] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2300.204712] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2300.211971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2300.219315] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2300.227957] Node 0 DMA32 free:68716kB min:36380kB low:45472kB high:54564kB active_anon:1686484kB inactive_anon:780kB active_file:16kB inactive_file:16kB unevictable:0kB writepending:12kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12544kB pagetables:65176kB bounce:0kB free_pcp:1540kB local_pcp:816kB free_cma:0kB [ 2300.277323] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2300.298765] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2300.306912] CPU: 0 PID: 8440 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2300.314753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2300.324122] Call Trace: [ 2300.326723] dump_stack+0x142/0x197 [ 2300.330484] warn_alloc.cold+0x96/0x1af [ 2300.334484] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2300.339359] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2300.343404] lowmem_reserve[]: [ 2300.344653] __alloc_pages_slowpath+0x23c6/0x2930 [ 2300.344678] ? save_trace+0x290/0x290 [ 2300.350753] 0 [ 2300.352623] ? warn_alloc+0xf0/0xf0 [ 2300.352650] ? __might_sleep+0x93/0xb0 [ 2300.362164] 0 [ 2300.365738] __alloc_pages_nodemask+0x62c/0x7a0 [ 2300.365751] ? lock_downgrade+0x740/0x740 [ 2300.365762] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2300.377086] 0 [ 2300.381384] alloc_pages_current+0xec/0x1e0 [ 2300.381399] ion_page_pool_alloc+0x11f/0x1c0 [ 2300.381410] ion_system_heap_allocate+0x138/0x910 [ 2300.381419] ? ion_alloc+0x19b/0x860 [ 2300.381429] ? rcu_read_lock_sched_held+0x110/0x130 [ 2300.381442] ? ion_system_heap_free+0x250/0x250 [ 2300.394019] 0 [ 2300.396826] ion_alloc+0x222/0x860 [ 2300.396844] ? ion_dma_buf_release+0x50/0x50 [ 2300.417528] 0 [ 2300.419963] ? kasan_check_write+0x14/0x20 [ 2300.419974] ? _copy_from_user+0x99/0x110 [ 2300.419989] ion_ioctl+0x105/0x217 [ 2300.433694] ? ion_alloc.cold+0x40/0x40 [ 2300.433710] ? ion_alloc.cold+0x40/0x40 [ 2300.441646] do_vfs_ioctl+0x7ae/0x1060 [ 2300.445549] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2300.447391] Node 0 [ 2300.450319] ? lock_downgrade+0x740/0x740 [ 2300.450336] ? ioctl_preallocate+0x1c0/0x1c0 [ 2300.450349] ? __fget+0x237/0x370 [ 2300.450368] ? security_file_ioctl+0x89/0xb0 [ 2300.450380] SyS_ioctl+0x8f/0xc0 [ 2300.450389] ? do_vfs_ioctl+0x1060/0x1060 [ 2300.450403] do_syscall_64+0x1e8/0x640 [ 2300.460489] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2300.461164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2300.461186] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2300.461195] RIP: 0033:0x45a679 [ 2300.467228] lowmem_reserve[]: [ 2300.469032] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2300.469044] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2300.469051] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2300.469057] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2300.469067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2300.469075] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2300.485649] 0 [ 2300.565952] 0 0 0 0 20:58:50 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2300.575983] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2300.589247] Node 1 Normal free:168132kB min:53508kB low:66884kB high:80260kB active_anon:2849616kB inactive_anon:16kB active_file:27780kB inactive_file:29324kB unevictable:0kB writepending:376kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45184kB pagetables:99824kB bounce:0kB free_pcp:44kB local_pcp:44kB free_cma:0kB [ 2300.626140] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2300.632030] CPU: 1 PID: 8453 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2300.639841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2300.649184] Call Trace: [ 2300.651762] dump_stack+0x142/0x197 [ 2300.655387] warn_alloc.cold+0x96/0x1af [ 2300.659346] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2300.664182] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2300.669459] __alloc_pages_slowpath+0x23c6/0x2930 [ 2300.674293] ? save_trace+0x290/0x290 [ 2300.678094] ? warn_alloc+0xf0/0xf0 [ 2300.681713] ? __might_sleep+0x93/0xb0 [ 2300.685588] __alloc_pages_nodemask+0x62c/0x7a0 [ 2300.690240] ? lock_downgrade+0x740/0x740 [ 2300.694373] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2300.699385] alloc_pages_current+0xec/0x1e0 [ 2300.703711] ion_page_pool_alloc+0x11f/0x1c0 [ 2300.708107] ion_system_heap_allocate+0x138/0x910 [ 2300.713280] ? ion_alloc+0x19b/0x860 [ 2300.716978] ? rcu_read_lock_sched_held+0x110/0x130 [ 2300.722066] ? ion_system_heap_free+0x250/0x250 [ 2300.726726] ion_alloc+0x222/0x860 [ 2300.730257] ? ion_dma_buf_release+0x50/0x50 [ 2300.734667] ? kasan_check_write+0x14/0x20 [ 2300.738884] ? _copy_from_user+0x99/0x110 [ 2300.743019] ion_ioctl+0x105/0x217 [ 2300.746549] ? ion_alloc.cold+0x40/0x40 [ 2300.750509] ? ion_alloc.cold+0x40/0x40 [ 2300.754469] do_vfs_ioctl+0x7ae/0x1060 [ 2300.758354] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2300.763095] ? lock_downgrade+0x740/0x740 [ 2300.767232] ? ioctl_preallocate+0x1c0/0x1c0 [ 2300.771629] ? __fget+0x237/0x370 [ 2300.775070] ? security_file_ioctl+0x89/0xb0 [ 2300.779466] SyS_ioctl+0x8f/0xc0 [ 2300.782816] ? do_vfs_ioctl+0x1060/0x1060 [ 2300.786947] do_syscall_64+0x1e8/0x640 [ 2300.790818] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2300.795650] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2300.800844] RIP: 0033:0x45a679 [ 2300.804031] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2300.811744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2300.819022] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2300.826304] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2300.833561] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2300.840932] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2300.861410] lowmem_reserve[]: 0 0 0 0 0 [ 2300.865463] Node 0 DMA: 8*4kB (UM) 21*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2300.912373] Node 0 DMA32: 3662*4kB (ME) 419*8kB (UME) 868*16kB (UM) 424*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45456kB [ 2300.931783] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2300.946121] Node 1 Normal: 3167*4kB (ME) 1319*8kB (UMEH) 3271*16kB (UMEH) 2372*32kB (UMH) 1*64kB (H) 2*128kB (H) 2*256kB (H) 0*512kB 1*1024kB (H) 0*2048kB 0*4096kB = 153316kB [ 2300.967372] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2300.986866] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2300.995685] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2301.009769] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2301.018589] 14582 total pagecache pages [ 2301.027799] 0 pages in swap cache [ 2301.031788] Swap cache stats: add 0, delete 0, find 0/0 [ 2301.037298] Free swap = 0kB [ 2301.045490] Total swap = 0kB [ 2301.048649] 1965979 pages RAM [ 2301.051886] 0 pages HighMem/MovableOnly [ 2301.055974] 335854 pages reserved [ 2301.059514] 0 pages cma reserved [ 2301.102025] warn_alloc_show_mem: 1 callbacks suppressed [ 2301.102029] Mem-Info: [ 2301.117326] active_anon:1135066 inactive_anon:199 isolated_anon:0 [ 2301.117326] active_file:7143 inactive_file:7307 isolated_file:1 [ 2301.117326] unevictable:0 dirty:48 writeback:14 unstable:0 [ 2301.117326] slab_reclaimable:19082 slab_unreclaimable:137427 [ 2301.117326] mapped:57700 shmem:255 pagetables:41230 bounce:0 [ 2301.117326] free:38159 free_pcp:157 free_cma:0 [ 2301.242286] syz-executor.4 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=1000 [ 2301.302724] Node 0 active_anon:1690800kB inactive_anon:776kB active_file:44kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:84kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 641024kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2301.305383] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2301.370561] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2301.397519] CPU: 0 PID: 8403 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2301.405335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2301.414695] Call Trace: [ 2301.417297] dump_stack+0x142/0x197 [ 2301.420936] dump_header+0x177/0x6cd [ 2301.424653] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2301.429762] ? ___ratelimit+0x55/0x537 [ 2301.433657] oom_kill_process.cold+0x10/0xadd [ 2301.438154] ? rcu_read_unlock_special+0x895/0xd40 [ 2301.443093] ? lock_downgrade+0x740/0x740 [ 2301.447252] out_of_memory+0x2ee/0x1180 [ 2301.451238] ? lock_acquire+0x16f/0x430 [ 2301.455224] ? oom_killer_disable+0x1d0/0x1d0 [ 2301.459729] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2301.464670] __alloc_pages_slowpath+0x2251/0x2930 [ 2301.469547] ? warn_alloc+0xf0/0xf0 [ 2301.473201] ? __might_sleep+0x93/0xb0 [ 2301.477104] __alloc_pages_nodemask+0x62c/0x7a0 [ 2301.481784] ? lock_downgrade+0x740/0x740 [ 2301.485942] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2301.490979] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2301.496620] alloc_pages_current+0xec/0x1e0 [ 2301.500976] ion_page_pool_alloc+0x11f/0x1c0 [ 2301.505403] ion_system_heap_allocate+0x138/0x910 [ 2301.510269] ? ion_system_heap_free+0x250/0x250 [ 2301.514947] ion_alloc+0x68c/0x860 [ 2301.518507] ? ion_dma_buf_release+0x50/0x50 [ 2301.522929] ? kasan_check_write+0x14/0x20 [ 2301.527179] ? _copy_from_user+0x99/0x110 [ 2301.531344] ion_ioctl+0x105/0x217 [ 2301.534886] ? ion_alloc.cold+0x40/0x40 [ 2301.538879] ? ion_alloc.cold+0x40/0x40 [ 2301.542865] do_vfs_ioctl+0x7ae/0x1060 [ 2301.546779] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2301.551543] ? lock_downgrade+0x740/0x740 [ 2301.555702] ? ioctl_preallocate+0x1c0/0x1c0 [ 2301.560122] ? __fget+0x237/0x370 [ 2301.563586] ? security_file_ioctl+0x89/0xb0 [ 2301.568011] SyS_ioctl+0x8f/0xc0 [ 2301.571394] ? do_vfs_ioctl+0x1060/0x1060 [ 2301.575547] do_syscall_64+0x1e8/0x640 [ 2301.579441] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2301.584304] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2301.589498] RIP: 0033:0x45a679 [ 2301.592688] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2301.600406] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2301.607694] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2301.614972] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2301.622254] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2301.629535] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2301.650536] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2301.664131] Node 0 DMA32 free:17928kB min:36380kB low:45472kB high:54564kB active_anon:1686416kB inactive_anon:776kB active_file:44kB inactive_file:60kB unevictable:0kB writepending:84kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12480kB pagetables:65176kB bounce:0kB free_pcp:408kB local_pcp:288kB free_cma:0kB [ 2301.752718] lowmem_reserve[]: 0 0 0 0 0 [ 2301.773992] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2301.857977] lowmem_reserve[]: 0 0 0 0 0 [ 2301.871729] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2301.927055] Node 0 DMA32: 3562*4kB (ME) 355*8kB (ME) 52*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17920kB [ 2301.949194] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2301.961655] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2301.981620] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2302.002256] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2302.014725] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2302.039116] 12850 total pagecache pages [ 2302.055362] 0 pages in swap cache [ 2302.066923] Swap cache stats: add 0, delete 0, find 0/0 [ 2302.087372] Free swap = 0kB [ 2302.097892] Total swap = 0kB [ 2302.108428] 1965979 pages RAM [ 2302.120008] 0 pages HighMem/MovableOnly [ 2302.132615] 335854 pages reserved [ 2302.139887] 0 pages cma reserved [ 2302.179922] Mem-Info: [ 2302.197436] active_anon:1135039 inactive_anon:199 isolated_anon:0 [ 2302.197436] active_file:4734 inactive_file:4953 isolated_file:32 [ 2302.197436] unevictable:0 dirty:14 writeback:0 unstable:0 [ 2302.197436] slab_reclaimable:19077 slab_unreclaimable:137107 [ 2302.197436] mapped:56877 shmem:255 pagetables:41205 bounce:0 [ 2302.197436] free:20975 free_pcp:0 free_cma:0 [ 2302.288747] Node 0 active_anon:1690776kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 641024kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2302.344801] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2302.413624] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2302.419176] Node 0 DMA32 free:18324kB min:36380kB low:45472kB high:54564kB active_anon:1686392kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12480kB pagetables:65164kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2302.468426] lowmem_reserve[]: 0 0 0 0 0 [ 2302.486769] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2302.548690] lowmem_reserve[]: 0 0 0 0 0 [ 2302.557996] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2302.596210] Node 0 DMA32: 3642*4kB (UME) 360*8kB (UME) 55*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18328kB [ 2302.627589] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2302.654178] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2302.695283] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2302.769056] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2302.810140] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2302.843734] 2082 total pagecache pages [ 2302.847699] 0 pages in swap cache [ 2302.883126] Swap cache stats: add 0, delete 0, find 0/0 [ 2302.888980] Free swap = 0kB [ 2302.913006] Total swap = 0kB [ 2302.916180] 1965979 pages RAM [ 2302.949992] 0 pages HighMem/MovableOnly [ 2302.973785] 335854 pages reserved [ 2302.977290] 0 pages cma reserved [ 2302.993255] Out of memory: Kill process 20790 (syz-executor.1) score 1009 or sacrifice child [ 2303.059353] Killed process 20790 (syz-executor.1) total-vm:72980kB, anon-rss:14520kB, file-rss:35576kB, shmem-rss:0kB [ 2303.132554] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2303.194728] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2303.200188] CPU: 0 PID: 8403 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2303.207993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2303.217361] Call Trace: [ 2303.219971] dump_stack+0x142/0x197 [ 2303.223610] warn_alloc.cold+0x96/0x1af [ 2303.227584] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2303.232437] ? wait_for_completion+0x420/0x420 [ 2303.237024] __alloc_pages_slowpath+0x23c6/0x2930 [ 2303.241888] ? warn_alloc+0xf0/0xf0 [ 2303.245532] ? __might_sleep+0x93/0xb0 [ 2303.249428] __alloc_pages_nodemask+0x62c/0x7a0 [ 2303.254099] ? lock_downgrade+0x740/0x740 [ 2303.258246] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2303.263274] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2303.268915] alloc_pages_current+0xec/0x1e0 [ 2303.273252] ion_page_pool_alloc+0x11f/0x1c0 [ 2303.286749] ion_system_heap_allocate+0x138/0x910 [ 2303.291605] ? ion_system_heap_free+0x250/0x250 [ 2303.296279] ion_alloc+0x68c/0x860 [ 2303.299824] ? ion_dma_buf_release+0x50/0x50 [ 2303.304275] ? kasan_check_write+0x14/0x20 [ 2303.308519] ? _copy_from_user+0x99/0x110 [ 2303.312679] ion_ioctl+0x105/0x217 [ 2303.316254] ? ion_alloc.cold+0x40/0x40 [ 2303.320244] ? ion_alloc.cold+0x40/0x40 [ 2303.324235] do_vfs_ioctl+0x7ae/0x1060 [ 2303.328149] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2303.332911] ? lock_downgrade+0x740/0x740 [ 2303.337100] ? ioctl_preallocate+0x1c0/0x1c0 [ 2303.341541] ? __fget+0x237/0x370 [ 2303.345011] ? security_file_ioctl+0x89/0xb0 [ 2303.349429] SyS_ioctl+0x8f/0xc0 [ 2303.352804] ? do_vfs_ioctl+0x1060/0x1060 [ 2303.356956] do_syscall_64+0x1e8/0x640 [ 2303.360852] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2303.365710] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2303.370899] RIP: 0033:0x45a679 [ 2303.374082] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2303.381793] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2303.389062] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2303.396345] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2303.403628] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2303.410911] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2303.507391] warn_alloc_show_mem: 1 callbacks suppressed [ 2303.507396] Mem-Info: [ 2303.517745] active_anon:1130419 inactive_anon:197 isolated_anon:0 [ 2303.517745] active_file:592 inactive_file:600 isolated_file:52 [ 2303.517745] unevictable:0 dirty:18 writeback:1 unstable:0 [ 2303.517745] slab_reclaimable:19081 slab_unreclaimable:137123 [ 2303.517745] mapped:53189 shmem:255 pagetables:41146 bounce:0 [ 2303.517745] free:24444 free_pcp:62 free_cma:0 [ 2303.600121] Node 0 active_anon:1676348kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 641024kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2303.668398] Node 1 active_anon:2845328kB inactive_anon:16kB active_file:2108kB inactive_file:2136kB unevictable:0kB isolated(anon):0kB isolated(file):308kB mapped:3336kB dirty:68kB writeback:4kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2303.716479] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2303.745211] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2303.763295] Node 0 DMA32 free:32864kB min:36380kB low:45472kB high:54564kB active_anon:1671964kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12448kB pagetables:65016kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2303.830315] lowmem_reserve[]: 0 0 0 0 0 [ 2303.847710] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2303.948299] lowmem_reserve[]: 0 0 0 0 0 [ 2303.965456] Node 1 Normal free:53252kB min:53508kB low:66884kB high:80260kB active_anon:2845328kB inactive_anon:16kB active_file:1944kB inactive_file:1420kB unevictable:0kB writepending:72kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45056kB pagetables:99560kB bounce:0kB free_pcp:212kB local_pcp:212kB free_cma:0kB [ 2304.045937] lowmem_reserve[]: 0 0 0 0 0 [ 2304.049976] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2304.120846] Node 0 DMA32: 3713*4kB (UME) 362*8kB (UME) 55*16kB (UM) 1*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 3*2048kB (UM) 2*4096kB (UM) = 32996kB [ 2304.190125] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2304.210097] Node 1 Normal: 4114*4kB (UME) 941*8kB (UMEH) 557*16kB (MEH) 604*32kB (UMH) 1*64kB (H) 2*128kB (H) 2*256kB (H) 0*512kB 1*1024kB (H) 0*2048kB 0*4096kB = 54080kB [ 2304.251632] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2304.260746] oom_reaper: reaped process 8446 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2304.280100] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2304.309099] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2304.339318] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2304.361852] 530 total pagecache pages [ 2304.362982] syz-executor.5 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2304.365690] 0 pages in swap cache [ 2304.365695] , order=0, oom_score_adj=1000 [ 2304.365701] syz-executor.5 cpuset= [ 2304.394277] Swap cache stats: add 0, delete 0, find 0/0 [ 2304.403263] Free swap = 0kB [ 2304.406298] Total swap = 0kB [ 2304.409407] 1965979 pages RAM [ 2304.412596] syz5 mems_allowed=0-1 [ 2304.416102] CPU: 1 PID: 8446 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2304.423897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2304.433348] Call Trace: [ 2304.435950] dump_stack+0x142/0x197 [ 2304.439595] dump_header+0x177/0x6cd [ 2304.443327] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2304.448448] ? ___ratelimit+0x55/0x537 [ 2304.452357] oom_kill_process.cold+0x10/0xadd [ 2304.456872] ? rcu_read_unlock_special+0x639/0xd40 [ 2304.461816] ? lock_downgrade+0x740/0x740 [ 2304.465961] out_of_memory+0x2ee/0x1180 [ 2304.469919] ? lock_acquire+0x16f/0x430 [ 2304.473903] ? oom_killer_disable+0x1d0/0x1d0 [ 2304.478388] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2304.483306] __alloc_pages_slowpath+0x2251/0x2930 [ 2304.488150] ? warn_alloc+0xf0/0xf0 [ 2304.491782] ? __might_sleep+0x93/0xb0 [ 2304.495659] __alloc_pages_nodemask+0x62c/0x7a0 [ 2304.500317] ? lock_downgrade+0x740/0x740 [ 2304.504454] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2304.509461] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2304.515080] alloc_pages_current+0xec/0x1e0 [ 2304.519392] ion_page_pool_alloc+0x11f/0x1c0 [ 2304.523792] ion_system_heap_allocate+0x138/0x910 [ 2304.528622] ? ion_alloc+0x19b/0x860 [ 2304.532323] ? rcu_read_lock_sched_held+0x110/0x130 [ 2304.537330] ? ion_system_heap_free+0x250/0x250 [ 2304.541988] ion_alloc+0x222/0x860 [ 2304.545517] ? ion_dma_buf_release+0x50/0x50 [ 2304.549943] ? kasan_check_write+0x14/0x20 [ 2304.554167] ? _copy_from_user+0x99/0x110 [ 2304.558300] ion_ioctl+0x105/0x217 [ 2304.561831] ? ion_alloc.cold+0x40/0x40 [ 2304.565797] ? ion_alloc.cold+0x40/0x40 [ 2304.569758] do_vfs_ioctl+0x7ae/0x1060 [ 2304.573639] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2304.578382] ? lock_downgrade+0x740/0x740 [ 2304.582518] ? ioctl_preallocate+0x1c0/0x1c0 [ 2304.586917] ? __fget+0x237/0x370 [ 2304.590362] ? security_file_ioctl+0x89/0xb0 [ 2304.594758] SyS_ioctl+0x8f/0xc0 [ 2304.598109] ? do_vfs_ioctl+0x1060/0x1060 [ 2304.602246] do_syscall_64+0x1e8/0x640 [ 2304.606117] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2304.610948] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2304.616122] RIP: 0033:0x45a679 [ 2304.619295] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2304.627004] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2304.634259] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2304.641512] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2304.648939] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2304.656194] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2304.665227] 0 pages HighMem/MovableOnly [ 2304.669229] 335854 pages reserved [ 2304.672748] 0 pages cma reserved [ 2304.754865] Mem-Info: [ 2304.757348] active_anon:1130383 inactive_anon:197 isolated_anon:0 [ 2304.757348] active_file:131 inactive_file:124 isolated_file:16 [ 2304.757348] unevictable:0 dirty:19 writeback:1 unstable:0 [ 2304.757348] slab_reclaimable:19082 slab_unreclaimable:137124 [ 2304.757348] mapped:52429 shmem:255 pagetables:41150 bounce:0 [ 2304.757348] free:60222 free_pcp:59 free_cma:0 [ 2304.814226] Node 0 active_anon:1676204kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:4kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 626688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2304.870870] Node 0 DMA free:10420kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2304.915370] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2304.920621] Node 0 DMA32 free:170816kB min:36380kB low:45472kB high:54564kB active_anon:1671820kB inactive_anon:772kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:8kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12448kB pagetables:65032kB bounce:0kB free_pcp:1400kB local_pcp:712kB free_cma:0kB [ 2304.950528] lowmem_reserve[]: 0 0 0 0 0 [ 2304.954549] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2304.979903] lowmem_reserve[]: 0 0 0 0 0 [ 2304.990140] Node 0 DMA: 8*4kB (UM) 21*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2305.014226] Node 0 DMA32: 4732*4kB (UME) 1745*8kB (UME) 1037*16kB (UM) 434*32kB (UM) 173*64kB (UM) 129*128kB (UM) 92*256kB (U) 52*512kB (U) 23*1024kB (U) 3*2048kB (U) 0*4096kB = 170824kB [ 2305.048352] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2305.059225] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2305.068894] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2305.077613] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2305.090262] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2305.100201] 559 total pagecache pages [ 2305.105012] 0 pages in swap cache [ 2305.108493] Swap cache stats: add 0, delete 0, find 0/0 [ 2305.114109] Free swap = 0kB [ 2305.117137] Total swap = 0kB [ 2305.120296] 1965979 pages RAM [ 2305.123407] 0 pages HighMem/MovableOnly [ 2305.127393] 335854 pages reserved [ 2305.133957] 0 pages cma reserved [ 2305.140435] Out of memory: Kill process 20121 (syz-executor.1) score 1009 or sacrifice child [ 2305.149953] Killed process 20121 (syz-executor.1) total-vm:72980kB, anon-rss:14520kB, file-rss:34828kB, shmem-rss:0kB [ 2305.181378] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2305.203873] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2305.214119] CPU: 