:3e) already exists on: batadv_slave_1 [ 1354.239988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.249126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1354.261335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.270630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1354.282223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.292120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1354.308464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.330980] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1354.332525] syz-executor.2: [ 1354.337887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1354.347859] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1354.367722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1354.375817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1354.394607] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1354.415056] CPU: 1 PID: 2863 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1354.419059] Mem-Info: [ 1354.422888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1354.422891] Call Trace: [ 1354.422912] dump_stack+0x1b2/0x281 [ 1354.422925] warn_alloc.cold+0x96/0x1cc [ 1354.422936] ? zone_watermark_ok_safe+0x220/0x220 [ 1354.422958] __alloc_pages_nodemask+0x2127/0x2720 [ 1354.422975] ? lock_acquire+0x170/0x3f0 [ 1354.422989] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1354.423005] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1354.423016] ? __mutex_unlock_slowpath+0x75/0x770 [ 1354.423030] alloc_pages_current+0x155/0x260 [ 1354.423041] ion_page_pool_alloc+0x118/0x1b0 [ 1354.423050] ion_system_heap_allocate+0x133/0x8c0 [ 1354.423059] ? ion_alloc+0x187/0x810 [ 1354.423068] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1354.423077] ? ion_system_contig_heap_create+0x130/0x130 [ 1354.423086] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1354.423096] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1354.423106] ion_alloc+0x204/0x810 [ 1354.423121] ? ion_dma_buf_release+0x40/0x40 [ 1354.423132] ? __might_fault+0x177/0x1b0 [ 1354.423143] ion_ioctl+0xea/0x1f0 [ 1354.423152] ? ion_query_heaps+0x360/0x360 [ 1354.423163] ? ion_query_heaps+0x360/0x360 [ 1354.425676] active_anon:19256 inactive_anon:22239 isolated_anon:2 [ 1354.425676] active_file:2859 inactive_file:3277 isolated_file:12 [ 1354.425676] unevictable:0 dirty:78 writeback:0 unstable:0 [ 1354.425676] slab_reclaimable:13614 slab_unreclaimable:119564 [ 1354.425676] mapped:57114 shmem:23312 pagetables:2590 bounce:0 [ 1354.425676] free:397291 free_pcp:38 free_cma:0 [ 1354.434927] do_vfs_ioctl+0x75a/0xff0 [ 1354.434938] ? ioctl_preallocate+0x1a0/0x1a0 [ 1354.434945] ? lock_downgrade+0x740/0x740 [ 1354.434957] ? __fget+0x225/0x360 [ 1354.434966] ? do_vfs_ioctl+0xff0/0xff0 [ 1354.434975] ? security_file_ioctl+0x83/0xb0 [ 1354.434983] SyS_ioctl+0x7f/0xb0 [ 1354.434990] ? do_vfs_ioctl+0xff0/0xff0 [ 1354.435000] do_syscall_64+0x1d5/0x640 [ 1354.435014] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1354.435021] RIP: 0033:0x465f69 [ 1354.435027] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1354.435037] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1354.435042] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1354.435048] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1354.435053] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1354.435059] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1354.759958] Bluetooth: hci0 command 0x040f tx timeout [ 1354.803423] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1354.821600] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1354.827531] CPU: 0 PID: 2857 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1354.835373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1354.844741] Call Trace: [ 1354.847347] dump_stack+0x1b2/0x281 [ 1354.850986] warn_alloc.cold+0x96/0x1cc [ 1354.854974] ? zone_watermark_ok_safe+0x220/0x220 [ 1354.859881] __alloc_pages_nodemask+0x2127/0x2720 [ 1354.864736] ? _raw_spin_unlock_irq+0x5a/0x80 [ 1354.869240] ? finish_task_switch+0x178/0x610 [ 1354.873750] ? finish_task_switch+0x14d/0x610 [ 1354.878256] ? lock_acquire+0x170/0x3f0 [ 1354.882237] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1354.887090] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1354.892552] ? __mutex_unlock_slowpath+0x75/0x770 [ 1354.897520] ? alloc_pages_current+0x37/0x260 [ 1354.902028] alloc_pages_current+0x155/0x260 [ 1354.906446] ion_page_pool_alloc+0x118/0x1b0 [ 1354.910862] ion_system_heap_allocate+0x133/0x8c0 [ 1354.915882] ? ion_alloc+0x187/0x810 [ 1354.919605] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1354.925065] ? ion_system_contig_heap_create+0x130/0x130 [ 1354.930519] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1354.935539] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1354.940384] ion_alloc+0x204/0x810 [ 1354.944020] ? ion_dma_buf_release+0x40/0x40 [ 1354.948430] ? __might_fault+0x177/0x1b0 [ 1354.952495] ion_ioctl+0xea/0x1f0 [ 1354.955946] ? ion_query_heaps+0x360/0x360 [ 1354.960186] ? ion_query_heaps+0x360/0x360 [ 1354.964426] do_vfs_ioctl+0x75a/0xff0 [ 1354.968257] ? ioctl_preallocate+0x1a0/0x1a0 [ 1354.972664] ? lock_downgrade+0x740/0x740 [ 1354.976820] ? __fget+0x225/0x360 [ 1354.980282] ? do_vfs_ioctl+0xff0/0xff0 [ 1354.984267] ? security_file_ioctl+0x83/0xb0 [ 1354.988678] SyS_ioctl+0x7f/0xb0 [ 1354.992047] ? do_vfs_ioctl+0xff0/0xff0 [ 1354.996028] do_syscall_64+0x1d5/0x640 [ 1354.999924] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1355.005118] RIP: 0033:0x465f69 [ 1355.008303] RSP: 002b:00007fda71dae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1355.016063] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1355.023337] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1355.030602] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1355.037866] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1355.045139] R13: 00007ffe2f6bb0df R14: 00007fda71dae300 R15: 0000000000022000 [ 1355.057513] Node 0 active_anon:73148kB inactive_anon:59912kB active_file:8364kB inactive_file:9860kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:139832kB dirty:284kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1355.069207] Bluetooth: hci4 command 0x040f tx timeout [ 1355.126132] Node 1 active_anon:3976kB inactive_anon:29044kB active_file:3072kB inactive_file:3048kB unevictable:0kB isolated(anon):8kB isolated(file):48kB mapped:88224kB dirty:28kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1355.155406] Node 0 DMA free:11144kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1355.209087] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1355.221405] Node 0 DMA32 free:437852kB min:36200kB low:45248kB high:54296kB active_anon:73028kB inactive_anon:59912kB active_file:8376kB inactive_file:9860kB unevictable:0kB writepending:296kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8448kB pagetables:7544kB bounce:0kB free_pcp:568kB local_pcp:460kB free_cma:0kB [ 1355.328158] lowmem_reserve[]: 0 0 0 0 0 [ 1355.342462] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1355.434562] lowmem_reserve[]: 0 0 0 0 0 [ 1355.434858] syz-executor.1: [ 1355.438930] syz-executor.4: [ 1355.447368] page allocation failure: order:4 [ 1355.447693] page allocation failure: order:4 [ 1355.455337] Node 1 [ 1355.462493] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1355.464311] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1355.467013] (null) [ 1355.475280] Normal free:944992kB min:53696kB low:67120kB high:80544kB active_anon:3956kB inactive_anon:29052kB active_file:2000kB inactive_file:1952kB unevictable:0kB writepending:40kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2836kB bounce:0kB free_pcp:60kB local_pcp:60kB free_cma:0kB [ 1355.498385] syz-executor.1 cpuset= [ 1355.515813] (null) [ 1355.524686] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1355.538897] CPU: 0 PID: 2902 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1355.544436] / [ 1355.546706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1355.546713] Call Trace: [ 1355.546732] dump_stack+0x1b2/0x281 [ 1355.553618] mems_allowed=0-1 [ 1355.557786] warn_alloc.cold+0x96/0x1cc [ 1355.557802] ? zone_watermark_ok_safe+0x220/0x220 [ 1355.575892] __alloc_pages_nodemask+0x2127/0x2720 [ 1355.580737] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1355.585761] ? lock_acquire+0x170/0x3f0 [ 1355.589745] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1355.594594] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1355.600128] ? __mutex_unlock_slowpath+0x75/0x770 [ 1355.604966] alloc_pages_current+0x155/0x260 [ 1355.609379] ion_page_pool_alloc+0x118/0x1b0 [ 1355.613793] ion_system_heap_allocate+0x133/0x8c0 [ 1355.618633] ? ion_alloc+0x187/0x810 [ 1355.622351] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1355.627806] ? ion_system_contig_heap_create+0x130/0x130 [ 1355.633251] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1355.638268] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1355.643110] ion_alloc+0x204/0x810 [ 1355.646649] ? ion_dma_buf_release+0x40/0x40 [ 1355.651469] ? __might_fault+0x177/0x1b0 [ 1355.655636] ion_ioctl+0xea/0x1f0 [ 1355.659111] ? ion_query_heaps+0x360/0x360 [ 1355.663340] ? ion_query_heaps+0x360/0x360 [ 1355.667564] do_vfs_ioctl+0x75a/0xff0 [ 1355.671364] ? ioctl_preallocate+0x1a0/0x1a0 [ 1355.675772] ? lock_downgrade+0x740/0x740 [ 1355.679927] ? __fget+0x225/0x360 [ 1355.683372] ? do_vfs_ioctl+0xff0/0xff0 [ 1355.687334] ? security_file_ioctl+0x83/0xb0 [ 1355.691729] SyS_ioctl+0x7f/0xb0 [ 1355.695085] ? do_vfs_ioctl+0xff0/0xff0 [ 1355.699150] do_syscall_64+0x1d5/0x640 [ 1355.703039] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1355.708221] RIP: 0033:0x465f69 [ 1355.711406] RSP: 002b:00007fc7d02c9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1355.719136] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1355.726435] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1355.733702] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1355.740989] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1355.748256] R13: 00007ffe1bc7facf R14: 00007fc7d02c9300 R15: 0000000000022000 [ 1355.755544] CPU: 1 PID: 2912 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1355.760644] lowmem_reserve[]: [ 1355.763344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1355.763348] Call Trace: [ 1355.763366] dump_stack+0x1b2/0x281 [ 1355.763380] warn_alloc.cold+0x96/0x1cc [ 1355.766694] 0 [ 1355.775976] ? zone_watermark_ok_safe+0x220/0x220 [ 1355.776001] __alloc_pages_nodemask+0x2127/0x2720 [ 1355.776012] ? _raw_spin_unlock_irq+0x5a/0x80 [ 1355.776020] ? finish_task_switch+0x178/0x610 [ 1355.776026] ? finish_task_switch+0x14d/0x610 [ 1355.776038] ? lock_acquire+0x170/0x3f0 [ 1355.776050] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1355.776065] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1355.776077] ? __mutex_unlock_slowpath+0x75/0x770 [ 1355.778729] 0 [ 1355.782275] ? alloc_pages_current+0x123/0x260 [ 1355.782287] alloc_pages_current+0x155/0x260 [ 1355.782301] ion_page_pool_alloc+0x118/0x1b0 [ 1355.782310] ion_system_heap_allocate+0x133/0x8c0 [ 1355.782320] ? ion_alloc+0x187/0x810 [ 1355.782330] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1355.782338] ? ion_system_contig_heap_create+0x130/0x130 [ 1355.782349] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1355.786367] 0 [ 1355.788089] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1355.788102] ion_alloc+0x204/0x810 [ 1355.788119] ? ion_dma_buf_release+0x40/0x40 [ 1355.793537] 0 [ 1355.797922] ? __might_fault+0x177/0x1b0 [ 1355.797938] ion_ioctl+0xea/0x1f0 [ 1355.797948] ? ion_query_heaps+0x360/0x360 [ 1355.797961] ? ion_query_heaps+0x360/0x360 [ 1355.803715] 0 [ 1355.806927] do_vfs_ioctl+0x75a/0xff0 [ 1355.806941] ? ioctl_preallocate+0x1a0/0x1a0 [ 1355.806951] ? lock_downgrade+0x740/0x740 [ 1355.806964] ? __fget+0x225/0x360 [ 1355.815424] ? do_vfs_ioctl+0xff0/0xff0 [ 1355.815435] ? security_file_ioctl+0x83/0xb0 [ 1355.815445] SyS_ioctl+0x7f/0xb0 [ 1355.815453] ? do_vfs_ioctl+0xff0/0xff0 [ 1355.820363] Node 0 [ 1355.825726] do_syscall_64+0x1d5/0x640 [ 1355.825745] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1355.825754] RIP: 0033:0x465f69 [ 1355.830686] DMA: [ 1355.832373] RSP: 002b:00007fafeaa11188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1355.832384] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1355.832389] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1355.832395] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1355.832400] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1355.832407] R13: 00007ffff546b06f R14: 00007fafeaa11300 R15: 0000000000022000 [ 1355.837015] 90*4kB [ 1355.998512] warn_alloc_show_mem: 2 callbacks suppressed [ 1355.998516] Mem-Info: [ 1356.008820] active_anon:19287 inactive_anon:22241 isolated_anon:0 [ 1356.008820] active_file:2668 inactive_file:2823 isolated_file:12 [ 1356.008820] unevictable:0 dirty:102 writeback:0 unstable:0 [ 1356.008820] slab_reclaimable:13609 slab_unreclaimable:119805 [ 1356.008820] mapped:56483 shmem:23312 pagetables:2620 bounce:0 [ 1356.008820] free:282428 free_pcp:113 free_cma:0 [ 1356.043397] (UME) 62*8kB (UME) 25*16kB (UME) 9*32kB (UME) 9*64kB (ME) 6*128kB (UM) 2*256kB (ME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11080kB [ 1356.057944] Node 0 DMA32: 86*4kB (UMEH) 549*8kB (EH) 158*16kB (UEH) 3830*32kB (UMEH) 24*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 131488kB [ 1356.073470] Node 0 active_anon:73204kB inactive_anon:59912kB active_file:8844kB inactive_file:9480kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:139940kB dirty:360kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1356.102188] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1356.113451] Node 1 Normal: 29602*4kB (U) 22004*8kB (U) 16387*16kB (U) 12138*32kB (U) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 945240kB [ 1356.129894] Node 1 active_anon:3944kB inactive_anon:29052kB active_file:1828kB inactive_file:1812kB unevictable:0kB isolated(anon):0kB isolated(file):48kB mapped:85992kB dirty:48kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1356.157672] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1356.176534] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1356.189726] Node 0 DMA free:11080kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1356.195202] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1356.249602] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1356.270685] 28730 total pagecache pages [ 1356.272841] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1356.279201] 0 pages in swap cache [ 1356.294766] Node 0 DMA32 free:44932kB min:36200kB low:45248kB high:54296kB active_anon:73112kB inactive_anon:59912kB active_file:8744kB inactive_file:9680kB unevictable:0kB writepending:360kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:7624kB bounce:0kB free_pcp:396kB local_pcp:164kB free_cma:0kB [ 1356.300131] Swap cache stats: add 0, delete 0, find 0/0 [ 1356.339869] Free swap = 0kB [ 1356.343026] Total swap = 0kB [ 1356.367311] 2097051 pages RAM [ 1356.367960] lowmem_reserve[]: 0 0 0 0 0 [ 1356.377193] 0 pages HighMem/MovableOnly [ 1356.384451] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1356.385295] 363840 pages reserved [ 1356.422107] 0 pages cma reserved [ 1356.435778] lowmem_reserve[]: 0 0 0 0 0 [ 1356.457671] Node 1 Normal free:675292kB min:53696kB low:67120kB high:80544kB active_anon:3944kB inactive_anon:29052kB active_file:1828kB inactive_file:1812kB unevictable:0kB writepending:48kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2836kB bounce:0kB free_pcp:188kB local_pcp:120kB free_cma:0kB [ 1356.507584] lowmem_reserve[]: 0 0 0 0 0 [ 1356.529774] Node 0 DMA: 90*4kB (UME) 62*8kB (UME) 25*16kB (UME) 9*32kB (UME) 9*64kB (ME) 6*128kB (UM) 2*256kB (ME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11080kB [ 1356.559368] Node 0 DMA32: 85*4kB (MEH) 557*8kB (UEH) 169*16kB (UEH) 1116*32kB (UMEH) 25*64kB (UH) 2*128kB (UH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45068kB [ 1356.599763] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1356.617685] Node 1 Normal: 1*4kB (U) 1*8kB (U) 6509*16kB (UM) 12138*32kB (UM) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 492764kB [ 1356.649771] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1356.658661] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1356.669803] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1356.678681] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1356.706526] 28730 total pagecache pages [ 1356.715217] 0 pages in swap cache [ 1356.724003] Swap cache stats: add 0, delete 0, find 0/0 [ 1356.735016] Free swap = 0kB [ 1356.742675] Total swap = 0kB [ 1356.749145] 2097051 pages RAM [ 1356.756538] 0 pages HighMem/MovableOnly [ 1356.766220] 363840 pages reserved [ 1356.774315] 0 pages cma reserved [ 1356.849805] Bluetooth: hci0 command 0x0419 tx timeout [ 1357.194255] syz-executor.1 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1357.229792] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1357.234947] CPU: 1 PID: 2299 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1357.242827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1357.252184] Call Trace: [ 1357.254770] dump_stack+0x1b2/0x281 [ 1357.258394] dump_header+0x178/0x82f [ 1357.262110] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1357.267207] ? ___ratelimit+0x2cd/0x530 [ 1357.271178] oom_kill_process.cold+0x10/0xb18 [ 1357.275676] out_of_memory+0xe3e/0x1190 [ 1357.279648] ? oom_killer_disable+0x1c0/0x1c0 [ 1357.284137] ? mutex_trylock+0x152/0x1a0 [ 1357.288202] __alloc_pages_nodemask+0x23e1/0x2720 [ 1357.293052] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1357.297908] alloc_pages_current+0x155/0x260 [ 1357.302314] filemap_fault+0xea3/0x1980 [ 1357.306295] ext4_filemap_fault+0x84/0xb0 [ 1357.310437] __do_fault+0xfa/0x380 [ 1357.313973] __handle_mm_fault+0x2497/0x4620 [ 1357.318378] ? vm_insert_page+0x7c0/0x7c0 [ 1357.322521] ? nanosleep_copyout+0x100/0x100 [ 1357.326935] handle_mm_fault+0x391/0x860 [ 1357.330994] __do_page_fault+0x549/0xad0 [ 1357.335057] ? spurious_fault+0x640/0x640 [ 1357.339286] ? do_page_fault+0x60/0x500 [ 1357.343256] ? page_fault+0x2f/0x50 [ 1357.346878] page_fault+0x45/0x50 [ 1357.350321] RIP: 14b13e:0xa [ 1357.353240] RSP: 0003:00007ffff546b32c EFLAGS: 00000032 [ 1357.354284] Bluetooth: hci4 command 0x0419 tx timeout [ 1357.370238] Mem-Info: [ 1357.372665] active_anon:19356 inactive_anon:22241 isolated_anon:0 [ 1357.372665] active_file:52 inactive_file:0 isolated_file:0 [ 1357.372665] unevictable:0 dirty:17 writeback:0 unstable:0 [ 1357.372665] slab_reclaimable:13604 slab_unreclaimable:119798 [ 1357.372665] mapped:52708 shmem:23312 pagetables:2624 bounce:0 [ 1357.372665] free:13903 free_pcp:89 free_cma:0 [ 1357.382424] syz-executor.5: [ 1357.406204] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1357.415731] Node 0 active_anon:73480kB inactive_anon:59912kB active_file:148kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127408kB dirty:4kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1357.421310] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1357.421334] CPU: 0 PID: 2863 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1357.421341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1357.421344] Call Trace: [ 1357.421358] dump_stack+0x1b2/0x281 [ 1357.421372] warn_alloc.cold+0x96/0x1cc [ 1357.471126] Node 1 active_anon:3944kB inactive_anon:29052kB active_file:60kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83424kB dirty:64kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1357.471432] ? zone_watermark_ok_safe+0x220/0x220 [ 1357.474019] Node 0 [ 1357.477630] ? usleep_range+0x130/0x130 [ 1357.481609] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1357.508881] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1357.508894] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1357.508904] ? run_timer_softirq+0x5a0/0x5a0 [ 1357.513752] lowmem_reserve[]: [ 1357.515964] __alloc_pages_nodemask+0x2127/0x2720 [ 1357.519939] 0 [ 1357.545788] ? lock_acquire+0x170/0x3f0 [ 1357.545804] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1357.550893] 2717 [ 1357.555878] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1357.560273] 2718 [ 1357.563391] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1357.568303] 2718 [ 1357.570115] alloc_pages_current+0x155/0x260 [ 1357.570131] ion_page_pool_alloc+0x118/0x1b0 [ 1357.570142] ion_system_heap_allocate+0x133/0x8c0 [ 1357.574099] 2718 [ 1357.578929] ? ion_alloc+0x187/0x810 [ 1357.585481] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1357.587521] Node 0 [ 1357.592963] ? ion_system_contig_heap_create+0x130/0x130 [ 1357.592973] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1357.592982] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1357.592993] ion_alloc+0x204/0x810 [ 1357.593007] ? ion_dma_buf_release+0x40/0x40 [ 1357.595082] DMA32 free:18032kB min:36200kB low:45248kB high:54296kB active_anon:73188kB inactive_anon:59912kB active_file:392kB inactive_file:212kB unevictable:0kB writepending:404kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:7640kB bounce:0kB free_pcp:236kB local_pcp:124kB free_cma:0kB [ 1357.600852] ? __might_fault+0x177/0x1b0 [ 1357.600864] ion_ioctl+0xea/0x1f0 [ 1357.600877] ? ion_query_heaps+0x360/0x360 [ 1357.605261] lowmem_reserve[]: [ 1357.610091] ? ion_query_heaps+0x360/0x360 [ 1357.610100] do_vfs_ioctl+0x75a/0xff0 [ 1357.610111] ? ioctl_preallocate+0x1a0/0x1a0 [ 1357.612148] 0 [ 1357.615846] ? lock_downgrade+0x740/0x740 [ 1357.621286] 0 [ 1357.623491] ? __fget+0x225/0x360 [ 1357.628924] 0 [ 1357.633921] ? do_vfs_ioctl+0xff0/0xff0 [ 1357.633931] ? security_file_ioctl+0x83/0xb0 [ 1357.633941] SyS_ioctl+0x7f/0xb0 [ 1357.638873] 0 [ 1357.642393] ? do_vfs_ioctl+0xff0/0xff0 [ 1357.642404] do_syscall_64+0x1d5/0x640 [ 1357.642420] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1357.646798] 0 [ 1357.675507] RIP: 0033:0x465f69 [ 1357.675511] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1357.675521] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1357.675529] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1357.683013] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1357.683018] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1357.683024] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1357.683813] page allocation failure: order:0 [ 1357.687281] Node 0 [ 1357.690410] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1357.690419] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1357.690440] CPU: 0 PID: 2857 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1357.690446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1357.690449] Call Trace: [ 1357.690463] dump_stack+0x1b2/0x281 [ 1357.690477] warn_alloc.cold+0x96/0x1cc [ 1357.690487] ? zone_watermark_ok_safe+0x220/0x220 [ 1357.690498] ? usleep_range+0x130/0x130 [ 1357.690506] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1357.690517] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1357.690526] ? run_timer_softirq+0x5a0/0x5a0 [ 1357.690541] __alloc_pages_nodemask+0x2127/0x2720 [ 1357.690556] ? lock_acquire+0x170/0x3f0 [ 1357.690572] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1357.690582] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1357.690597] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1357.690616] alloc_pages_current+0x155/0x260 [ 1357.690628] ion_page_pool_alloc+0x118/0x1b0 [ 1357.690637] ion_system_heap_allocate+0x133/0x8c0 [ 1357.690645] ? ion_alloc+0x187/0x810 [ 1357.690655] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1357.690664] ? ion_system_contig_heap_create+0x130/0x130 [ 1357.690674] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1357.690684] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1357.690696] ion_alloc+0x204/0x810 [ 1357.690710] ? ion_dma_buf_release+0x40/0x40 [ 1357.690721] ? __might_fault+0x177/0x1b0 [ 1357.690733] ion_ioctl+0xea/0x1f0 [ 1357.690743] ? ion_query_heaps+0x360/0x360 [ 1357.690756] ? ion_query_heaps+0x360/0x360 [ 1357.690765] do_vfs_ioctl+0x75a/0xff0 [ 1357.690775] ? ioctl_preallocate+0x1a0/0x1a0 [ 1357.690783] ? lock_downgrade+0x740/0x740 [ 1357.690795] ? __fget+0x225/0x360 [ 1357.690804] ? do_vfs_ioctl+0xff0/0xff0 [ 1357.690814] ? security_file_ioctl+0x83/0xb0 [ 1357.690824] SyS_ioctl+0x7f/0xb0 [ 1357.690831] ? do_vfs_ioctl+0xff0/0xff0 [ 1357.690842] do_syscall_64+0x1d5/0x640 [ 1357.690857] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1357.690864] RIP: 0033:0x465f69 [ 1357.690869] RSP: 002b:00007fda71dae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1357.690878] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1357.690883] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1357.690888] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1357.690893] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1357.690899] R13: 00007ffe2f6bb0df R14: 00007fda71dae300 R15: 0000000000022000 [ 1357.690917] warn_alloc_show_mem: 1 callbacks suppressed [ 1357.690920] Mem-Info: [ 1357.690938] active_anon:19356 inactive_anon:22241 isolated_anon:0 [ 1357.690938] active_file:52 inactive_file:0 isolated_file:0 [ 1357.690938] unevictable:0 dirty:17 writeback:0 unstable:0 [ 1357.690938] slab_reclaimable:13604 slab_unreclaimable:119798 [ 1357.690938] mapped:52708 shmem:23312 pagetables:2624 bounce:0 [ 1357.690938] free:13903 free_pcp:88 free_cma:0 [ 1357.690955] Node 0 active_anon:73480kB inactive_anon:59912kB active_file:148kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127408kB dirty:4kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1357.690971] Node 1 active_anon:3944kB inactive_anon:29052kB active_file:60kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83424kB dirty:64kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1357.690975] Node 0 DMA free:10968kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1357.690994] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1357.691016] Node 0 DMA32 free:18032kB min:36200kB low:45248kB high:54296kB active_anon:73188kB inactive_anon:59912kB active_file:392kB inactive_file:212kB unevictable:0kB writepending:404kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:7640kB bounce:0kB free_pcp:232kB local_pcp:112kB free_cma:0kB [ 1357.691034] lowmem_reserve[]: 0 0 0 0 0 [ 1357.691053] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1357.691071] lowmem_reserve[]: 0 0 0 0 0 [ 1357.691092] Node 1 Normal free:26612kB min:53696kB low:67120kB high:80544kB active_anon:3944kB inactive_anon:29052kB active_file:104kB inactive_file:0kB unevictable:0kB writepending:64kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2836kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 1357.691119] lowmem_reserve[]: 0 0 0 0 0 [ 1357.691139] Node 0 DMA: 56*4kB (UME) 61*8kB (UME) 25*16kB (UME) 10*32kB (UME) 9*64kB (ME) 6*128kB (UM) 2*256kB (ME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 10968kB [ 1357.691220] Node 0 DMA32: 839*4kB (UME) 899*8kB (UME) 282*16kB (UME) 62*32kB (UME) 15*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18132kB [ 1357.691285] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1357.691334] Node 1 Normal: 109*4kB (UM) 64*8kB (UM) 55*16kB (M) 740*32kB (UM) 11*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26340kB [ 1357.691407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1357.717859] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1357.721031] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1357.734017] lowmem_reserve[]: [ 1357.734374] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1357.738233] 0 0 [ 1357.743447] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1357.743452] 23370 total pagecache pages [ 1357.743463] 0 pages in swap cache [ 1357.743468] Swap cache stats: add 0, delete 0, find 0/0 [ 1357.743471] Free swap = 0kB [ 1357.743475] Total swap = 0kB [ 1357.743481] 2097051 pages RAM [ 1357.743484] 0 pages HighMem/MovableOnly [ 1357.743488] 363840 pages reserved [ 1357.743490] 0 pages cma reserved [ 1358.446738] 0 0 0 [ 1358.448941] Node 1 Normal free:360064kB min:53696kB low:67120kB high:80544kB active_anon:3980kB inactive_anon:29052kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2836kB bounce:0kB free_pcp:636kB local_pcp:0kB free_cma:0kB [ 1358.518607] lowmem_reserve[]: 0 0 0 0 0 [ 1358.527415] Node 0 DMA: 76*4kB (UME) 61*8kB (UME) 25*16kB (UME) 10*32kB (UME) 9*64kB (ME) 6*128kB (UM) 2*256kB (ME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11048kB [ 1358.544149] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1358.548223] Node 0 DMA32: 411*4kB (ME) 778*8kB (UME) 239*16kB (UME) 1059*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB [ 1358.569644] syz-executor.5 cpuset= [ 1358.573611] = 45580kB [ 1358.589635] / mems_allowed=0-1 [ 1358.592947] CPU: 0 PID: 2857 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1358.600735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1358.610088] Call Trace: [ 1358.612679] dump_stack+0x1b2/0x281 [ 1358.613727] Node 0 [ 1358.616305] warn_alloc.cold+0x96/0x1cc [ 1358.616318] ? zone_watermark_ok_safe+0x220/0x220 [ 1358.626115] Normal: [ 1358.627344] __alloc_pages_nodemask+0x2127/0x2720 [ 1358.630623] 0*4kB [ 1358.634497] ? _raw_spin_unlock_irq+0x24/0x80 [ 1358.634511] ? lock_acquire+0x170/0x3f0 [ 1358.645104] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1358.647496] 0*8kB [ 1358.649948] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1358.649961] ? __mutex_unlock_slowpath+0x75/0x770 [ 1358.649974] alloc_pages_current+0x155/0x260 [ 1358.660785] 0*16kB [ 1358.662378] ion_page_pool_alloc+0x118/0x1b0 [ 1358.662389] ion_system_heap_allocate+0x133/0x8c0 [ 1358.672208] 0*32kB [ 1358.673451] ? _raw_spin_unlock+0x29/0x40 [ 1358.673463] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1358.689571] ? ion_system_contig_heap_create+0x130/0x130 [ 1358.695017] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1358.700032] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1358.704870] ion_alloc+0x27a/0x810 [ 1358.708496] ? ion_dma_buf_release+0x40/0x40 [ 1358.709642] 0*64kB 0*128kB [ 1358.712897] ? __might_fault+0x177/0x1b0 [ 1358.712909] ion_ioctl+0xea/0x1f0 [ 1358.715948] 0*256kB [ 1358.719990] ? ion_query_heaps+0x360/0x360 [ 1358.720002] ? ion_query_heaps+0x360/0x360 [ 1358.720011] do_vfs_ioctl+0x75a/0xff0 [ 1358.720024] ? ioctl_preallocate+0x1a0/0x1a0 [ 1358.737568] 0*512kB [ 1358.737989] ? lock_downgrade+0x740/0x740 [ 1358.748825] ? __fget+0x225/0x360 [ 1358.752176] 0*1024kB 0*2048kB [ 1358.752274] ? do_vfs_ioctl+0xff0/0xff0 [ 1358.752284] ? security_file_ioctl+0x83/0xb0 [ 1358.762067] 0*4096kB [ 1358.764697] SyS_ioctl+0x7f/0xb0 [ 1358.764707] ? do_vfs_ioctl+0xff0/0xff0 [ 1358.764719] do_syscall_64+0x1d5/0x640 [ 1358.773703] = 0kB [ 1358.774445] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1358.785534] RIP: 0033:0x465f69 [ 1358.787474] Node 1 [ 1358.788748] RSP: 002b:00007fda71dae188 EFLAGS: 00000246 [ 1358.788756] Normal: [ 1358.790968] ORIG_RAX: 0000000000000010 [ 1358.790974] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1358.790978] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1358.790983] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1358.790988] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1358.790994] R13: 