1 PID: 8446 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2305.221962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2305.231330] Call Trace: [ 2305.233928] dump_stack+0x142/0x197 [ 2305.237571] warn_alloc.cold+0x96/0x1af [ 2305.241560] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2305.246438] ? wait_for_completion+0x420/0x420 [ 2305.251041] __alloc_pages_slowpath+0x23c6/0x2930 [ 2305.255918] ? warn_alloc+0xf0/0xf0 [ 2305.259579] ? __might_sleep+0x93/0xb0 [ 2305.263480] __alloc_pages_nodemask+0x62c/0x7a0 [ 2305.268160] ? lock_downgrade+0x740/0x740 [ 2305.272330] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2305.277402] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2305.283052] alloc_pages_current+0xec/0x1e0 [ 2305.287394] ion_page_pool_alloc+0x11f/0x1c0 [ 2305.293215] ion_system_heap_allocate+0x138/0x910 [ 2305.298073] ? ion_alloc+0x19b/0x860 [ 2305.301807] ? rcu_read_lock_sched_held+0x110/0x130 [ 2305.306835] ? ion_system_heap_free+0x250/0x250 [ 2305.306850] ion_alloc+0x222/0x860 [ 2305.306866] ? ion_dma_buf_release+0x50/0x50 [ 2305.306885] ? kasan_check_write+0x14/0x20 [ 2305.306896] ? _copy_from_user+0x99/0x110 [ 2305.306909] ion_ioctl+0x105/0x217 [ 2305.306920] ? ion_alloc.cold+0x40/0x40 [ 2305.306937] ? ion_alloc.cold+0x40/0x40 [ 2305.319555] do_vfs_ioctl+0x7ae/0x1060 [ 2305.343972] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2305.348749] ? lock_downgrade+0x740/0x740 [ 2305.352917] ? ioctl_preallocate+0x1c0/0x1c0 [ 2305.357339] ? __fget+0x237/0x370 [ 2305.360820] ? security_file_ioctl+0x89/0xb0 [ 2305.365253] SyS_ioctl+0x8f/0xc0 [ 2305.368637] ? do_vfs_ioctl+0x1060/0x1060 [ 2305.372806] do_syscall_64+0x1e8/0x640 [ 2305.376725] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2305.376746] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2305.376753] RIP: 0033:0x45a679 [ 2305.376758] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2305.376768] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2305.376773] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2305.376778] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2305.376782] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2305.376787] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2305.460422] Mem-Info: [ 2305.463054] active_anon:1130406 inactive_anon:197 isolated_anon:0 [ 2305.463054] active_file:458 inactive_file:1390 isolated_file:0 [ 2305.463054] unevictable:0 dirty:25 writeback:0 unstable:0 [ 2305.463054] slab_reclaimable:19081 slab_unreclaimable:136738 [ 2305.463054] mapped:53521 shmem:255 pagetables:41113 bounce:0 [ 2305.463054] free:104101 free_pcp:581 free_cma:0 [ 2305.497840] Node 0 active_anon:1676296kB inactive_anon:772kB active_file:2872kB inactive_file:5916kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:214360kB dirty:100kB writeback:0kB shmem:960kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 626688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2305.525977] Node 1 active_anon:2845328kB inactive_anon:16kB active_file:60kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:124kB dirty:0kB writeback:0kB shmem:60kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2305.553596] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2305.580259] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2305.580288] Node 0 DMA32 free:130780kB min:36380kB low:45472kB high:54564kB active_anon:1672012kB inactive_anon:772kB active_file:2872kB inactive_file:6816kB unevictable:0kB writepending:148kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12480kB pagetables:64884kB bounce:0kB free_pcp:1032kB local_pcp:532kB free_cma:0kB [ 2305.580310] lowmem_reserve[]: 0 0 0 0 0 [ 2305.580330] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2305.580351] lowmem_reserve[]: 0 0 0 0 0 [ 2305.580376] Node 1 Normal free:272776kB min:53508kB low:66884kB high:80260kB active_anon:2845328kB inactive_anon:16kB active_file:60kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45024kB pagetables:99412kB bounce:0kB free_pcp:1356kB local_pcp:640kB free_cma:0kB [ 2305.580397] lowmem_reserve[]: 0 0 0 0 0 [ 2305.580420] Node 0 DMA: 8*4kB (UM) 21*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2305.580505] Node 0 DMA32: [ 2305.615575] 1159*4kB (UME) 514*8kB (ME) 179*16kB (M) 350*32kB (UM) 173*64kB (UM) 129*128kB (UM) 92*256kB (U) 52*512kB (U) 23*1024kB (U) 3*2048kB (U) 0*4096kB = 130268kB [ 2305.615659] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2305.615713] Node 1 Normal: 6145*4kB [ 2305.678261] (UME) 2644*8kB (UMEH) 2222*16kB (UMEH) 634*32kB (UMH) 916*64kB (UMH) 138*128kB (UMH) 51*256kB (UMH) 50*512kB (UM) 37*1024kB (UH) 9*2048kB (U) 0*4096kB = 272836kB [ 2305.678341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 20:58:55 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 20:58:55 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 20:58:55 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) [ 2305.678348] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2305.678355] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2305.678361] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2305.678365] 2969 total pagecache pages [ 2305.678377] 0 pages in swap cache [ 2305.678383] Swap cache stats: add 0, delete 0, find 0/0 [ 2305.678387] Free swap = 0kB [ 2305.678391] Total swap = 0kB [ 2305.678399] 1965979 pages RAM [ 2305.678403] 0 pages HighMem/MovableOnly 20:58:56 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 20:58:56 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) [ 2305.678407] 335854 pages reserved [ 2305.678411] 0 pages cma reserved [ 2306.063325] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2306.116593] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2306.137280] CPU: 0 PID: 8467 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2306.145135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2306.154510] Call Trace: [ 2306.157135] dump_stack+0x142/0x197 [ 2306.160806] warn_alloc.cold+0x96/0x1af [ 2306.164817] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2306.169716] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2306.175041] __alloc_pages_slowpath+0x23c6/0x2930 [ 2306.179940] ? save_trace+0x290/0x290 [ 2306.183795] ? warn_alloc+0xf0/0xf0 [ 2306.187474] ? __might_sleep+0x93/0xb0 [ 2306.191402] __alloc_pages_nodemask+0x62c/0x7a0 [ 2306.196104] ? lock_downgrade+0x740/0x740 [ 2306.200292] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2306.205348] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2306.211006] alloc_pages_current+0xec/0x1e0 [ 2306.215370] ion_page_pool_alloc+0x11f/0x1c0 [ 2306.219809] ion_system_heap_allocate+0x138/0x910 [ 2306.224692] ? ion_alloc+0x19b/0x860 [ 2306.228438] ? rcu_read_lock_sched_held+0x110/0x130 [ 2306.233500] ? ion_system_heap_free+0x250/0x250 [ 2306.238207] ion_alloc+0x222/0x860 [ 2306.241786] ? ion_dma_buf_release+0x50/0x50 [ 2306.246232] ? kasan_check_write+0x14/0x20 [ 2306.250497] ? _copy_from_user+0x99/0x110 [ 2306.254682] ion_ioctl+0x105/0x217 [ 2306.258260] ? ion_alloc.cold+0x40/0x40 [ 2306.262284] ? ion_alloc.cold+0x40/0x40 [ 2306.266305] do_vfs_ioctl+0x7ae/0x1060 [ 2306.270222] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2306.275004] ? lock_downgrade+0x740/0x740 [ 2306.279192] ? ioctl_preallocate+0x1c0/0x1c0 [ 2306.283637] ? __fget+0x237/0x370 [ 2306.287135] ? security_file_ioctl+0x89/0xb0 [ 2306.291586] SyS_ioctl+0x8f/0xc0 [ 2306.294985] ? do_vfs_ioctl+0x1060/0x1060 [ 2306.299173] do_syscall_64+0x1e8/0x640 [ 2306.303089] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2306.307971] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2306.313185] RIP: 0033:0x45a679 [ 2306.316398] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2306.324135] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2306.331428] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2306.338725] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2306.346015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2306.353320] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2306.685016] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2306.704831] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2306.710158] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2306.735224] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2306.747638] CPU: 1 PID: 8464 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2306.755477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2306.764832] Call Trace: [ 2306.767413] dump_stack+0x142/0x197 [ 2306.771034] warn_alloc.cold+0x96/0x1af [ 2306.774995] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2306.779830] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2306.785095] __alloc_pages_slowpath+0x23c6/0x2930 [ 2306.789929] ? save_trace+0x290/0x290 [ 2306.793722] ? warn_alloc+0xf0/0xf0 [ 2306.797341] ? __might_sleep+0x93/0xb0 [ 2306.801215] __alloc_pages_nodemask+0x62c/0x7a0 [ 2306.805903] ? lock_downgrade+0x740/0x740 [ 2306.810039] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2306.815044] ? retint_kernel+0x2d/0x2d [ 2306.818924] alloc_pages_current+0xec/0x1e0 [ 2306.823251] ion_page_pool_alloc+0x11f/0x1c0 [ 2306.827644] ion_system_heap_allocate+0x138/0x910 [ 2306.832471] ? ion_alloc+0x19b/0x860 [ 2306.836170] ? rcu_read_lock_sched_held+0x110/0x130 [ 2306.841176] ? ion_system_heap_free+0x250/0x250 [ 2306.845834] ion_alloc+0x222/0x860 [ 2306.849363] ? ion_dma_buf_release+0x50/0x50 [ 2306.853761] ? kasan_check_write+0x14/0x20 [ 2306.857981] ? _copy_from_user+0x99/0x110 [ 2306.862126] ion_ioctl+0x105/0x217 [ 2306.865654] ? ion_alloc.cold+0x40/0x40 [ 2306.869644] ? ion_alloc.cold+0x40/0x40 [ 2306.873636] do_vfs_ioctl+0x7ae/0x1060 [ 2306.877523] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2306.882264] ? lock_downgrade+0x740/0x740 [ 2306.886399] ? ioctl_preallocate+0x1c0/0x1c0 [ 2306.890792] ? __fget+0x237/0x370 [ 2306.894234] ? security_file_ioctl+0x89/0xb0 [ 2306.898632] SyS_ioctl+0x8f/0xc0 [ 2306.901985] ? do_vfs_ioctl+0x1060/0x1060 [ 2306.906120] do_syscall_64+0x1e8/0x640 [ 2306.909991] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2306.914828] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2306.920003] RIP: 0033:0x45a679 [ 2306.923182] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2306.930875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2306.938130] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2306.945385] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2306.952644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2306.959900] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2306.968439] Mem-Info: [ 2306.979219] active_anon:1126881 inactive_anon:199 isolated_anon:31 [ 2306.979219] active_file:1284 inactive_file:1292 isolated_file:65 [ 2306.979219] unevictable:0 dirty:1 writeback:0 unstable:0 [ 2306.979219] slab_reclaimable:19086 slab_unreclaimable:136703 [ 2306.979219] mapped:54348 shmem:255 pagetables:41187 bounce:0 [ 2306.979219] free:32846 free_pcp:30 free_cma:0 [ 2306.979702] CPU: 1 PID: 8468 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2307.013651] Node 0 active_anon:1661836kB inactive_anon:784kB active_file:4728kB inactive_file:4684kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:216660kB dirty:0kB writeback:0kB shmem:972kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 626688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2307.020738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2307.020743] Call Trace: [ 2307.020761] dump_stack+0x142/0x197 [ 2307.020779] warn_alloc.cold+0x96/0x1af [ 2307.020789] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2307.020808] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2307.020822] __alloc_pages_slowpath+0x23c6/0x2930 [ 2307.049368] Node 0 [ 2307.058200] ? save_trace+0x290/0x290 [ 2307.058219] ? warn_alloc+0xf0/0xf0 [ 2307.058242] ? __might_sleep+0x93/0xb0 [ 2307.058255] __alloc_pages_nodemask+0x62c/0x7a0 [ 2307.058266] ? lock_downgrade+0x740/0x740 [ 2307.061275] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2307.064469] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2307.064486] ? ion_page_pool_alloc+0x2d/0x1c0 [ 2307.064505] alloc_pages_current+0xec/0x1e0 [ 2307.064520] ion_page_pool_alloc+0x11f/0x1c0 [ 2307.068800] lowmem_reserve[]: [ 2307.073314] ion_system_heap_allocate+0x138/0x910 [ 2307.073324] ? ion_alloc+0x19b/0x860 [ 2307.073337] ? rcu_read_lock_sched_held+0x110/0x130 [ 2307.073350] ? ion_system_heap_free+0x250/0x250 [ 2307.073365] ion_alloc+0x222/0x860 [ 2307.073380] ? ion_dma_buf_release+0x50/0x50 [ 2307.079307] 0 [ 2307.083516] ? kasan_check_write+0x14/0x20 [ 2307.083527] ? _copy_from_user+0x99/0x110 [ 2307.083542] ion_ioctl+0x105/0x217 [ 2307.083555] ? ion_alloc.cold+0x40/0x40 [ 2307.083572] ? ion_alloc.cold+0x40/0x40 [ 2307.083586] do_vfs_ioctl+0x7ae/0x1060 [ 2307.086228] 2569 [ 2307.089601] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2307.089612] ? lock_downgrade+0x740/0x740 [ 2307.089626] ? ioctl_preallocate+0x1c0/0x1c0 [ 2307.089639] ? __fget+0x237/0x370 [ 2307.089657] ? security_file_ioctl+0x89/0xb0 [ 2307.093602] 2569 [ 2307.097138] SyS_ioctl+0x8f/0xc0 [ 2307.097150] ? do_vfs_ioctl+0x1060/0x1060 [ 2307.097165] do_syscall_64+0x1e8/0x640 [ 2307.097173] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2307.097192] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2307.102141] 2569 [ 2307.105968] RIP: 0033:0x45a679 [ 2307.105974] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2307.105986] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2307.105993] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2307.105999] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2307.106005] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2307.106014] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2307.152613] 2569 [ 2307.747081] Node 0 DMA32 free:21524kB min:36380kB low:45472kB high:54564kB active_anon:1657416kB inactive_anon:784kB active_file:3852kB inactive_file:3448kB unevictable:0kB writepending:36kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12384kB pagetables:64796kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 2307.807322] oom_reaper: reaped process 8468 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2307.920172] lowmem_reserve[]: 0 0 0 0 0 [ 2307.944153] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2308.015567] oom_reaper: reaped process 8464 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2308.077649] lowmem_reserve[]: 0 0 0 0 0 [ 2308.110225] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2308.146467] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 2308.193577] Node 0 DMA32: 2744*4kB (ME) 442*8kB (UME) 124*16kB (M) 66*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18608kB [ 2308.230225] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 2308.235683] CPU: 1 PID: 7138 Comm: syz-fuzzer Not tainted 4.14.157-syzkaller #0 [ 2308.243141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2308.252503] Call Trace: [ 2308.255089] dump_stack+0x142/0x197 [ 2308.258703] dump_header+0x177/0x6cd [ 2308.262410] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2308.267497] ? ___ratelimit+0x55/0x537 [ 2308.271370] oom_kill_process.cold+0x10/0xadd [ 2308.275856] ? rcu_read_unlock_special+0x895/0xd40 [ 2308.280770] ? lock_downgrade+0x740/0x740 [ 2308.284911] out_of_memory+0x2ee/0x1180 [ 2308.288870] ? lock_acquire+0x16f/0x430 [ 2308.292830] ? oom_killer_disable+0x1d0/0x1d0 [ 2308.297309] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2308.302345] __alloc_pages_slowpath+0x2251/0x2930 [ 2308.307188] ? __alloc_pages_nodemask+0x639/0x7a0 [ 2308.312020] ? warn_alloc+0xf0/0xf0 [ 2308.315638] ? __might_sleep+0x93/0xb0 [ 2308.319645] __alloc_pages_nodemask+0x62c/0x7a0 [ 2308.324314] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2308.329320] ? lock_downgrade+0x740/0x740 [ 2308.333490] alloc_pages_current+0xec/0x1e0 [ 2308.337808] __page_cache_alloc+0x248/0x3e0 [ 2308.342121] filemap_fault+0xcef/0x1de0 [ 2308.346102] ? perf_trace_lock_acquire+0x10d/0x4f0 [ 2308.351050] ? __lock_page_or_retry+0x8d0/0x8d0 [ 2308.355713] ? lock_acquire+0x16f/0x430 [ 2308.359696] ? ext4_filemap_fault+0x7b/0xb0 [ 2308.364011] ext4_filemap_fault+0x83/0xb0 [ 2308.368143] __do_fault+0x104/0x390 [ 2308.371752] __handle_mm_fault+0x23bd/0x33d0 [ 2308.376146] ? copy_page_range+0x1de0/0x1de0 [ 2308.380549] ? find_held_lock+0x35/0x130 [ 2308.384620] ? handle_mm_fault+0x1b6/0x7c0 [ 2308.388860] handle_mm_fault+0x293/0x7c0 [ 2308.392927] __do_page_fault+0x4c1/0xb80 [ 2308.396979] ? vmalloc_fault+0xe30/0xe30 [ 2308.401023] ? page_fault+0x2f/0x50 [ 2308.404633] do_page_fault+0x71/0x511 [ 2308.408414] ? page_fault+0x2f/0x50 [ 2308.412026] page_fault+0x45/0x50 [ 2308.415463] RIP: 0033:0x45b153 [ 2308.418634] RSP: 002b:000000c420039ea0 EFLAGS: 00010206 [ 2308.423984] RAX: ffffffffffffff92 RBX: 000000003b88ad35 RCX: 000000000045b153 [ 2308.431236] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000190a3c0 [ 2308.438489] RBP: 000000c420039ee8 R08: 0000000000000000 R09: 0000000000000000 [ 2308.445741] R10: 000000c420039ed8 R11: 0000000000000206 R12: 00000219948726e4 [ 2308.452996] R13: 0000000000000001 R14: 0000000000000013 R15: 0000000000000100 [ 2308.461724] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2308.523303] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2308.551651] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2308.561798] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2308.572743] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2308.581602] 1181 total pagecache pages [ 2308.585709] 0 pages in swap cache [ 2308.589325] Swap cache stats: add 0, delete 0, find 0/0 [ 2308.594878] Free swap = 0kB [ 2308.598038] Total swap = 0kB [ 2308.601906] 1965979 pages RAM [ 2308.605155] 0 pages HighMem/MovableOnly [ 2308.609277] 335854 pages reserved [ 2308.612953] 0 pages cma reserved [ 2309.024941] Mem-Info: [ 2309.027426] active_anon:1126802 inactive_anon:199 isolated_anon:0 [ 2309.027426] active_file:121 inactive_file:140 isolated_file:34 [ 2309.027426] unevictable:0 dirty:42 writeback:0 unstable:0 [ 2309.027426] slab_reclaimable:19089 slab_unreclaimable:136751 [ 2309.027426] mapped:52457 shmem:255 pagetables:41139 bounce:0 [ 2309.027426] free:13645 free_pcp:48 free_cma:0 [ 2309.120145] Node 0 active_anon:1661760kB inactive_anon:776kB active_file:360kB inactive_file:256kB unevictable:0kB isolated(anon):0kB isolated(file):184kB mapped:209644kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 612352kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2309.194144] Node 1 active_anon:2845348kB inactive_anon:20kB active_file:52kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:36kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2309.246868] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2309.284904] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2309.289996] Node 0 DMA32 free:17660kB min:36380kB low:45472kB high:54564kB active_anon:1657376kB inactive_anon:776kB active_file:360kB inactive_file:372kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12384kB pagetables:64796kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 2309.356849] lowmem_reserve[]: 0 0 0 0 0 [ 2309.358170] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2309.363702] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2309.400069] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2309.408129] lowmem_reserve[]: 0 0 0 0 0 [ 2309.412792] Node 1 Normal free:26776kB min:53508kB low:66884kB high:80260kB active_anon:2845348kB inactive_anon:20kB active_file:52kB inactive_file:52kB unevictable:0kB writepending:36kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45088kB pagetables:99748kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2309.420778] CPU: 0 PID: 8446 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2309.449416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2309.458852] Call Trace: [ 2309.461449] dump_stack+0x142/0x197 [ 2309.465079] warn_alloc.cold+0x96/0x1af [ 2309.469051] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2309.473904] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2309.479185] __alloc_pages_slowpath+0x23c6/0x2930 [ 2309.484037] ? save_trace+0x290/0x290 [ 2309.487852] ? warn_alloc+0xf0/0xf0 [ 2309.491500] ? __might_sleep+0x93/0xb0 [ 2309.495391] __alloc_pages_nodemask+0x62c/0x7a0 [ 2309.498853] lowmem_reserve[]: [ 2309.500067] ? lock_downgrade+0x740/0x740 [ 2309.500078] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2309.500094] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2309.500109] alloc_pages_current+0xec/0x1e0 [ 2309.500124] ion_page_pool_alloc+0x11f/0x1c0 [ 2309.500136] ion_system_heap_allocate+0x138/0x910 [ 2309.500152] ? ion_system_heap_free+0x250/0x250 [ 2309.500168] ion_alloc+0x68c/0x860 [ 2309.500182] ? ion_dma_buf_release+0x50/0x50 [ 2309.500198] ? kasan_check_write+0x14/0x20 [ 2309.508766] 0 [ 2309.512426] ? _copy_from_user+0x99/0x110 [ 2309.512440] ion_ioctl+0x105/0x217 [ 2309.512450] ? ion_alloc.cold+0x40/0x40 [ 2309.512466] ? ion_alloc.cold+0x40/0x40 [ 2309.512477] do_vfs_ioctl+0x7ae/0x1060 [ 2309.512491] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2309.512501] ? lock_downgrade+0x740/0x740 [ 2309.512514] ? ioctl_preallocate+0x1c0/0x1c0 [ 2309.512527] ? __fget+0x237/0x370 [ 2309.512545] ? security_file_ioctl+0x89/0xb0 [ 2309.518141] 0 [ 2309.522450] SyS_ioctl+0x8f/0xc0 [ 2309.522460] ? do_vfs_ioctl+0x1060/0x1060 [ 2309.522474] do_syscall_64+0x1e8/0x640 [ 2309.522484] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2309.522504] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2309.522513] RIP: 0033:0x45a679 [ 2309.522518] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2309.536630] 0 [ 2309.539918] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2309.544363] 0 [ 2309.548525] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2309.548532] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2309.554854] 0 [ 2309.557975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2309.557983] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2309.664411] warn_alloc_show_mem: 2 callbacks suppressed [ 2309.664415] Mem-Info: [ 2309.667892] Node 0 [ 2309.673148] active_anon:1126777 inactive_anon:199 isolated_anon:0 [ 2309.673148] active_file:32 inactive_file:36 isolated_file:14 [ 2309.673148] unevictable:0 dirty:10 writeback:0 unstable:0 [ 2309.673148] slab_reclaimable:19090 slab_unreclaimable:136763 [ 2309.673148] mapped:52263 shmem:255 pagetables:41138 bounce:0 [ 2309.673148] free:13803 free_pcp:0 free_cma:0 [ 2309.687490] DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2309.732108] Node 0 DMA32: 3647*4kB (UME) 373*8kB (UME) 65*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18612kB [ 2309.736369] Node 0 active_anon:1661760kB inactive_anon:776kB active_file:76kB inactive_file:92kB unevictable:0kB isolated(anon):0kB isolated(file):56kB mapped:209044kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 612352kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2309.745201] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB [ 2309.788049] Node 1 active_anon:2845348kB inactive_anon:20kB active_file:52kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:36kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2309.796162] 0*64kB [ 2309.824037] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2309.856865] 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2309.858365] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2309.868525] Node 0 DMA32 free:18164kB min:36380kB low:45472kB high:54564kB active_anon:1657376kB inactive_anon:776kB active_file:360kB inactive_file:372kB unevictable:0kB writepending:4kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12384kB pagetables:64796kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2309.882087] Node 1 [ 2309.897809] lowmem_reserve[]: 0 0 0 0 0 [ 2309.904613] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2309.938803] Normal: 2830*4kB (UME) 483*8kB (MEH) 361*16kB (MEH) 125*32kB (UMH) 1*64kB (H) 2*128kB (H) 2*256kB (H) 0*512kB 1*1024kB (H) 0*2048kB 0*4096kB = 26816kB [ 2309.960611] lowmem_reserve[]: 0 0 0 0 0 [ 2309.964683] Node 1 Normal free:26668kB min:53508kB low:66884kB high:80260kB active_anon:2845348kB inactive_anon:20kB active_file:52kB inactive_file:52kB unevictable:0kB writepending:36kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45088kB pagetables:99748kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2309.998217] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2310.016020] lowmem_reserve[]: 