00007ffe2f6bb0df R14: 00007fda71dae300 R15: 0000000000022000 [ 1358.911608] Mem-Info: [ 1358.914067] active_anon:19385 inactive_anon:22241 isolated_anon:0 [ 1358.914067] active_file:9 inactive_file:37 isolated_file:4 [ 1358.914067] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1358.914067] slab_reclaimable:13577 slab_unreclaimable:119631 [ 1358.914067] mapped:52696 shmem:23312 pagetables:2624 bounce:0 [ 1358.914067] free:25091 free_pcp:17 free_cma:0 [ 1358.933160] 59*4kB (UM) 26*8kB (UM) 22*16kB (UM) 1660*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53916kB [ 1358.948368] Node 0 active_anon:73560kB inactive_anon:59912kB active_file:0kB inactive_file:124kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:127420kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1358.963294] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1358.987329] Node 1 active_anon:3980kB inactive_anon:29052kB active_file:68kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83364kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1358.999900] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1359.051179] Node 0 DMA free:10984kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1359.057172] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1359.096214] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1359.101372] Node 0 DMA32 free:17520kB min:36200kB low:45248kB high:54296kB active_anon:73468kB inactive_anon:59912kB active_file:400kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:7640kB bounce:0kB free_pcp:124kB local_pcp:0kB free_cma:0kB [ 1359.115215] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1359.134276] lowmem_reserve[]: 0 0 0 0 0 [ 1359.139125] 23353 total pagecache pages [ 1359.143120] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1359.147085] 0 pages in swap cache [ 1359.176232] lowmem_reserve[]: 0 0 0 0 0 [ 1359.176329] Swap cache stats: add 0, delete 0, find 0/0 [ 1359.180275] Node 1 Normal free:26908kB min:53696kB low:67120kB high:80544kB active_anon:3980kB inactive_anon:29052kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2836kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1359.180295] lowmem_reserve[]: [ 1359.185660] Free swap = 0kB [ 1359.217885] 0 0 0 0 0 [ 1359.221390] Total swap = 0kB [ 1359.225699] 2097051 pages RAM [ 1359.228793] 0 pages HighMem/MovableOnly [ 1359.229563] Node 0 DMA: 69*4kB (UME) 61*8kB (UME) 25*16kB (UME) 10*32kB (UME) 10*64kB (UME) 5*128kB (M) 2*256kB (ME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 10956kB [ 1359.234360] 363840 pages reserved [ 1359.252275] 0 pages cma reserved [ 1359.255634] Out of memory (oom_kill_allocating_task): Kill process 2299 (syz-executor.1) score 0 or sacrifice child [ 1359.266306] Killed process 2912 (syz-executor.1) total-vm:93384kB, anon-rss:156kB, file-rss:34820kB, shmem-rss:0kB [ 1359.272942] Node 0 DMA32: 764*4kB (ME) 835*8kB (ME) 236*16kB (UME) 135*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17832kB [ 1359.287499] oom_reaper: reaped process 2857 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1359.290735] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1359.312486] Node 1 Normal: 48*4kB (M) 23*8kB (M) 22*16kB (UM) 821*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27000kB [ 1359.312851] oom_reaper: reaped process 2912 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1359.325855] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1359.325863] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1359.325870] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1359.325875] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1359.325879] 23353 total pagecache pages [ 1359.325890] 0 pages in swap cache [ 1359.325894] Swap cache stats: add 0, delete 0, find 0/0 [ 1359.325898] Free swap = 0kB [ 1359.325901] Total swap = 0kB [ 1359.325910] 2097051 pages RAM [ 1359.402662] oom_reaper: reaped process 2863 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1359.411829] 0 pages HighMem/MovableOnly [ 1359.416541] 363840 pages reserved [ 1359.421556] 0 pages cma reserved [ 1360.018148] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1360.034312] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1360.077101] CPU: 1 PID: 2863 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1360.084930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1360.095152] Call Trace: [ 1360.097745] dump_stack+0x1b2/0x281 [ 1360.101375] warn_alloc.cold+0x96/0x1cc [ 1360.105353] ? zone_watermark_ok_safe+0x220/0x220 [ 1360.110234] __alloc_pages_nodemask+0x2127/0x2720 [ 1360.115890] ? lock_acquire+0x170/0x3f0 [ 1360.119905] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1360.124754] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1360.130206] ? __mutex_unlock_slowpath+0x75/0x770 [ 1360.135063] ? alloc_pages_current+0x84/0x260 [ 1360.139564] alloc_pages_current+0x155/0x260 [ 1360.143981] ion_page_pool_alloc+0x118/0x1b0 [ 1360.148514] ion_system_heap_allocate+0x133/0x8c0 [ 1360.153359] ? _raw_spin_unlock+0x29/0x40 [ 1360.157506] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1360.162440] ? ion_system_contig_heap_create+0x130/0x130 [ 1360.167892] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1360.172922] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1360.177763] ion_alloc+0x27a/0x810 [ 1360.181306] ? ion_dma_buf_release+0x40/0x40 [ 1360.185713] ? __might_fault+0x177/0x1b0 [ 1360.189775] ion_ioctl+0xea/0x1f0 [ 1360.193225] ? ion_query_heaps+0x360/0x360 [ 1360.197458] ? ion_query_heaps+0x360/0x360 [ 1360.201692] do_vfs_ioctl+0x75a/0xff0 [ 1360.205493] ? ioctl_preallocate+0x1a0/0x1a0 [ 1360.209897] ? lock_downgrade+0x740/0x740 [ 1360.214053] ? __fget+0x225/0x360 [ 1360.217502] ? do_vfs_ioctl+0xff0/0xff0 [ 1360.221471] ? security_file_ioctl+0x83/0xb0 [ 1360.225876] SyS_ioctl+0x7f/0xb0 [ 1360.229242] ? do_vfs_ioctl+0xff0/0xff0 [ 1360.233215] do_syscall_64+0x1d5/0x640 [ 1360.237106] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1360.242290] RIP: 0033:0x465f69 [ 1360.245475] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1360.253178] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1360.260444] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1360.267709] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1360.274975] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1360.282371] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1360.315215] warn_alloc_show_mem: 1 callbacks suppressed [ 1360.315218] Mem-Info: [ 1360.334509] active_anon:19309 inactive_anon:22241 isolated_anon:0 [ 1360.334509] active_file:183 inactive_file:950 isolated_file:0 [ 1360.334509] unevictable:0 dirty:25 writeback:0 unstable:0 [ 1360.334509] slab_reclaimable:13575 slab_unreclaimable:118920 [ 1360.334509] mapped:53503 shmem:23312 pagetables:2624 bounce:0 [ 1360.334509] free:109293 free_pcp:96 free_cma:0 [ 1360.389594] Node 0 active_anon:73256kB inactive_anon:59912kB active_file:728kB inactive_file:3796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:130748kB dirty:100kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1360.509522] Node 1 active_anon:3980kB inactive_anon:29052kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83364kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1360.579511] Node 0 DMA free:10980kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1360.619541] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1360.644556] Node 0 DMA32 free:42620kB min:36200kB low:45248kB high:54296kB active_anon:73164kB inactive_anon:59912kB active_file:1628kB inactive_file:2228kB unevictable:0kB writepending:148kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:7640kB bounce:0kB free_pcp:936kB local_pcp:268kB free_cma:0kB [ 1360.674283] lowmem_reserve[]: 0 0 0 0 0 [ 1360.678360] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1360.729475] lowmem_reserve[]: 0 0 0 0 0 [ 1360.733497] Node 1 Normal free:50524kB min:53696kB low:67120kB high:80544kB active_anon:3980kB inactive_anon:29052kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2836kB bounce:0kB free_pcp:24kB local_pcp:24kB free_cma:0kB [ 1360.778275] systemd-journal invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1360.803179] lowmem_reserve[]: 0 0 0 0 0 [ 1360.807198] Node 0 DMA: 68*4kB (UME) 61*8kB (UME) 25*16kB (UME) 10*32kB (UME) 10*64kB (UME) 5*128kB (M) 2*256kB (ME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 10952kB [ 1360.824413] systemd-journal cpuset=/ mems_allowed=0-1 [ 1360.843465] Node 0 DMA32: 798*4kB (UME) 832*8kB (ME) 233*16kB (UME) 81*32kB (UME) 8*64kB (UM) 4*128kB (UM) 4*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18216kB [ 1360.846493] CPU: 0 PID: 2155 Comm: systemd-journal Not tainted 4.14.224-syzkaller #0 [ 1360.858336] Node 0 [ 1360.866178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1360.866181] Call Trace: [ 1360.866198] dump_stack+0x1b2/0x281 [ 1360.866210] dump_header+0x178/0x82f [ 1360.868422] Normal: [ 1360.877757] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1360.877766] ? ___ratelimit+0x2cd/0x530 [ 1360.877776] oom_kill_process.cold+0x10/0xb18 [ 1360.880352] 0*4kB [ 1360.883972] out_of_memory+0xe3e/0x1190 [ 1360.887653] 0*8kB 0*16kB [ 1360.889968] ? oom_killer_disable+0x1c0/0x1c0 [ 1360.889975] ? mutex_trylock+0x152/0x1a0 [ 1360.889985] __alloc_pages_nodemask+0x23e1/0x2720 [ 1360.895063] 0*32kB [ 1360.899030] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1360.903509] 0*64kB [ 1360.905638] alloc_pages_current+0x155/0x260 [ 1360.909590] 0*128kB [ 1360.912320] filemap_fault+0xea3/0x1980 [ 1360.916782] 0*256kB 0*512kB [ 1360.920863] ext4_filemap_fault+0x84/0xb0 [ 1360.920874] __do_fault+0xfa/0x380 [ 1360.920884] __handle_mm_fault+0x2497/0x4620 [ 1360.925705] 0*1024kB [ 1360.927922] ? ep_poll+0x1ab/0xa50 [ 1360.932757] 0*2048kB [ 1360.934957] ? vm_insert_page+0x7c0/0x7c0 [ 1360.939487] 0*4096kB [ 1360.941686] handle_mm_fault+0x391/0x860 [ 1360.945625] = 0kB [ 1360.948628] __do_page_fault+0x549/0xad0 [ 1360.952770] Node 1 [ 1360.956274] ? spurious_fault+0x640/0x640 [ 1360.960674] Normal: [ 1360.963049] ? do_page_fault+0x60/0x500 [ 1360.966562] 7*4kB [ 1360.968956] ? page_fault+0x2f/0x50 [ 1360.973088] (UM) [ 1360.975468] page_fault+0x45/0x50 [ 1360.979528] 5*8kB [ 1360.981562] RIP: 0001:0xffffffffffffffff [ 1360.985592] (UM) [ 1360.987804] RSP: 25f7e1e0:00007ffee8628d50 EFLAGS: 7ffee8628b60 [ 1361.017933] syz-executor.1: [ 1361.027925] Mem-Info: [ 1361.035127] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1361.035517] active_anon:19312 inactive_anon:22241 isolated_anon:0 [ 1361.035517] active_file:31 inactive_file:0 isolated_file:0 [ 1361.035517] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1361.035517] slab_reclaimable:13558 slab_unreclaimable:120451 [ 1361.035517] mapped:52708 shmem:23312 pagetables:2624 bounce:0 [ 1361.035517] free:13925 free_pcp:32 free_cma:0 [ 1361.047390] 6*16kB [ 1361.079118] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1361.079139] syz-executor.5 cpuset= [ 1361.092297] syz-executor.1 cpuset= [ 1361.093231] / [ 1361.100230] / [ 1361.100253] mems_allowed=0-1 [ 1361.106726] CPU: 0 PID: 2857 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1361.112268] mems_allowed=0-1 [ 1361.114741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1361.127155] Call Trace: [ 1361.129730] dump_stack+0x1b2/0x281 [ 1361.133347] warn_alloc.cold+0x96/0x1cc [ 1361.137304] ? zone_watermark_ok_safe+0x220/0x220 [ 1361.139426] (M) [ 1361.142145] ? usleep_range+0x130/0x130 [ 1361.142152] 824*32kB [ 1361.144110] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1361.144121] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1361.148070] (UM) [ 1361.150462] ? run_timer_softirq+0x5a0/0x5a0 [ 1361.150478] __alloc_pages_nodemask+0x2127/0x2720 [ 1361.150492] ? lock_acquire+0x170/0x3f0 [ 1361.169420] 0*64kB [ 1361.171824] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1361.175783] 0*128kB [ 1361.178002] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1361.189592] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1361.195048] alloc_pages_current+0x155/0x260 [ 1361.199417] 0*256kB 0*512kB [ 1361.199441] ion_page_pool_alloc+0x118/0x1b0 [ 1361.199452] ion_system_heap_allocate+0x133/0x8c0 [ 1361.202458] 0*1024kB [ 1361.206934] ? _raw_spin_unlock+0x29/0x40 [ 1361.218280] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1361.219418] 0*2048kB [ 1361.223206] ? ion_system_contig_heap_create+0x130/0x130 [ 1361.223208] 0*4096kB = 26532kB [ 1361.225617] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1361.225627] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1361.244077] ion_alloc+0x27a/0x810 [ 1361.247604] ? ion_dma_buf_release+0x40/0x40 [ 1361.249422] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1361.251997] ? __might_fault+0x177/0x1b0 [ 1361.264853] ion_ioctl+0xea/0x1f0 [ 1361.268290] ? ion_query_heaps+0x360/0x360 [ 1361.269417] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1361.272511] ? ion_query_heaps+0x360/0x360 [ 1361.285393] do_vfs_ioctl+0x75a/0xff0 [ 1361.289176] ? ioctl_preallocate+0x1a0/0x1a0 [ 1361.289417] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1361.293568] ? lock_downgrade+0x740/0x740 [ 1361.306510] ? __fget+0x225/0x360 [ 1361.310566] ? do_vfs_ioctl+0xff0/0xff0 [ 1361.314521] ? security_file_ioctl+0x83/0xb0 [ 1361.318911] SyS_ioctl+0x7f/0xb0 [ 1361.319413] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1361.322260] ? do_vfs_ioctl+0xff0/0xff0 [ 1361.334803] do_syscall_64+0x1d5/0x640 [ 1361.338677] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1361.339411] 23334 total pagecache pages [ 1361.343854] RIP: 0033:0x465f69 [ 1361.347808] 0 pages in swap cache [ 1361.350971] RSP: 002b:00007fda71dae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1361.350981] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1361.350986] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1361.350994] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1361.369408] Swap cache stats: add 0, delete 0, find 0/0 [ 1361.376609] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1361.396443] R13: 00007ffe2f6bb0df R14: 00007fda71dae300 R15: 0000000000022000 [ 1361.399404] Free swap = 0kB [ 1361.411929] Node 0 active_anon:73268kB inactive_anon:59912kB active_file:20kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127468kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1361.424118] CPU: 1 PID: 2912 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1361.443245] Node 1 active_anon:3980kB inactive_anon:29052kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83364kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1361.447420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1361.477874] Node 0 [ 1361.483721] Call Trace: [ 1361.483741] dump_stack+0x1b2/0x281 [ 1361.483754] warn_alloc.cold+0x96/0x1cc [ 1361.483766] ? zone_watermark_ok_safe+0x220/0x220 [ 1361.483774] ? usleep_range+0x130/0x130 [ 1361.483783] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1361.483794] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1361.483803] ? run_timer_softirq+0x5a0/0x5a0 [ 1361.483818] __alloc_pages_nodemask+0x2127/0x2720 [ 1361.486079] DMA free:10952kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1361.488625] ? lock_acquire+0x170/0x3f0 [ 1361.495676] lowmem_reserve[]: [ 1361.496273] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1361.501110] 0 [ 1361.505042] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1361.513578] 2717 [ 1361.515139] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1361.519543] 2718 [ 1361.524379] alloc_pages_current+0x155/0x260 [ 1361.553628] 2718 [ 1361.554073] ion_page_pool_alloc+0x118/0x1b0 [ 1361.557144] 2718 [ 1361.562773] ion_system_heap_allocate+0x133/0x8c0 [ 1361.562784] ? ion_alloc+0x187/0x810 [ 1361.562793] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1361.562802] ? ion_system_contig_heap_create+0x130/0x130 [ 1361.562812] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1361.562822] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1361.562833] ion_alloc+0x204/0x810 [ 1361.562847] ? ion_dma_buf_release+0x40/0x40 [ 1361.562857] ? __might_fault+0x177/0x1b0 [ 1361.562873] ion_ioctl+0xea/0x1f0 [ 1361.564667] Node 0 [ 1361.569144] ? ion_query_heaps+0x360/0x360 [ 1361.574818] DMA32 free:18216kB min:36200kB low:45248kB high:54296kB active_anon:73176kB inactive_anon:59912kB active_file:120kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:7640kB bounce:0kB free_pcp:128kB local_pcp:92kB free_cma:0kB [ 1361.576670] ? ion_query_heaps+0x360/0x360 [ 1361.578705] lowmem_reserve[]: [ 1361.583102] do_vfs_ioctl+0x75a/0xff0 [ 1361.583114] ? ioctl_preallocate+0x1a0/0x1a0 [ 1361.583122] ? lock_downgrade+0x740/0x740 [ 1361.583134] ? __fget+0x225/0x360 [ 1361.583143] ? do_vfs_ioctl+0xff0/0xff0 [ 1361.583152] ? security_file_ioctl+0x83/0xb0 [ 1361.583161] SyS_ioctl+0x7f/0xb0 [ 1361.585205] 0 [ 1361.589594] ? do_vfs_ioctl+0xff0/0xff0 [ 1361.589606] do_syscall_64+0x1d5/0x640 [ 1361.589621] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1361.589630] RIP: 0033:0x465f69 [ 1361.589640] RSP: 002b:00007fafeaa11188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1361.589652] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1361.595227] 0 [ 1361.596522] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1361.600262] 0 [ 1361.605646] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1361.614519] 0 [ 1361.616073] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1361.620953] 0 [ 1361.624413] R13: 00007ffff546b06f R14: 00007fafeaa11300 R15: 0000000000022000 [ 1361.632314] Total swap = 0kB [ 1361.638602] 2097051 pages RAM [ 1361.645061] Node 0 [ 1361.685472] 0 pages HighMem/MovableOnly [ 1361.690778] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1361.699449] 363840 pages reserved [ 1361.703182] lowmem_reserve[]: [ 1361.706581] 0 pages cma reserved [ 1361.708362] 0 [ 1361.768596] Mem-Info: [ 1361.799672] 0 [ 1361.849431] syz-executor.2: [ 1361.849434] 0 0 [ 1361.851251] page allocation failure: order:0 [ 1361.854250] 0 [ 1361.856209] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1361.860622] Node 1 Normal free:68260kB min:53696kB low:67120kB high:80544kB active_anon:3980kB inactive_anon:29052kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2836kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1361.860638] lowmem_reserve[]: 0 0 [ 1361.870279] (null) [ 1361.914031] 0 0 0 [ 1361.916392] Node 0 DMA: 53*4kB (UE) 60*8kB (UME) 25*16kB (UME) 10*32kB (UME) 11*64kB (UME) 6*128kB (UM) 2*256kB (ME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11076kB [ 1361.963052] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1361.968209] CPU: 1 PID: 2863 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1361.975997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1361.979437] Node 0 [ 1361.985341] Call Trace: [ 1361.985343] DMA32: 798*4kB [ 1361.987574] dump_stack+0x1b2/0x281 [ 1361.996706] warn_alloc.cold+0x96/0x1cc [ 1362.000684] ? zone_watermark_ok_safe+0x220/0x220 [ 1362.005523] ? usleep_range+0x130/0x130 [ 1362.009410] (UME) [ 1362.009486] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1362.009492] 832*8kB [ 1362.011738] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1362.016831] (ME) [ 1362.019137] ? run_timer_softirq+0x5a0/0x5a0 [ 1362.030669] __alloc_pages_nodemask+0x2127/0x2720 [ 1362.035516] ? lock_acquire+0x170/0x3f0 [ 1362.039493] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1362.044337] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1362.048836] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1362.049411] 232*16kB (ME) [ 1362.054314] ? alloc_pages_current+0x84/0x260 [ 1362.054324] alloc_pages_current+0x155/0x260 [ 1362.057154] 79*32kB [ 1362.061636] ion_page_pool_alloc+0x118/0x1b0 [ 1362.061647] ion_system_heap_allocate+0x133/0x8c0 [ 1362.061659] ? _raw_spin_unlock+0x29/0x40 [ 1362.061667] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1362.061675] ? ion_system_contig_heap_create+0x130/0x130 [ 1362.061686] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1362.061694] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1362.061705] ion_alloc+0x27a/0x810 [ 1362.089418] (UME) [ 1362.092125] ? ion_dma_buf_release+0x40/0x40 [ 1362.097113] 515*64kB [ 1362.101938] ? __might_fault+0x177/0x1b0 [ 1362.101950] ion_ioctl+0xea/0x1f0 [ 1362.101959] ? ion_query_heaps+0x360/0x360 [ 1362.101970] ? ion_query_heaps+0x360/0x360 [ 1362.101980] do_vfs_ioctl+0x75a/0xff0 [ 1362.101991] ? ioctl_preallocate+0x1a0/0x1a0 [ 1362.129406] (UM) [ 1362.130361] ? lock_downgrade+0x740/0x740 [ 1362.134139] 7*128kB [ 1362.138530] ? __fget+0x225/0x360 [ 1362.150448] ? do_vfs_ioctl+0xff0/0xff0 [ 1362.154422] ? security_file_ioctl+0x83/0xb0 [ 1362.158823] SyS_ioctl+0x7f/0xb0 [ 1362.162188] ? do_vfs_ioctl+0xff0/0xff0 [ 1362.166164] do_syscall_64+0x1d5/0x640 [ 1362.169416] (UM) 4*256kB (U) [ 1362.170053] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1362.170062] RIP: 0033:0x465f69 [ 1362.173183] 0*512kB [ 1362.178352] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1362.191523] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1362.198793] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1362.206059] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1362.209399] 2*1024kB [ 1362.213319] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1362.213325] (U) [ 1362.215708] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1362.229380] active_anon:19312 inactive_anon:22241 isolated_anon:0 [ 1362.229380] active_file:11 inactive_file:543 isolated_file:0 [ 1362.229380] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1362.229380] slab_reclaimable:13548 slab_unreclaimable:120398 [ 1362.229380] mapped:53095 shmem:23312 pagetables:2624 bounce:0 [ 1362.229380] free:106308 free_pcp:74 free_cma:0 [ 1362.269410] Node 0 active_anon:73268kB inactive_anon:59912kB active_file:40kB inactive_file:108kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127532kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1362.282437] 0*2048kB [ 1362.310567] Node 1 active_anon:3980kB inactive_anon:29052kB active_file:4kB inactive_file:2064kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:84848kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1362.319386] 0*4096kB = 53016kB [ 1362.382647] Node 0 Normal: 0*4kB [ 1362.382660] Node 0 DMA free:11524kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1362.386092] 0*8kB 0*16kB [ 1362.433177] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1362.459365] Node 0 DMA32 free:82024kB min:36200kB low:45248kB high:54296kB active_anon:73176kB inactive_anon:59912kB active_file:40kB inactive_file:40kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:7640kB bounce:0kB free_pcp:140kB local_pcp:140kB free_cma:0kB [ 1362.479396] 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1362.491868] lowmem_reserve[]: 0 0 0 0 0 [ 1362.523172] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1362.529433] Node 1 [ 1362.573045] lowmem_reserve[]: 0 0 0 0 0 [ 1362.589445] Normal: 0*4kB 1*8kB (U) 0*16kB 1*32kB (U) 5578*64kB (UM) 867*128kB (U) 115*256kB (U) 64*512kB (U) 69*1024kB (U) 2*2048kB (U) 0*4096kB = 604968kB [ 1362.592686] Node 1 Normal free:623048kB min:53696kB low:67120kB high:80544kB active_anon:3980kB inactive_anon:29052kB active_file:4kB inactive_file:2064kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2836kB bounce:0kB free_pcp:288kB local_pcp:208kB free_cma:0kB [ 1362.629424] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1362.701226] lowmem_reserve[]: 0 0 0 0 0 [ 1362.705264] Node 0 DMA: 12*4kB (E) 30*8kB (UME) 25*16kB (UME) 10*32kB (UME) 16*64kB (UME) 7*128kB (UM) 2*256kB (ME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11120kB [ 1362.739403] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1362.748010] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1362.764292] Node 0 DMA32: 798*4kB (UME) 832*8kB (ME) 232*16kB (ME) 46*32kB (UME) 104*64kB (UME) 12*128kB (UME) 28*256kB (U) 8*512kB (U) 14*1024kB (U) 1*2048kB (U) 0*4096kB = 50872kB [ 1362.769384] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1362.799419] 23879 total pagecache pages [ 1362.803418] 0 pages in swap cache [ 1362.806865] Swap cache stats: add 0, delete 0, find 0/0 [ 1362.822848] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1362.833673] Free swap = 0kB [ 1362.836687] Total swap = 0kB [ 1362.843256] 2097051 pages RAM [ 1362.846367] 0 pages HighMem/MovableOnly [ 1362.863415] Node 1 Normal: 2*4kB (UM) 1*8kB (U) 0*16kB 1*32kB (U) 4004*64kB (UM) 1503*128kB (U) 209*256kB (U) 85*512kB (U) 115*1024kB (U) 22*2048kB (U) 0*4096kB = 708528kB [ 1362.879620] 363840 pages reserved [ 1362.882552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1362.883082] 0 pages cma reserved [ 1362.895252] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1362.921642] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1362.936033] Out of memory (oom_kill_allocating_task): Kill process 2155 (systemd-journal) score 0 or sacrifice child [ 1362.947240] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1362.956101] Killed process 2155 (systemd-journal) total-vm:46096kB, anon-rss:472kB, file-rss:4kB, shmem-rss:1832kB [ 1362.959664] 24034 total pagecache pages [ 1362.977050] 0 pages in swap cache [ 1362.981447] oom_reaper: reaped process 2155 (systemd-journal), now anon-rss:0kB, file-rss:0kB, shmem-rss:1936kB [ 1362.989319] Swap cache stats: add 0, delete 0, find 0/0 [ 1362.997043] Free swap = 0kB [ 1363.007949] Total swap = 0kB [ 1363.012235] 2097051 pages RAM [ 1363.015690] 0 pages HighMem/MovableOnly [ 1363.024098] 363840 pages reserved [ 1363.027890] 0 pages cma reserved [ 1363.114919] systemd[1]: systemd-journald.service: Failed with result 'signal'. [ 1363.144105] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 1363.184405] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 1363.192971] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 1363.209523] systemd[1]: Stopped Journal Service. [ 1363.239158] systemd[1]: Starting Journal Service... [ 1363.631589] ion_system_heap invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=0 [ 1363.644516] ion_system_heap cpuset=/ mems_allowed=0-1 [ 1363.654248] CPU: 0 PID: 4244 Comm: ion_system_heap Not tainted 4.14.224-syzkaller #0 [ 1363.662161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1363.671715] Call Trace: [ 1363.674313] dump_stack+0x1b2/0x281 [ 1363.677932] dump_header+0x178/0x82f [ 1363.681674] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1363.686758] ? ___ratelimit+0x2cd/0x530 [ 1363.690716] oom_kill_process.cold+0x10/0xb18 [ 1363.695232] ? lock_downgrade+0x740/0x740 [ 1363.699363] out_of_memory+0x2dc/0x1190 [ 1363.703320] ? oom_killer_disable+0x1c0/0x1c0 [ 1363.707807] ? mutex_trylock+0x152/0x1a0 [ 1363.711850] __alloc_pages_nodemask+0x23e1/0x2720 [ 1363.716677] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1363.721605] ? ion_heap_sglist_zero+0x165/0x220 [ 1363.726271] ? cache_grow_begin+0x41/0x630 [ 1363.730487] cache_grow_begin+0x91/0x630 [ 1363.734526] ? cache_grow_begin+0x91/0x630 [ 1363.738758] fallback_alloc+0x207/0x2c0 [ 1363.742739] kmem_cache_alloc_node_trace+0xed/0x400 [ 1363.747735] __get_vm_area_node+0xed/0x340 [ 1363.751960] vmap+0xd5/0x290 [ 1363.754964] ? ion_heap_clear_pages+0x23/0x70 [ 1363.759540] ? vunmap+0x50/0x50 [ 1363.762810] ? __vunmap+0x21c/0x300 [ 1363.766429] ion_heap_clear_pages+0x23/0x70 [ 1363.770735] ion_heap_sglist_zero+0x165/0x220 [ 1363.775211] ? ion_heap_clear_pages+0x70/0x70 [ 1363.779689] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1363.784805] ? pagerange_is_ram_callback+0x100/0x100 [ 1363.789902] ? ion_heap_deferred_free+0x222/0x470 [ 1363.794730] ion_system_heap_free+0x1d0/0x240 [ 1363.799206] ion_buffer_destroy+0x132/0x190 [ 1363.803508] ion_heap_deferred_free+0x22a/0x470 [ 1363.808153] ? __schedule+0x857/0x1de0 [ 1363.812079] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1363.816727] ? wait_woken+0x230/0x230 [ 1363.820502] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1363.825581] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1363.830231] kthread+0x30d/0x420 [ 1363.833572] ? kthread_create_on_node+0xd0/0xd0 [ 1363.838216] ret_from_fork+0x24/0x30 [ 1363.844179] Mem-Info: [ 1363.845011] syz-executor.1: page allocation failure: order:4 [ 1363.846607] active_anon:19253 inactive_anon:22240 isolated_anon:0 [ 1363.846607] active_file:35 inactive_file:21 isolated_file:0 [ 1363.846607] unevictable:0 dirty:0 writeback:32 unstable:0 [ 1363.846607] slab_reclaimable:13507 slab_unreclaimable:119843 [ 1363.846607] mapped:52260 shmem:23312 pagetables:2535 bounce:0 [ 1363.846607] free:13939 free_pcp:83 free_cma:0 [ 1363.846621] Node 0 active_anon:73152kB inactive_anon:59908kB active_file:76kB inactive_file:76kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125588kB dirty:0kB writeback:32kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1363.869854] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1363.889933] Node 1 active_anon:3860kB inactive_anon:29052kB active_file:64kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83452kB dirty:0kB writeback:96kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1363.929964] (null) [ 1363.952456] Node 0 DMA free:11000kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1363.959472] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1363.982747] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1363.989110] Node 0 DMA32 free:18040kB min:36200kB low:45248kB high:54296kB active_anon:73052kB inactive_anon:59908kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8352kB pagetables:7432kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1363.993349] CPU: 1 PID: 2912 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1364.021276] lowmem_reserve[]: [ 1364.025266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1364.025273] 0 [ 1364.028354] Call Trace: [ 1364.037746] 0 [ 1364.039491] dump_stack+0x1b2/0x281 [ 1364.039505] warn_alloc.cold+0x96/0x1cc [ 1364.039516] ? zone_watermark_ok_safe+0x220/0x220 [ 1364.039537] __alloc_pages_nodemask+0x2127/0x2720 [ 1364.045835] 0 [ 1364.047500] ? lock_acquire+0x170/0x3f0 [ 1364.051488] 0 [ 1364.056288] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1364.064760] 0 [ 1364.067025] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1364.068796] Node 0 [ 1364.073634] ? __mutex_unlock_slowpath+0x75/0x770 [ 1364.073644] ? retint_kernel+0x2d/0x2d [ 1364.073656] alloc_pages_current+0x155/0x260 [ 1364.073670] ion_page_pool_alloc+0x118/0x1b0 [ 1364.073680] ion_system_heap_allocate+0x133/0x8c0 [ 1364.073693] ? ion_system_contig_heap_create+0x130/0x130 [ 1364.075478] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1364.080905] ion_alloc+0x27a/0x810 [ 1364.080919] ? ion_dma_buf_release+0x40/0x40 [ 1364.080930] ? __might_fault+0x177/0x1b0 [ 1364.080943] ion_ioctl+0xea/0x1f0 [ 1364.080953] ? ion_query_heaps+0x360/0x360 [ 1364.086885] lowmem_reserve[]: [ 1364.087997] ? ion_query_heaps+0x360/0x360 [ 1364.091982] 0 [ 1364.096354] do_vfs_ioctl+0x75a/0xff0 [ 1364.104408] 0 [ 1364.105574] ? ioctl_preallocate+0x1a0/0x1a0 [ 1364.111086] 0 [ 1364.135989] ? lock_downgrade+0x740/0x740 [ 1364.136003] ? __fget+0x225/0x360 [ 1364.136012] ? do_vfs_ioctl+0xff0/0xff0 [ 1364.136021] ? security_file_ioctl+0x83/0xb0 [ 1364.136031] SyS_ioctl+0x7f/0xb0 [ 1364.136040] ? do_vfs_ioctl+0xff0/0xff0 [ 1364.136051] do_syscall_64+0x1d5/0x640 [ 1364.136067] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1364.136076] RIP: 0033:0x465f69 [ 1364.143314] 0 [ 1364.143998] RSP: 002b:00007fafeaa11188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1364.148043] 0 [ 1364.151472] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1364.151477] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1364.151482] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1364.151486] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1364.151491] R13: 00007ffff546b06f R14: 00007fafeaa11300 R15: 0000000000022000 [ 1364.161053] warn_alloc_show_mem: 2 callbacks suppressed [ 1364.161056] Mem-Info: [ 1364.168625] active_anon:19256 inactive_anon:22240 isolated_anon:0 [ 1364.168625] active_file:17 inactive_file:17 isolated_file:0 [ 1364.168625] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1364.168625] slab_reclaimable:13506 slab_unreclaimable:119858 [ 1364.168625] mapped:52225 shmem:23312 pagetables:2573 bounce:0 [ 1364.168625] free:14060 free_pcp:0 free_cma:0 [ 1364.170518] Node 1 Normal free:27216kB min:53696kB low:67120kB high:80544kB active_anon:3880kB inactive_anon:29052kB active_file:64kB inactive_file:64kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1504kB pagetables:2840kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1364.170536] lowmem_reserve[]: 0 0 0 0 0 [ 1364.170554] Node 0 DMA: 26*4kB (UME) 20*8kB (ME) 18*16kB (UME) 10*32kB (UME) 14*64kB [ 1364.183703] Node 0 active_anon:73144kB inactive_anon:59908kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125536kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 22528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1364.188044] (UME) [ 1364.188357] Node 1 active_anon:3880kB inactive_anon:29052kB active_file:64kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83364kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1364.192785] 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 10984kB [ 1364.192820] Node 0 DMA32: 836*4kB (UME) [ 1364.200935] Node 0 DMA free:10984kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1364.200955] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1364.200976] Node 0 DMA32 free:17916kB min:36200kB low:45248kB high:54296kB active_anon:73052kB inactive_anon:59908kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8352kB pagetables:7432kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1364.200996] lowmem_reserve[]: 0 0 0 0 0 [ 1364.201016] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1364.201033] lowmem_reserve[]: 0 0 0 0 0 [ 1364.201053] Node 1 Normal free:27216kB min:53696kB low:67120kB high:80544kB active_anon:3880kB inactive_anon:29052kB active_file:64kB inactive_file:64kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1504kB pagetables:2840kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1364.201072] lowmem_reserve[]: 0 0 0 0 0 [ 1364.201092] Node 0 DMA: 26*4kB (UME) 20*8kB (ME) 18*16kB (UME) 10*32kB (UME) 14*64kB (UME) 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 10984kB [ 1364.201172] Node 0 DMA32: 811*4kB (ME) 838*8kB (UME) 238*16kB (UME) 48*32kB (UME) 23*64kB (UME) 5*128kB (ME) 2*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17916kB [ 1364.201250] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1364.201297] Node 1 Normal: 64*4kB (UM) 26*8kB (UM) 12*16kB (M) 16*32kB (UM) [ 1364.209163] 839*8kB [ 1364.217885] 13*64kB [ 1364.226879] (UME) [ 1364.241041] (UM) [ 1364.250799] 239*16kB [ 1364.260705] 7*128kB [ 1364.263318] (UME) [ 1364.266844] (M) [ 1364.271154] 48*32kB [ 1364.315149] 5*256kB [ 1364.343619] (UME) [ 1364.379674] (M) [ 1364.407135] 23*64kB [ 1364.417901] 39*512kB [ 1364.449731] (UME) [ 1364.477758] (UM) [ 1364.493229] 5*128kB [ 1364.506879] 3*1024kB [ 1364.527965] (ME) [ 1364.539952] (M) [ 1364.555893] 2*256kB [ 1364.559866] 0*2048kB [ 1364.587306] (UM) [ 1364.592945] 0*4096kB [ 1364.598798] 0*512kB [ 1364.604209] = 27216kB [ 1364.615266] 0*1024kB [ 1364.617336] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1364.617581] 0*2048kB [ 1364.623660] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1364.628015] 0*4096kB [ 1364.628832] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1364.638258] = 18040kB [ 1364.645374] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1364.656615] Node 0 [ 1364.668244] 23346 total pagecache pages [ 1364.682869] Normal: [ 1364.690566] 0 pages in swap cache [ 1364.706618] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1364.712737] Swap cache stats: add 0, delete 0, find 0/0 [ 1364.728149] Free swap = 0kB [ 1364.728980] Node 1 Normal: 64*4kB (UM) 26*8kB (UM) 12*16kB (M) 16*32kB (UM) 13*64kB (UM) 7*128kB (M) 5*256kB (M) 39*512kB (UM) 3*1024kB (M) 0*2048kB 0*4096kB = 27216kB [ 1364.731723] Total swap = 0kB [ 1364.755763] 2097051 pages RAM [ 1364.757936] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1364.758865] 0 pages HighMem/MovableOnly [ 1364.758871] 363840 pages reserved [ 1364.778920] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1364.781106] 0 pages cma reserved [ 1364.787543] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1364.812521] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1364.833809] 23346 total pagecache pages [ 1364.837801] 0 pages in swap cache [ 1364.847387] Swap cache stats: add 0, delete 0, find 0/0 [ 1364.857111] Free swap = 0kB [ 1364.860223] Total swap = 0kB [ 1364.863234] 2097051 pages RAM [ 1364.866321] 0 pages HighMem/MovableOnly [ 1364.871186] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1364.877710] 363840 pages reserved [ 1364.886689] 0 pages cma reserved [ 1364.891138] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1364.896263] CPU: 1 PID: 2912 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1364.897313] Out of memory: Kill process 767 (syz-executor.3) score 1005 or sacrifice child [ 1364.904043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1364.904047] Call Trace: [ 1364.904065] dump_stack+0x1b2/0x281 [ 1364.904079] warn_alloc.cold+0x96/0x1cc [ 1364.904093] ? zone_watermark_ok_safe+0x220/0x220 [ 1364.919639] Killed process 767 (syz-executor.3) total-vm:93252kB, anon-rss:2192kB, file-rss:34632kB, shmem-rss:0kB [ 1364.921850] ? usleep_range+0x130/0x130 [ 1364.947867] oom_reaper: reaped process 767 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1364.951215] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1364.951228] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1364.951237] ? run_timer_softirq+0x5a0/0x5a0 [ 1364.951253] __alloc_pages_nodemask+0x2127/0x2720 [ 1364.951270] ? lock_acquire+0x170/0x3f0 [ 1364.951284] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1364.951293] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1364.951307] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1364.975074] ion_system_heap invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask= [ 1364.975569] ? retint_kernel+0x2d/0x2d [ 1364.987589] (null) [ 1364.989177] alloc_pages_current+0x155/0x260 [ 1364.989193] ion_page_pool_alloc+0x118/0x1b0 [ 1364.989203] ion_system_heap_allocate+0x133/0x8c0 [ 1364.989216] ? ion_system_contig_heap_create+0x130/0x130 [ 1364.989229] ion_alloc+0x27a/0x810 [ 1364.995322] , order=0, oom_score_adj=0 [ 1364.999141] ? ion_dma_buf_release+0x40/0x40 [ 1365.016588] ion_system_heap cpuset= [ 1365.019102] ? __might_fault+0x177/0x1b0 [ 1365.023608] / [ 1365.028320] ion_ioctl+0xea/0x1f0 [ 1365.028332] ? ion_query_heaps+0x360/0x360 [ 1365.042836] mems_allowed=0-1 [ 1365.045729] ? ion_query_heaps+0x360/0x360 [ 1365.070018] do_vfs_ioctl+0x75a/0xff0 [ 1365.073810] ? ioctl_preallocate+0x1a0/0x1a0 [ 1365.078201] ? lock_downgrade+0x740/0x740 [ 1365.082340] ? __fget+0x225/0x360 [ 1365.085886] ? do_vfs_ioctl+0xff0/0xff0 [ 1365.089849] ? security_file_ioctl+0x83/0xb0 [ 1365.094255] SyS_ioctl+0x7f/0xb0 [ 1365.097605] ? do_vfs_ioctl+0xff0/0xff0 [ 1365.101568] do_syscall_64+0x1d5/0x640 [ 1365.105453] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1365.110631] RIP: 0033:0x465f69 [ 1365.113807] RSP: 002b:00007fafeaa11188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1365.121502] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1365.128761] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1365.136014] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1365.143277] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1365.150824] R13: 00007ffff546b06f R14: 00007fafeaa11300 R15: 0000000000022000 [ 1365.158099] CPU: 0 PID: 4244 Comm: ion_system_heap Not tainted 4.14.224-syzkaller #0 [ 1365.165982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1365.175347] Call Trace: [ 1365.177922] dump_stack+0x1b2/0x281 [ 1365.181535] dump_header+0x178/0x82f [ 1365.185233] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1365.190317] ? ___ratelimit+0x2cd/0x530 [ 1365.194274] oom_kill_process.cold+0x10/0xb18 [ 1365.198750] ? lock_downgrade+0x740/0x740 [ 1365.202882] out_of_memory+0x2dc/0x1190 [ 1365.206838] ? oom_killer_disable+0x1c0/0x1c0 [ 1365.211315] ? mutex_trylock+0x152/0x1a0 [ 1365.215390] __alloc_pages_nodemask+0x23e1/0x2720 [ 1365.220222] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1365.225139] ? ion_heap_sglist_zero+0x165/0x220 [ 1365.229790] ? cache_grow_begin+0x41/0x630 [ 1365.234006] cache_grow_begin+0x91/0x630 [ 1365.238053] ? cache_grow_begin+0x91/0x630 [ 1365.242269] fallback_alloc+0x207/0x2c0 [ 1365.246228] kmem_cache_alloc_node_trace+0xed/0x400 [ 1365.251248] __get_vm_area_node+0xed/0x340 [ 1365.255465] vmap+0xd5/0x290 [ 1365.258466] ? ion_heap_clear_pages+0x23/0x70 [ 1365.262939] ? vunmap+0x50/0x50 [ 1365.266196] ? __vunmap+0x21c/0x300 [ 1365.269805] ion_heap_clear_pages+0x23/0x70 [ 1365.274108] ion_heap_sglist_zero+0x165/0x220 [ 1365.278586] ? ion_heap_clear_pages+0x70/0x70 [ 1365.283062] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1365.288071] ? pagerange_is_ram_callback+0x100/0x100 [ 1365.293154] ? ion_heap_deferred_free+0x222/0x470 [ 1365.297993] ion_system_heap_free+0x1d0/0x240 [ 1365.302471] ion_buffer_destroy+0x132/0x190 [ 1365.306773] ion_heap_deferred_free+0x22a/0x470 [ 1365.311421] ? __schedule+0x857/0x1de0 [ 1365.315290] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1365.319958] ? wait_woken+0x230/0x230 [ 1365.323741] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1365.328826] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1365.333476] kthread+0x30d/0x420 [ 1365.336927] ? kthread_create_on_node+0xd0/0xd0 [ 1365.341577] ret_from_fork+0x24/0x30 [ 1365.559262] Mem-Info: [ 1365.561720] active_anon:18728 inactive_anon:22240 isolated_anon:0 [ 1365.561720] active_file:267 inactive_file:766 isolated_file:0 [ 1365.561720] unevictable:0 dirty:25 writeback:0 unstable:0 [ 1365.561720] slab_reclaimable:13506 slab_unreclaimable:119484 [ 1365.561720] mapped:52875 shmem:23312 pagetables:2548 bounce:0 [ 1365.561720] free:44975 free_pcp:218 free_cma:0 [ 1365.666231] Node 0 active_anon:71032kB inactive_anon:59908kB active_file:60kB inactive_file:104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125536kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 20480kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1365.694991] Node 1 active_anon:3972kB inactive_anon:29052kB active_file:164kB inactive_file:164kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83380kB dirty:0kB writeback:4kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1365.746398] Node 0 DMA free:11036kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1365.779260] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1365.784296] Node 0 DMA32 free:36080kB min:36200kB low:45248kB high:54296kB active_anon:70944kB inactive_anon:59908kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8320kB pagetables:7332kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1365.812838] lowmem_reserve[]: 0 0 0 0 0 [ 1365.816830] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1365.904855] lowmem_reserve[]: 0 0 0 0 0 [ 1365.908890] Node 1 Normal free:53064kB min:53696kB low:67120kB high:80544kB active_anon:3972kB inactive_anon:29052kB active_file:168kB inactive_file:200kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1504kB pagetables:2880kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1365.965013] lowmem_reserve[]: 0 0 0 0 0 [ 1365.969884] Node 0 DMA: 25*4kB (ME) 21*8kB (UME) 15*16kB (UME) 9*32kB (UME) 16*64kB (UME) 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11036kB [ 1365.986606] Node 0 DMA32: 689*4kB (UME) 837*8kB (UME) 235*16kB (ME) 46*32kB (ME) 22*64kB (ME) 6*128kB (UME) 2*256kB (UM) 0*512kB 14*1024kB (U) 2*2048kB (UM) 0*4096kB = 35804kB [ 1366.005212] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1366.015981] Node 1 Normal: 54*4kB (UM) 28*8kB (UM) 18*16kB (M) 21*32kB (UM) 17*64kB (M) 6*128kB (M) 2*256kB (UM) 3*512kB (M) 3*1024kB (M) 22*2048kB (U) 0*4096kB = 53432kB [ 1366.036522] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1366.045411] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1366.070166] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1366.079013] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1366.093185] 23359 total pagecache pages [ 1366.097173] 0 pages in swap cache [ 1366.100675] Swap cache stats: add 0, delete 0, find 0/0 [ 1366.106023] Free swap = 0kB [ 1366.109017] Total swap = 0kB [ 1366.115934] 2097051 pages RAM [ 1366.119037] 0 pages HighMem/MovableOnly [ 1366.124066] 363840 pages reserved [ 1366.127576] 0 pages cma reserved [ 1366.136119] Out of memory: Kill process 769 (syz-executor.3) score 1005 or sacrifice child [ 1366.216699] Killed process 769 (syz-executor.3) total-vm:93252kB, anon-rss:2192kB, file-rss:34632kB, shmem-rss:0kB [ 1366.667892] systemd-cgroups invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1366.734738] systemd-cgroups cpuset=/ mems_allowed=0-1 [ 1366.758518] CPU: 1 PID: 2914 Comm: systemd-cgroups Not tainted 4.14.224-syzkaller #0 [ 1366.766420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1366.775771] Call Trace: [ 1366.778360] dump_stack+0x1b2/0x281 [ 1366.781983] dump_header+0x178/0x82f [ 1366.785694] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1366.790792] ? ___ratelimit+0x2cd/0x530 [ 1366.794763] oom_kill_process.cold+0x10/0xb18 [ 1366.799261] out_of_memory+0xe3e/0x1190 [ 1366.803234] ? oom_killer_disable+0x1c0/0x1c0 [ 1366.807724] ? mutex_trylock+0x152/0x1a0 [ 1366.812043] __alloc_pages_nodemask+0x23e1/0x2720 [ 1366.816891] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1366.821745] alloc_pages_current+0x155/0x260 [ 1366.826150] filemap_fault+0xea3/0x1980 [ 1366.830148] ext4_filemap_fault+0x84/0xb0 [ 1366.834295] __do_fault+0xfa/0x380 [ 1366.837832] __handle_mm_fault+0x2497/0x4620 [ 1366.842235] ? vm_insert_page+0x7c0/0x7c0 [ 1366.846377] ? vm_mmap_pgoff+0x168/0x1a0 [ 1366.850439] ? vm_mmap_pgoff+0xcb/0x1a0 [ 1366.854421] handle_mm_fault+0x391/0x860 [ 1366.858479] __do_page_fault+0x549/0xad0 [ 1366.862548] ? spurious_fault+0x640/0x640 [ 1366.866691] ? do_page_fault+0x60/0x500 [ 1366.870659] ? page_fault+0x2f/0x50 [ 1366.874283] page_fault+0x45/0x50 [ 1366.877737] RIP: 0000:0x7f4e167a2040 [ 1366.882049] RSP: 15b7f604:0000000000000000 EFLAGS: 7f4e1679fed0 [ 1366.957917] Mem-Info: [ 1366.966530] active_anon:18217 inactive_anon:22240 isolated_anon:0 [ 1366.966530] active_file:23 inactive_file:11 isolated_file:0 [ 1366.966530] unevictable:0 dirty:5 writeback:0 unstable:0 [ 1366.966530] slab_reclaimable:13506 slab_unreclaimable:119504 [ 1366.966530] mapped:52246 shmem:23312 pagetables:2507 bounce:0 [ 1366.966530] free:25137 free_pcp:28 free_cma:0 [ 1367.173777] Node 0 active_anon:68892kB inactive_anon:59908kB active_file:140kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125536kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 18432kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1367.324340] Node 1 active_anon:3972kB inactive_anon:29052kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83364kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1367.460062] Node 0 DMA free:11036kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1367.604479] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1367.629477] Node 0 DMA32 free:36072kB min:36200kB low:45248kB high:54296kB active_anon:68800kB inactive_anon:59908kB active_file:132kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8256kB pagetables:7124kB bounce:0kB free_pcp:184kB local_pcp:48kB free_cma:0kB [ 1367.759776] lowmem_reserve[]: 0 0 0 0 0 [ 1367.765018] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1367.929152] lowmem_reserve[]: 0 0 0 0 0 [ 1367.933160] Node 1 Normal free:53484kB min:53696kB low:67120kB high:80544kB active_anon:3972kB inactive_anon:29052kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1504kB pagetables:2880kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1367.964083] lowmem_reserve[]: 0 0 0 0 0 [ 1367.968187] Node 0 DMA: 25*4kB (ME) 21*8kB (UME) 15*16kB (UME) 9*32kB (UME) 16*64kB (UME) 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11036kB [ 1367.984066] Node 0 DMA32: 798*4kB (ME) 835*8kB (UME) 238*16kB (UME) 47*32kB (UME) 23*64kB (UME) 5*128kB (ME) 2*256kB (UM) 0*512kB 12*1024kB (U) 3*2048kB (UM) 0*4096kB = 36240kB [ 1368.000135] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1368.010875] Node 1 Normal: 57*4kB (UM) 31*8kB (UM) 17*16kB (M) 20*32kB (UM) 16*64kB (M) 7*128kB (M) 2*256kB (UM) 3*512kB (M) 3*1024kB (M) 22*2048kB (U) 0*4096kB = 53484kB [ 1368.028023] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1368.036890] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1368.046189] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1368.055080] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1368.063720] 23345 total pagecache pages [ 1368.067685] 0 pages in swap cache [ 1368.071219] Swap cache stats: add 0, delete 0, find 0/0 [ 1368.076560] Free swap = 0kB [ 1368.080141] Total swap = 0kB [ 1368.083171] 2097051 pages RAM [ 1368.086278] 0 pages HighMem/MovableOnly [ 1368.090636] 363840 pages reserved [ 1368.094069] 0 pages cma reserved [ 1368.097413] Out of memory (oom_kill_allocating_task): Kill process 2914 (systemd-cgroups) score 0 or sacrifice child [ 1368.108137] Killed process 2914 (systemd-cgroups) total-vm:31392kB, anon-rss:144kB, file-rss:0kB, shmem-rss:0kB [ 1368.119008] oom_reaper: reaped process 2914 (systemd-cgroups), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1368.223856] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1368.286012] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1368.302989] CPU: 1 PID: 7961 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1368.310453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1368.319797] Call Trace: [ 1368.322385] dump_stack+0x1b2/0x281 [ 1368.326011] dump_header+0x178/0x82f [ 1368.329726] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1368.334821] ? ___ratelimit+0x2cd/0x530 [ 1368.338792] oom_kill_process.cold+0x10/0xb18 [ 1368.343287] out_of_memory+0xe3e/0x1190 [ 1368.347262] ? oom_killer_disable+0x1c0/0x1c0 [ 1368.351748] ? mutex_trylock+0x152/0x1a0 [ 1368.355809] __alloc_pages_nodemask+0x23e1/0x2720 [ 1368.360660] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1368.365512] alloc_pages_current+0x155/0x260 [ 1368.369919] filemap_fault+0xea3/0x1980 [ 1368.373897] ext4_filemap_fault+0x84/0xb0 [ 1368.378036] __do_fault+0xfa/0x380 [ 1368.381569] __handle_mm_fault+0x2497/0x4620 [ 1368.385972] ? vm_insert_page+0x7c0/0x7c0 [ 1368.390131] ? free_object+0xe4/0x240 [ 1368.393936] handle_mm_fault+0x391/0x860 [ 1368.397993] __do_page_fault+0x549/0xad0 [ 1368.402080] ? spurious_fault+0x640/0x640 [ 1368.406346] ? do_page_fault+0x60/0x500 [ 1368.410314] ? page_fault+0x2f/0x50 [ 1368.413919] page_fault+0x45/0x50 [ 1368.417400] RIP: 0000:0x93f060 [ 1368.420570] RSP: 5fd3dbc6:000000c00003dfa0 EFLAGS: 0043b6a0 [ 1368.423418] Mem-Info: [ 1368.431555] active_anon:18178 inactive_anon:22240 isolated_anon:0 [ 1368.431555] active_file:26 inactive_file:14 isolated_file:0 [ 1368.431555] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1368.431555] slab_reclaimable:13492 slab_unreclaimable:119469 [ 1368.431555] mapped:52226 shmem:23312 pagetables:2489 bounce:0 [ 1368.431555] free:25189 free_pcp:60 free_cma:0 [ 1368.469038] Node 0 active_anon:68864kB inactive_anon:59908kB active_file:40kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125540kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 18432kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1368.500789] Node 1 active_anon:3848kB inactive_anon:29052kB active_file:64kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83364kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1368.533194] Node 0 DMA free:11036kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1368.564161] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1368.590713] Node 0 DMA32 free:36024kB min:36200kB low:45248kB high:54296kB active_anon:68772kB inactive_anon:59908kB active_file:144kB inactive_file:96kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8256kB pagetables:7112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1368.773034] lowmem_reserve[]: 0 0 0 0 0 [ 1368.777059] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1368.917099] lowmem_reserve[]: 0 0 0 0 0 [ 1368.921223] Node 1 Normal free:53724kB min:53696kB low:67120kB high:80544kB active_anon:3848kB inactive_anon:29052kB active_file:52kB inactive_file:16kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1472kB pagetables:2824kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1368.956896] lowmem_reserve[]: 0 0 0 0 0 [ 1368.960951] Node 0 DMA: 25*4kB (ME) 21*8kB (UME) 15*16kB (UME) 9*32kB (UME) 16*64kB (UME) 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11036kB [ 1368.983436] Node 0 DMA32: 820*4kB (UME) 833*8kB (ME) 240*16kB (UME) 48*32kB (UME) 24*64kB (UME) 6*128kB (UME) 1*256kB (M) 0*512kB 12*1024kB (U) 3*2048kB (UM) 0*4096kB = 36312kB [ 1369.044141] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1369.066200] Node 1 Normal: 65*4kB (UM) 37*8kB (UM) 10*16kB (UM) 17*32kB (UM) 12*64kB (M) 5*128kB (M) 3*256kB (UM) 2*512kB (M) 2*1024kB (M) 23*2048kB (UM) 0*4096kB = 53612kB [ 1369.084721] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1369.106367] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1369.117830] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1369.127565] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1369.147321] 23367 total pagecache pages [ 1369.151423] 0 pages in swap cache [ 1369.154876] Swap cache stats: add 0, delete 0, find 0/0 [ 1369.208910] Free swap = 0kB [ 1369.213761] Total swap = 0kB [ 1369.216778] 2097051 pages RAM [ 1369.250426] 0 pages HighMem/MovableOnly [ 1369.254419] 363840 pages reserved [ 1369.257862] 0 pages cma reserved [ 1369.298163] Out of memory (oom_kill_allocating_task): Kill process 7961 (syz-fuzzer) score 0 or sacrifice child [ 1369.351475] Killed process 2294 (syz-executor.4) total-vm:84924kB, anon-rss:68kB, file-rss:0kB, shmem-rss:0kB [ 1369.428705] oom_reaper: reaped process 2294 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1369.514620] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1369.614046] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1369.626339] CPU: 1 PID: 23066 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1369.633877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1369.643223] Call Trace: [ 1369.645811] dump_stack+0x1b2/0x281 [ 1369.649449] dump_header+0x178/0x82f [ 1369.653165] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1369.658261] ? ___ratelimit+0x2cd/0x530 [ 1369.662235] oom_kill_process.cold+0x10/0xb18 [ 1369.666734] out_of_memory+0xe3e/0x1190 [ 1369.670883] ? oom_killer_disable+0x1c0/0x1c0 [ 1369.675369] ? mutex_trylock+0x152/0x1a0 [ 1369.679432] __alloc_pages_nodemask+0x23e1/0x2720 [ 1369.684280] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1369.689132] alloc_pages_current+0x155/0x260 [ 1369.693539] filemap_fault+0xea3/0x1980 [ 1369.697517] ext4_filemap_fault+0x84/0xb0 [ 1369.701662] __do_fault+0xfa/0x380 [ 1369.705195] __handle_mm_fault+0x2497/0x4620 [ 1369.709597] ? vm_insert_page+0x7c0/0x7c0 [ 1369.713742] ? setup_sigcontext+0x820/0x820 [ 1369.718069] handle_mm_fault+0x391/0x860 [ 1369.722128] __do_page_fault+0x549/0xad0 [ 1369.726220] ? spurious_fault+0x640/0x640 [ 1369.730373] ? do_page_fault+0x60/0x500 [ 1369.734341] ? page_fault+0x2f/0x50 [ 1369.737961] page_fault+0x45/0x50 [ 1369.741402] RIP: 0000: (null) [ 1369.745279] RSP: 0b98:000000c0009cf850 EFLAGS: 0004c106 [ 1370.014877] Mem-Info: [ 1370.023028] active_anon:18154 inactive_anon:22240 isolated_anon:0 [ 1370.023028] active_file:11 inactive_file:23 isolated_file:0 [ 1370.023028] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1370.023028] slab_reclaimable:13485 slab_unreclaimable:119468 [ 1370.023028] mapped:52226 shmem:23312 pagetables:2444 bounce:0 [ 1370.023028] free:25138 free_pcp:144 free_cma:0 [ 1370.056510] Node 0 active_anon:68812kB inactive_anon:59908kB active_file:16kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125536kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 18432kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1370.084362] Node 1 active_anon:3804kB inactive_anon:29052kB active_file:28kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83368kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1370.111544] Node 0 DMA free:11036kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1370.138335] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1370.143416] Node 0 DMA32 free:35984kB min:36200kB low:45248kB high:54296kB active_anon:68720kB inactive_anon:59908kB active_file:16kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8256kB pagetables:7032kB bounce:0kB free_pcp:132kB local_pcp:0kB free_cma:0kB [ 1370.366939] lowmem_reserve[]: 0 0 0 0 0 [ 1370.388255] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1370.514725] lowmem_reserve[]: 0 0 0 0 0 [ 1370.518750] Node 1 Normal free:53632kB min:53696kB low:67120kB high:80544kB active_anon:3804kB inactive_anon:29052kB active_file:28kB inactive_file:28kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1440kB pagetables:2724kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1370.687529] lowmem_reserve[]: 0 0 0 0 0 [ 1370.712588] Node 0 DMA: 25*4kB (ME) 21*8kB (UME) 15*16kB (UME) 9*32kB (UME) 16*64kB (UME) 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11036kB [ 1370.788997] Node 0 DMA32: 861*4kB (UME) 844*8kB (UME) 240*16kB (UME) 47*32kB (UME) 22*64kB (ME) 6*128kB (UME) 2*256kB (UM) 1*512kB (U) 11*1024kB (U) 3*2048kB (UM) 0*4096kB = 36148kB [ 1370.826677] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1370.888781] Node 1 Normal: 89*4kB (UM) 43*8kB (UM) 19*16kB (UM) 18*32kB (UM) 12*64kB (M) 5*128kB (M) 3*256kB (UM) 2*512kB (M) 2*1024kB (M) 23*2048kB (UM) 0*4096kB = 53932kB [ 1370.968998] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1370.977860] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1371.046841] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1371.116800] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1371.170652] 23345 total pagecache pages [ 1371.174656] 0 pages in swap cache [ 1371.178103] Swap cache stats: add 0, delete 0, find 0/0 [ 1371.228878] Free swap = 0kB [ 1371.231909] Total swap = 0kB [ 1371.234920] 2097051 pages RAM [ 1371.238013] 0 pages HighMem/MovableOnly [ 1371.288782] 363840 pages reserved [ 1371.292257] 0 pages cma reserved [ 1371.295618] Out of memory (oom_kill_allocating_task): Kill process 23066 (syz-fuzzer) score 0 or sacrifice child [ 1371.348599] Killed process 2283 (syz-executor.1) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 1371.417451] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1371.502133] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1371.506941] CPU: 0 PID: 10318 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1371.514464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1371.523809] Call Trace: [ 1371.526503] dump_stack+0x1b2/0x281 [ 1371.530137] dump_header+0x178/0x82f [ 1371.533856] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1371.538956] ? ___ratelimit+0x2cd/0x530 [ 1371.542939] oom_kill_process.cold+0x10/0xb18 [ 1371.547443] out_of_memory+0xe3e/0x1190 [ 1371.551419] ? oom_killer_disable+0x1c0/0x1c0 [ 1371.555908] ? mutex_trylock+0x152/0x1a0 [ 1371.559970] __alloc_pages_nodemask+0x23e1/0x2720 [ 1371.564824] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1371.569686] alloc_pages_current+0x155/0x260 [ 1371.574221] filemap_fault+0xea3/0x1980 [ 1371.578201] ext4_filemap_fault+0x84/0xb0 [ 1371.582349] __do_fault+0xfa/0x380 [ 1371.585882] __handle_mm_fault+0x2497/0x4620 [ 1371.590286] ? vm_insert_page+0x7c0/0x7c0 [ 1371.594752] handle_mm_fault+0x391/0x860 [ 1371.598809] __do_page_fault+0x549/0xad0 [ 1371.602870] ? spurious_fault+0x640/0x640 [ 1371.607017] ? do_page_fault+0x60/0x500 [ 1371.610990] ? page_fault+0x2f/0x50 [ 1371.615652] page_fault+0x45/0x50 [ 1371.619097] RIP: 6532180:0xc0000561e0 [ 1371.622893] RSP: 6433c00:000000c0008e9f28 EFLAGS: 00000003 [ 1371.963982] Mem-Info: [ 1371.972169] active_anon:18142 inactive_anon:22240 isolated_anon:0 [ 1371.972169] active_file:15 inactive_file:19 isolated_file:0 [ 1371.972169] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1371.972169] slab_reclaimable:13461 slab_unreclaimable:119439 [ 1371.972169] mapped:52225 shmem:23312 pagetables:2422 bounce:0 [ 1371.972169] free:25242 free_pcp:110 free_cma:0 [ 1372.034065] Node 0 active_anon:68712kB inactive_anon:59908kB active_file:100kB inactive_file:140kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125636kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 18432kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1372.150450] Node 1 active_anon:3748kB inactive_anon:29052kB active_file:336kB inactive_file:596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:49056kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1372.184459] Node 0 DMA free:11036kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1372.216555] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1372.234237] Node 0 DMA32 free:35696kB min:36200kB low:45248kB high:54296kB active_anon:68620kB inactive_anon:59908kB active_file:24kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8256kB pagetables:7028kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1372.274903] lowmem_reserve[]: 0 0 0 0 0 [ 1372.284115] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1372.448262] lowmem_reserve[]: 0 0 0 0 0 [ 1372.471991] Node 1 Normal free:53612kB min:53696kB low:67120kB high:80544kB active_anon:3748kB inactive_anon:29052kB active_file:0kB inactive_file:200kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1280kB pagetables:2548kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1372.578221] lowmem_reserve[]: 0 0 0 0 0 [ 1372.618768] Node 0 DMA: 25*4kB (ME) 21*8kB (UME) 15*16kB (UME) 9*32kB (UME) 16*64kB (UME) 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11036kB [ 1372.724585] Node 0 DMA32: 846*4kB (ME) 879*8kB (UME) 242*16kB (UME) 47*32kB (UME) 22*64kB (ME) 6*128kB (UME) 