0 0 0 0 0 [ 2310.020752] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2310.021266] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2310.041502] Node 0 DMA32: 3647*4kB (UME) 373*8kB (UME) 65*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18612kB [ 2310.061454] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2310.078793] Node 1 Normal: 2830*4kB (UME) 647*8kB (UMEH) 363*16kB (UMEH) 125*32kB (UMH) 1*64kB (H) 2*128kB (H) 2*256kB (H) 0*512kB 1*1024kB (H) 0*2048kB 0*4096kB = 28160kB [ 2310.103066] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2310.104819] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2310.125953] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2310.130471] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2310.158809] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2310.162830] 296 total pagecache pages [ 2310.177972] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2310.200255] 296 total pagecache pages [ 2310.204116] 0 pages in swap cache [ 2310.207596] Swap cache stats: add 0, delete 0, find 0/0 [ 2310.208404] 0 pages in swap cache [ 2310.216521] Free swap = 0kB [ 2310.219533] Total swap = 0kB [ 2310.236052] Swap cache stats: add 0, delete 0, find 0/0 [ 2310.236146] 1965979 pages RAM [ 2310.257541] Free swap = 0kB [ 2310.259691] 0 pages HighMem/MovableOnly [ 2310.265551] 335854 pages reserved [ 2310.269691] Total swap = 0kB [ 2310.272898] 1965979 pages RAM [ 2310.274440] 0 pages cma reserved [ 2310.275999] 0 pages HighMem/MovableOnly [ 2310.276005] 335854 pages reserved [ 2310.311895] 0 pages cma reserved [ 2310.315299] Out of memory: Kill process 19056 (syz-executor.2) score 1007 or sacrifice child [ 2310.346728] Killed process 19056 (syz-executor.2) total-vm:72980kB, anon-rss:14512kB, file-rss:34816kB, shmem-rss:0kB [ 2310.946451] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 [ 2311.019632] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2311.069366] CPU: 0 PID: 8446 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0 [ 2311.077214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2311.086579] Call Trace: [ 2311.089175] dump_stack+0x142/0x197 [ 2311.092818] warn_alloc.cold+0x96/0x1af [ 2311.096803] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2311.101660] ? trace_hardirqs_on_caller+0x400/0x590 [ 2311.106680] ? call_timer_fn+0x670/0x670 [ 2311.110774] __alloc_pages_slowpath+0x23c6/0x2930 [ 2311.115652] ? warn_alloc+0xf0/0xf0 [ 2311.119323] ? __might_sleep+0x93/0xb0 [ 2311.123329] __alloc_pages_nodemask+0x62c/0x7a0 [ 2311.128096] ? lock_downgrade+0x740/0x740 [ 2311.132261] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2311.137346] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2311.143005] alloc_pages_current+0xec/0x1e0 [ 2311.147341] ion_page_pool_alloc+0x11f/0x1c0 [ 2311.151786] ion_system_heap_allocate+0x138/0x910 [ 2311.156815] ? ion_system_heap_free+0x250/0x250 [ 2311.161532] ion_alloc+0x68c/0x860 [ 2311.165830] ? ion_dma_buf_release+0x50/0x50 [ 2311.170265] ? kasan_check_write+0x14/0x20 [ 2311.174523] ? _copy_from_user+0x99/0x110 [ 2311.178688] ion_ioctl+0x105/0x217 [ 2311.182248] ? ion_alloc.cold+0x40/0x40 [ 2311.186845] ? ion_alloc.cold+0x40/0x40 [ 2311.191015] do_vfs_ioctl+0x7ae/0x1060 [ 2311.194945] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2311.200011] ? lock_downgrade+0x740/0x740 [ 2311.204178] ? ioctl_preallocate+0x1c0/0x1c0 [ 2311.208596] ? __fget+0x237/0x370 [ 2311.212071] ? security_file_ioctl+0x89/0xb0 [ 2311.216518] SyS_ioctl+0x8f/0xc0 [ 2311.220063] ? do_vfs_ioctl+0x1060/0x1060 [ 2311.224266] do_syscall_64+0x1e8/0x640 [ 2311.229559] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2311.234424] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2311.239618] RIP: 0033:0x45a679 [ 2311.242820] RSP: 002b:00007fc447634c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2311.245347] syz-executor.1: [ 2311.250526] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2311.250532] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2311.250537] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2311.250542] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4476356d4 [ 2311.250547] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2311.287983] Mem-Info: [ 2311.327276] active_anon:1123160 inactive_anon:199 isolated_anon:0 [ 2311.327276] active_file:16 inactive_file:32 isolated_file:0 [ 2311.327276] unevictable:0 dirty:8 writeback:0 unstable:0 [ 2311.327276] slab_reclaimable:19082 slab_unreclaimable:136412 [ 2311.327276] mapped:52230 shmem:255 pagetables:41106 bounce:0 [ 2311.327276] free:13743 free_pcp:86 free_cma:0 [ 2311.378348] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2311.389779] Node 0 active_anon:1649468kB inactive_anon:776kB active_file:24kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:0kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2311.396949] syz-executor.2: [ 2311.436289] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2311.473614] CPU: 1 PID: 8464 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2311.481446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2311.490808] Call Trace: [ 2311.493402] dump_stack+0x142/0x197 [ 2311.495803] Node 1 active_anon:2843172kB inactive_anon:20kB active_file:40kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:32kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2311.497191] warn_alloc.cold+0x96/0x1af [ 2311.497200] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2311.497214] ? trace_hardirqs_on_caller+0x400/0x590 [ 2311.524403] Node 0 [ 2311.528321] ? call_timer_fn+0x670/0x670 [ 2311.533176] DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2311.538150] __alloc_pages_slowpath+0x23c6/0x2930 [ 2311.540370] lowmem_reserve[]: [ 2311.544416] ? warn_alloc+0xf0/0xf0 [ 2311.570229] 0 [ 2311.575041] ? __might_sleep+0x93/0xb0 [ 2311.578103] 2569 [ 2311.581716] __alloc_pages_nodemask+0x62c/0x7a0 [ 2311.581729] ? lock_downgrade+0x740/0x740 [ 2311.581741] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2311.583520] 2569 [ 2311.587405] ? retint_kernel+0x2d/0x2d [ 2311.589437] 2569 [ 2311.594091] alloc_pages_current+0xec/0x1e0 [ 2311.594106] ion_page_pool_alloc+0x11f/0x1c0 [ 2311.594118] ion_system_heap_allocate+0x138/0x910 [ 2311.598240] 2569 [ 2311.603236] ? ion_alloc+0x19b/0x860 [ 2311.603248] ? rcu_read_lock_sched_held+0x110/0x130 [ 2311.603261] ? ion_system_heap_free+0x250/0x250 [ 2311.609171] ion_alloc+0x222/0x860 [ 2311.611258] Node 0 [ 2311.615549] ? ion_dma_buf_release+0x50/0x50 [ 2311.619935] DMA32 free:18180kB min:36380kB low:45472kB high:54564kB active_anon:1645084kB inactive_anon:776kB active_file:24kB inactive_file:76kB unevictable:0kB writepending:0kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12384kB pagetables:64708kB bounce:0kB free_pcp:132kB local_pcp:120kB free_cma:0kB [ 2311.624769] ? kasan_check_write+0x14/0x20 [ 2311.624781] ? _copy_from_user+0x99/0x110 [ 2311.624794] ion_ioctl+0x105/0x217 [ 2311.626851] lowmem_reserve[]: [ 2311.630552] ? ion_alloc.cold+0x40/0x40 [ 2311.630573] ? ion_alloc.cold+0x40/0x40 [ 2311.635564] 0 [ 2311.640242] do_vfs_ioctl+0x7ae/0x1060 [ 2311.640255] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2311.640267] ? lock_downgrade+0x740/0x740 [ 2311.643783] 0 [ 2311.646004] ? ioctl_preallocate+0x1c0/0x1c0 [ 2311.650422] 0 [ 2311.678963] ? __fget+0x237/0x370 [ 2311.678986] ? security_file_ioctl+0x89/0xb0 [ 2311.683223] 0 [ 2311.687352] SyS_ioctl+0x8f/0xc0 [ 2311.690880] 0 [ 2311.693952] ? do_vfs_ioctl+0x1060/0x1060 [ 2311.701878] do_syscall_64+0x1e8/0x640 [ 2311.701887] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2311.701906] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2311.703708] Node 0 [ 2311.707576] RIP: 0033:0x45a679 [ 2311.712337] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2311.716430] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 [ 2311.718210] lowmem_reserve[]: [ 2311.722592] ORIG_RAX: 0000000000000010 [ 2311.722598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2311.722604] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2311.722610] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2311.722615] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2311.722623] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2311.724403] 0 [ 2311.734482] page allocation failure: order:0 [ 2311.813026] 0 [ 2311.816963] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2311.858831] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2311.864280] CPU: 1 PID: 8468 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2311.865167] oom_reaper: reaped process 8467 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2311.872075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2311.872080] Call Trace: [ 2311.872099] dump_stack+0x142/0x197 [ 2311.872114] warn_alloc.cold+0x96/0x1af [ 2311.872124] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2311.872138] ? trace_hardirqs_on_caller+0x400/0x590 [ 2311.872149] ? call_timer_fn+0x670/0x670 [ 2311.872171] __alloc_pages_slowpath+0x23c6/0x2930 [ 2311.913079] 0 [ 2311.915518] ? warn_alloc+0xf0/0xf0 [ 2311.925764] ? __might_sleep+0x93/0xb0 [ 2311.929665] __alloc_pages_nodemask+0x62c/0x7a0 [ 2311.932681] 0 0 [ 2311.934332] ? lock_downgrade+0x740/0x740 [ 2311.934344] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2311.941741] ? retint_kernel+0x2d/0x2d [ 2311.941757] alloc_pages_current+0xec/0x1e0 [ 2311.941776] ion_page_pool_alloc+0x11f/0x1c0 [ 2311.960255] ion_system_heap_allocate+0x138/0x910 [ 2311.960264] Node 1 [ 2311.965089] ? ion_alloc+0x19b/0x860 [ 2311.965104] Normal free:26412kB min:53508kB low:66884kB high:80260kB active_anon:2843072kB inactive_anon:20kB active_file:40kB inactive_file:48kB unevictable:0kB writepending:32kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45088kB pagetables:99708kB bounce:0kB free_pcp:324kB local_pcp:232kB free_cma:0kB [ 2311.965108] lowmem_reserve[]: [ 2311.967332] ? rcu_read_lock_sched_held+0x110/0x130 [ 2311.990092] 0 [ 2311.999577] ? ion_system_heap_free+0x250/0x250 [ 2312.005288] syz-executor.4 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2312.009508] ion_alloc+0x222/0x860 [ 2312.011340] 0 [ 2312.015952] ? ion_dma_buf_release+0x50/0x50 [ 2312.026370] 0 [ 2312.029865] ? kasan_check_write+0x14/0x20 [ 2312.031654] , order=0, oom_score_adj=1000 [ 2312.036028] ? _copy_from_user+0x99/0x110 [ 2312.037715] syz-executor.4 cpuset= [ 2312.041935] ion_ioctl+0x105/0x217 [ 2312.041947] ? ion_alloc.cold+0x40/0x40 [ 2312.041963] ? ion_alloc.cold+0x40/0x40 [ 2312.046191] 0 [ 2312.050307] do_vfs_ioctl+0x7ae/0x1060 [ 2312.050319] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2312.050331] ? lock_downgrade+0x740/0x740 [ 2312.053839] 0 [ 2312.057364] ? ioctl_preallocate+0x1c0/0x1c0 [ 2312.061342] syz4 [ 2312.065386] ? __fget+0x237/0x370 [ 2312.067171] mems_allowed=0-1 [ 2312.071062] ? security_file_ioctl+0x89/0xb0 [ 2312.071078] SyS_ioctl+0x8f/0xc0 [ 2312.071088] ? do_vfs_ioctl+0x1060/0x1060 [ 2312.071104] do_syscall_64+0x1e8/0x640 [ 2312.071116] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2312.075881] 0 [ 2312.080013] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2312.086178] RIP: 0033:0x45a679 [ 2312.088143] Node 0 [ 2312.091576] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2312.091587] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2312.091593] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2312.091598] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2312.091606] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2312.110049] DMA: [ 2312.110456] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2312.115285] 5*4kB [ 2312.167072] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2312.208168] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2312.218967] CPU: 1 PID: 8464 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2312.226795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2312.236158] Call Trace: [ 2312.238758] dump_stack+0x142/0x197 [ 2312.242486] warn_alloc.cold+0x96/0x1af [ 2312.246457] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2312.251305] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2312.256596] __alloc_pages_slowpath+0x23c6/0x2930 [ 