2*256kB (UM) 1*512kB (U) 11*1024kB (U) 3*2048kB (UM) 0*4096kB = 36400kB [ 1372.807250] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1372.896244] Node 1 Normal: 52*4kB (M) 27*8kB (UM) 18*16kB (M) 17*32kB (M) 13*64kB (UM) 5*128kB (UM) 2*256kB (M) 2*512kB (M) 3*1024kB (UM) 23*2048kB (UM) 0*4096kB = 54440kB [ 1372.999265] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1373.008140] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1373.024544] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1373.036309] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1373.055433] 23368 total pagecache pages [ 1373.059845] 0 pages in swap cache [ 1373.080543] Swap cache stats: add 0, delete 0, find 0/0 [ 1373.085921] Free swap = 0kB [ 1373.097346] Total swap = 0kB [ 1373.102903] 2097051 pages RAM [ 1373.106007] 0 pages HighMem/MovableOnly [ 1373.114111] 363840 pages reserved [ 1373.117558] 0 pages cma reserved [ 1373.133598] Out of memory (oom_kill_allocating_task): Kill process 10318 (syz-fuzzer) score 0 or sacrifice child [ 1373.148284] Killed process 32585 (syz-executor.3) total-vm:84924kB, anon-rss:60kB, file-rss:0kB, shmem-rss:0kB [ 1373.171328] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1373.186203] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1373.193159] CPU: 1 PID: 10318 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1373.200694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1373.210047] Call Trace: [ 1373.212638] dump_stack+0x1b2/0x281 [ 1373.216265] dump_header+0x178/0x82f [ 1373.220025] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1373.225131] ? ___ratelimit+0x2cd/0x530 [ 1373.229103] oom_kill_process.cold+0x10/0xb18 [ 1373.233602] out_of_memory+0xe3e/0x1190 [ 1373.237607] ? oom_killer_disable+0x1c0/0x1c0 [ 1373.242112] ? mutex_trylock+0x152/0x1a0 [ 1373.246164] __alloc_pages_nodemask+0x23e1/0x2720 [ 1373.251102] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1373.255931] alloc_pages_current+0x155/0x260 [ 1373.260370] filemap_fault+0xea3/0x1980 [ 1373.264351] ext4_filemap_fault+0x84/0xb0 [ 1373.268478] __do_fault+0xfa/0x380 [ 1373.271996] __handle_mm_fault+0x2497/0x4620 [ 1373.276382] ? vm_insert_page+0x7c0/0x7c0 [ 1373.280514] handle_mm_fault+0x391/0x860 [ 1373.284644] __do_page_fault+0x549/0xad0 [ 1373.288700] ? spurious_fault+0x640/0x640 [ 1373.292928] ? do_page_fault+0x60/0x500 [ 1373.296879] ? page_fault+0x2f/0x50 [ 1373.300483] page_fault+0x45/0x50 [ 1373.303933] RIP: 6532180:0xc0000561e0 [ 1373.307706] RSP: 6433c00:000000c0008e9f28 EFLAGS: 00000003 [ 1373.310754] Mem-Info: [ 1373.315386] syz-executor.4: [ 1373.316391] active_anon:18117 inactive_anon:22240 isolated_anon:0 [ 1373.316391] active_file:19 inactive_file:14 isolated_file:0 [ 1373.316391] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1373.316391] slab_reclaimable:13461 slab_unreclaimable:118604 [ 1373.316391] mapped:43521 shmem:23312 pagetables:2399 bounce:0 [ 1373.316391] free:13839 free_pcp:91 free_cma:0 [ 1373.329069] page allocation failure: order:0 [ 1373.357366] Node 0 active_anon:68712kB inactive_anon:59908kB active_file:16kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125536kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 18432kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1373.374528] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1373.391709] Node 1 active_anon:3756kB inactive_anon:29052kB active_file:60kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:48548kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1373.407588] (null) [ 1373.428038] Node 0 DMA free:10952kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1373.445601] syz-executor.4 cpuset= [ 1373.459678] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1373.468254] Node 0 DMA32 free:17636kB min:36200kB low:45248kB high:54296kB active_anon:68620kB inactive_anon:59908kB active_file:116kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8256kB pagetables:7028kB bounce:0kB free_pcp:244kB local_pcp:124kB free_cma:0kB [ 1373.471199] / [ 1373.503420] lowmem_reserve[]: 0 0 0 0 0 [ 1373.509253] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1373.518147] mems_allowed=0-1 [ 1373.542426] lowmem_reserve[]: 0 0 0 0 0 [ 1373.546430] Node 1 Normal free:26768kB min:53696kB low:67120kB high:80544kB active_anon:3756kB inactive_anon:29052kB active_file:60kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1376kB pagetables:2548kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1373.550919] CPU: 0 PID: 2902 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1373.582699] lowmem_reserve[]: [ 1373.582947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1373.582955] 0 [ 1373.586061] Call Trace: [ 1373.597272] 0 [ 1373.599767] dump_stack+0x1b2/0x281 [ 1373.599781] warn_alloc.cold+0x96/0x1cc [ 1373.599793] ? zone_watermark_ok_safe+0x220/0x220 [ 1373.599802] ? usleep_range+0x130/0x130 [ 1373.599811] ? try_to_free_pages+0x23f/0x6e0 [ 1373.599822] ? _find_next_bit+0xdb/0x100 [ 1373.599832] ? run_timer_softirq+0x5a0/0x5a0 [ 1373.599848] __alloc_pages_nodemask+0x2127/0x2720 [ 1373.606681] 0 [ 1373.609206] ? lock_acquire+0x170/0x3f0 [ 1373.609222] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1373.609233] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1373.609247] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1373.609265] alloc_pages_current+0x155/0x260 [ 1373.615338] 0 [ 1373.618048] ion_page_pool_alloc+0x118/0x1b0 [ 1373.628343] 0 [ 1373.630876] ion_system_heap_allocate+0x133/0x8c0 [ 1373.630887] ? ion_alloc+0x187/0x810 [ 1373.630896] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1373.630905] ? ion_system_contig_heap_create+0x130/0x130 [ 1373.630913] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1373.630925] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1373.637550] ion_alloc+0x204/0x810 [ 1373.648689] Node 0 [ 1373.650848] ? ion_dma_buf_release+0x40/0x40 [ 1373.656272] DMA: [ 1373.660669] ? __might_fault+0x177/0x1b0 [ 1373.660681] ion_ioctl+0xea/0x1f0 [ 1373.660690] ? ion_query_heaps+0x360/0x360 [ 1373.660702] ? ion_query_heaps+0x360/0x360 [ 1373.660710] do_vfs_ioctl+0x75a/0xff0 [ 1373.660721] ? ioctl_preallocate+0x1a0/0x1a0 [ 1373.660729] ? lock_downgrade+0x740/0x740 [ 1373.660740] ? __fget+0x225/0x360 [ 1373.660749] ? do_vfs_ioctl+0xff0/0xff0 [ 1373.660758] ? security_file_ioctl+0x83/0xb0 [ 1373.660768] SyS_ioctl+0x7f/0xb0 [ 1373.660775] ? do_vfs_ioctl+0xff0/0xff0 [ 1373.660785] do_syscall_64+0x1d5/0x640 [ 1373.660801] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1373.667715] 26*4kB [ 1373.668764] RIP: 0033:0x465f69 [ 1373.668769] RSP: 002b:00007fc7d02c9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1373.668778] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1373.668782] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1373.668787] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1373.668792] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1373.668796] R13: 00007ffe1bc7facf R14: 00007fc7d02c9300 R15: 0000000000022000 [ 1373.681584] warn_alloc_show_mem: 1 callbacks suppressed [ 1373.681587] Mem-Info: [ 1373.686350] (UME) [ 1373.691635] active_anon:18117 inactive_anon:22240 isolated_anon:0 [ 1373.691635] active_file:44 inactive_file:0 isolated_file:0 [ 1373.691635] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1373.691635] slab_reclaimable:13461 slab_unreclaimable:118604 [ 1373.691635] mapped:43521 shmem:23312 pagetables:2399 bounce:0 [ 1373.691635] free:13839 free_pcp:91 free_cma:0 [ 1373.693299] 20*8kB [ 1373.698108] Node 0 active_anon:68712kB inactive_anon:59908kB active_file:116kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:125536kB dirty:0kB writeback:0kB shmem:64080kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 18432kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1373.705195] (ME) [ 1373.722629] Node 1 active_anon:3756kB inactive_anon:29052kB active_file:60kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:48548kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1373.730598] 14*16kB [ 1373.751631] Node 0 [ 1373.757815] (ME) [ 1373.758258] DMA free:10952kB min:204kB low:252kB high:300kB active_anon:92kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1373.762146] 7*32kB (UME) 16*64kB (UME) 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 10952kB [ 1373.762193] Node 0 DMA32: 841*4kB (UME) 839*8kB (ME) [ 1373.777241] lowmem_reserve[]: [ 1373.784262] 240*16kB [ 1373.793713] 0 [ 1373.795260] (UMEH) [ 1373.802688] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 1373.813431] 46*32kB [ 1373.833614] 2717 [ 1373.867972] (ME) [ 1373.902609] 2718 [ 1373.927067] 19*64kB [ 1373.955843] 2718 [ 1373.986630] (UM) [ 1373.991208] 2718 [ 1373.998306] 4*128kB [ 1374.004579] Node 0 DMA32 free:17628kB min:36200kB low:45248kB high:54296kB active_anon:68620kB inactive_anon:59908kB active_file:28kB inactive_file:32kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8256kB pagetables:7028kB bounce:0kB free_pcp:240kB local_pcp:120kB free_cma:0kB [ 1374.017711] (UM) [ 1374.040886] lowmem_reserve[]: 0 0 0 0 0 [ 1374.046948] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1374.064081] 0*256kB [ 1374.075067] lowmem_reserve[]: 0 0 0 0 0 [ 1374.085457] Node 1 Normal free:26868kB min:53696kB low:67120kB high:80544kB active_anon:3756kB inactive_anon:29052kB active_file:36kB inactive_file:36kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1376kB pagetables:2548kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1374.092131] 1*512kB [ 1374.124725] lowmem_reserve[]: [ 1374.126619] (H) [ 1374.127087] 0 [ 1374.133757] 0*1024kB 0*2048kB 0*4096kB = 17628kB [ 1374.136073] 0 0 0 0 [ 1374.148313] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1374.153091] Node 0 DMA: 26*4kB (UME) 20*8kB (ME) 14*16kB (ME) 7*32kB (UME) 16*64kB (UME) 6*128kB (UM) 3*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 10952kB [ 1374.175765] Node 1 [ 1374.200277] Node 0 [ 1374.202009] Normal: [ 1374.202524] DMA32: [ 1374.204747] 52*4kB [ 1374.207049] 848*4kB [ 1374.217329] (M) [ 1374.219618] (UME) 841*8kB (UME) 239*16kB (ME) 47*32kB (UME) 22*64kB (UM) 4*128kB (UM) 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 17880kB [ 1374.223197] 27*8kB [ 1374.245066] Node 0 [ 1374.246659] (UM) [ 1374.247312] Normal: [ 1374.251907] 18*16kB [ 1374.253659] 0*4kB [ 1374.254223] (M) [ 1374.256525] 0*8kB 0*16kB [ 1374.268500] 18*32kB [ 1374.268890] 0*32kB [ 1374.273193] (UM) [ 1374.273695] 0*64kB [ 1374.275913] 12*64kB [ 1374.277954] 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1374.294981] (M) [ 1374.295681] Node 1 [ 1374.295684] 4*128kB (M) [ 1374.297638] Normal: 52*4kB (M) 27*8kB (UM) 18*16kB (M) 18*32kB (UM) 12*64kB (M) 4*128kB (M) 3*256kB (UM) 2*512kB (M) 2*1024kB (M) 10*2048kB (UM) 0*4096kB = 26888kB [ 1374.307572] 3*256kB (UM) 2*512kB (M) 2*1024kB (M) 10*2048kB (UM) 0*4096kB = 26888kB [ 1374.333731] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1374.345295] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1374.362332] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1374.366063] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1374.380705] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1374.388379] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1374.398423] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1374.400212] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1374.416157] 23345 total pagecache pages [ 1374.420187] 0 pages in swap cache [ 1374.423633] Swap cache stats: add 0, delete 0, find 0/0 [ 1374.426054] 23345 total pagecache pages [ 1374.437225] 0 pages in swap cache [ 1374.438196] Free swap = 0kB [ 1374.443719] Total swap = 0kB [ 1374.446729] 2097051 pages RAM [ 1374.448941] Swap cache stats: add 0, delete 0, find 0/0 [ 1374.455175] Free swap = 0kB [ 1374.458181] Total swap = 0kB [ 1374.458397] 0 pages HighMem/MovableOnly [ 1374.465187] 363840 pages reserved [ 1374.472192] 2097051 pages RAM [ 1374.475303] 0 pages HighMem/MovableOnly [ 1374.477895] 0 pages cma reserved [ 1374.482663] Out of memory (oom_kill_allocating_task): Kill process 10318 (syz-fuzzer) score 0 or sacrifice child [ 1374.486035] 363840 pages reserved [ 1374.502814] Killed process 2088 (syz-executor.5) total-vm:84924kB, anon-rss:60kB, file-rss:0kB, shmem-rss:0kB [ 1374.507791] 0 pages cma reserved [ 1374.814114] oom_reaper: reaped process 2902 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1374.814472] systemd[1]: Starting Load/Save RF Kill Switch Status... [ 1374.873863] oom_reaper: reaped process 2088 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1375.415952] systemd[1]: Started Load/Save RF Kill Switch Status. [ 1375.536560] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1375.558588] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1375.589420] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1375.596153] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1375.618197] device bridge_slave_1 left promiscuous mode [ 1375.623829] bridge0: port 2(bridge_slave_1) entered disabled state [ 1375.639258] device bridge_slave_0 left promiscuous mode [ 1375.644829] bridge0: port 1(bridge_slave_0) entered disabled state [ 1375.671233] device veth1_macvtap left promiscuous mode [ 1375.684076] device veth0_macvtap left promiscuous mode [ 1375.700898] device veth1_vlan left promiscuous mode [ 1375.705978] device veth0_vlan left promiscuous mode [ 1375.724069] systemd-journald[2915]: File /run/log/journal/64dd78f1a75445a997c532444ad0f085/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 1375.961170] device hsr_slave_1 left promiscuous mode [ 1375.971100] device hsr_slave_0 left promiscuous mode [ 1376.009578] team0 (unregistering): Port device team_slave_1 removed [ 1376.021850] team0 (unregistering): Port device team_slave_0 removed [ 1376.042076] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1376.068558] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1376.189601] bond0 (unregistering): Released all slaves [ 1376.436651] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1376.468630] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1376.473764] CPU: 1 PID: 2902 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1376.481549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1376.490902] Call Trace: [ 1376.493494] dump_stack+0x1b2/0x281 [ 1376.497121] warn_alloc.cold+0x96/0x1cc [ 1376.501092] ? zone_watermark_ok_safe+0x220/0x220 [ 1376.505944] __alloc_pages_nodemask+0x2127/0x2720 [ 1376.510780] ? finish_task_switch+0x178/0x610 [ 1376.515272] ? lock_acquire+0x170/0x3f0 [ 1376.519244] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1376.524088] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1376.529534] ? __mutex_unlock_slowpath+0x75/0x770 [ 1376.534375] alloc_pages_current+0x155/0x260 [ 1376.538777] ion_page_pool_alloc+0x118/0x1b0 [ 1376.543178] ion_system_heap_allocate+0x133/0x8c0 [ 1376.548018] ? _raw_spin_unlock+0x29/0x40 [ 1376.552156] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1376.557078] ? ion_system_contig_heap_create+0x130/0x130 [ 1376.562523] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1376.567530] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1376.572367] ion_alloc+0x27a/0x810 [ 1376.576031] ? ion_dma_buf_release+0x40/0x40 [ 1376.580441] ? __might_fault+0x177/0x1b0 [ 1376.584501] ion_ioctl+0xea/0x1f0 [ 1376.587950] ? ion_query_heaps+0x360/0x360 [ 1376.592190] ? ion_query_heaps+0x360/0x360 [ 1376.596418] do_vfs_ioctl+0x75a/0xff0 [ 1376.600218] ? ioctl_preallocate+0x1a0/0x1a0 [ 1376.604618] ? lock_downgrade+0x740/0x740 [ 1376.608766] ? __fget+0x225/0x360 [ 1376.612225] ? do_vfs_ioctl+0xff0/0xff0 [ 1376.616192] ? security_file_ioctl+0x83/0xb0 [ 1376.620592] SyS_ioctl+0x7f/0xb0 [ 1376.623948] ? do_vfs_ioctl+0xff0/0xff0 [ 1376.627917] do_syscall_64+0x1d5/0x640 [ 1376.631804] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1376.636984] RIP: 0033:0x465f69 [ 1376.640163] RSP: 002b:00007fc7d02c9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1376.647864] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1376.655123] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1376.662384] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1376.669648] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1376.676995] R13: 00007ffe1bc7facf R14: 00007fc7d02c9300 R15: 0000000000022000 [ 1376.951386] Mem-Info: [ 1376.953840] active_anon:13887 inactive_anon:24267 isolated_anon:0 [ 1376.953840] active_file:1236 inactive_file:1776 isolated_file:0 [ 1376.953840] unevictable:0 dirty:69 writeback:0 unstable:0 [ 1376.953840] slab_reclaimable:13278 slab_unreclaimable:118373 [ 1376.953840] mapped:20049 shmem:25351 pagetables:928 bounce:0 [ 1376.953840] free:208707 free_pcp:361 free_cma:0 [ 1376.988404] systemd[1]: Started Journal Service. [ 1377.051367] Node 0 active_anon:53908kB inactive_anon:68016kB active_file:1676kB inactive_file:4744kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:59936kB dirty:272kB writeback:0kB shmem:72232kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1377.084637] Node 1 active_anon:1672kB inactive_anon:29044kB active_file:3480kB inactive_file:2416kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20288kB dirty:16kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1377.115650] Node 0 DMA free:11040kB min:204kB low:252kB high:300kB active_anon:72kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1377.146438] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1377.152375] Node 0 DMA32 free:435296kB min:36200kB low:45248kB high:54296kB active_anon:53736kB inactive_anon:68016kB active_file:1476kB inactive_file:4744kB unevictable:0kB writepending:272kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7136kB pagetables:3188kB bounce:0kB free_pcp:812kB local_pcp:116kB free_cma:0kB [ 1377.186357] lowmem_reserve[]: 0 0 0 0 0 [ 1377.190423] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1377.220226] lowmem_reserve[]: 0 0 0 0 0 [ 1377.224349] Node 1 Normal free:617436kB min:53696kB low:67120kB high:80544kB active_anon:1672kB inactive_anon:29044kB active_file:3980kB inactive_file:1916kB unevictable:0kB writepending:16kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:576kB pagetables:456kB bounce:0kB free_pcp:724kB local_pcp:4kB free_cma:0kB [ 1377.264402] lowmem_reserve[]: 0 0 0 0 0 [ 1377.271666] Node 0 DMA: 109*4kB (UME) 27*8kB (UME) 14*16kB (UME) 8*32kB (UME) 9*64kB (UME) 5*128kB (UM) 4*256kB (UME) 1*512kB (E) 3*1024kB (UE) 2*2048kB (UM) 0*4096kB = 11052kB [ 1377.288872] Node 0 DMA32: 37071*4kB (UMEH) 20133*8kB (UMEH) 9190*16kB (UMEH) 2298*32kB (UME) 35*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 532292kB [ 1377.312014] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1377.324714] Node 1 Normal: 29498*4kB (UM) 18708*8kB (UM) 10900*16kB (UM) 6233*32kB (UM) 15*64kB (U) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 642600kB [ 1377.344218] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1377.354202] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1377.367099] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1377.376696] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1377.398543] 28562 total pagecache pages [ 1377.402558] 0 pages in swap cache [ 1377.406010] Swap cache stats: add 0, delete 0, find 0/0 [ 1377.420553] Free swap = 0kB [ 1377.423590] Total swap = 0kB [ 1377.426602] 2097051 pages RAM [ 1377.429792] 0 pages HighMem/MovableOnly [ 1377.433759] 363840 pages reserved [ 1377.437289] 0 pages cma reserved [ 1378.343383] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1378.358510] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1378.370224] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1378.376962] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1378.395692] device bridge_slave_1 left promiscuous mode [ 1378.401535] bridge0: port 2(bridge_slave_1) entered disabled state [ 1378.410253] device bridge_slave_0 left promiscuous mode [ 1378.415929] bridge0: port 1(bridge_slave_0) entered disabled state [ 1378.431239] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1378.437977] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1378.450755] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1378.457477] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1378.470123] device bridge_slave_1 left promiscuous mode [ 1378.475786] bridge0: port 2(bridge_slave_1) entered disabled state [ 1378.486669] device bridge_slave_0 left promiscuous mode [ 1378.493626] bridge0: port 1(bridge_slave_0) entered disabled state [ 1378.513163] device veth1_macvtap left promiscuous mode [ 1378.520651] device veth0_macvtap left promiscuous mode [ 1378.526018] device veth1_vlan left promiscuous mode [ 1378.533222] device veth0_vlan left promiscuous mode [ 1378.541811] device veth1_macvtap left promiscuous mode [ 1378.547933] device veth0_macvtap left promiscuous mode [ 1378.560750] device veth1_vlan left promiscuous mode [ 1378.567091] device veth0_vlan left promiscuous mode [ 1378.727529] device hsr_slave_1 left promiscuous mode [ 1378.739610] device hsr_slave_0 left promiscuous mode [ 1378.755998] team0 (unregistering): Port device team_slave_1 removed [ 1378.766499] team0 (unregistering): Port device team_slave_0 removed [ 1378.776389] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1378.788560] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1378.820434] bond0 (unregistering): Released all slaves [ 1378.871802] device hsr_slave_1 left promiscuous mode [ 1378.880052] device hsr_slave_0 left promiscuous mode [ 1378.895648] team0 (unregistering): Port device team_slave_1 removed [ 1378.906271] team0 (unregistering): Port device team_slave_0 removed [ 1378.915973] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1378.927692] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1378.962318] bond0 (unregistering): Released all slaves 18:04:33 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) 18:04:33 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf250100000024", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:04:33 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:04:33 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:04:33 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) 18:04:33 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) [ 1379.387322] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1379.403160] nbd: must specify at least one socket 18:04:34 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf25010000002400", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1379.649275] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1379.666648] nbd: must specify at least one socket 18:04:34 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf25010000002400", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1379.901961] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1379.915212] nbd: must specify at least one socket 18:04:34 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf25010000002400", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1380.084408] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1380.105449] nbd: must specify at least one socket 18:04:35 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:04:35 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) [ 1380.720657] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1380.727824] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1380.769990] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1380.799918] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1380.829941] device bridge_slave_1 left promiscuous mode [ 1380.855306] bridge0: port 2(bridge_slave_1) entered disabled state [ 1380.883171] device bridge_slave_0 left promiscuous mode [ 1380.900586] bridge0: port 1(bridge_slave_0) entered disabled state [ 1380.919884] device veth1_macvtap left promiscuous mode [ 1380.931933] device veth0_macvtap left promiscuous mode [ 1380.943155] device veth1_vlan left promiscuous mode [ 1380.953963] device veth0_vlan left promiscuous mode [ 1381.160674] device hsr_slave_1 left promiscuous mode [ 1381.177990] device hsr_slave_0 left promiscuous mode [ 1381.212579] team0 (unregistering): Port device team_slave_1 removed [ 1381.235572] team0 (unregistering): Port device team_slave_0 removed [ 1381.268594] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1381.282279] bond0 (unregistering): Releasing backup interface bond_slave_0 18:04:36 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1381.316991] bond0 (unregistering): Released all slaves [ 1384.182511] IPVS: ftp: loaded support on port[0] = 21 [ 1384.281883] IPVS: ftp: loaded support on port[0] = 21 [ 1384.364426] chnl_net:caif_netlink_parms(): no params data found [ 1384.401110] IPVS: ftp: loaded support on port[0] = 21 [ 1384.494772] bridge0: port 1(bridge_slave_0) entered blocking state [ 1384.501743] bridge0: port 1(bridge_slave_0) entered disabled state [ 1384.509463] device bridge_slave_0 entered promiscuous mode [ 1384.541648] bridge0: port 2(bridge_slave_1) entered blocking state [ 1384.549724] bridge0: port 2(bridge_slave_1) entered disabled state [ 1384.556642] device bridge_slave_1 entered promiscuous mode [ 1384.584187] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1384.592705] chnl_net:caif_netlink_parms(): no params data found [ 1384.607278] IPVS: ftp: loaded support on port[0] = 21 [ 1384.607408] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1384.657288] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1384.664944] team0: Port device team_slave_0 added [ 1384.684561] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1384.692505] team0: Port device team_slave_1 added [ 1384.776971] chnl_net:caif_netlink_parms(): no params data found [ 1384.788091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1384.794406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1384.821752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1384.841069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1384.847433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1384.873594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1384.884461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1384.896769] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1384.940758] device hsr_slave_0 entered promiscuous mode [ 1384.946634] device hsr_slave_1 entered promiscuous mode [ 1384.962556] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1385.007018] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1385.013865] bridge0: port 1(bridge_slave_0) entered blocking state [ 1385.021438] bridge0: port 1(bridge_slave_0) entered disabled state [ 1385.029165] device bridge_slave_0 entered promiscuous mode [ 1385.064301] bridge0: port 2(bridge_slave_1) entered blocking state [ 1385.070837] bridge0: port 2(bridge_slave_1) entered disabled state [ 1385.077666] device bridge_slave_1 entered promiscuous mode [ 1385.092788] chnl_net:caif_netlink_parms(): no params data found [ 1385.160432] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1385.174139] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1385.183948] bridge0: port 1(bridge_slave_0) entered blocking state [ 1385.190764] bridge0: port 1(bridge_slave_0) entered disabled state [ 1385.197768] device bridge_slave_0 entered promiscuous mode [ 1385.233841] bridge0: port 2(bridge_slave_1) entered blocking state [ 1385.241062] bridge0: port 2(bridge_slave_1) entered disabled state [ 1385.249437] device bridge_slave_1 entered promiscuous mode [ 1385.279183] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1385.286249] team0: Port device team_slave_0 added [ 1385.308710] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1385.316098] team0: Port device team_slave_1 added [ 1385.340466] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1385.361478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1385.367747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1385.393401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1385.413427] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1385.436592] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1385.442937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1385.469960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1385.480601] bridge0: port 1(bridge_slave_0) entered blocking state [ 1385.486944] bridge0: port 1(bridge_slave_0) entered disabled state [ 1385.495165] device bridge_slave_0 entered promiscuous mode [ 1385.502102] bridge0: port 2(bridge_slave_1) entered blocking state [ 1385.508492] bridge0: port 2(bridge_slave_1) entered disabled state [ 1385.515547] device bridge_slave_1 entered promiscuous mode [ 1385.521916] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1385.530581] team0: Port device team_slave_0 added [ 1385.535901] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1385.551786] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1385.558558] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1385.565701] team0: Port device team_slave_1 added [ 1385.578349] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1385.599110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1385.605355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1385.632068] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1385.658556] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1385.671846] device hsr_slave_0 entered promiscuous mode [ 1385.677511] device hsr_slave_1 entered promiscuous mode [ 1385.684580] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1385.691389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1385.717429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1385.729415] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1385.737205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1385.745189] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1385.753343] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1385.779586] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1385.786425] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1385.793539] team0: Port device team_slave_0 added [ 1385.804139] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1385.812257] team0: Port device team_slave_1 added [ 1385.835402] device hsr_slave_0 entered promiscuous mode [ 1385.841219] device hsr_slave_1 entered promiscuous mode [ 1385.847242] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1385.855835] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1385.893975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1385.901372] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1385.926728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1385.938539] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1385.944781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1385.970649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1385.985993] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1386.013709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1386.063851] device hsr_slave_0 entered promiscuous mode [ 1386.069592] device hsr_slave_1 entered promiscuous mode [ 1386.089826] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1386.107516] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1386.127222] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1386.191206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1386.198599] Bluetooth: hci5 command 0x0409 tx timeout [ 1386.212583] Bluetooth: hci0 command 0x0409 tx timeout [ 1386.221928] Bluetooth: hci4 command 0x0409 tx timeout [ 1386.228987] Bluetooth: hci2 command 0x0409 tx timeout [ 1386.234292] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1386.244142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1386.276316] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1386.287327] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1386.296002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1386.303724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1386.312863] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1386.319190] 8021q: adding VLAN 0 to HW filter on device team0 [ 1386.326081] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1386.334816] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1386.344203] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1386.354201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1386.361424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1386.368836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1386.376530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1386.384310] bridge0: port 1(bridge_slave_0) entered blocking state [ 1386.390710] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1386.398491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1386.408462] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1386.414556] 8021q: adding VLAN 0 to HW filter on device team0 [ 1386.423933] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1386.432877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1386.442726] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1386.450650] bridge0: port 2(bridge_slave_1) entered blocking state [ 1386.456975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1386.466555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1386.477228] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1386.489296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1386.496989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1386.506940] bridge0: port 1(bridge_slave_0) entered blocking state [ 1386.513432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1386.520493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1386.529137] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1386.537501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1386.549261] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1386.556819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1386.564120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1386.576904] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1386.584915] bridge0: port 2(bridge_slave_1) entered blocking state [ 1386.591382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1386.598753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1386.620161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1386.632267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1386.641195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1386.653894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1386.663674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1386.674717] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1386.682780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1386.691784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1386.699677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1386.707190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1386.715322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1386.722579] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1386.735446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1386.745529] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1386.755601] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1386.763373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1386.771287] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1386.779752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1386.787182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1386.794678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1386.802491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1386.813358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1386.823882] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1386.830725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1386.839216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1386.846890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1386.855872] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1386.871488] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1386.884742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1386.897049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1386.904913] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1386.911523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1386.919813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1386.927137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1386.934633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1386.943871] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1386.953845] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1386.960504] 8021q: adding VLAN 0 to HW filter on device team0 [ 1386.967434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1386.975089] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1386.984408] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1386.994061] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1387.003021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1387.012539] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1387.018727] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1387.026947] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1387.033687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1387.042203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1387.050445] bridge0: port 1(bridge_slave_0) entered blocking state [ 1387.056777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1387.063864] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1387.071361] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1387.078161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1387.089393] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1387.099600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1387.106112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1387.113970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1387.124864] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1387.133344] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1387.141068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1387.152599] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1387.162874] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1387.170525] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1387.177181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1387.185587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1387.193481] bridge0: port 2(bridge_slave_1) entered blocking state [ 1387.199880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1387.206874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1387.216175] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1387.222865] 8021q: adding VLAN 0 to HW filter on device team0 [ 1387.232169] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1387.243307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1387.254491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1387.269623] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1387.278698] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1387.285778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1387.295250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1387.308048] bridge0: port 1(bridge_slave_0) entered blocking state [ 1387.314851] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1387.323418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1387.331313] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1387.339429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1387.346421] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1387.355718] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1387.364324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1387.373161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1387.381514] bridge0: port 2(bridge_slave_1) entered blocking state [ 1387.388219] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1387.397476] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1387.407007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1387.415715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1387.424410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1387.435729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1387.445893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1387.455685] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1387.464390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1387.464811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1387.465072] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1387.466657] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1387.483518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1387.513804] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1387.523912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1387.532947] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1387.541304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1387.549940] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1387.557478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1387.566606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1387.574920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1387.583618] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1387.592472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1387.600547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1387.610948] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1387.617061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1387.629165] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1387.639859] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1387.646961] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1387.655751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1387.665299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1387.675147] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1387.688466] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1387.695385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1387.703570] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1387.714087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1387.723178] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1387.732983] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1387.741358] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1387.748464] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1387.754636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1387.762551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1387.770132] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1387.776843] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1387.786785] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1387.793542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1387.805241] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1387.813131] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1387.820501] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1387.828972] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1387.837462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1387.851152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1387.859025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1387.866396] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1387.875278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1387.888845] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1387.895321] device veth0_vlan entered promiscuous mode [ 1387.914377] device veth1_vlan entered promiscuous mode [ 1387.920542] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1387.928241] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1387.937091] device veth0_vlan entered promiscuous mode [ 1387.943950] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1387.952043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1387.959886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1387.968323] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1387.974554] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1387.982203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1387.989624] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1387.996320] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1388.005583] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1388.025665] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1388.033988] device veth1_vlan entered promiscuous mode [ 1388.043183] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1388.051650] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1388.063596] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1388.075182] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1388.085976] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1388.093524] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1388.103287] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1388.110863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1388.118861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1388.127926] device veth0_macvtap entered promiscuous mode [ 1388.133986] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1388.147441] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1388.165430] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1388.174215] device veth1_macvtap entered promiscuous mode [ 1388.184838] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1388.194811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1388.206183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1388.215008] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1388.225101] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1388.233896] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1388.241915] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1388.252392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1388.260644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1388.268590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1388.276292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1388.287105] device veth0_macvtap entered promiscuous mode [ 1388.287949] Bluetooth: hci2 command 0x041b tx timeout [ 1388.293929] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1388.305665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1388.317358] Bluetooth: hci4 command 0x041b tx timeout [ 1388.320634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.323272] Bluetooth: hci0 command 0x041b tx timeout [ 1388.335221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1388.336904] Bluetooth: hci5 command 0x041b tx timeout [ 1388.347907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.361976] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1388.369505] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1388.381642] device veth1_macvtap entered promiscuous mode [ 1388.388704] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1388.395292] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1388.403946] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1388.412022] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1388.420339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1388.430894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1388.443363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.452553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1388.463094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.473279] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1388.480342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1388.489219] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1388.502134] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1388.510424] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1388.518760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1388.529546] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1388.542487] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1388.550546] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1388.557210] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1388.569687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1388.579739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.589232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1388.599175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.608373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1388.618591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.629050] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1388.635966] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1388.645424] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1388.655095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1388.664859] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1388.673566] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1388.683379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1388.695469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.705389] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1388.715498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.725183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1388.735238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.745567] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1388.753068] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1388.761414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1388.768966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1388.776680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1388.784733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1388.792578] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1388.800320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1388.808291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1388.815101] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1388.823925] device veth0_vlan entered promiscuous mode [ 1388.859568] device veth1_vlan entered promiscuous mode [ 1388.865500] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1388.921246] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1388.940767] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1388.954389] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1388.962148] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1388.972317] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1388.982178] device veth0_vlan entered promiscuous mode [ 1388.988614] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1388.996151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1389.008642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1389.015957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1389.024716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1389.031892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1389.045192] device veth1_vlan entered promiscuous mode [ 1389.052441] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1389.064455] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1389.075760] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1389.089488] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1389.096951] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1389.105190] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1389.113358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1389.121906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1389.133503] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1389.145437] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1389.154601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1389.172034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1389.180989] device veth0_macvtap entered promiscuous mode [ 1389.187074] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1389.194836] device veth0_macvtap entered promiscuous mode [ 1389.201529] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1389.211906] device veth1_macvtap entered promiscuous mode [ 1389.218821] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1389.227060] device veth1_macvtap entered promiscuous mode [ 1389.233774] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1389.252723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1389.263455] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1389.279017] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1389.292842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.303469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.312951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.323487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.332978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.343146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.352338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.362133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.373164] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1389.380931] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1389.390130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.401014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.410667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.421057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.430496] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.440600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.450072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.460130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.470841] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1389.478783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1389.488532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1389.499330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.509209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.520259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.530707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.540615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.551183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.562376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.573294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.583545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1389.594073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.605483] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1389.613494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1389.621658] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1389.630477] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1389.644216] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1389.656682] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1389.665407] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1389.676689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1389.685644] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1389.697976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1389.705961] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1389.719206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1389.739380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.750452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.765594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.780995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.790220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.803435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.813370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.823968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.833900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1389.844667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.855954] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1389.863767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1389.879177] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1389.886857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:04:44 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:04:44 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) 18:04:44 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) [ 1390.360870] Bluetooth: hci5 command 0x040f tx timeout [ 1390.366327] Bluetooth: hci0 command 0x040f tx timeout [ 1390.393747] Bluetooth: hci4 command 0x040f tx timeout [ 1390.420026] Bluetooth: hci2 command 0x040f tx timeout [ 1390.953376] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1390.998628] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1391.016034] CPU: 1 PID: 3992 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1391.023846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.033182] Call Trace: [ 1391.035756] dump_stack+0x1b2/0x281 [ 1391.039393] warn_alloc.cold+0x96/0x1cc [ 1391.043350] ? zone_watermark_ok_safe+0x220/0x220 [ 1391.048183] __alloc_pages_nodemask+0x2127/0x2720 [ 1391.053100] ? lock_acquire+0x170/0x3f0 [ 1391.057062] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1391.061891] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1391.067324] ? __mutex_unlock_slowpath+0x75/0x770 [ 1391.072148] ? retint_kernel+0x2d/0x2d [ 1391.076042] alloc_pages_current+0x155/0x260 [ 1391.080455] ion_page_pool_alloc+0x118/0x1b0 [ 1391.084846] ion_system_heap_allocate+0x133/0x8c0 [ 1391.089670] ? ion_alloc+0x187/0x810 [ 1391.093365] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1391.098796] ? ion_system_contig_heap_create+0x130/0x130 [ 1391.104228] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1391.109229] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1391.114057] ion_alloc+0x204/0x810 [ 1391.117583] ? ion_dma_buf_release+0x40/0x40 [ 1391.121975] ? __might_fault+0x177/0x1b0 [ 1391.126022] ion_ioctl+0xea/0x1f0 [ 1391.129455] ? ion_query_heaps+0x360/0x360 [ 1391.133675] ? ion_query_heaps+0x360/0x360 [ 1391.137891] do_vfs_ioctl+0x75a/0xff0 [ 1391.141675] ? ioctl_preallocate+0x1a0/0x1a0 [ 1391.146064] ? lock_downgrade+0x740/0x740 [ 1391.150193] ? __fget+0x225/0x360 [ 1391.153629] ? do_vfs_ioctl+0xff0/0xff0 [ 1391.157585] ? security_file_ioctl+0x83/0xb0 [ 1391.161974] SyS_ioctl+0x7f/0xb0 [ 1391.165321] ? do_vfs_ioctl+0xff0/0xff0 [ 1391.169297] do_syscall_64+0x1d5/0x640 [ 1391.173171] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1391.178342] RIP: 0033:0x465f69 [ 1391.181511] RSP: 002b:00007fba6af7e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1391.189201] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1391.196452] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1391.203704] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1391.210954] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1391.218205] R13: 00007ffcb4b3e7df R14: 00007fba6af7e300 R15: 0000000000022000 [ 1391.273835] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1391.297255] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1391.311346] CPU: 1 PID: 4018 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1391.316597] syz-executor.5: [ 1391.319159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.319164] Call Trace: [ 1391.319183] dump_stack+0x1b2/0x281 [ 1391.319196] warn_alloc.cold+0x96/0x1cc [ 1391.319207] ? zone_watermark_ok_safe+0x220/0x220 [ 1391.319229] __alloc_pages_nodemask+0x2127/0x2720 [ 1391.319242] ? lock_acquire+0x170/0x3f0 [ 1391.319255] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1391.319279] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1391.319292] ? __mutex_unlock_slowpath+0x75/0x770 [ 1391.319306] alloc_pages_current+0x155/0x260 [ 1391.319320] ion_page_pool_alloc+0x118/0x1b0 [ 1391.319329] ion_system_heap_allocate+0x133/0x8c0 [ 1391.319339] ? ion_alloc+0x187/0x810 [ 1391.319348] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1391.319356] ? ion_system_contig_heap_create+0x130/0x130 [ 1391.319366] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1391.319376] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1391.319386] ion_alloc+0x204/0x810 [ 1391.319398] ? ion_dma_buf_release+0x40/0x40 [ 1391.319408] ? __might_fault+0x177/0x1b0 [ 1391.319416] ion_ioctl+0xea/0x1f0 [ 1391.319425] ? ion_query_heaps+0x360/0x360 [ 1391.319437] ? ion_query_heaps+0x360/0x360 [ 1391.319446] do_vfs_ioctl+0x75a/0xff0 [ 1391.319458] ? ioctl_preallocate+0x1a0/0x1a0 [ 1391.319465] ? lock_downgrade+0x740/0x740 [ 1391.319478] ? __fget+0x225/0x360 [ 1391.319487] ? do_vfs_ioctl+0xff0/0xff0 [ 1391.319498] ? security_file_ioctl+0x83/0xb0 [ 1391.319508] SyS_ioctl+0x7f/0xb0 [ 1391.319516] ? do_vfs_ioctl+0xff0/0xff0 [ 1391.319527] do_syscall_64+0x1d5/0x640 [ 1391.319542] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1391.319549] RIP: 0033:0x465f69 [ 1391.319554] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1391.319564] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1391.319569] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1391.319574] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1391.319580] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1391.319585] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1391.329512] Mem-Info: [ 1391.353703] syz-executor.1: [ 1391.361423] active_anon:15158 inactive_anon:24270 isolated_anon:24 [ 1391.361423] active_file:2654 inactive_file:4747 isolated_file:28 [ 1391.361423] unevictable:0 dirty:188 writeback:0 unstable:0 [ 1391.361423] slab_reclaimable:13117 slab_unreclaimable:120413 [ 1391.361423] mapped:57466 shmem:25360 pagetables:1348 bounce:0 [ 1391.361423] free:282314 free_pcp:352 free_cma:0 [ 1391.379122] page allocation failure: order:4 [ 1391.381131] Node 0 active_anon:58940kB inactive_anon:68036kB active_file:5428kB inactive_file:12200kB unevictable:0kB isolated(anon):96kB isolated(file):0kB mapped:205828kB dirty:716kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1391.391123] syz-executor.2: [ 1391.403402] Node 1 active_anon:1692kB inactive_anon:29044kB active_file:5288kB inactive_file:6556kB unevictable:0kB isolated(anon):0kB isolated(file):112kB mapped:23936kB dirty:36kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1391.412433] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1391.413975] Node 0 [ 1391.418907] page allocation failure: order:4 [ 1391.425042] DMA free:11128kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1391.427914] page allocation failure: order:4 [ 1391.436029] lowmem_reserve[]: [ 1391.439960] (null) [ 1391.445395] 0 [ 1391.448567] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1391.456072] 2717 [ 1391.460730] syz-executor.1 cpuset= [ 1391.464541] 2718 [ 1391.467917] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1391.476300] 2718 [ 1391.477157] syz-executor.2 cpuset= [ 1391.480919] 2718 [ 1391.489079] (null) [ 1391.500127] / [ 1391.712135] / [ 1391.715631] Node 0 DMA32 free:937812kB min:36200kB low:45248kB high:54296kB active_anon:58864kB inactive_anon:68036kB active_file:5428kB inactive_file:12200kB unevictable:0kB writepending:716kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7968kB pagetables:4836kB bounce:0kB free_pcp:236kB local_pcp:116kB free_cma:0kB [ 1391.716747] syz-executor.5 cpuset= [ 1391.747263] lowmem_reserve[]: 0 0 0 0 0 [ 1391.754933] / mems_allowed=0-1 [ 1391.755085] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1391.761050] CPU: 0 PID: 4039 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1391.784101] lowmem_reserve[]: [ 1391.791590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.791594] Call Trace: [ 1391.791615] dump_stack+0x1b2/0x281 [ 1391.791628] warn_alloc.cold+0x96/0x1cc [ 1391.791640] ? zone_watermark_ok_safe+0x220/0x220 [ 1391.791662] __alloc_pages_nodemask+0x2127/0x2720 [ 1391.794780] 0 [ 1391.804092] ? lock_acquire+0x170/0x3f0 [ 1391.804107] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1391.804123] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1391.814336] 0 [ 1391.819085] ? __mutex_unlock_slowpath+0x75/0x770 [ 1391.819099] alloc_pages_current+0x155/0x260 [ 1391.819114] ion_page_pool_alloc+0x118/0x1b0 [ 1391.829407] 0 [ 1391.829687] ion_system_heap_allocate+0x133/0x8c0 [ 1391.839992] 0 [ 1391.841729] ? ion_alloc+0x187/0x810 [ 1391.841739] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1391.841750] ? ion_system_contig_heap_create+0x130/0x130 [ 1391.848797] 0 [ 1391.850988] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1391.850999] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1391.851011] ion_alloc+0x204/0x810 [ 1391.862121] ? ion_dma_buf_release+0x40/0x40 [ 1391.862134] ? __might_fault+0x177/0x1b0 [ 1391.868303] Node 1 [ 1391.873057] ion_ioctl+0xea/0x1f0 [ 1391.873069] ? ion_query_heaps+0x360/0x360 [ 1391.889430] Normal free:173140kB min:53696kB low:67120kB high:80544kB active_anon:1692kB inactive_anon:29044kB active_file:5192kB inactive_file:7280kB unevictable:0kB writepending:36kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 1391.890115] ? ion_query_heaps+0x360/0x360 [ 1391.898029] lowmem_reserve[]: [ 1391.902067] do_vfs_ioctl+0x75a/0xff0 [ 1391.902079] ? ioctl_preallocate+0x1a0/0x1a0 [ 1391.902090] ? lock_downgrade+0x740/0x740 [ 1391.907600] 0 [ 1391.907751] ? __fget+0x225/0x360 [ 1391.917380] 0 [ 1391.940228] ? do_vfs_ioctl+0xff0/0xff0 [ 1391.940238] ? security_file_ioctl+0x83/0xb0 [ 1391.940248] SyS_ioctl+0x7f/0xb0 [ 1391.940255] ? do_vfs_ioctl+0xff0/0xff0 [ 1391.940265] do_syscall_64+0x1d5/0x640 [ 1391.940279] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1391.940288] RIP: 0033:0x465f69 [ 1391.940292] RSP: 002b:00007febda737188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1391.940301] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1391.940305] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1391.940312] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1391.968487] 0 [ 1391.971169] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1391.971175] R13: 00007ffda11ce07f R14: 00007febda737300 R15: 0000000000022000 [ 1391.996873] mems_allowed=0-1 [ 1392.039990] 0 0 [ 1392.051823] CPU: 0 PID: 4017 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1392.052921] Node 0 [ 1392.059635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.059639] Call Trace: [ 1392.059659] dump_stack+0x1b2/0x281 [ 1392.059673] warn_alloc.cold+0x96/0x1cc [ 1392.059685] ? zone_watermark_ok_safe+0x220/0x220 [ 1392.059706] __alloc_pages_nodemask+0x2127/0x2720 [ 1392.068478] DMA: [ 1392.071269] ? lock_acquire+0x170/0x3f0 [ 1392.071285] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1392.077132] 53*4kB [ 1392.077464] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1392.077476] ? __mutex_unlock_slowpath+0x75/0x770 [ 1392.085836] (UME) [ 1392.086710] ? retint_kernel+0x2d/0x2d [ 1392.098148] 77*8kB [ 1392.102392] alloc_pages_current+0x155/0x260 [ 1392.102409] ion_page_pool_alloc+0x118/0x1b0 [ 1392.107926] mems_allowed=0-1 [ 1392.110086] ion_system_heap_allocate+0x133/0x8c0 [ 1392.110096] ? ion_alloc+0x187/0x810 [ 1392.110108] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1392.116051] (UME) [ 1392.117068] ? ion_system_contig_heap_create+0x130/0x130 [ 1392.129680] 65*16kB [ 1392.131939] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1392.131950] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1392.131962] ion_alloc+0x204/0x810 [ 1392.139417] (UME) [ 1392.139880] ? ion_dma_buf_release+0x40/0x40 [ 1392.152310] 42*32kB [ 1392.156573] ? __might_fault+0x177/0x1b0 [ 1392.156589] ion_ioctl+0xea/0x1f0 [ 1392.173061] (UME) [ 1392.174378] ? ion_query_heaps+0x360/0x360 [ 1392.174391] ? ion_query_heaps+0x360/0x360 [ 1392.190909] 10*64kB [ 1392.195024] do_vfs_ioctl+0x75a/0xff0 [ 1392.195039] ? ioctl_preallocate+0x1a0/0x1a0 [ 1392.209741] ? lock_downgrade+0x740/0x740 [ 1392.213876] ? __fget+0x225/0x360 [ 1392.216696] (UME) 9*128kB [ 1392.217314] ? do_vfs_ioctl+0xff0/0xff0 [ 1392.217325] ? security_file_ioctl+0x83/0xb0 [ 1392.226738] (UM) [ 1392.228490] SyS_ioctl+0x7f/0xb0 [ 1392.228499] ? do_vfs_ioctl+0xff0/0xff0 [ 1392.228511] do_syscall_64+0x1d5/0x640 [ 1392.228527] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1392.228535] RIP: 0033:0x465f69 [ 1392.234980] 4*256kB [ 1392.237883] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1392.237894] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1392.237900] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1392.237904] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1392.237909] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1392.237913] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1392.299515] CPU: 1 PID: 4036 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1392.307316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.316667] Call Trace: [ 1392.319258] dump_stack+0x1b2/0x281 [ 1392.322890] warn_alloc.cold+0x96/0x1cc [ 1392.326871] ? zone_watermark_ok_safe+0x220/0x220 [ 1392.331729] __alloc_pages_nodemask+0x2127/0x2720 [ 1392.336575] ? lock_acquire+0x170/0x3f0 [ 1392.340556] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1392.345419] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1392.350870] ? __mutex_unlock_slowpath+0x75/0x770 [ 1392.355717] alloc_pages_current+0x155/0x260 [ 1392.360131] ion_page_pool_alloc+0x118/0x1b0 [ 1392.364581] ion_system_heap_allocate+0x133/0x8c0 [ 1392.369425] ? ion_alloc+0x187/0x810 [ 1392.373574] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1392.379023] ? ion_system_contig_heap_create+0x130/0x130 [ 1392.384475] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1392.389497] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1392.394347] ion_alloc+0x204/0x810 [ 1392.398006] ? ion_dma_buf_release+0x40/0x40 [ 1392.402431] ? __might_fault+0x177/0x1b0 [ 1392.406587] ion_ioctl+0xea/0x1f0 [ 1392.410044] ? ion_query_heaps+0x360/0x360 [ 1392.414284] ? ion_query_heaps+0x360/0x360 [ 1392.418519] do_vfs_ioctl+0x75a/0xff0 [ 1392.422327] ? ioctl_preallocate+0x1a0/0x1a0 [ 1392.426731] ? lock_downgrade+0x740/0x740 [ 1392.430882] ? __fget+0x225/0x360 [ 1392.434333] ? do_vfs_ioctl+0xff0/0xff0 [ 1392.438307] ? security_file_ioctl+0x83/0xb0 [ 1392.442716] SyS_ioctl+0x7f/0xb0 [ 1392.446079] ? do_vfs_ioctl+0xff0/0xff0 [ 1392.450051] do_syscall_64+0x1d5/0x640 [ 1392.453942] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1392.459129] RIP: 0033:0x465f69 [ 1392.462313] RSP: 002b:00007face3f0d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1392.470018] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1392.477287] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1392.484549] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1392.491816] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1392.499082] R13: 00007ffd7dcc854f R14: 00007face3f0d300 R15: 0000000000022000 [ 1392.507191] Bluetooth: hci2 command 0x0419 tx timeout [ 1392.518413] Bluetooth: hci4 command 0x0419 tx timeout [ 1392.525901] (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 11148kB [ 1392.537723] Bluetooth: hci0 command 0x0419 tx timeout [ 1392.546288] Node 0 DMA32: 173*4kB (UEH) 609*8kB (UMEH) 11661*16kB (UEH) 10709*32kB (UEH) 28*64kB (UH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 536620kB [ 1392.562843] Bluetooth: hci5 command 0x0419 tx timeout [ 1392.570656] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1392.582246] Node 1 Normal: 3210*4kB (UM) 3497*8kB (UM) 3081*16kB (UM) 2595*32kB (UM) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 173216kB [ 1392.598381] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1392.607545] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1392.616210] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1392.626623] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1392.636260] 32511 total pagecache pages [ 1392.641004] 0 pages in swap cache [ 1392.644541] Swap cache stats: add 0, delete 0, find 0/0 [ 1392.646319] warn_alloc_show_mem: 2 callbacks suppressed [ 1392.646322] Mem-Info: [ 1392.651360] Free swap = 0kB [ 1392.661519] Total swap = 0kB [ 1392.664615] 2097051 pages RAM [ 1392.666167] active_anon:15159 inactive_anon:24270 isolated_anon:0 [ 1392.666167] active_file:2795 inactive_file:4564 isolated_file:0 [ 1392.666167] unevictable:0 dirty:200 writeback:0 unstable:0 [ 1392.666167] slab_reclaimable:13105 slab_unreclaimable:120550 [ 1392.666167] mapped:57419 shmem:25360 pagetables:1348 bounce:0 [ 1392.666167] free:159014 free_pcp:123 free_cma:0 [ 1392.669004] 0 pages HighMem/MovableOnly [ 1392.707632] 363840 pages reserved [ 1392.715571] 0 pages cma reserved [ 1392.726752] Node 0 active_anon:58940kB inactive_anon:68036kB active_file:5776kB inactive_file:11748kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:205896kB dirty:764kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1392.764370] Node 1 active_anon:1696kB inactive_anon:29044kB active_file:5404kB inactive_file:6508kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:23780kB dirty:36kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1392.807275] Node 0 DMA free:11148kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1392.867379] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1392.872524] Node 0 DMA32 free:276968kB min:36200kB low:45248kB high:54296kB active_anon:58864kB inactive_anon:68036kB active_file:5776kB inactive_file:11748kB unevictable:0kB writepending:764kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4836kB bounce:0kB free_pcp:304kB local_pcp:176kB free_cma:0kB [ 1392.921214] lowmem_reserve[]: 0 0 0 0 0 [ 1392.936058] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1392.985943] lowmem_reserve[]: 0 0 0 0 0 [ 1392.990164] Node 1 Normal free:173216kB min:53696kB low:67120kB high:80544kB active_anon:1696kB inactive_anon:29044kB active_file:5404kB inactive_file:6508kB unevictable:0kB writepending:36kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 1393.031875] lowmem_reserve[]: 0 0 0 0 0 [ 1393.040503] Node 0 DMA: 53*4kB (UME) 77*8kB (UME) 65*16kB (UME) 42*32kB (UME) 10*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 11148kB [ 1393.083729] Node 0 DMA32: 173*4kB (MEH) 608*8kB (UMEH) 189*16kB (MEH) 1087*32kB (UMEH) 28*64kB (UMH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45156kB [ 1393.123508] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1393.150322] Node 1 Normal: 48*4kB (UM) 23*8kB (UM) 386*16kB (UM) 2595*32kB (UM) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 89656kB [ 1393.215301] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1393.245539] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1393.286097] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1393.322327] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1393.361466] 26107 total pagecache pages [ 1393.371562] 0 pages in swap cache [ 1393.387315] Swap cache stats: add 0, delete 0, find 0/0 [ 1393.392896] Free swap = 0kB [ 1393.396255] Total swap = 0kB [ 1393.400618] 2097051 pages RAM [ 1393.404163] 0 pages HighMem/MovableOnly [ 1393.408257] 363840 pages reserved [ 1393.411711] 0 pages cma reserved [ 1393.462731] oom_reaper: reaped process 4018 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1393.489348] syz-executor.1 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1393.512537] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1393.522261] CPU: 1 PID: 3002 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1393.530074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1393.539425] Call Trace: [ 1393.542017] dump_stack+0x1b2/0x281 [ 1393.545644] dump_header+0x178/0x82f [ 1393.549356] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1393.554470] ? ___ratelimit+0x2cd/0x530 [ 1393.558544] oom_kill_process.cold+0x10/0xb18 [ 1393.563049] out_of_memory+0xe3e/0x1190 [ 1393.567033] ? oom_killer_disable+0x1c0/0x1c0 [ 1393.567347] syz-executor.4: [ 1393.571522] ? mutex_trylock+0x152/0x1a0 [ 1393.571525] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1393.574545] __alloc_pages_nodemask+0x23e1/0x2720 [ 1393.593314] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1393.598177] alloc_pages_current+0x155/0x260 [ 1393.601622] (null) [ 1393.602580] filemap_fault+0xea3/0x1980 [ 1393.604740] syz-executor.4 cpuset= [ 1393.608704] ext4_filemap_fault+0x84/0xb0 [ 1393.608714] __do_fault+0xfa/0x380 [ 1393.608722] __handle_mm_fault+0x2497/0x4620 [ 1393.608731] ? vm_insert_page+0x7c0/0x7c0 [ 1393.608740] ? nanosleep_copyout+0x100/0x100 [ 1393.608756] handle_mm_fault+0x391/0x860 [ 1393.608768] __do_page_fault+0x549/0xad0 [ 1393.608780] ? spurious_fault+0x640/0x640 [ 1393.612330] / [ 1393.616429] ? do_page_fault+0x60/0x500 [ 1393.623465] mems_allowed=0-1 [ 1393.624339] ? page_fault+0x2f/0x50 [ 1393.657393] page_fault+0x45/0x50 [ 1393.660836] RIP: 153afa:0x9 [ 1393.663745] RSP: 0003:00007ffd7dcc880c EFLAGS: 00000000 [ 1393.663766] CPU: 0 PID: 4018 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1393.675229] Mem-Info: [ 1393.676931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1393.679362] active_anon:15234 inactive_anon:24270 isolated_anon:0 [ 1393.679362] active_file:16 inactive_file:32 isolated_file:0 [ 1393.679362] unevictable:0 dirty:34 writeback:25 unstable:0 [ 1393.679362] slab_reclaimable:13105 slab_unreclaimable:120323 [ 1393.679362] mapped:52833 shmem:25360 pagetables:1348 bounce:0 [ 1393.679362] free:13877 free_pcp:0 free_cma:0 [ 1393.688659] Call Trace: [ 1393.688678] dump_stack+0x1b2/0x281 [ 1393.688699] warn_alloc.cold+0x96/0x1cc [ 1393.722987] Node 0 active_anon:59240kB inactive_anon:68036kB active_file:36kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196652kB dirty:100kB writeback:100kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1393.725533] ? zone_watermark_ok_safe+0x220/0x220 [ 1393.729157] Node 1 active_anon:1696kB inactive_anon:29044kB active_file:28kB inactive_file:144kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14680kB dirty:36kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1393.733092] ? usleep_range+0x130/0x130 [ 1393.760928] Node 0 [ 1393.765737] ? try_to_free_pages+0x23f/0x6e0 [ 1393.793080] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1393.797012] ? _find_next_bit+0xdb/0x100 [ 1393.799232] lowmem_reserve[]: [ 1393.803633] ? run_timer_softirq+0x5a0/0x5a0 [ 1393.829213] 0 [ 1393.833267] __alloc_pages_nodemask+0x2127/0x2720 [ 1393.836350] 2717 [ 1393.840774] ? lock_acquire+0x170/0x3f0 [ 1393.840789] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1393.842566] 2718 [ 1393.847391] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1393.847406] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1393.847421] ? alloc_pages_current+0x123/0x260 [ 1393.849800] 2718 [ 1393.853757] alloc_pages_current+0x155/0x260 [ 1393.858587] 2718 [ 1393.860623] ion_page_pool_alloc+0x118/0x1b0 [ 1393.865089] Node 0 [ 1393.870523] ion_system_heap_allocate+0x133/0x8c0 [ 1393.870532] ? ion_alloc+0x187/0x810 [ 1393.870543] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1393.875111] DMA32 free:17900kB min:36200kB low:45248kB high:54296kB active_anon:58864kB inactive_anon:68036kB active_file:220kB inactive_file:232kB unevictable:0kB writepending:48kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4836kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1393.877148] ? ion_system_contig_heap_create+0x130/0x130 [ 1393.881545] lowmem_reserve[]: [ 1393.883576] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1393.883586] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1393.888089] 0 [ 1393.890300] ion_alloc+0x204/0x810 [ 1393.895111] 0 [ 1393.898811] ? ion_dma_buf_release+0x40/0x40 [ 1393.898826] ? __might_fault+0x177/0x1b0 [ 1393.904251] 0 [ 1393.932448] ion_ioctl+0xea/0x1f0 [ 1393.932457] ? ion_query_heaps+0x360/0x360 [ 1393.932470] ? ion_query_heaps+0x360/0x360 [ 1393.932479] do_vfs_ioctl+0x75a/0xff0 [ 1393.932489] ? ioctl_preallocate+0x1a0/0x1a0 [ 1393.937929] 0 [ 1393.941008] ? lock_downgrade+0x740/0x740 [ 1393.946005] 0 [ 1393.950852] ? __fget+0x225/0x360 [ 1393.950861] ? do_vfs_ioctl+0xff0/0xff0 [ 1393.950872] ? security_file_ioctl+0x83/0xb0 [ 1393.956185] SyS_ioctl+0x7f/0xb0 [ 1393.957979] Node 0 [ 1393.962374] ? do_vfs_ioctl+0xff0/0xff0 [ 1393.966417] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1393.968293] do_syscall_64+0x1d5/0x640 [ 1393.968309] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1393.968317] RIP: 0033:0x465f69 [ 1393.971744] lowmem_reserve[]: [ 1393.976226] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1393.980722] 0 [ 1393.984503] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1393.984510] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1393.988914] 0 [ 1393.990679] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1393.990686] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1393.994830] 0 [ 1393.996613] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1394.010010] warn_alloc_show_mem: 1 callbacks suppressed [ 1394.010013] Mem-Info: [ 1394.031985] 0 [ 1394.047555] active_anon:15236 inactive_anon:24270 isolated_anon:0 [ 1394.047555] active_file:12 inactive_file:13 isolated_file:0 [ 1394.047555] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1394.047555] slab_reclaimable:13100 slab_unreclaimable:120312 [ 1394.047555] mapped:52763 shmem:25360 pagetables:1348 bounce:0 [ 1394.047555] free:13887 free_pcp:22 free_cma:0 [ 1394.066348] 0 [ 1394.070061] Node 0 active_anon:59240kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196460kB dirty:0kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1394.084803] Node 1 active_anon:1704kB inactive_anon:29044kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1394.086583] Node 1 [ 1394.095791] Node 0 [ 1394.117154] Normal free:26880kB min:53696kB low:67120kB high:80544kB active_anon:1704kB inactive_anon:29044kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1394.120333] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1394.164136] lowmem_reserve[]: [ 1394.192299] lowmem_reserve[]: [ 1394.219154] 0 [ 1394.256105] 0 [ 1394.274432] 0 0 0 0 [ 1394.282325] Node 0 DMA: 22*4kB (ME) 70*8kB (UME) 65*16kB (UME) 42*32kB (UME) 10*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10968kB [ 1394.288069] 2717 [ 1394.304576] Node 0 DMA32: 717*4kB (UMEH) 1013*8kB (UMEH) 267*16kB (UMEH) 69*32kB (UMEH) 5*64kB (UH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17772kB [ 1394.310557] 2718 [ 1394.327452] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1394.334462] 2718 [ 1394.344497] Node 1 [ 1394.345004] 2718 [ 1394.346563] Normal: 154*4kB (M) 67*8kB (UM) 44*16kB (UM) 494*32kB (UM) 36*64kB (UM) 16*128kB (M) 7*256kB (M) 2*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 26880kB [ 1394.374138] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1394.375438] Node 0 [ 1394.383024] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1394.383031] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1394.383036] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1394.383040] 25385 total pagecache pages [ 1394.383051] 0 pages in swap cache [ 1394.383056] Swap cache stats: add 0, delete 0, find 0/0 [ 1394.383059] Free swap = 0kB [ 1394.383062] Total swap = 0kB [ 1394.383069] 2097051 pages RAM [ 1394.383072] 0 pages HighMem/MovableOnly [ 1394.383075] 363840 pages reserved [ 1394.383081] 0 pages cma reserved [ 1394.399421] DMA32 free:17700kB min:36200kB low:45248kB high:54296kB active_anon:59164kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4836kB bounce:0kB free_pcp:124kB local_pcp:0kB free_cma:0kB [ 1394.408118] Out of memory (oom_kill_allocating_task): Kill process 3002 (syz-executor.1) score 0 or sacrifice child [ 1394.421881] lowmem_reserve[]: [ 1394.436728] Killed process 4036 (syz-executor.1) total-vm:93384kB, anon-rss:156kB, file-rss:34820kB, shmem-rss:0kB [ 1394.447051] 0 [ 1394.486438] syz-executor.1 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask= [ 1394.488930] syz-executor.1: [ 1394.512240] (null) [ 1394.513595] 0 [ 1394.515274] , order=0, oom_score_adj=0 [ 1394.517473] 0 0 0 [ 1394.517485] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1394.517503] lowmem_reserve[]: 0 0 0 0 0 [ 1394.517523] Node 1 Normal free:26756kB min:53696kB low:67120kB high:80544kB active_anon:1704kB inactive_anon:29044kB active_file:12kB inactive_file:16kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 1394.517542] lowmem_reserve[]: 0 0 0 0 0 [ 1394.517559] Node 0 DMA: 22*4kB (ME) 70*8kB (UME) 65*16kB (UME) 42*32kB (UME) 10*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10968kB [ 1394.517638] Node 0 DMA32: 717*4kB (UMEH) 1013*8kB (UMEH) 267*16kB (UMEH) 69*32kB (UMEH) 5*64kB (UH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17772kB [ 1394.517698] Node 0 Normal: 0*4kB 0*8kB [ 1394.531458] syz-executor.1 cpuset= [ 1394.556776] page allocation failure: order:0 [ 1394.596712] / [ 1394.610131] 0*16kB [ 1394.631032] mems_allowed=0-1 [ 1394.637789] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1394.637799] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1394.637820] CPU: 0 PID: 4036 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1394.637834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1394.667621] Call Trace: [ 1394.670197] dump_stack+0x1b2/0x281 [ 1394.673810] warn_alloc.cold+0x96/0x1cc [ 1394.677770] ? zone_watermark_ok_safe+0x220/0x220 [ 1394.682600] ? usleep_range+0x130/0x130 [ 1394.686557] ? try_to_free_pages+0x23f/0x6e0 [ 1394.690965] ? _find_next_bit+0xdb/0x100 [ 1394.695008] ? run_timer_softirq+0x5a0/0x5a0 [ 1394.699420] __alloc_pages_nodemask+0x2127/0x2720 [ 1394.704247] ? lock_acquire+0x170/0x3f0 [ 1394.708208] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1394.713033] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1394.717537] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1394.722974] alloc_pages_current+0x155/0x260 [ 1394.727367] ion_page_pool_alloc+0x118/0x1b0 [ 1394.731757] ion_system_heap_allocate+0x133/0x8c0 [ 1394.736593] ? ion_alloc+0x187/0x810 [ 1394.740288] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1394.745731] ? ion_system_contig_heap_create+0x130/0x130 [ 1394.751163] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1394.756160] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1394.760986] ion_alloc+0x204/0x810 [ 1394.764511] ? ion_dma_buf_release+0x40/0x40 [ 1394.768902] ? __might_fault+0x177/0x1b0 [ 1394.772947] ion_ioctl+0xea/0x1f0 [ 1394.776383] ? ion_query_heaps+0x360/0x360 [ 1394.780604] ? ion_query_heaps+0x360/0x360 [ 1394.784823] do_vfs_ioctl+0x75a/0xff0 [ 1394.788608] ? ioctl_preallocate+0x1a0/0x1a0 [ 1394.793011] ? lock_downgrade+0x740/0x740 [ 1394.797143] ? __fget+0x225/0x360 [ 1394.800581] ? do_vfs_ioctl+0xff0/0xff0 [ 1394.804553] ? security_file_ioctl+0x83/0xb0 [ 1394.808971] SyS_ioctl+0x7f/0xb0 [ 1394.812318] ? do_vfs_ioctl+0xff0/0xff0 [ 1394.816272] do_syscall_64+0x1d5/0x640 [ 1394.820146] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1394.825317] RIP: 0033:0x465f69 [ 1394.828488] RSP: 002b:00007face3f0d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1394.836178] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1394.843428] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1394.850678] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1394.857943] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1394.865194] R13: 00007ffd7dcc854f R14: 00007face3f0d300 R15: 0000000000022000 [ 1394.872630] CPU: 1 PID: 3002 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1394.879216] 0*32kB [ 1394.880422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1394.880428] 0*64kB [ 1394.882644] Call Trace: [ 1394.895626] 0*128kB [ 1394.896823] dump_stack+0x1b2/0x281 [ 1394.896825] 0*256kB 0*512kB [ 1394.899144] dump_header+0x178/0x82f [ 1394.899155] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1394.899164] ? ___ratelimit+0x2cd/0x530 [ 1394.899173] oom_kill_process.cold+0x10/0xb18 [ 1394.899188] out_of_memory+0xe3e/0x1190 [ 1394.904698] 0*1024kB [ 1394.905817] ? oom_killer_disable+0x1c0/0x1c0 [ 1394.913047] 0*2048kB [ 1394.914590] ? mutex_trylock+0x152/0x1a0 [ 1394.920745] 0*4096kB [ 1394.923024] __alloc_pages_nodemask+0x23e1/0x2720 [ 1394.926990] = 0kB [ 1394.929395] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1394.929418] alloc_pages_current+0x155/0x260 [ 1394.929429] filemap_fault+0xea3/0x1980 [ 1394.929449] ext4_filemap_fault+0x84/0xb0 [ 1394.939172] Node 1 [ 1394.940410] __do_fault+0xfa/0x380 [ 1394.943316] Normal: [ 1394.948143] __handle_mm_fault+0x2497/0x4620 [ 1394.948153] ? vm_insert_page+0x7c0/0x7c0 [ 1394.948161] ? nanosleep_copyout+0x100/0x100 [ 1394.948179] handle_mm_fault+0x391/0x860 [ 1394.948190] __do_page_fault+0x549/0xad0 [ 1394.948202] ? spurious_fault+0x640/0x640 [ 1394.952244] 155*4kB [ 1394.955066] ? do_page_fault+0x60/0x500 [ 1394.961308] (UM) [ 1394.963410] ? page_fault+0x2f/0x50 [ 1394.971113] 67*8kB [ 1394.973295] page_fault+0x45/0x50 [ 1394.975591] (UM) [ 1394.979979] RIP: 153afa:0x9 [ 1394.979983] RSP: 0003:00007ffd7dcc880c EFLAGS: 00000000 [ 1394.998517] Mem-Info: [ 1395.007842] 44*16kB [ 1395.021624] active_anon:15236 inactive_anon:24270 isolated_anon:0 [ 1395.021624] active_file:11 inactive_file:14 isolated_file:0 [ 1395.021624] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1395.021624] slab_reclaimable:13066 slab_unreclaimable:120247 [ 1395.021624] mapped:52763 shmem:25360 pagetables:1348 bounce:0 [ 1395.021624] free:13874 free_pcp:153 free_cma:0 [ 1395.028719] (UM) [ 1395.038098] Node 0 active_anon:59240kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196460kB dirty:0kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1395.071915] 490*32kB (UM) 36*64kB (UM) 16*128kB (M) 7*256kB (M) 2*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 26756kB [ 1395.114781] Node 1 active_anon:1704kB inactive_anon:29044kB active_file:8kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1395.114990] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1395.155243] Node 0 DMA free:10968kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1395.157024] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1395.194900] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1395.196542] Mem-Info: [ 1395.202424] active_anon:15236 inactive_anon:24270 isolated_anon:0 [ 1395.202424] active_file:11 inactive_file:14 isolated_file:0 [ 1395.202424] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1395.202424] slab_reclaimable:13066 slab_unreclaimable:120197 [ 1395.202424] mapped:52763 shmem:25360 pagetables:1348 bounce:0 [ 1395.202424] free:13874 free_pcp:183 free_cma:0 [ 1395.207047] Node 0 [ 1395.242844] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1395.251266] DMA32 free:17772kB min:36200kB low:45248kB high:54296kB active_anon:59164kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4836kB bounce:0kB free_pcp:612kB local_pcp:124kB free_cma:0kB [ 1395.254030] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1395.295590] lowmem_reserve[]: 0 0 0 0 0 [ 1395.297055] Node 0 active_anon:59240kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196460kB dirty:0kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1395.306357] Node 0 [ 1395.334342] 25385 total pagecache pages [ 1395.340408] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1395.340601] 0 pages in swap cache [ 1395.375601] Node 1 active_anon:1704kB inactive_anon:29044kB active_file:8kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1395.378927] lowmem_reserve[]: [ 1395.412105] Swap cache stats: add 0, delete 0, find 0/0 [ 1395.416342] 0 [ 1395.423318] Node 0 DMA free:10968kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1395.425464] 0 [ 1395.459970] Free swap = 0kB [ 1395.463258] 0 [ 1395.464801] Total swap = 0kB [ 1395.464808] 2097051 pages RAM [ 1395.466601] 0 [ 1395.473449] 0 pages HighMem/MovableOnly [ 1395.476492] 0 [ 1395.483480] 363840 pages reserved [ 1395.492946] Node 1 Normal free:26756kB min:53696kB low:67120kB high:80544kB active_anon:1704kB inactive_anon:29044kB active_file:8kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1395.493000] lowmem_reserve[]: [ 1395.529853] 0 pages cma reserved [ 1395.533195] lowmem_reserve[]: 0 0 0 0 0 [ 1395.577180] Node 0 DMA: 22*4kB (ME) 70*8kB (UME) 65*16kB (UME) 42*32kB (UME) 10*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10968kB [ 1395.610725] 0 2717 2718 2718 2718 [ 1395.637214] Node 0 DMA32 free:19284kB min:36200kB low:45248kB high:54296kB active_anon:59164kB inactive_anon:68036kB active_file:20kB inactive_file:24kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4836kB bounce:0kB free_pcp:632kB local_pcp:488kB free_cma:0kB [ 1395.647152] Node 0 DMA32: 754*4kB (UMEH) 1318*8kB (UMEH) 271*16kB (UMEH) 145*32kB (UMEH) 15*64kB (UH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23496kB [ 1395.770366] lowmem_reserve[]: 0 0 0 0 0 [ 1395.797209] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1395.810464] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1395.880024] Node 1 Normal: 0*4kB 2*8kB (UM) 1*16kB (U) 2*32kB (UM) 461*64kB (UM) 428*128kB (UM) 110*256kB (UM) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 113568kB [ 1395.917188] lowmem_reserve[]: 0 0 0 0 0 [ 1395.921226] Node 1 Normal free:57140kB min:53696kB low:67120kB high:80544kB active_anon:1704kB inactive_anon:29044kB active_file:2020kB inactive_file:1820kB unevictable:0kB writepending:148kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:968kB local_pcp:640kB free_cma:0kB [ 1395.927746] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1395.961633] lowmem_reserve[]: 0 0 0 0 0 [ 1395.966013] Node 0 DMA: 21*4kB (ME) 71*8kB (UME) 65*16kB (UME) 42*32kB (UME) 10*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1395.982202] Node 0 DMA32: 888*4kB (UMEH) 1970*8kB (UMEH) 320*16kB (UMEH) 165*32kB (UMEH) 4*64kB (H) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29968kB [ 1395.996837] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1396.001849] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1396.008173] Node 1 Normal: 199*4kB (UM) 95*8kB (UM) 57*16kB (M) 27*32kB (M) 6*64kB (M) 16*128kB (UM) 91*256kB (UM) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 30084kB [ 