2312.261455] ? save_trace+0x290/0x290 [ 2312.265353] ? warn_alloc+0xf0/0xf0 [ 2312.269000] ? __might_sleep+0x93/0xb0 [ 2312.272889] __alloc_pages_nodemask+0x62c/0x7a0 [ 2312.277547] ? lock_downgrade+0x740/0x740 [ 2312.281690] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2312.286727] alloc_pages_current+0xec/0x1e0 [ 2312.291063] ion_page_pool_alloc+0x11f/0x1c0 [ 2312.296773] ion_system_heap_allocate+0x138/0x910 [ 2312.301629] ? ion_system_heap_free+0x250/0x250 [ 2312.306308] ion_alloc+0x68c/0x860 [ 2312.310120] ? ion_dma_buf_release+0x50/0x50 [ 2312.314520] ? kasan_check_write+0x14/0x20 [ 2312.318757] ? _copy_from_user+0x99/0x110 [ 2312.322898] ion_ioctl+0x105/0x217 [ 2312.326440] ? ion_alloc.cold+0x40/0x40 [ 2312.330411] ? ion_alloc.cold+0x40/0x40 [ 2312.334372] do_vfs_ioctl+0x7ae/0x1060 [ 2312.338246] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2312.342991] ? lock_downgrade+0x740/0x740 [ 2312.347131] ? ioctl_preallocate+0x1c0/0x1c0 [ 2312.350053] (UM) [ 2312.351535] ? __fget+0x237/0x370 [ 2312.351537] 15*8kB (UM) [ 2312.353606] ? security_file_ioctl+0x89/0xb0 [ 2312.357038] 20*16kB [ 2312.359694] SyS_ioctl+0x8f/0xc0 [ 2312.369739] ? do_vfs_ioctl+0x1060/0x1060 [ 2312.373875] do_syscall_64+0x1e8/0x640 [ 2312.377909] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2312.380093] (UME) 2*32kB [ 2312.382777] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2312.382787] RIP: 0033:0x45a679 [ 2312.385537] (U) [ 2312.390793] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2312.390803] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2312.390808] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2312.390813] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2312.390818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2312.390823] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2312.401500] warn_alloc_show_mem: 1 callbacks suppressed [ 2312.401504] Mem-Info: [ 2312.459189] active_anon:1123132 inactive_anon:199 isolated_anon:0 [ 2312.459189] active_file:21 inactive_file:27 isolated_file:0 [ 2312.459189] unevictable:0 dirty:8 writeback:0 unstable:0 [ 2312.459189] slab_reclaimable:19082 slab_unreclaimable:136413 [ 2312.459189] mapped:52230 shmem:255 pagetables:41106 bounce:0 [ 2312.459189] free:17112 free_pcp:33 free_cma:0 [ 2312.469922] CPU: 0 PID: 8467 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2312.500203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2312.501971] Node 0 active_anon:1649468kB inactive_anon:776kB active_file:44kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208920kB dirty:0kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2312.509553] Call Trace: [ 2312.539633] dump_stack+0x142/0x197 [ 2312.543287] dump_header+0x177/0x6cd [ 2312.547011] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2312.552118] ? ___ratelimit+0x55/0x537 [ 2312.556020] oom_kill_process.cold+0x10/0xadd [ 2312.559163] Node 1 active_anon:2843060kB inactive_anon:20kB active_file:40kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:32kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2312.560514] ? rcu_read_unlock_special+0x639/0xd40 [ 2312.560529] ? lock_downgrade+0x740/0x740 [ 2312.560546] out_of_memory+0x2ee/0x1180 [ 2312.560554] ? lock_acquire+0x16f/0x430 [ 2312.560570] ? oom_killer_disable+0x1d0/0x1d0 [ 2312.560580] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2312.560594] __alloc_pages_slowpath+0x2251/0x2930 [ 2312.560619] ? warn_alloc+0xf0/0xf0 [ 2312.622576] ? __might_sleep+0x93/0xb0 [ 2312.626484] __alloc_pages_nodemask+0x62c/0x7a0 [ 2312.631168] ? lock_downgrade+0x740/0x740 [ 2312.635332] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2312.640367] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2312.646007] alloc_pages_current+0xec/0x1e0 [ 2312.650342] ion_page_pool_alloc+0x11f/0x1c0 [ 2312.654760] ion_system_heap_allocate+0x138/0x910 [ 2312.659609] ? ion_alloc+0x19b/0x860 [ 2312.663332] ? rcu_read_lock_sched_held+0x110/0x130 [ 2312.668353] ? ion_system_heap_free+0x250/0x250 [ 2312.673043] ion_alloc+0x222/0x860 [ 2312.676594] ? ion_dma_buf_release+0x50/0x50 [ 2312.681015] ? kasan_check_write+0x14/0x20 [ 2312.685255] ? _copy_from_user+0x99/0x110 [ 2312.689414] ion_ioctl+0x105/0x217 [ 2312.692961] ? ion_alloc.cold+0x40/0x40 [ 2312.696943] ? ion_alloc.cold+0x40/0x40 [ 2312.700916] do_vfs_ioctl+0x7ae/0x1060 [ 2312.704604] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2312.704827] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2312.704839] ? lock_downgrade+0x740/0x740 [ 2312.740122] ? ioctl_preallocate+0x1c0/0x1c0 [ 2312.744538] ? __fget+0x237/0x370 [ 2312.748004] ? security_file_ioctl+0x89/0xb0 [ 2312.752435] SyS_ioctl+0x8f/0xc0 [ 2312.755830] ? do_vfs_ioctl+0x1060/0x1060 [ 2312.759985] do_syscall_64+0x1e8/0x640 [ 2312.763871] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2312.768722] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2312.769521] lowmem_reserve[]: [ 2312.773902] RIP: 0033:0x45a679 [ 2312.773908] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2312.773917] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2312.773923] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2312.773928] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2312.773934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2312.773939] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2312.776036] 2*64kB [ 2312.799092] 0 [ 2312.802772] (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2312.829634] 2569 [ 2312.838860] Node 0 DMA32: 3553*4kB (UME) 364*8kB (UME) 64*16kB (UM) 5*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18308kB [ 2312.854388] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2312.865208] Node 1 Normal: 2853*4kB (UME) 547*8kB (ME) 425*16kB (UME) 103*32kB (UM) 0*64kB 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 26780kB [ 2312.880235] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2312.889084] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2312.890122] 2569 2569 2569 [ 2312.897688] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2312.916430] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2312.936947] 303 total pagecache pages [ 2312.946350] 0 pages in swap cache [ 2312.949840] Swap cache stats: add 0, delete 0, find 0/0 [ 2312.977517] Free swap = 0kB [ 2312.982509] Node 0 DMA32 free:18144kB min:36380kB low:45472kB high:54564kB active_anon:1645084kB inactive_anon:776kB active_file:44kB inactive_file:68kB unevictable:0kB writepending:0kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12384kB pagetables:64708kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 2312.988208] Total swap = 0kB [ 2313.043230] 1965979 pages RAM [ 2313.046413] 0 pages HighMem/MovableOnly [ 2313.061581] 335854 pages reserved [ 2313.065072] 0 pages cma reserved [ 2313.130481] Mem-Info: [ 2313.133637] active_anon:1123162 inactive_anon:199 isolated_anon:0 [ 2313.133637] active_file:224 inactive_file:288 isolated_file:0 [ 2313.133637] unevictable:0 dirty:49 writeback:0 unstable:0 [ 2313.133637] slab_reclaimable:19081 slab_unreclaimable:136407 [ 2313.133637] mapped:52580 shmem:255 pagetables:41106 bounce:0 [ 2313.133637] free:50804 free_pcp:351 free_cma:0 [ 2313.160095] lowmem_reserve[]: 0 0 0 0 0 [ 2313.178158] Node 0 active_anon:1649596kB inactive_anon:776kB active_file:572kB inactive_file:2104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210520kB dirty:60kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2313.190129] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2313.218456] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2313.267293] lowmem_reserve[]: 0 0 0 0 0 [ 2313.285909] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2313.290595] Node 1 Normal free:26780kB min:53508kB low:66884kB high:80260kB active_anon:2843052kB inactive_anon:20kB active_file:24kB inactive_file:52kB unevictable:0kB writepending:36kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45024kB pagetables:99708kB bounce:0kB free_pcp:188kB local_pcp:120kB free_cma:0kB [ 2313.291968] Node 0 DMA32 free:99620kB min:36380kB low:45472kB high:54564kB active_anon:1645012kB inactive_anon:776kB active_file:672kB inactive_file:2884kB unevictable:0kB writepending:12kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12384kB pagetables:64708kB bounce:0kB free_pcp:820kB local_pcp:536kB free_cma:0kB [ 2313.353017] lowmem_reserve[]: 0 0 0 0 0 [ 2313.362651] lowmem_reserve[]: 0 0 0 0 0 [ 2313.366863] Node 0 [ 2313.366865] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2313.371444] DMA: [ 2313.400343] lowmem_reserve[]: 0 0 0 0 0 [ 2313.406926] Node 0 DMA: 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2313.420089] 5*4kB (UM) 15*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10380kB [ 2313.428297] Node 0 DMA32: 2659*4kB (UME) 364*8kB (ME) 65*16kB (UM) 0*32kB 22*64kB (M) 7*128kB (M) 0*256kB 1*512kB (U) 0*1024kB 8*2048kB (U) 3*4096kB (UH) = 46076kB [ 2313.460134] Node 0 DMA32: 2628*4kB (UME) 364*8kB (ME) 65*16kB (UM) 0*32kB 22*64kB (M) 8*128kB (UM) 0*256kB 1*512kB (U) 0*1024kB 6*2048kB (U) 3*4096kB (UH) = 41984kB [ 2313.477317] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2313.488457] Node 1 Normal: 2853*4kB (UME) 653*8kB (UME) 426*16kB (UME) 104*32kB (UM) 0*64kB 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 27676kB [ 2313.499609] Node 0 [ 2313.503545] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2313.508126] Normal: [ 2313.514711] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2313.514719] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2313.514725] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2313.514730] 1266 total pagecache pages [ 2313.514741] 0 pages in swap cache [ 2313.514746] Swap cache stats: add 0, delete 0, find 0/0 [ 2313.514749] Free swap = 0kB [ 2313.514753] Total swap = 0kB [ 2313.514761] 1965979 pages RAM [ 2313.514765] 0 pages HighMem/MovableOnly [ 2313.514768] 335854 pages reserved [ 2313.514771] 0 pages cma reserved [ 2313.576856] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2313.586733] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2313.595824] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2313.604856] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2313.614682] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2313.623705] 1266 total pagecache pages [ 2313.627787] 0 pages in swap cache [ 2313.631880] Swap cache stats: add 0, delete 0, find 0/0 [ 2313.637643] Free swap = 0kB [ 2313.640841] Total swap = 0kB [ 2313.643969] 1965979 pages RAM [ 2313.646160] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2313.647436] 0 pages HighMem/MovableOnly [ 2313.663468] 335854 pages reserved [ 2313.664697] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2313.667079] 0 pages cma reserved [ 2313.672656] CPU: 1 PID: 8468 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 [ 2313.676095] Out of memory: Kill process 8260 (syz-executor.0) score 1009 or sacrifice child [ 2313.683556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2313.683561] Call Trace: [ 2313.683578] dump_stack+0x142/0x197 [ 2313.683593] warn_alloc.cold+0x96/0x1af [ 2313.683603] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2313.683622] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2313.683636] __alloc_pages_slowpath+0x23c6/0x2930 [ 2313.683654] ? save_trace+0x290/0x290 [ 2313.692473] Killed process 8260 (syz-executor.0) total-vm:72980kB, anon-rss:14508kB, file-rss:34816kB, shmem-rss:0kB [ 2313.701520] ? warn_alloc+0xf0/0xf0 [ 2313.701543] ? __might_sleep+0x93/0xb0 [ 2313.701555] __alloc_pages_nodemask+0x62c/0x7a0 [ 2313.701575] ? lock_downgrade+0x740/0x740 [ 2313.701588] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2313.706610] syz-executor.4: [ 2313.707823] alloc_pages_current+0xec/0x1e0 [ 2313.707839] ion_page_pool_alloc+0x11f/0x1c0 [ 2313.711965] page allocation failure: order:0 [ 2313.716641] ion_system_heap_allocate+0x138/0x910 [ 2313.716657] ? ion_system_heap_free+0x250/0x250 [ 2313.722025] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 2313.726758] ion_alloc+0x68c/0x860 [ 2313.726776] ? ion_dma_buf_release+0x50/0x50 [ 2313.730655] 0 [ 2313.741225] ? kasan_check_write+0x14/0x20 [ 2313.741237] ? _copy_from_user+0x99/0x110 [ 2313.741254] ion_ioctl+0x105/0x217 [ 2313.744941] syz-executor.4 cpuset= [ 2313.748732] ? ion_alloc.cold+0x40/0x40 [ 2313.748750] ? ion_alloc.cold+0x40/0x40 [ 2313.753488] syz4 [ 2313.757536] do_vfs_ioctl+0x7ae/0x1060 [ 2313.762727] mems_allowed=0-1 [ 2313.765586] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2313.765598] ? lock_downgrade+0x740/0x740 [ 2313.765615] ? ioctl_preallocate+0x1c0/0x1c0 [ 2313.850379] ? __fget+0x237/0x370 [ 2313.853835] ? security_file_ioctl+0x89/0xb0 [ 2313.858247] SyS_ioctl+0x8f/0xc0 [ 2313.861643] ? do_vfs_ioctl+0x1060/0x1060 [ 2313.865820] do_syscall_64+0x1e8/0x640 [ 2313.869700] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2313.874537] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2313.879711] RIP: 0033:0x45a679 [ 2313.882884] RSP: 002b:00007f3454a74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2313.890579] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2313.897862] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2313.905123] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2313.912383] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3454a756d4 [ 2313.919640] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2313.926915] CPU: 0 PID: 8467 Comm: syz-executor.4 Not tainted 4.14.157-syzkaller #0 [ 2313.934734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2313.944099] Call Trace: [ 2313.946699] dump_stack+0x142/0x197 [ 2313.950355] warn_alloc.cold+0x96/0x1af [ 2313.954355] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2313.959052] warn_alloc_show_mem: 1 callbacks suppressed [ 2313.959057] Mem-Info: [ 2313.959218] ? wait_for_completion+0x420/0x420 [ 2313.964735] active_anon:1119502 inactive_anon:199 isolated_anon:0 [ 2313.964735] active_file:199 inactive_file:809 isolated_file:0 [ 2313.964735] unevictable:0 dirty:24 writeback:0 unstable:0 [ 2313.964735] slab_reclaimable:19081 slab_unreclaimable:136224 [ 2313.964735] mapped:52755 shmem:255 pagetables:41032 bounce:0 [ 2313.964735] free:33161 free_pcp:160 free_cma:0 [ 2313.967008] __alloc_pages_slowpath+0x23c6/0x2930 [ 2313.976439] Node 0 active_anon:1634956kB inactive_anon:776kB active_file:672kB inactive_file:3184kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:211020kB dirty:60kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2314.005157] ? warn_alloc+0xf0/0xf0 [ 2314.005179] ? __might_sleep+0x93/0xb0 [ 2314.005191] __alloc_pages_nodemask+0x62c/0x7a0 [ 2314.005203] ? lock_downgrade+0x740/0x740 [ 2314.005213] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2314.005229] ? cpuset_nodemask_valid_mems_allowed+0xf/0x80 [ 2314.005245] alloc_pages_current+0xec/0x1e0 [ 2314.005262] ion_page_pool_alloc+0x11f/0x1c0 [ 2314.005274] ion_system_heap_allocate+0x138/0x910 [ 2314.005283] ? ion_alloc+0x19b/0x860 [ 2314.005293] ? rcu_read_lock_sched_held+0x110/0x130 [ 2314.005306] ? ion_system_heap_free+0x250/0x250 [ 2314.091957] ion_alloc+0x222/0x860 [ 2314.095531] ? ion_dma_buf_release+0x50/0x50 [ 2314.099954] ? kasan_check_write+0x14/0x20 [ 2314.104217] ? _copy_from_user+0x99/0x110 [ 2314.108362] ion_ioctl+0x105/0x217 [ 2314.111893] ? ion_alloc.cold+0x40/0x40 [ 2314.115858] ? ion_alloc.cold+0x40/0x40 [ 2314.119858] do_vfs_ioctl+0x7ae/0x1060 [ 2314.123746] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2314.128517] ? lock_downgrade+0x740/0x740 [ 2314.132662] ? ioctl_preallocate+0x1c0/0x1c0 [ 2314.137067] ? __fget+0x237/0x370 [ 2314.140514] ? security_file_ioctl+0x89/0xb0 [ 2314.144939] SyS_ioctl+0x8f/0xc0 [ 2314.148312] ? do_vfs_ioctl+0x1060/0x1060 [ 2314.152462] do_syscall_64+0x1e8/0x640 [ 2314.156338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2314.161175] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2314.166374] RIP: 0033:0x45a679 [ 2314.169558] RSP: 002b:00007f233d941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2314.177799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2314.185079] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2314.192353] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2314.199625] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f233d9426d4 [ 2314.206907] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2314.224334] Node 1 active_anon:2842996kB inactive_anon:20kB active_file:132kB inactive_file:796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:200kB dirty:28kB writeback:0kB shmem:56kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2314.255707] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2314.287295] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2314.292487] Node 0 DMA32 free:38952kB min:36380kB low:45472kB high:54564kB active_anon:1630456kB inactive_anon:776kB active_file:800kB inactive_file:3220kB unevictable:0kB writepending:28kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12352kB pagetables:64416kB bounce:0kB free_pcp:528kB local_pcp:416kB free_cma:0kB [ 2314.331779] lowmem_reserve[]: 0 0 0 0 0 [ 2314.344563] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2314.380371] lowmem_reserve[]: 0 0 0 0 0 [ 2314.384437] Node 1 Normal free:77704kB min:53508kB low:66884kB high:80260kB active_anon:2842996kB inactive_anon:20kB active_file:132kB inactive_file:4996kB unevictable:0kB writepending:28kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:44992kB pagetables:99604kB bounce:0kB free_pcp:432kB local_pcp:276kB free_cma:0kB [ 2314.442169] lowmem_reserve[]: 0 0 0 0 0 [ 2314.446234] Node 0 DMA: 8*4kB (UM) 21*8kB (UM) 20*16kB (UME) 2*32kB (U) 2*64kB (UE) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2314.462437] Node 0 DMA32: 2867*4kB (UME) 489*8kB (UME) 136*16kB (UM) 221*32kB (UM) 0*64kB 1*128kB (U) 0*256kB 1*512kB (U) 1*1024kB (U) 1*2048kB (M) 0*4096kB = 28340kB [ 2314.478880] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 20:59:04 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 20:59:04 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 20:59:04 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) fstat(0xffffffffffffffff, &(0x7f0000000200)) setresgid(0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) 20:59:04 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) unshare(0x40000000) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f574c46000900000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f041200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/529], 0x211) sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff34, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c}, 0x1c}, 0x1, 0x0, 0x0, 0x40888}, 0x0) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x1, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000380)=""/87, 0x192) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) [ 2314.491717] Node 1 Normal: 2979*4kB (UM) 2475*8kB (UME) 2046*16kB (UME) 358*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 75908kB [ 2314.511810] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2314.543940] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2314.565919] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2314.582070] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2314.591129] 3771 total pagecache pages [ 2314.595221] 0 pages in swap cache [ 2314.613078] Swap cache stats: add 0, delete 0, find 0/0 [ 2314.625951] Free swap = 0kB [ 2314.633153] Total swap = 0kB [ 2314.643107] 1965979 pages RAM [ 2314.646485] 0 pages HighMem/MovableOnly [ 2314.660173] 335854 pages reserved [ 2314.671878] 0 pages cma reserved [ 2314.809120] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 2314.849482] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2314.868130] CPU: 1 PID: 8485 Comm: syz-executor.1 Not tainted 4.14.157-syzkaller #0 [ 2314.875967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2314.885469] Call Trace: [ 2314.888074] dump_stack+0x142/0x197 [ 2314.891719] warn_alloc.cold+0x96/0x1af [ 2314.895731] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2314.900596] ? __alloc_pages_direct_compact+0xbc/0x380 [ 2314.905893] __alloc_pages_slowpath+0x23c6/0x2930 [ 2314.910772] ? save_trace+0x290/0x290 [ 2314.914596] ? warn_alloc+0xf0/0xf0 [ 2314.918247] ? __might_sleep+0x93/0xb0 [ 2314.922151] __alloc_pages_nodemask+0x62c/0x7a0 [ 2314.926833] ? lock_downgrade+0x740/0x740 [ 2314.930997] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2314.936028] ? save_trace+0x290/0x290 [ 2314.939849] alloc_pages_current+0xec/0x1e0 [ 2314.944191] ion_page_pool_alloc+0x11f/0x1c0 [ 2314.948618] ion_system_heap_allocate+0x138/0x910 [ 2314.953476] ? ion_alloc+0x19b/0x860 [ 2314.957205] ? rcu_read_lock_sched_held+0x110/0x130 [ 2314.962245] ? ion_system_heap_free+0x250/0x250 [ 2314.966943] ion_alloc+0x222/0x860 [ 2314.970511] ? ion_dma_buf_release+0x50/0x50 [ 2314.974956] ? kasan_check_write+0x14/0x20 [ 2314.979203] ? _copy_from_user+0x99/0x110 [ 2314.983382] ion_ioctl+0x105/0x217 [ 2314.986941] ? ion_alloc.cold+0x40/0x40 [ 2314.990940] ? ion_alloc.cold+0x40/0x40 [ 2314.994933] do_vfs_ioctl+0x7ae/0x1060 [ 2314.998834] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2315.003599] ? lock_downgrade+0x740/0x740 [ 2315.007767] ? ioctl_preallocate+0x1c0/0x1c0 [ 2315.012195] ? __fget+0x237/0x370 [ 2315.015673] ? security_file_ioctl+0x89/0xb0 [ 2315.020097] SyS_ioctl+0x8f/0xc0 [ 2315.023500] ? do_vfs_ioctl+0x1060/0x1060 [ 2315.027678] do_syscall_64+0x1e8/0x640 [ 2315.031581] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2315.036446] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2315.041776] RIP: 0033:0x45a679 [ 2315.044979] RSP: 002b:00007f53ae261c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2315.052703] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 2315.059991] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000004 [ 2315.067278] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2315.074564] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53ae2626d4 [ 2315.081848] R13: 00000000004c3743 R14: 00000000004d8ba8 R15: 00000000ffffffff [ 2315.101570] IPVS: ftp: loaded support on port[0] = 21 [ 2315.147694] warn_alloc_show_mem: 1 callbacks suppressed [ 2315.147699] Mem-Info: [ 2315.155914] active_anon:1119571 inactive_anon:199 isolated_anon:0 [ 2315.155914] active_file:1019 inactive_file:776 isolated_file:80 [ 2315.155914] unevictable:0 dirty:39 writeback:0 unstable:0 [ 2315.155914] slab_reclaimable:19086 slab_unreclaimable:136544 [ 2315.155914] mapped:53721 shmem:255 pagetables:41112 bounce:0 [ 2315.155914] free:22268 free_pcp:364 free_cma:0 [ 2315.190653] Node 0 active_anon:1635044kB inactive_anon:780kB active_file:2400kB inactive_file:1332kB unevictable:0kB isolated(anon):0kB isolated(file):192kB mapped:211896kB dirty:16kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 585728kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2315.219271] Node 1 active_anon:2843240kB inactive_anon:16kB active_file:1676kB inactive_file:1584kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:2788kB dirty:140kB writeback:0kB shmem:52kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2315.345670] Node 0 DMA free:10380kB min:216kB low:268kB high:320kB active_anon:4384kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2315.395347] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2315.402057] Node 0 DMA32 free:18156kB min:36380kB low:45472kB high:54564kB active_anon:1630660kB inactive_anon:780kB active_file:2400kB inactive_file:1408kB unevictable:0kB writepending:16kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12352kB pagetables:64448kB bounce:0kB free_pcp:764kB local_pcp:164kB free_cma:0kB [ 2315.489062] lowmem_reserve[]: 0 0 0 0 0 [ 2315.497710] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2315.585879] lowmem_reserve[]: 0 0 0 0 0 [ 2315.600315] Node 1 Normal free:26224kB min:53508kB low:66884kB high:80260kB active_anon:2843240kB inactive_anon:16kB active_file:1444kB inactive_file:1340kB unevictable:0kB writepending:140kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:45344kB pagetables:99992kB bounce:0kB free_pcp:1072kB local_pcp:740kB free_cma:0kB [ 2315.650535] ================================================================== [ 2315.658306] BUG: KASAN: use-after-free in skb_dequeue+0x174/0x180 [ 2315.664550] Write of size 8 at addr ffff888024d84b88 by task kswapd0/1446 [ 2315.671480] [ 2315.673111] CPU: 1 PID: 1446 Comm: kswapd0 Not tainted 4.14.157-syzkaller #0 [ 2315.680301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2315.689663] Call