1396.023604] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1396.031292] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1396.049078] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1396.050675] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1396.057809] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1396.072940] 25415 total pagecache pages [ 1396.082531] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1396.088943] 0 pages in swap cache [ 1396.096365] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1396.115355] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1396.117576] Swap cache stats: add 0, delete 0, find 0/0 [ 1396.120594] 25415 total pagecache pages [ 1396.125857] Free swap = 0kB [ 1396.135349] CPU: 0 PID: 4018 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1396.142650] Total swap = 0kB [ 1396.143143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.146144] 2097051 pages RAM [ 1396.155502] Call Trace: [ 1396.155521] dump_stack+0x1b2/0x281 [ 1396.155535] warn_alloc.cold+0x96/0x1cc [ 1396.155547] ? zone_watermark_ok_safe+0x220/0x220 [ 1396.161832] 0 pages HighMem/MovableOnly [ 1396.164817] __alloc_pages_nodemask+0x2127/0x2720 [ 1396.168785] 363840 pages reserved [ 1396.173584] ? io_schedule_timeout+0x140/0x140 [ 1396.177553] 0 pages cma reserved [ 1396.182372] ? lock_acquire+0x170/0x3f0 [ 1396.185820] Out of memory (oom_kill_allocating_task): Kill process 3002 (syz-executor.1) score 0 or sacrifice child [ 1396.190391] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1396.190409] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1396.193777] Killed process 4036 (syz-executor.1) total-vm:93384kB, anon-rss:156kB, file-rss:34820kB, shmem-rss:0kB [ 1396.197729] ? __mutex_unlock_slowpath+0x75/0x770 [ 1396.197742] alloc_pages_current+0x155/0x260 [ 1396.197757] ion_page_pool_alloc+0x118/0x1b0 [ 1396.216688] oom_reaper: reaped process 4036 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1396.218582] ion_system_heap_allocate+0x133/0x8c0 [ 1396.218593] ? _raw_spin_unlock+0x29/0x40 [ 1396.218601] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1396.218611] ? ion_system_contig_heap_create+0x130/0x130 [ 1396.271875] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1396.276875] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1396.281717] ion_alloc+0x27a/0x810 [ 1396.285243] ? ion_dma_buf_release+0x40/0x40 [ 1396.289636] ? __might_fault+0x177/0x1b0 [ 1396.293680] ion_ioctl+0xea/0x1f0 [ 1396.297116] ? ion_query_heaps+0x360/0x360 [ 1396.301341] ? ion_query_heaps+0x360/0x360 [ 1396.305563] do_vfs_ioctl+0x75a/0xff0 [ 1396.309351] ? ioctl_preallocate+0x1a0/0x1a0 [ 1396.313743] ? lock_downgrade+0x740/0x740 [ 1396.318314] ? __fget+0x225/0x360 [ 1396.321749] ? do_vfs_ioctl+0xff0/0xff0 [ 1396.325707] ? security_file_ioctl+0x83/0xb0 [ 1396.330098] SyS_ioctl+0x7f/0xb0 [ 1396.333444] ? do_vfs_ioctl+0xff0/0xff0 [ 1396.337401] do_syscall_64+0x1d5/0x640 [ 1396.341362] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1396.346653] RIP: 0033:0x465f69 [ 1396.349843] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1396.357535] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1396.364807] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1396.372146] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1396.379399] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1396.386650] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1396.399213] in:imklog invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1396.413610] 0 pages in swap cache [ 1396.417112] Swap cache stats: add 0, delete 0, find 0/0 [ 1396.422467] Free swap = 0kB [ 1396.425473] Total swap = 0kB [ 1396.426039] Mem-Info: [ 1396.430384] in:imklog cpuset=/ mems_allowed=0-1 [ 1396.435728] CPU: 0 PID: 1956 Comm: in:imklog Not tainted 4.14.224-syzkaller #0 [ 1396.437400] active_anon:15213 inactive_anon:24270 isolated_anon:0 [ 1396.437400] active_file:30 inactive_file:16 isolated_file:0 [ 1396.437400] unevictable:0 dirty:4 writeback:0 unstable:0 [ 1396.437400] slab_reclaimable:13050 slab_unreclaimable:119917 [ 1396.437400] mapped:52820 shmem:25360 pagetables:1348 bounce:0 [ 1396.437400] free:16922 free_pcp:26 free_cma:0 [ 1396.443087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.476619] Node 0 active_anon:59140kB inactive_anon:68036kB active_file:44kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196536kB dirty:4kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1396.485927] Call Trace: [ 1396.485947] dump_stack+0x1b2/0x281 [ 1396.485960] dump_header+0x178/0x82f [ 1396.513638] Node 1 active_anon:1712kB inactive_anon:29044kB active_file:76kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14744kB dirty:12kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1396.516180] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1396.519801] Node 0 [ 1396.523480] ? ___ratelimit+0x2cd/0x530 [ 1396.550811] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1396.555869] oom_kill_process.cold+0x10/0xb18 [ 1396.558098] lowmem_reserve[]: [ 1396.562050] out_of_memory+0xe3e/0x1190 [ 1396.587674] 0 [ 1396.592121] ? oom_killer_disable+0x1c0/0x1c0 [ 1396.595184] 2717 2718 [ 1396.599164] ? mutex_trylock+0x152/0x1a0 [ 1396.599175] __alloc_pages_nodemask+0x23e1/0x2720 [ 1396.599195] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1396.600966] 2718 [ 1396.605455] alloc_pages_current+0x155/0x260 [ 1396.607935] 2718 [ 1396.611960] filemap_fault+0xea3/0x1980 [ 1396.616774] Node 0 [ 1396.621606] ext4_filemap_fault+0x84/0xb0 [ 1396.621616] __do_fault+0xfa/0x380 [ 1396.623666] DMA32 free:29912kB min:36200kB low:45248kB high:54296kB active_anon:59064kB inactive_anon:68036kB active_file:44kB inactive_file:28kB unevictable:0kB writepending:4kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4836kB bounce:0kB free_pcp:104kB local_pcp:104kB free_cma:0kB [ 1396.628047] __handle_mm_fault+0x2497/0x4620 [ 1396.628057] ? vm_insert_page+0x7c0/0x7c0 [ 1396.628067] ? lock_downgrade+0x740/0x740 [ 1396.630192] lowmem_reserve[]: [ 1396.634181] handle_mm_fault+0x391/0x860 [ 1396.636389] 0 [ 1396.640521] __do_page_fault+0x549/0xad0 [ 1396.640533] ? spurious_fault+0x640/0x640 [ 1396.640544] ? do_page_fault+0x60/0x500 [ 1396.644058] 0 [ 1396.673032] ? page_fault+0x2f/0x50 [ 1396.673040] page_fault+0x45/0x50 [ 1396.673049] RIP: 1fa0:0x1f9f [ 1396.673053] RSP: 0000:0000558b4ac369d0 EFLAGS: 7fc61ef60da0 [ 1396.675444] 2097051 pages RAM [ 1396.698758] 0 [ 1396.700784] 0 pages HighMem/MovableOnly [ 1396.702980] 0 [ 1396.706908] 363840 pages reserved [ 1396.723099] 0 [ 1396.725781] 0 pages cma reserved [ 1396.763177] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1396.822702] lowmem_reserve[]: 0 0 0 0 0 [ 1396.849873] Node 1 Normal free:101520kB min:53696kB low:67120kB high:80544kB active_anon:1712kB inactive_anon:29044kB active_file:184kB inactive_file:2120kB unevictable:0kB writepending:112kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:792kB local_pcp:656kB free_cma:0kB [ 1396.910212] lowmem_reserve[]: 0 0 0 0 0 [ 1396.913850] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1396.914475] Node 0 [ 1396.926121] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1396.926143] CPU: 0 PID: 4036 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1396.926149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.926152] Call Trace: [ 1396.926167] dump_stack+0x1b2/0x281 [ 1396.926181] warn_alloc.cold+0x96/0x1cc [ 1396.926193] ? zone_watermark_ok_safe+0x220/0x220 [ 1396.931716] DMA: [ 1396.933508] __alloc_pages_nodemask+0x2127/0x2720 [ 1396.941289] 23*4kB [ 1396.950613] ? _raw_spin_unlock_irq+0x24/0x80 [ 1396.950630] ? lock_acquire+0x170/0x3f0 [ 1396.953207] (UME) [ 1396.956821] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1396.960780] 71*8kB [ 1396.965594] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1396.967643] (UME) [ 1396.972454] ? __mutex_unlock_slowpath+0x75/0x770 [ 1396.974663] 65*16kB [ 1396.979144] alloc_pages_current+0x155/0x260 [ 1396.979159] ion_page_pool_alloc+0x118/0x1b0 [ 1396.983103] (UME) [ 1396.985236] ion_system_heap_allocate+0x133/0x8c0 [ 1396.990070] 42*32kB [ 1396.992277] ? _raw_spin_unlock+0x29/0x40 [ 1397.007048] (UME) [ 1397.011380] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1397.015760] 10*64kB [ 1397.017891] ? ion_system_contig_heap_create+0x130/0x130 [ 1397.017901] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1397.017910] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1397.017921] ion_alloc+0x27a/0x810 [ 1397.022740] (UME) [ 1397.025055] ? ion_dma_buf_release+0x40/0x40 [ 1397.029210] 9*128kB [ 1397.031323] ? __might_fault+0x177/0x1b0 [ 1397.036225] (UM) [ 1397.038535] ion_ioctl+0xea/0x1f0 [ 1397.038547] ? ion_query_heaps+0x360/0x360 [ 1397.043986] 4*256kB [ 1397.048984] ? ion_query_heaps+0x360/0x360 [ 1397.048993] do_vfs_ioctl+0x75a/0xff0 [ 1397.049005] ? ioctl_preallocate+0x1a0/0x1a0 [ 1397.053818] (UME) [ 1397.057338] ? lock_downgrade+0x740/0x740 [ 1397.057351] ? __fget+0x225/0x360 [ 1397.057359] ? do_vfs_ioctl+0xff0/0xff0 [ 1397.059483] 2*512kB [ 1397.063872] ? security_file_ioctl+0x83/0xb0 [ 1397.066166] (UE) [ 1397.070207] SyS_ioctl+0x7f/0xb0 [ 1397.070215] ? do_vfs_ioctl+0xff0/0xff0 [ 1397.070226] do_syscall_64+0x1d5/0x640 [ 1397.072263] 2*1024kB [ 1397.075702] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1397.079927] (UE) [ 1397.082219] RIP: 0033:0x465f69 [ 1397.086431] 1*2048kB [ 1397.090209] RSP: 002b:00007face3f0d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1397.090219] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1397.090224] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1397.090231] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1397.094642] Mem-Info: [ 1397.096759] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1397.096766] R13: 00007ffd7dcc854f R14: 00007face3f0d300 R15: 0000000000022000 [ 1397.100924] active_anon:15213 inactive_anon:24270 isolated_anon:0 [ 1397.100924] active_file:11 inactive_file:18 isolated_file:0 [ 1397.100924] unevictable:0 dirty:1 writeback:7 unstable:0 [ 1397.100924] slab_reclaimable:13043 slab_unreclaimable:119917 [ 1397.100924] mapped:52790 shmem:25360 pagetables:1348 bounce:0 [ 1397.100924] free:17993 free_pcp:0 free_cma:0 [ 1397.199701] syz-executor.1: [ 1397.229451] Node 0 active_anon:59136kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196536kB dirty:4kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1397.233312] (M) [ 1397.273507] Node 1 active_anon:1716kB inactive_anon:29044kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1397.278772] page allocation failure: order:0 [ 1397.306910] 0*4096kB = 10980kB [ 1397.314310] Node 0 [ 1397.314568] Node 0 [ 1397.314586] DMA free:10960kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1397.316786] DMA32: 743*4kB [ 1397.324372] lowmem_reserve[]: [ 1397.346562] (UME) 997*8kB (UME) 265*16kB (UME) 86*32kB (UME) 4*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18196kB [ 1397.358917] 0 2717 2718 2718 2718 [ 1397.364816] Node 0 [ 1397.366501] Node 0 [ 1397.366511] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1397.379472] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1397.382953] Node 1 [ 1397.395122] DMA32 free:18176kB min:36200kB low:45248kB high:54296kB active_anon:59060kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB writepending:4kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4836kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1397.395504] Normal: [ 1397.397404] lowmem_reserve[]: 0 0 0 0 0 [ 1397.397424] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1397.397446] lowmem_reserve[]: [ 1397.432926] 156*4kB [ 1397.439123] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1397.469787] 0 0 0 0 0 [ 1397.471704] (M) [ 1397.472292] Node 1 [ 1397.472295] 69*8kB (M) [ 1397.474271] Normal free:26276kB min:53696kB low:67120kB high:80544kB active_anon:1716kB inactive_anon:29044kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1397.486690] 45*16kB [ 1397.508713] CPU: 1 PID: 4036 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1397.518909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.520773] (UM) [ 1397.528257] Call Trace: [ 1397.528279] dump_stack+0x1b2/0x281 [ 1397.528292] warn_alloc.cold+0x96/0x1cc [ 1397.528302] ? lz4_init+0x20/0x190 [ 1397.528313] ? zone_watermark_ok_safe+0x220/0x220 [ 1397.528322] ? usleep_range+0x130/0x130 [ 1397.528330] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1397.528342] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1397.528352] ? run_timer_softirq+0x5a0/0x5a0 [ 1397.528367] __alloc_pages_nodemask+0x2127/0x2720 [ 1397.528380] ? lock_acquire+0x170/0x3f0 [ 1397.528393] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1397.528404] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1397.528417] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1397.543122] 38*32kB [ 1397.544156] alloc_pages_current+0x155/0x260 [ 1397.554210] (UM) [ 1397.558023] ion_page_pool_alloc+0x118/0x1b0 [ 1397.558034] ion_system_heap_allocate+0x133/0x8c0 [ 1397.558046] ? _raw_spin_unlock+0x29/0x40 [ 1397.558056] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1397.558066] ? ion_system_contig_heap_create+0x130/0x130 [ 1397.558076] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1397.558088] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1397.575294] 30*64kB [ 1397.576411] ion_alloc+0x27a/0x810 [ 1397.583999] (UM) [ 1397.585838] ? ion_dma_buf_release+0x40/0x40 [ 1397.604211] lowmem_reserve[]: [ 1397.604445] ? __might_fault+0x177/0x1b0 [ 1397.614544] 0 [ 1397.618319] ion_ioctl+0xea/0x1f0 [ 1397.618330] ? ion_query_heaps+0x360/0x360 [ 1397.618343] ? ion_query_heaps+0x360/0x360 [ 1397.618353] do_vfs_ioctl+0x75a/0xff0 [ 1397.618365] ? ioctl_preallocate+0x1a0/0x1a0 [ 1397.618374] ? lock_downgrade+0x740/0x740 [ 1397.618386] ? __fget+0x225/0x360 [ 1397.618395] ? do_vfs_ioctl+0xff0/0xff0 [ 1397.636094] 15*128kB [ 1397.639494] ? security_file_ioctl+0x83/0xb0 [ 1397.639506] SyS_ioctl+0x7f/0xb0 [ 1397.639514] ? do_vfs_ioctl+0xff0/0xff0 [ 1397.639525] do_syscall_64+0x1d5/0x640 [ 1397.639544] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1397.641593] (M) [ 1397.645984] RIP: 0033:0x465f69 [ 1397.661158] 0 [ 1397.662570] RSP: 002b:00007face3f0d188 EFLAGS: 00000246 [ 1397.666780] 0 0 [ 1397.670560] ORIG_RAX: 0000000000000010 [ 1397.670566] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1397.670570] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1397.670575] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1397.670579] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1397.670584] R13: 00007ffd7dcc854f R14: 00007face3f0d300 R15: 0000000000022000 [ 1397.678776] warn_alloc_show_mem: 1 callbacks suppressed [ 1397.678780] Mem-Info: [ 1397.684464] 72*256kB [ 1397.686588] active_anon:15213 inactive_anon:24270 isolated_anon:0 [ 1397.686588] active_file:14 inactive_file:14 isolated_file:0 [ 1397.686588] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1397.686588] slab_reclaimable:13043 slab_unreclaimable:119917 [ 1397.686588] mapped:52782 shmem:25360 pagetables:1348 bounce:0 [ 1397.686588] free:13853 free_pcp:0 free_cma:0 [ 1397.689052] (UM) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 26408kB [ 1397.700952] Node 0 active_anon:59136kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196536kB dirty:4kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1397.708992] 0 [ 1397.715489] Node 1 active_anon:1716kB inactive_anon:29044kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1397.724152] Node 0 [ 1397.733484] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1397.740669] DMA free:10960kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1397.744058] Node 0 [ 1397.761713] lowmem_reserve[]: [ 1397.764847] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1397.777609] 0 [ 1397.808210] DMA: 22*4kB (UME) 69*8kB (UME) 65*16kB (UME) 42*32kB (UME) 10*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10960kB [ 1397.808282] Node 0 DMA32: 743*4kB (UME) 997*8kB [ 1397.827457] 2717 [ 1397.842252] (UME) [ 1397.844025] 2718 [ 1397.875070] 265*16kB [ 1397.891804] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1397.911868] (UME) [ 1397.922608] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1397.923796] 86*32kB [ 1397.941830] 2718 [ 1397.954829] (UME) [ 1397.964103] 25385 total pagecache pages [ 1397.983194] 4*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18196kB [ 1397.984913] 0 pages in swap cache [ 1397.994518] 2718 [ 1397.995303] Node 0 [ 1397.996571] Node 0 [ 1397.996578] Normal: [ 1398.000818] DMA32 free:18196kB min:36200kB low:45248kB high:54296kB active_anon:59060kB inactive_anon:68036kB active_file:36kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4836kB bounce:0kB free_pcp:60kB local_pcp:60kB free_cma:0kB [ 1398.011862] 0*4kB [ 1398.033902] Swap cache stats: add 0, delete 0, find 0/0 [ 1398.041440] Free swap = 0kB [ 1398.042567] 0*8kB [ 1398.044445] Total swap = 0kB [ 1398.044451] 2097051 pages RAM [ 1398.046589] 0*16kB [ 1398.051545] 0 pages HighMem/MovableOnly [ 1398.056021] 0*32kB [ 1398.058970] 363840 pages reserved [ 1398.058974] 0 pages cma reserved [ 1398.061173] lowmem_reserve[]: 0 0 0 0 0 [ 1398.072343] 0*64kB [ 1398.074856] Node 0 [ 1398.074859] 0*128kB 0*256kB [ 1398.077126] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1398.083095] 0*512kB [ 1398.096619] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1398.105472] 0*1024kB [ 1398.127267] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1398.134795] CPU: 1 PID: 4018 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1398.136334] 0*2048kB [ 1398.142578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.142582] Call Trace: [ 1398.142599] dump_stack+0x1b2/0x281 [ 1398.142613] warn_alloc.cold+0x96/0x1cc [ 1398.142624] ? zone_watermark_ok_safe+0x220/0x220 [ 1398.142633] ? usleep_range+0x130/0x130 [ 1398.142641] ? try_to_free_pages+0x23f/0x6e0 [ 1398.142649] ? _find_next_bit+0xdb/0x100 [ 1398.142659] ? run_timer_softirq+0x5a0/0x5a0 [ 1398.142674] __alloc_pages_nodemask+0x2127/0x2720 [ 1398.155825] 0*4096kB [ 1398.156994] ? lock_acquire+0x170/0x3f0 [ 1398.157036] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1398.160636] = 0kB [ 1398.164732] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1398.180426] lowmem_reserve[]: [ 1398.181959] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1398.186335] 0 [ 1398.191197] alloc_pages_current+0x155/0x260 [ 1398.191212] ion_page_pool_alloc+0x118/0x1b0 [ 1398.191222] ion_system_heap_allocate+0x133/0x8c0 [ 1398.191234] ? _raw_spin_unlock+0x29/0x40 [ 1398.191243] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1398.191252] ? ion_system_contig_heap_create+0x130/0x130 [ 1398.191264] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1398.191274] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1398.191285] ion_alloc+0x27a/0x810 [ 1398.191300] ? ion_dma_buf_release+0x40/0x40 [ 1398.205715] 0 [ 1398.209115] ? __might_fault+0x177/0x1b0 [ 1398.209130] ion_ioctl+0xea/0x1f0 [ 1398.209140] ? ion_query_heaps+0x360/0x360 [ 1398.209152] ? ion_query_heaps+0x360/0x360 [ 1398.209163] do_vfs_ioctl+0x75a/0xff0 [ 1398.209174] ? ioctl_preallocate+0x1a0/0x1a0 [ 1398.209181] ? lock_downgrade+0x740/0x740 [ 1398.209194] ? __fget+0x225/0x360 [ 1398.214023] Node 1 [ 1398.217818] ? do_vfs_ioctl+0xff0/0xff0 [ 1398.217828] ? security_file_ioctl+0x83/0xb0 [ 1398.217837] SyS_ioctl+0x7f/0xb0 [ 1398.217845] ? do_vfs_ioctl+0xff0/0xff0 [ 1398.217856] do_syscall_64+0x1d5/0x640 [ 1398.217873] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1398.217881] RIP: 0033:0x465f69 [ 1398.217886] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1398.217897] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1398.217902] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1398.217907] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1398.217912] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1398.217917] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1398.376989] 0 0 0 [ 1398.379152] Node 1 Normal free:211500kB min:53696kB low:67120kB high:80544kB active_anon:1716kB inactive_anon:29044kB active_file:320kB inactive_file:2004kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:556kB bounce:0kB free_pcp:356kB local_pcp:120kB free_cma:0kB [ 1398.426979] lowmem_reserve[]: 0 0 0 0 0 [ 1398.446971] Node 0 DMA: 22*4kB (UME) 69*8kB (UME) 65*16kB (UME) 42*32kB (UME) 10*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10960kB [ 1398.476956] Node 0 DMA32: 709*4kB (ME) 1118*8kB (UME) 440*16kB (UME) 105*32kB (UME) 157*64kB (U) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32356kB [ 1398.506977] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1398.507025] Node 1 Normal: 2*4kB (UM) 2*8kB (UM) 2*16kB (UM) 0*32kB 240*64kB (UM) 297*128kB (UM) 121*256kB (UM) 5*512kB (UM) 1*1024kB (U) 1*2048kB (U) 0*4096kB = 90040kB [ 1398.507097] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1398.507103] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1398.507109] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1398.507115] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1398.507119] 26099 total pagecache pages [ 1398.507131] 0 pages in swap cache [ 1398.602192] Swap cache stats: add 0, delete 0, find 0/0 [ 1398.607657] Free swap = 0kB [ 1398.610667] Total swap = 0kB [ 1398.613678] 2097051 pages RAM [ 1398.616769] 0 pages HighMem/MovableOnly [ 1398.620859] 363840 pages reserved [ 1398.624300] 0 pages cma reserved [ 1398.628126] Normal: 120*4kB (M) 75*8kB (M) 21*16kB (M) 12*32kB (UM) 29*64kB (UM) 108*128kB (UM) 121*256kB (UM) 5*512kB (UM) 1*1024kB (U) 1*2048kB (U) 0*4096kB = 54088kB [ 1398.667568] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1398.676441] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1398.688124] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1398.699580] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1398.741254] 25399 total pagecache pages [ 1398.745250] 0 pages in swap cache [ 1398.765455] Swap cache stats: add 0, delete 0, find 0/0 [ 1398.770913] Free swap = 0kB [ 1398.773928] Total swap = 0kB [ 1398.788092] 2097051 pages RAM [ 1398.791825] 0 pages HighMem/MovableOnly [ 1398.795799] 363840 pages reserved [ 1398.803561] 0 pages cma reserved [ 1398.807336] Out of memory (oom_kill_allocating_task): Kill process 1956 (in:imklog) score 0 or sacrifice child [ 1398.821910] Killed process 1939 (rsyslogd) total-vm:254332kB, anon-rss:828kB, file-rss:0kB, shmem-rss:0kB [ 1398.848390] oom_reaper: reaped process 1939 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1399.950540] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1399.957255] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1400.005324] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1400.013669] CPU: 1 PID: 7961 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1400.013710] syz-executor.1 cpuset= [ 1400.021128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1400.021131] Call Trace: [ 1400.021148] dump_stack+0x1b2/0x281 [ 1400.021159] dump_header+0x178/0x82f [ 1400.021169] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1400.021178] ? ___ratelimit+0x2cd/0x530 [ 1400.021188] oom_kill_process.cold+0x10/0xb18 [ 1400.021206] out_of_memory+0xe3e/0x1190 [ 1400.021218] ? oom_killer_disable+0x1c0/0x1c0 [ 1400.021225] ? mutex_trylock+0x152/0x1a0 [ 1400.021235] __alloc_pages_nodemask+0x23e1/0x2720 [ 1400.021254] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1400.053726] / [ 1400.057608] alloc_pages_current+0x155/0x260 [ 1400.073487] mems_allowed=0-1 [ 1400.074931] filemap_fault+0xea3/0x1980 [ 1400.093033] ext4_filemap_fault+0x84/0xb0 [ 1400.097181] __do_fault+0xfa/0x380 [ 1400.100710] __handle_mm_fault+0x2497/0x4620 [ 1400.105112] ? vm_insert_page+0x7c0/0x7c0 [ 1400.109332] ? free_object+0xe4/0x240 [ 1400.113141] handle_mm_fault+0x391/0x860 [ 1400.117201] __do_page_fault+0x549/0xad0 [ 1400.121260] ? spurious_fault+0x640/0x640 [ 1400.125404] ? do_page_fault+0x60/0x500 [ 1400.129372] ? page_fault+0x2f/0x50 [ 1400.132993] page_fault+0x45/0x50 [ 1400.136432] RIP: 0000:0x93f060 [ 1400.139603] RSP: 4e20:000000c00003dfa0 EFLAGS: 0043b6a0 [ 1400.139622] CPU: 0 PID: 4047 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1400.152775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1400.162122] Call Trace: [ 1400.164712] dump_stack+0x1b2/0x281 [ 1400.166824] Mem-Info: [ 1400.168340] warn_alloc.cold+0x96/0x1cc [ 1400.170741] active_anon:15068 inactive_anon:24270 isolated_anon:0 [ 1400.170741] active_file:15 inactive_file:18 isolated_file:0 [ 1400.170741] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1400.170741] slab_reclaimable:12917 slab_unreclaimable:120932 [ 1400.170741] mapped:52839 shmem:25360 pagetables:1341 bounce:0 [ 1400.170741] free:14290 free_pcp:53 free_cma:0 [ 1400.174698] ? zone_watermark_ok_safe+0x220/0x220 [ 1400.208740] Node 0 active_anon:58264kB inactive_anon:68032kB active_file:16kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196764kB dirty:0kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1400.213531] __alloc_pages_nodemask+0x2127/0x2720 [ 1400.241294] Node 1 active_anon:2008kB inactive_anon:29048kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1400.246105] ? lock_acquire+0x170/0x3f0 [ 1400.273269] Node 0 [ 1400.277216] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1400.277233] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1400.279451] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1400.284270] ? __mutex_unlock_slowpath+0x75/0x770 [ 1400.289710] lowmem_reserve[]: [ 1400.315272] alloc_pages_current+0x155/0x260 [ 1400.315291] ion_page_pool_alloc+0x118/0x1b0 [ 1400.320120] 0 [ 1400.323198] ion_system_heap_allocate+0x133/0x8c0 [ 1400.327592] 2717 [ 1400.331970] ? ion_alloc+0x187/0x810 [ 1400.333747] 2718 [ 1400.338590] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1400.338600] ? ion_system_contig_heap_create+0x130/0x130 [ 1400.338612] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1400.340647] 2718 [ 1400.344379] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1400.346433] 2718 [ 1400.351866] ion_alloc+0x204/0x810 [ 1400.351881] ? ion_dma_buf_release+0x40/0x40 [ 1400.351892] ? __might_fault+0x177/0x1b0 [ 1400.362317] ion_ioctl+0xea/0x1f0 [ 1400.364350] Node 0 [ 1400.369172] ? ion_query_heaps+0x360/0x360 [ 1400.369185] ? ion_query_heaps+0x360/0x360 [ 1400.369194] do_vfs_ioctl+0x75a/0xff0 [ 1400.371243] DMA32 free:17988kB min:36200kB low:45248kB high:54296kB active_anon:58188kB inactive_anon:68032kB active_file:16kB inactive_file:28kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7616kB pagetables:4532kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1400.374758] ? ioctl_preallocate+0x1a0/0x1a0 [ 1400.379156] lowmem_reserve[]: [ 1400.383183] ? lock_downgrade+0x740/0x740 [ 1400.386611] 0 [ 1400.388834] ? __fget+0x225/0x360 [ 1400.388842] ? do_vfs_ioctl+0xff0/0xff0 [ 1400.388853] ? security_file_ioctl+0x83/0xb0 [ 1400.393065] 0 [ 1400.397373] SyS_ioctl+0x7f/0xb0 [ 1400.397382] ? do_vfs_ioctl+0xff0/0xff0 [ 1400.397394] do_syscall_64+0x1d5/0x640 [ 1400.397412] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1400.401198] 0 [ 1400.429294] RIP: 0033:0x465f69 [ 1400.429299] RSP: 002b:00007face3f0d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1400.429307] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1400.429311] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1400.429315] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1400.429320] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1400.429325] R13: 00007ffd7dcc854f R14: 00007face3f0d300 R15: 0000000000022000 [ 1400.488307] syz-executor.3: [ 1400.502950] 0 [ 1400.516679] page allocation failure: order:0 [ 1400.536737] 0 [ 1400.538166] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1400.560774] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1400.564618] Node 0 [ 1400.565918] CPU: 0 PID: 3992 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1400.565929] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1400.565934] lowmem_reserve[]: [ 1400.568153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1400.568157] Call Trace: [ 1400.568178] dump_stack+0x1b2/0x281 [ 1400.568191] warn_alloc.cold+0x96/0x1cc [ 1400.568204] ? zone_watermark_ok_safe+0x220/0x220 [ 1400.575984] 0 [ 1400.600862] ? usleep_range+0x130/0x130 [ 1400.600870] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1400.600882] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1400.600891] ? run_timer_softirq+0x5a0/0x5a0 [ 1400.600906] __alloc_pages_nodemask+0x2127/0x2720 [ 1400.603989] 0 [ 1400.613330] ? lock_acquire+0x170/0x3f0 [ 1400.613346] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1400.615907] 0 [ 1400.619516] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1400.619529] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1400.619542] ? retint_kernel+0x2d/0x2d [ 1400.623489] 0 [ 1400.628320] alloc_pages_current+0x155/0x260 [ 1400.628336] ion_page_pool_alloc+0x118/0x1b0 [ 1400.630114] 0 [ 1400.634069] ion_system_heap_allocate+0x133/0x8c0 [ 1400.644140] ? ion_alloc+0x187/0x810 [ 1400.648574] Node 1 [ 1400.653399] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1400.655180] Normal free:26436kB min:53696kB low:67120kB high:80544kB active_anon:2008kB inactive_anon:29048kB active_file:52kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:640kB pagetables:832kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1400.659130] ? ion_system_contig_heap_create+0x130/0x130 [ 1400.659138] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1400.659147] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1400.659158] ion_alloc+0x204/0x810 [ 1400.659173] ? ion_dma_buf_release+0x40/0x40 [ 1400.663987] lowmem_reserve[]: [ 1400.665776] ? __might_fault+0x177/0x1b0 [ 1400.670266] 0 [ 1400.675683] ion_ioctl+0xea/0x1f0 [ 1400.679671] 0 [ 1400.681446] ? ion_query_heaps+0x360/0x360 [ 1400.685825] 0 [ 1400.690218] ? ion_query_heaps+0x360/0x360 [ 1400.690228] do_vfs_ioctl+0x75a/0xff0 [ 1400.690239] ? ioctl_preallocate+0x1a0/0x1a0 [ 1400.692016] 0 [ 1400.696838] ? lock_downgrade+0x740/0x740 [ 1400.696851] ? __fget+0x225/0x360 [ 1400.696860] ? do_vfs_ioctl+0xff0/0xff0 [ 1400.700547] 0 [ 1400.702772] ? security_file_ioctl+0x83/0xb0 [ 1400.736024] SyS_ioctl+0x7f/0xb0 [ 1400.736033] ? do_vfs_ioctl+0xff0/0xff0 [ 1400.736043] do_syscall_64+0x1d5/0x640 [ 1400.741488] Node 0 [ 1400.746477] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1400.751307] DMA: [ 1400.754811] RIP: 0033:0x465f69 [ 1400.759220] 22*4kB [ 1400.762285] RSP: 002b:00007fba6af7e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1400.766439] (UME) [ 1400.768237] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1400.768248] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1400.768253] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1400.768260] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1400.771687] 70*8kB [ 1400.773468] R13: 00007ffcb4b3e7df R14: 00007fba6af7e300 R15: 0000000000022000 [ 1400.777692] (UME) [ 1400.789753] warn_alloc_show_mem: 1 callbacks suppressed [ 1400.789756] Mem-Info: [ 1400.820546] 65*16kB [ 1400.828149] active_anon:15068 inactive_anon:24270 isolated_anon:0 [ 1400.828149] active_file:15 inactive_file:0 isolated_file:0 [ 