Trace: [ 2315.692255] [ 2315.694417] dump_stack+0x142/0x197 [ 2315.698057] ? skb_dequeue+0x174/0x180 [ 2315.701805] lowmem_reserve[]: [ 2315.701944] print_address_description.cold+0x7c/0x1dc [ 2315.701946] 0 0 [ 2315.705071] ? skb_dequeue+0x174/0x180 [ 2315.705086] kasan_report.cold+0xa9/0x2af [ 2315.705098] __asan_report_store8_noabort+0x17/0x20 [ 2315.705107] skb_dequeue+0x174/0x180 [ 2315.729067] skb_queue_purge+0x26/0x40 [ 2315.730682] 0 [ 2315.733051] nr_clear_queues+0x3d/0x40 [ 2315.733061] nr_disconnect+0x3a/0x18f [ 2315.739601] 0 [ 2315.742529] nr_process_rx_frame+0x8f8/0x1440 [ 2315.742544] ? perf_trace_lock+0x500/0x500 [ 2315.742556] ? nr_setup+0x1b0/0x1b0 [ 2315.742567] ? lock_acquire+0x16f/0x430 [ 2315.750188] 0 [ 2315.753072] ? nr_rx_frame+0x2b2/0x1f70 [ 2315.753090] nr_rx_frame+0x38b/0x1f70 [ 2315.770297] ? lock_downgrade+0x740/0x740 [ 2315.774459] nr_loopback_timer+0x75/0x150 [ 2315.774471] call_timer_fn+0x161/0x670 [ 2315.782508] ? nr_process_rx_frame+0x1440/0x1440 [ 2315.787276] ? __next_timer_interrupt+0x140/0x140 [ 2315.791413] Node 0 DMA: [ 2315.792132] ? trace_hardirqs_on_caller+0x19b/0x590 [ 2315.792146] run_timer_softirq+0x5b7/0x1520 [ 2315.803487] 5*4kB (UM) [ 2315.804151] ? nr_process_rx_frame+0x1440/0x1440 [ 2315.804168] ? add_timer+0xae0/0xae0 [ 2315.814037] 15*8kB [ 2315.815251] ? __lock_is_held+0xb6/0x140 [ 2315.815271] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 2315.821079] (UM) [ 2315.821582] __do_softirq+0x244/0x9a0 [ 2315.833070] ? sched_clock+0x2e/0x50 [ 2315.836784] irq_exit+0x160/0x1b0 [ 2315.840251] smp_apic_timer_interrupt+0x146/0x5e0 [ 2315.845203] apic_timer_interrupt+0x96/0xa0 [ 2315.849509] [ 2315.851740] RIP: 0010:__schedule+0xe5/0x1cd0 [ 2315.856130] RSP: 0018:ffff8880a66b7230 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 2315.863824] RAX: dffffc0000000000 RBX: ffff8880a66b0000 RCX: 1ffff11014cd554c [ 2315.871077] RDX: 1ffff11014cd543b RSI: ffffffff8703f940 RDI: ffff8880a66aa1d8 [ 2315.878330] RBP: ffff8880a66b72d8 R08: 0000021c445a30ff R09: ffff8880a66aaa60 [ 2315.885843] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 2315.893108] R13: 000000000002b540 R14: ffff8880a66aa1c0 R15: ffff8880aed2b540 [ 2315.900401] ? save_trace+0x290/0x290 [ 2315.904192] ? firmware_map_remove+0x196/0x196 [ 2315.908759] ? preempt_schedule_irq+0x8d/0x140 [ 2315.913346] preempt_schedule_irq+0xb5/0x140 [ 2315.917760] retint_kernel+0x1b/0x2d [ 2315.921473] RIP: 0010:try_to_unmap_one+0x11ff/0x1db0 [ 2315.926684] RSP: 0018:ffff8880a66b73c8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 [ 2315.934541] RAX: ffffed1014cd6e8d RBX: dffffc0000000000 RCX: 1ffff11014cd5546 [ 2315.941817] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff88015028 [ 2315.949144] RBP: ffff8880a66b7570 R08: ffff8880a66aa1c0 R09: 0000000000000001 [ 2315.956582] R10: 0000000000000000 R11: ffff8880a66aa1c0 R12: ffff888035d5a640 [ 2315.963855] R13: 0000000000000001 R14: ffff8880a66b7548 R15: ffff888035d5a640 [ 2315.971137] ? try_to_unmap_one+0x11e7/0x1db0 [ 2315.975650] ? page_remove_rmap+0x940/0x940 [ 2315.979971] ? __lock_is_held+0xb6/0x140 [ 2315.984062] ? page_remove_rmap+0x940/0x940 [ 2315.988394] rmap_walk_file+0x38d/0x8b0 [ 2315.992387] rmap_walk+0xed/0x190 [ 2315.995848] try_to_unmap+0x2dc/0x3c0 [ 2315.999663] ? rmap_walk_locked+0x190/0x190 [ 2316.003990] ? page_remove_rmap+0x940/0x940 [ 2316.008328] ? page_not_mapped+0x20/0x20 [ 2316.012387] ? page_get_anon_vma+0x2b0/0x2b0 [ 2316.016904] ? page_mapped+0x11f/0x280 [ 2316.020797] shrink_page_list+0x1004/0x2d70 [ 2316.025137] ? putback_lru_page+0x540/0x540 [ 2316.029449] ? check_preemption_disabled+0x10/0x250 [ 2316.034479] shrink_inactive_list+0x46a/0xf40 [ 2316.038989] ? check_preemption_disabled+0x10/0x250 [ 2316.044020] ? putback_inactive_pages+0xe40/0xe40 [ 2316.048864] shrink_node_memcg+0x8fb/0x11c0 [ 2316.053189] ? shrink_active_list+0xd60/0xd60 [ 2316.057695] ? find_held_lock+0x35/0x130 [ 2316.061756] ? rcu_read_unlock+0x16/0x60 [ 2316.065847] ? mem_cgroup_iter+0x39e/0x660 [ 2316.070070] ? vmpressure+0x157/0x300 [ 2316.073884] shrink_node+0x303/0xc40 [ 2316.077600] ? _find_next_bit+0xee/0x120 [ 2316.081667] ? shrink_node_memcg+0x11c0/0x11c0 [ 2316.086264] kswapd+0x8fb/0x1600 [ 2316.089652] ? mem_cgroup_shrink_node+0x650/0x650 [ 2316.094498] ? finish_task_switch+0x178/0x650 [ 2316.098986] ? finish_task_switch+0x14d/0x650 [ 2316.103492] ? finish_wait+0x260/0x260 [ 2316.107399] kthread+0x319/0x430 [ 2316.110758] ? mem_cgroup_shrink_node+0x650/0x650 [ 2316.115589] ? kthread_create_on_node+0xd0/0xd0 [ 2316.120252] ret_from_fork+0x24/0x30 [ 2316.123955] [ 2316.125565] Allocated by task 8491: [ 2316.129204] save_stack_trace+0x16/0x20 [ 2316.133162] save_stack+0x45/0xd0 [ 2316.136638] kasan_kmalloc+0xce/0xf0 [ 2316.140341] kasan_slab_alloc+0xf/0x20 [ 2316.144232] kmem_cache_alloc_node+0x144/0x780 [ 2316.148813] __alloc_skb+0x9c/0x500 [ 2316.152443] nr_loopback_queue+0x53/0x220 [ 2316.156598] nr_route_frame+0x5c9/0x85a [ 2316.160561] nr_transmit_buffer+0x127/0x190 [ 2316.164889] nr_kick.part.0+0x31d/0x5a0 [ 2316.168869] nr_output+0x55b/0x6a0 [ 2316.172401] nr_sendmsg+0x859/0xac0 [ 2316.176046] sock_sendmsg+0xce/0x110 [ 2316.179755] sock_write_iter+0x21d/0x390 [ 2316.183819] __vfs_write+0x4a7/0x6b0 [ 2316.187540] vfs_write+0x198/0x500 [ 2316.191079] SyS_write+0xfd/0x230 [ 2316.194523] do_syscall_64+0x1e8/0x640 [ 2316.198405] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2316.203586] [ 2316.205202] Freed by task 1446: [ 2316.208486] save_stack_trace+0x16/0x20 [ 2316.212473] save_stack+0x45/0xd0 [ 2316.215920] kasan_slab_free+0x75/0xc0 [ 2316.219796] kmem_cache_free+0x83/0x2b0 [ 2316.223782] kfree_skbmem+0xa5/0x110 [ 2316.227483] kfree_skb+0xbd/0x350 [ 2316.230933] skb_queue_purge+0x19/0x40 [ 2316.234808] nr_clear_queues+0x31/0x40 [ 2316.238677] nr_disconnect+0x3a/0x18f [ 2316.242473] nr_process_rx_frame+0x8f8/0x1440 [ 2316.246950] nr_rx_frame+0x38b/0x1f70 [ 2316.250731] nr_loopback_timer+0x75/0x150 [ 2316.254881] call_timer_fn+0x161/0x670 [ 2316.258746] run_timer_softirq+0x5b7/0x1520 [ 2316.263051] __do_softirq+0x244/0x9a0 [ 2316.266828] [ 2316.268440] The buggy address belongs to the object at ffff888024d84b80 [ 2316.268440] which belongs to the cache skbuff_head_cache of size 232 [ 2316.281597] The buggy address is located 8 bytes inside of [ 2316.281597] 232-byte region [ffff888024d84b80, ffff888024d84c68) [ 2316.293279] The buggy address belongs to the page: [ 2316.298224] page:ffffea0000936100 count:1 mapcount:0 mapping:ffff888024d84040 index:0x0 [ 2316.306349] flags: 0xfffe0000000100(slab) [ 2316.310492] raw: 00fffe0000000100 ffff888024d84040 0000000000000000 000000010000000c [ 2316.318367] raw: ffffea00026623e0 ffff8880a9eddb48 ffff88821b79a540 0000000000000000 [ 2316.326227] page dumped because: kasan: bad access detected [ 2316.331914] [ 2316.333524] Memory state around the buggy address: [ 2316.338438] ffff888024d84a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2316.345777] ffff888024d84b00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 2316.353120] >ffff888024d84b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2316.360460] ^ [ 2316.364082] ffff888024d84c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 2316.371434] ffff888024d84c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 2316.378774] ================================================================== [ 2316.386136] Disabling lock debugging due to kernel taint [ 2316.391574] Kernel panic - not syncing: panic_on_warn set ... [ 2316.391574] [ 2316.398939] CPU: 1 PID: 1446 Comm: kswapd0 Tainted: G B 4.14.157-syzkaller #0 [ 2316.407349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2316.416711] Call Trace: [ 2316.419285] [ 2316.421421] dump_stack+0x142/0x197 [ 2316.425053] ? skb_dequeue+0x174/0x180 [ 2316.428955] panic+0x1f9/0x42d [ 2316.432147] ? add_taint.cold+0x16/0x16 [ 2316.436115] ? lock_downgrade+0x740/0x740 [ 2316.440271] kasan_end_report+0x47/0x4f [ 2316.444238] kasan_report.cold+0x130/0x2af [ 2316.448460] __asan_report_store8_noabort+0x17/0x20 [ 2316.453485] skb_dequeue+0x174/0x180 [ 2316.457215] skb_queue_purge+0x26/0x40 [ 2316.461105] nr_clear_queues+0x3d/0x40 [ 2316.464981] nr_disconnect+0x3a/0x18f [ 2316.468787] nr_process_rx_frame+0x8f8/0x1440 [ 2316.473287] ? perf_trace_lock+0x500/0x500 [ 2316.477512] ? nr_setup+0x1b0/0x1b0 [ 2316.481250] ? lock_acquire+0x16f/0x430 [ 2316.485227] ? nr_rx_frame+0x2b2/0x1f70 [ 2316.489204] nr_rx_frame+0x38b/0x1f70 [ 2316.493014] ? lock_downgrade+0x740/0x740 [ 2316.497154] nr_loopback_timer+0x75/0x150 [ 2316.501304] call_timer_fn+0x161/0x670 [ 2316.505194] ? nr_process_rx_frame+0x1440/0x1440 [ 2316.509957] ? __next_timer_interrupt+0x140/0x140 [ 2316.514799] ? trace_hardirqs_on_caller+0x19b/0x590 [ 2316.519807] run_timer_softirq+0x5b7/0x1520 [ 2316.524140] ? nr_process_rx_frame+0x1440/0x1440 [ 2316.528899] ? add_timer+0xae0/0xae0 [ 2316.532623] ? __lock_is_held+0xb6/0x140 [ 2316.536688] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 2316.542146] __do_softirq+0x244/0x9a0 [ 2316.545947] ? sched_clock+0x2e/0x50 [ 2316.549654] irq_exit+0x160/0x1b0 [ 2316.553119] smp_apic_timer_interrupt+0x146/0x5e0 [ 2316.557959] apic_timer_interrupt+0x96/0xa0 [ 2316.562282] [ 2316.564512] RIP: 0010:__schedule+0xe5/0x1cd0 [ 2316.568906] RSP: 0018:ffff8880a66b7230 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 2316.576631] RAX: dffffc0000000000 RBX: ffff8880a66b0000 RCX: 1ffff11014cd554c [ 2316.583908] RDX: 1ffff11014cd543b RSI: ffffffff8703f940 RDI: ffff8880a66aa1d8 [ 2316.591168] RBP: ffff8880a66b72d8 R08: 0000021c445a30ff R09: ffff8880a66aaa60 [ 2316.598444] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 2316.605713] R13: 000000000002b540 R14: ffff8880a66aa1c0 R15: ffff8880aed2b540 [ 2316.612990] ? save_trace+0x290/0x290 [ 2316.616777] ? firmware_map_remove+0x196/0x196 [ 2316.621337] ? preempt_schedule_irq+0x8d/0x140 [ 2316.625900] preempt_schedule_irq+0xb5/0x140 [ 2316.630290] retint_kernel+0x1b/0x2d [ 2316.633986] RIP: 0010:try_to_unmap_one+0x11ff/0x1db0 [ 2316.639064] RSP: 0018:ffff8880a66b73c8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 [ 2316.646762] RAX: ffffed1014cd6e8d RBX: dffffc0000000000 RCX: 1ffff11014cd5546 [ 2316.654014] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff88015028 [ 2316.661265] RBP: ffff8880a66b7570 R08: ffff8880a66aa1c0 R09: 0000000000000001 [ 2316.668514] R10: 0000000000000000 R11: ffff8880a66aa1c0 R12: ffff888035d5a640 [ 2316.675800] R13: 0000000000000001 R14: ffff8880a66b7548 R15: ffff888035d5a640 [ 2316.683085] ? try_to_unmap_one+0x11e7/0x1db0 [ 2316.687576] ? page_remove_rmap+0x940/0x940 [ 2316.691881] ? __lock_is_held+0xb6/0x140 [ 2316.695926] ? page_remove_rmap+0x940/0x940 [ 2316.700230] rmap_walk_file+0x38d/0x8b0 [ 2316.704207] rmap_walk+0xed/0x190 [ 2316.707674] try_to_unmap+0x2dc/0x3c0 [ 2316.711466] ? rmap_walk_locked+0x190/0x190 [ 2316.715788] ? page_remove_rmap+0x940/0x940 [ 2316.720129] ? page_not_mapped+0x20/0x20 [ 2316.724182] ? page_get_anon_vma+0x2b0/0x2b0 [ 2316.728580] ? page_mapped+0x11f/0x280 [ 2316.732453] shrink_page_list+0x1004/0x2d70 [ 2316.736791] ? putback_lru_page+0x540/0x540 [ 2316.741105] ? check_preemption_disabled+0x10/0x250 [ 2316.746128] shrink_inactive_list+0x46a/0xf40 [ 2316.750634] ? check_preemption_disabled+0x10/0x250 [ 2316.755664] ? putback_inactive_pages+0xe40/0xe40 [ 2316.760506] shrink_node_memcg+0x8fb/0x11c0 [ 2316.764824] ? shrink_active_list+0xd60/0xd60 [ 2316.769500] ? find_held_lock+0x35/0x130 [ 2316.773567] ? rcu_read_unlock+0x16/0x60 [ 2316.777627] ? mem_cgroup_iter+0x39e/0x660 [ 2316.781871] ? vmpressure+0x157/0x300 [ 2316.785671] shrink_node+0x303/0xc40 [ 2316.789379] ? _find_next_bit+0xee/0x120 [ 2316.793541] ? shrink_node_memcg+0x11c0/0x11c0 [ 2316.798115] kswapd+0x8fb/0x1600 [ 2316.801500] ? mem_cgroup_shrink_node+0x650/0x650 [ 2316.806354] ? finish_task_switch+0x178/0x650 [ 2316.810856] ? finish_task_switch+0x14d/0x650 [ 2316.815344] ? finish_wait+0x260/0x260 [ 2316.819227] kthread+0x319/0x430 [ 2316.822594] ? mem_cgroup_shrink_node+0x650/0x650 [ 2316.827429] ? kthread_create_on_node+0xd0/0xd0 [ 2316.832105] ret_from_fork+0x24/0x30 [ 2316.837260] Kernel Offset: disabled [ 2316.840950] Rebooting in 86400 seconds..