1400.828149] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1400.828149] slab_reclaimable:12917 slab_unreclaimable:120932 [ 1400.828149] mapped:52839 shmem:25360 pagetables:1341 bounce:0 [ 1400.828149] free:13873 free_pcp:30 free_cma:0 [ 1400.852975] (UME) [ 1400.861935] Node 0 active_anon:58264kB inactive_anon:68032kB active_file:16kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196764kB dirty:0kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1400.881372] 42*32kB [ 1400.893226] Node 1 active_anon:2008kB inactive_anon:29048kB active_file:44kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1400.910766] (UME) [ 1400.938949] Node 0 [ 1400.981255] 10*64kB [ 1400.999160] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.015449] (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10968kB [ 1401.032761] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1401.042103] Node 0 DMA32 free:18160kB min:36200kB low:45248kB high:54296kB active_anon:58188kB inactive_anon:68032kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7616kB pagetables:4532kB bounce:0kB free_pcp:36kB local_pcp:36kB free_cma:0kB [ 1401.054410] Node 0 [ 1401.077818] lowmem_reserve[]: 0 0 0 0 0 [ 1401.084076] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.089686] DMA32: 762*4kB (ME) 967*8kB (UME) 240*16kB (UME) 55*32kB (UME) 2*64kB (M) 1*128kB (U) 2*256kB (U) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 18176kB [ 1401.131175] lowmem_reserve[]: [ 1401.151002] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1401.156404] 0 [ 1401.175148] Node 1 Normal: 182*4kB (UM) 101*8kB (UM) 68*16kB (UM) 64*32kB (UM) 38*64kB (M) 27*128kB (UM) 9*256kB (M) 27*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 26688kB [ 1401.180792] 0 [ 1401.203872] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1401.210950] 0 0 0 [ 1401.216305] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1401.216683] Node 1 [ 1401.235779] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1401.241040] Normal free:26664kB min:53696kB low:67120kB high:80544kB active_anon:2008kB inactive_anon:29048kB active_file:32kB inactive_file:32kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:640kB pagetables:832kB bounce:0kB free_pcp:124kB local_pcp:124kB free_cma:0kB [ 1401.256035] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1401.290294] lowmem_reserve[]: 0 0 0 0 0 [ 1401.294303] Node 0 DMA: 23*4kB (UME) 70*8kB (UME) 65*16kB (UME) 42*32kB (UME) 10*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1401.296753] 25392 total pagecache pages [ 1401.314334] 0 pages in swap cache [ 1401.331264] Swap cache stats: add 0, delete 0, find 0/0 [ 1401.335345] Node 0 [ 1401.343603] Free swap = 0kB [ 1401.343695] DMA32: [ 1401.345963] Total swap = 0kB [ 1401.364617] 2097051 pages RAM [ 1401.365058] 946*4kB [ 1401.367968] 0 pages HighMem/MovableOnly [ 1401.373041] (UME) [ 1401.374236] 363840 pages reserved [ 1401.374242] 976*8kB [ 1401.376370] 0 pages cma reserved [ 1401.395652] (UME) 246*16kB (UME) 55*32kB (UME) 2*64kB (M) 1*128kB (U) 2*256kB (U) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 19080kB [ 1401.397007] Out of memory (oom_kill_allocating_task): Kill process 7961 (syz-fuzzer) score 0 or sacrifice child [ 1401.422350] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1401.427612] Killed process 3000 (syz-executor.3) total-vm:84924kB, anon-rss:68kB, file-rss:0kB, shmem-rss:0kB [ 1401.462610] oom_reaper: reaped process 3992 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1401.474740] Node 1 Normal: 182*4kB (UM) 105*8kB (UM) 68*16kB (UM) 64*32kB (UM) 38*64kB (M) 27*128kB (UM) 9*256kB (M) 27*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 26720kB [ 1401.494136] oom_reaper: reaped process 3000 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1401.504981] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1401.523097] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1401.551669] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1401.553161] syz-fuzzer cpuset= [ 1401.573339] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1401.579102] / mems_allowed=0-1 [ 1401.597667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1401.604026] CPU: 1 PID: 10318 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1401.606600] 25392 total pagecache pages [ 1401.614218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1401.614222] Call Trace: [ 1401.614241] dump_stack+0x1b2/0x281 [ 1401.614253] dump_header+0x178/0x82f [ 1401.614263] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1401.614272] ? ___ratelimit+0x2cd/0x530 [ 1401.614282] oom_kill_process.cold+0x10/0xb18 [ 1401.614299] out_of_memory+0xe3e/0x1190 [ 1401.614310] ? oom_killer_disable+0x1c0/0x1c0 [ 1401.614317] ? mutex_trylock+0x152/0x1a0 [ 1401.614327] __alloc_pages_nodemask+0x23e1/0x2720 [ 1401.614346] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1401.628948] 0 pages in swap cache [ 1401.630244] alloc_pages_current+0x155/0x260 [ 1401.633836] Swap cache stats: add 0, delete 0, find 0/0 [ 1401.637534] filemap_fault+0xea3/0x1980 [ 1401.637551] ext4_filemap_fault+0x84/0xb0 [ 1401.637562] __do_fault+0xfa/0x380 [ 1401.637571] __handle_mm_fault+0x2497/0x4620 [ 1401.637582] ? vm_insert_page+0x7c0/0x7c0 [ 1401.637603] handle_mm_fault+0x391/0x860 [ 1401.652468] Free swap = 0kB [ 1401.655078] __do_page_fault+0x549/0xad0 [ 1401.662171] Total swap = 0kB 18:04:53 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) [ 1401.663601] ? spurious_fault+0x640/0x640 [ 1401.675390] 2097051 pages RAM [ 1401.676674] ? do_page_fault+0x60/0x500 [ 1401.684696] 0 pages HighMem/MovableOnly [ 1401.686419] ? page_fault+0x2f/0x50 [ 1401.700922] 363840 pages reserved [ 1401.702407] page_fault+0x45/0x50 [ 1401.706530] 0 pages cma reserved [ 1401.710570] RIP: 6532180:0x1466c1a81fc [ 1401.710574] RSP: 039f:000000c0008e9e40 EFLAGS: 00000003 [ 1401.733920] Mem-Info: [ 1401.801871] active_anon:15018 inactive_anon:24270 isolated_anon:0 [ 1401.801871] active_file:36 inactive_file:1185 isolated_file:0 [ 1401.801871] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1401.801871] slab_reclaimable:12917 slab_unreclaimable:120499 [ 1401.801871] mapped:44939 shmem:25360 pagetables:1304 bounce:0 [ 1401.801871] free:34477 free_pcp:232 free_cma:0 [ 1401.854683] Node 0 active_anon:58064kB inactive_anon:68032kB active_file:120kB inactive_file:5720kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:166064kB dirty:0kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1401.946106] Node 1 active_anon:2008kB inactive_anon:29048kB active_file:124kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1402.032661] Node 0 DMA free:11832kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1402.080082] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1402.094032] Node 0 DMA32 free:161988kB min:36200kB low:45248kB high:54296kB active_anon:57812kB inactive_anon:68032kB active_file:2128kB inactive_file:8488kB unevictable:0kB writepending:24kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7584kB pagetables:4376kB bounce:0kB free_pcp:1176kB local_pcp:500kB free_cma:0kB [ 1402.153088] lowmem_reserve[]: 0 0 0 0 0 [ 1402.190568] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1402.220792] lowmem_reserve[]: 0 0 0 0 0 [ 1402.226238] Node 1 Normal free:564240kB min:53696kB low:67120kB high:80544kB active_anon:1900kB inactive_anon:29048kB active_file:52kB inactive_file:36kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:576kB pagetables:720kB bounce:0kB free_pcp:460kB local_pcp:332kB free_cma:0kB [ 1402.263672] lowmem_reserve[]: 0 0 0 0 0 [ 1402.268163] Node 0 DMA: 28*4kB (UME) 71*8kB (UME) 68*16kB (UME) 43*32kB (UME) 20*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 11848kB [ 1402.292362] Node 0 DMA32: 296*4kB (UME) 572*8kB (UME) 160*16kB (UME) 36*32kB (UME) 1316*64kB (UME) 182*128kB (UE) 111*256kB (UM) 16*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 153600kB [ 1402.315988] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1402.333594] Node 1 Normal: 223*4kB (UM) 162*8kB (UM) 156*16kB (UM) 102*32kB (UM) 5888*64kB (UM) 972*128kB (UM) 181*256kB (UM) 29*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 570380kB [ 1402.363896] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1402.387272] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1402.416706] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1402.426000] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1402.436743] 28290 total pagecache pages [ 1402.444402] 0 pages in swap cache [ 1402.459484] Swap cache stats: add 0, delete 0, find 0/0 [ 1402.466479] Free swap = 0kB [ 1402.472734] Total swap = 0kB [ 1402.476390] 2097051 pages RAM [ 1402.480818] 0 pages HighMem/MovableOnly [ 1402.485715] 363840 pages reserved [ 1402.490741] 0 pages cma reserved [ 1402.494868] Out of memory (oom_kill_allocating_task): Kill process 10318 (syz-fuzzer) score 0 or sacrifice child [ 1402.506967] Killed process 2998 (syz-executor.1) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 1402.526841] oom_reaper: reaped process 2998 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1402.865154] oom_reaper: reaped process 4039 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1402.936802] in:imklog invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1402.962796] in:imklog cpuset=/ mems_allowed=0-1 [ 1402.975963] CPU: 0 PID: 4051 Comm: in:imklog Not tainted 4.14.224-syzkaller #0 [ 1402.983358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1402.992729] Call Trace: [ 1402.995325] dump_stack+0x1b2/0x281 [ 1402.998971] dump_header+0x178/0x82f [ 1403.002670] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1403.007769] ? ___ratelimit+0x2cd/0x530 [ 1403.011724] oom_kill_process.cold+0x10/0xb18 [ 1403.016208] out_of_memory+0xe3e/0x1190 [ 1403.020166] ? oom_killer_disable+0x1c0/0x1c0 [ 1403.024638] ? mutex_trylock+0x152/0x1a0 [ 1403.028679] __alloc_pages_nodemask+0x23e1/0x2720 [ 1403.033510] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1403.038365] alloc_pages_current+0x155/0x260 [ 1403.042757] filemap_fault+0xea3/0x1980 [ 1403.046719] ext4_filemap_fault+0x84/0xb0 [ 1403.050852] __do_fault+0xfa/0x380 [ 1403.054373] __handle_mm_fault+0x2497/0x4620 [ 1403.058765] ? vm_insert_page+0x7c0/0x7c0 [ 1403.062908] ? lock_downgrade+0x740/0x740 [ 1403.067042] handle_mm_fault+0x391/0x860 [ 1403.071087] __do_page_fault+0x549/0xad0 [ 1403.075129] ? spurious_fault+0x640/0x640 [ 1403.079269] ? do_page_fault+0x60/0x500 [ 1403.083221] ? page_fault+0x2f/0x50 [ 1403.086827] page_fault+0x45/0x50 [ 1403.090263] RIP: 0000:0x1f9f [ 1403.093260] RSP: 90002188:0000000000000000 EFLAGS: 7f7494564430 [ 1403.097731] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1403.115692] Mem-Info: [ 1403.115722] active_anon:15101 inactive_anon:24270 isolated_anon:0 [ 1403.115722] active_file:43 inactive_file:37 isolated_file:0 [ 1403.115722] unevictable:0 dirty:54 writeback:0 unstable:0 [ 1403.115722] slab_reclaimable:12913 slab_unreclaimable:120967 [ 1403.115722] mapped:44163 shmem:25360 pagetables:1233 bounce:0 [ 1403.115722] free:13811 free_pcp:0 free_cma:0 [ 1403.115734] Node 0 active_anon:58048kB inactive_anon:68028kB active_file:52kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:162060kB dirty:0kB writeback:0kB shmem:72272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1403.115748] Node 1 active_anon:2356kB inactive_anon:29052kB active_file:120kB inactive_file:100kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:216kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1403.143507] syz-executor.3 cpuset= [ 1403.162141] Node 0 [ 1403.191989] / [ 1403.215384] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.216308] syz-executor.5: [ 1403.221193] lowmem_reserve[]: [ 1403.248411] mems_allowed=0-1 [ 1403.254638] CPU: 0 PID: 3992 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1403.255510] 0 [ 1403.262418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.262422] Call Trace: [ 1403.262439] dump_stack+0x1b2/0x281 [ 1403.262452] warn_alloc.cold+0x96/0x1cc [ 1403.262463] ? zone_watermark_ok_safe+0x220/0x220 [ 1403.262486] __alloc_pages_nodemask+0x2127/0x2720 [ 1403.262497] ? lock_acquire+0x170/0x3f0 [ 1403.262510] ? lock_acquire+0x170/0x3f0 [ 1403.262526] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1403.262544] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1403.262556] ? __mutex_unlock_slowpath+0x75/0x770 [ 1403.262564] ? __alloc_pages_nodemask+0x277/0x2720 [ 1403.262578] alloc_pages_current+0x155/0x260 [ 1403.262592] ion_page_pool_alloc+0x118/0x1b0 [ 1403.262603] ion_system_heap_allocate+0x133/0x8c0 [ 1403.262614] ? _raw_spin_unlock+0x29/0x40 [ 1403.262623] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1403.262633] ? ion_system_contig_heap_create+0x130/0x130 [ 1403.262642] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1403.262652] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1403.262663] ion_alloc+0x27a/0x810 [ 1403.262678] ? ion_dma_buf_release+0x40/0x40 [ 1403.262690] ? __might_fault+0x177/0x1b0 [ 1403.262703] ion_ioctl+0xea/0x1f0 [ 1403.262713] ? ion_query_heaps+0x360/0x360 [ 1403.262726] ? ion_query_heaps+0x360/0x360 [ 1403.262737] do_vfs_ioctl+0x75a/0xff0 [ 1403.262749] ? ioctl_preallocate+0x1a0/0x1a0 [ 1403.262756] ? lock_downgrade+0x740/0x740 [ 1403.262769] ? __fget+0x225/0x360 [ 1403.262778] ? do_vfs_ioctl+0xff0/0xff0 [ 1403.262788] ? security_file_ioctl+0x83/0xb0 [ 1403.262799] SyS_ioctl+0x7f/0xb0 [ 1403.262806] ? do_vfs_ioctl+0xff0/0xff0 [ 1403.262817] do_syscall_64+0x1d5/0x640 [ 1403.262832] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1403.262840] RIP: 0033:0x465f69 [ 1403.262845] RSP: 002b:00007fba6af7e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1403.262855] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1403.262860] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1403.262866] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1403.262872] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1403.262877] R13: 00007ffcb4b3e7df R14: 00007fba6af7e300 R15: 0000000000022000 [ 1403.264631] warn_alloc_show_mem: 1 callbacks suppressed [ 1403.264634] Mem-Info: [ 1403.267420] 2717 [ 1403.275804] page allocation failure: order:0 [ 1403.285001] 2718 [ 1403.292527] active_anon:15101 inactive_anon:24270 isolated_anon:0 [ 1403.292527] active_file:68 inactive_file:14 isolated_file:0 [ 1403.292527] unevictable:0 dirty:54 writeback:0 unstable:0 [ 1403.292527] slab_reclaimable:12913 slab_unreclaimable:120967 [ 1403.292527] mapped:44163 shmem:25360 pagetables:1233 bounce:0 [ 1403.292527] free:13811 free_pcp:2 free_cma:0 [ 1403.302245] 2718 [ 1403.311011] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1403.321597] 2718 [ 1403.323183] Node 0 active_anon:58048kB inactive_anon:68028kB active_file:52kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:162060kB dirty:0kB writeback:0kB shmem:72272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1403.340273] (null) [ 1403.345202] Node 0 [ 1403.345963] syz-executor.5 cpuset= [ 1403.359454] DMA32 free:17776kB min:36200kB low:45248kB high:54296kB active_anon:57972kB inactive_anon:68028kB active_file:52kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7552kB pagetables:4248kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 1403.364612] Node 1 active_anon:2356kB inactive_anon:29052kB active_file:220kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:216kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1403.364805] lowmem_reserve[]: [ 1403.369224] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.369244] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1403.369264] Node 0 DMA32 free:17776kB min:36200kB low:45248kB high:54296kB active_anon:57972kB inactive_anon:68028kB active_file:52kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7552kB pagetables:4248kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 1403.369285] lowmem_reserve[]: [ 1403.385496] 0 [ 1403.392392] / [ 1403.395995] 0 [ 1403.397862] mems_allowed=0-1 [ 1403.411815] 0 [ 1403.416365] 0 [ 1403.427140] 0 [ 1403.432681] CPU: 0 PID: 4039 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1403.439239] 0 [ 1403.444305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.458804] Call Trace: [ 1403.458825] dump_stack+0x1b2/0x281 [ 1403.458838] warn_alloc.cold+0x96/0x1cc [ 1403.466084] Node 0 [ 1403.473340] ? zone_watermark_ok_safe+0x220/0x220 [ 1403.473350] ? usleep_range+0x130/0x130 [ 1403.473359] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1403.478724] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.481097] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1403.483129] lowmem_reserve[]: [ 1403.487518] ? run_timer_softirq+0x5a0/0x5a0 [ 1403.487537] __alloc_pages_nodemask+0x2127/0x2720 [ 1403.489585] 0 [ 1403.522799] ? lock_acquire+0x170/0x3f0 [ 1403.522815] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1403.524853] 0 [ 1403.531933] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1403.531948] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1403.531965] alloc_pages_current+0x155/0x260 [ 1403.533996] 0 [ 1403.561673] ion_page_pool_alloc+0x118/0x1b0 [ 1403.561684] ion_system_heap_allocate+0x133/0x8c0 [ 1403.561693] ? ion_alloc+0x187/0x810 [ 1403.561702] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1403.561714] ? ion_system_contig_heap_create+0x130/0x130 [ 1403.563851] 0 [ 1403.566072] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1403.569613] 0 [ 1403.597523] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1403.597536] ion_alloc+0x204/0x810 [ 1403.597551] ? ion_dma_buf_release+0x40/0x40 [ 1403.597563] ? __might_fault+0x177/0x1b0 [ 1403.628057] ion_ioctl+0xea/0x1f0 [ 1403.628067] ? ion_query_heaps+0x360/0x360 [ 1403.628080] ? ion_query_heaps+0x360/0x360 [ 1403.654271] Node 1 [ 1403.659251] do_vfs_ioctl+0x75a/0xff0 [ 1403.659273] ? ioctl_preallocate+0x1a0/0x1a0 [ 1403.687812] Normal free:26504kB min:53696kB low:67120kB high:80544kB active_anon:2356kB inactive_anon:29052kB active_file:220kB inactive_file:8kB unevictable:0kB writepending:216kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:672kB pagetables:684kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.690875] ? lock_downgrade+0x740/0x740 [ 1403.692648] lowmem_reserve[]: [ 1403.694351] ? __fget+0x225/0x360 [ 1403.696123] 0 [ 1403.699210] ? do_vfs_ioctl+0xff0/0xff0 [ 1403.699220] ? security_file_ioctl+0x83/0xb0 [ 1403.699228] SyS_ioctl+0x7f/0xb0 [ 1403.699237] ? do_vfs_ioctl+0xff0/0xff0 [ 1403.701017] 0 [ 1403.702800] do_syscall_64+0x1d5/0x640 [ 1403.704573] 0 [ 1403.712353] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1403.712361] RIP: 0033:0x465f69 [ 1403.712367] RSP: 002b:00007febda737188 EFLAGS: 00000246 [ 1403.714146] 0 [ 1403.723479] ORIG_RAX: 0000000000000010 [ 1403.723485] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1403.723490] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1403.723495] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1403.723503] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1403.726066] 0 [ 1403.729677] R13: 00007ffda11ce07f R14: 00007febda737300 R15: 0000000000022000 [ 1403.734277] 0 [ 1403.740729] 0 0 0 [ 1403.740742] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.740761] lowmem_reserve[]: 0 0 0 0 0 [ 1403.740781] Node 1 Normal free:26504kB min:53696kB low:67120kB high:80544kB active_anon:2356kB inactive_anon:29052kB active_file:220kB inactive_file:8kB unevictable:0kB writepending:216kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:672kB pagetables:684kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.740799] lowmem_reserve[]: 0 0 0 0 0 [ 1403.740818] Node 0 DMA: 22*4kB (UME) 20*8kB [ 1403.760878] Node 0 [ 1403.775005] (UME) 44*16kB (UME) [ 1403.793311] DMA: [ 1403.794259] 43*32kB [ 1403.804434] 22*4kB [ 1403.806595] (UME) [ 1403.815255] (UME) [ 1403.822482] 19*64kB [ 1403.830875] 20*8kB [ 1403.833983] (UME) [ 1403.850938] (UME) [ 1403.851727] 10*128kB [ 1403.853510] 44*16kB [ 1403.858499] (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10968kB [ 1403.858537] Node 0 DMA32: 867*4kB [ 1403.867327] (UME) [ 1403.870532] (UME) [ 1403.873932] 43*32kB [ 1403.879493] 966*8kB [ 1403.892497] (UME) [ 1403.893174] (UME) [ 1403.930747] 19*64kB [ 1403.932110] 260*16kB [ 1403.933915] (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10968kB [ 1403.933950] Node 0 DMA32: 867*4kB (UME) 966*8kB (UME) [ 1403.938247] (UME) [ 1403.949638] 260*16kB [ 1403.949778] 75*32kB [ 1403.951520] (UME) [ 1403.955368] (UME) [ 1403.969351] 75*32kB [ 1403.971404] 8*64kB [ 1403.973144] (UME) [ 1403.977125] (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18396kB [ 1403.977163] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1403.977212] Node 1 Normal: 120*4kB [ 1403.994845] 8*64kB [ 1404.012850] (M) [ 1404.029497] (UM) [ 1404.045014] 49*8kB [ 1404.066569] 1*128kB [ 1404.080852] (UM) [ 1404.081500] (M) [ 1404.085887] 64*16kB [ 1404.100274] 0*256kB [ 1404.103533] (UM) [ 1404.104739] 0*512kB [ 1404.107018] 61*32kB (UM) 40*64kB (UM) 25*128kB (M) 10*256kB (M) 28*512kB (U) 0*1024kB [ 1404.117297] 0*1024kB [ 1404.128404] 0*2048kB [ 1404.142219] 0*2048kB [ 1404.144531] 0*4096kB [ 1404.145834] 0*4096kB [ 1404.165019] = 26504kB [ 1404.172368] = 18396kB [ 1404.174728] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1404.177003] Node 0 Normal: 0*4kB [ 1404.193555] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1404.216566] 0*8kB [ 1404.257186] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1404.283511] 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1404.302160] Node 1 Normal: 1*4kB (M) 1*8kB (M) 62*16kB (M) 60*32kB (M) 1394*64kB (UM) 385*128kB (UM) 74*256kB (UM) 28*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 174700kB [ 1404.331241] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1404.351992] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1404.366585] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1404.370422] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1404.384483] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1404.386594] 25890 total pagecache pages [ 1404.411179] 26075 total pagecache pages [ 1404.417047] 0 pages in swap cache [ 1404.420978] Swap cache stats: add 0, delete 0, find 0/0 [ 1404.436786] Free swap = 0kB [ 1404.440324] Total swap = 0kB [ 1404.441374] 0 pages in swap cache [ 1404.443594] 2097051 pages RAM [ 1404.451724] Swap cache stats: add 0, delete 0, find 0/0 [ 1404.454356] 0 pages HighMem/MovableOnly [ 1404.476830] Free swap = 0kB [ 1404.479863] Total swap = 0kB [ 1404.482874] 2097051 pages RAM [ 1404.485967] 0 pages HighMem/MovableOnly [ 1404.486557] 363840 pages reserved [ 1404.493444] 0 pages cma reserved [ 1404.517185] 363840 pages reserved [ 1404.520671] 0 pages cma reserved [ 1404.526593] Out of memory (oom_kill_allocating_task): Kill process 4051 (in:imklog) score 0 or sacrifice child [ 1404.566638] Killed process 4048 (rsyslogd) total-vm:254332kB, anon-rss:540kB, file-rss:0kB, shmem-rss:0kB [ 1404.581854] oom_reaper: reaped process 4048 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1405.644128] oom_reaper: reaped process 4047 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1405.667675] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1405.692640] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1405.699858] in:imklog invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1405.706518] CPU: 1 PID: 4039 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1405.720147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.729517] Call Trace: [ 1405.731752] in:imklog cpuset=/ [ 1405.732103] dump_stack+0x1b2/0x281 [ 1405.732111] mems_allowed=0-1 [ 1405.735289] warn_alloc.cold+0x96/0x1cc [ 1405.746047] ? zone_watermark_ok_safe+0x220/0x220 [ 1405.750891] __alloc_pages_nodemask+0x2127/0x2720 [ 1405.755718] ? io_schedule_timeout+0x140/0x140 [ 1405.760298] ? lock_acquire+0x170/0x3f0 [ 1405.764266] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1405.769193] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1405.774895] ? __mutex_unlock_slowpath+0x75/0x770 [ 1405.776520] syz-executor.1: page allocation failure: order:0 [ 1405.779725] alloc_pages_current+0x155/0x260 [ 1405.779739] ion_page_pool_alloc+0x118/0x1b0 [ 1405.785601] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1405.789990] ion_system_heap_allocate+0x133/0x8c0 [ 1405.790001] ? _raw_spin_unlock+0x29/0x40 [ 1405.790009] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1405.790019] ? ion_system_contig_heap_create+0x130/0x130 [ 1405.790029] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1405.790039] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1405.790049] ion_alloc+0x27a/0x810 [ 1405.790063] ? ion_dma_buf_release+0x40/0x40 [ 1405.790075] ? __might_fault+0x177/0x1b0 [ 1405.809478] (null) [ 1405.810496] ion_ioctl+0xea/0x1f0 [ 1405.815395] syz-executor.1 cpuset= [ 1405.820830] ? ion_query_heaps+0x360/0x360 [ 1405.820842] ? ion_query_heaps+0x360/0x360 [ 1405.820852] do_vfs_ioctl+0x75a/0xff0 [ 1405.820862] ? ioctl_preallocate+0x1a0/0x1a0 [ 1405.820871] ? lock_downgrade+0x740/0x740 [ 1405.820885] ? __fget+0x225/0x360 [ 1405.820892] ? do_vfs_ioctl+0xff0/0xff0 [ 1405.820904] ? security_file_ioctl+0x83/0xb0 [ 1405.849800] / [ 1405.851752] SyS_ioctl+0x7f/0xb0 [ 1405.855965] mems_allowed=0-1 [ 1405.860177] ? do_vfs_ioctl+0xff0/0xff0 [ 1405.860189] do_syscall_64+0x1d5/0x640 [ 1405.860205] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1405.860214] RIP: 0033:0x465f69 [ 1405.860218] RSP: 002b:00007febda737188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1405.860227] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1405.860232] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1405.860239] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1405.938179] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1405.945437] R13: 00007ffda11ce07f R14: 00007febda737300 R15: 0000000000022000 [ 1405.952705] CPU: 0 PID: 4047 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1405.960495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.969836] Call Trace: [ 1405.972424] dump_stack+0x1b2/0x281 [ 1405.976043] warn_alloc.cold+0x96/0x1cc [ 1405.980038] ? zone_watermark_ok_safe+0x220/0x220 [ 1405.984950] ? usleep_range+0x130/0x130 [ 1405.988915] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1405.994009] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1405.999006] ? run_timer_softirq+0x5a0/0x5a0 [ 1406.003416] __alloc_pages_nodemask+0x2127/0x2720 [ 1406.008249] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1406.013084] ? policy_node+0xb3/0x110 [ 1406.016870] alloc_pages_current+0x155/0x260 [ 1406.021352] ion_page_pool_alloc+0x118/0x1b0 [ 1406.025742] ion_system_heap_allocate+0x133/0x8c0 [ 1406.030567] ? ion_alloc+0x187/0x810 [ 1406.034263] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1406.039695] ? ion_system_contig_heap_create+0x130/0x130 [ 1406.045126] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1406.050124] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1406.054948] ion_alloc+0x204/0x810 [ 1406.058478] ? ion_dma_buf_release+0x40/0x40 [ 1406.062870] ? __might_fault+0x177/0x1b0 [ 1406.066915] ion_ioctl+0xea/0x1f0 [ 1406.070350] ? ion_query_heaps+0x360/0x360 [ 1406.074568] ? ion_query_heaps+0x360/0x360 [ 1406.078786] do_vfs_ioctl+0x75a/0xff0 [ 1406.082571] ? ioctl_preallocate+0x1a0/0x1a0 [ 1406.086966] ? lock_downgrade+0x740/0x740 [ 1406.091099] ? __fget+0x225/0x360 [ 1406.094533] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.098504] ? security_file_ioctl+0x83/0xb0 [ 1406.102897] SyS_ioctl+0x7f/0xb0 [ 1406.106243] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.110202] do_syscall_64+0x1d5/0x640 [ 1406.114076] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1406.119246] RIP: 0033:0x465f69 [ 1406.122422] RSP: 002b:00007face3f0d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.130111] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1406.137363] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1406.144701] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1406.151979] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1406.159230] R13: 00007ffd7dcc854f R14: 00007face3f0d300 R15: 0000000000022000 [ 1406.166599] CPU: 1 PID: 4056 Comm: in:imklog Not tainted 4.14.224-syzkaller #0 [ 1406.173968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.177503] warn_alloc_show_mem: 1 callbacks suppressed [ 1406.177506] Mem-Info: [ 1406.183335] Call Trace: [ 1406.192085] active_anon:15101 inactive_anon:24270 isolated_anon:0 [ 1406.192085] active_file:17 inactive_file:4 isolated_file:0 [ 1406.192085] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1406.192085] slab_reclaimable:12906 slab_unreclaimable:121037 [ 1406.192085] mapped:35494 shmem:25360 pagetables:1233 bounce:0 [ 1406.192085] free:13891 free_pcp:34 free_cma:0 [ 1406.193675] dump_stack+0x1b2/0x281 [ 1406.230410] dump_header+0x178/0x82f [ 1406.232181] Node 0 active_anon:57876kB inactive_anon:68028kB active_file:4kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127412kB dirty:0kB writeback:0kB shmem:72272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1406.234118] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1406.266787] ? ___ratelimit+0x2cd/0x530 [ 1406.267060] Node 1 active_anon:2528kB inactive_anon:29052kB active_file:64kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14564kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1406.270754] oom_kill_process.cold+0x10/0xb18 [ 1406.302307] out_of_memory+0xe3e/0x1190 [ 1406.304307] Node 0 DMA free:10960kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.306285] ? oom_killer_disable+0x1c0/0x1c0 [ 1406.306296] ? mutex_trylock+0x152/0x1a0 [ 1406.341084] __alloc_pages_nodemask+0x23e1/0x2720 [ 1406.345939] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1406.350804] alloc_pages_current+0x155/0x260 [ 1406.355218] filemap_fault+0xea3/0x1980 [ 1406.359208] ext4_filemap_fault+0x84/0xb0 [ 1406.363441] __do_fault+0xfa/0x380 [ 1406.366982] __handle_mm_fault+0x2497/0x4620 [ 1406.371391] ? vm_insert_page+0x7c0/0x7c0 [ 1406.375021] lowmem_reserve[]: [ 1406.375529] ? lock_downgrade+0x740/0x740 [ 1406.375531] 0 2717 [ 1406.378717] handle_mm_fault+0x391/0x860 [ 1406.378728] __do_page_fault+0x549/0xad0 [ 1406.378738] ? spurious_fault+0x640/0x640 [ 1406.378746] ? do_page_fault+0x60/0x500 [ 1406.378761] ? page_fault+0x2f/0x50 [ 1406.378769] page_fault+0x45/0x50 [ 1406.378777] RIP: 1fa0:0x1f9f [ 1406.378781] RSP: 0000:00005581bfa859d0 EFLAGS: 7fcab1101da0 [ 1406.386092] syz-executor.3: [ 1406.400519] 2718 [ 1406.408181] Mem-Info: [ 1406.410218] 2718 [ 1406.411512] active_anon:15060 inactive_anon:24270 isolated_anon:0 [ 1406.411512] active_file:16 inactive_file:17 isolated_file:0 [ 1406.411512] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1406.411512] slab_reclaimable:12906 slab_unreclaimable:121037 [ 1406.411512] mapped:35497 shmem:25360 pagetables:1233 bounce:0 [ 1406.411512] free:13906 free_pcp:35 free_cma:0 [ 1406.420847] 2718 [ 1406.430102] page allocation failure: order:0 [ 1406.462364] syz-executor.5: [ 1406.469862] Node 0 DMA32 free:18048kB min:36200kB low:45248kB high:54296kB active_anon:57720kB inactive_anon:68028kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7552kB pagetables:4148kB bounce:0kB free_pcp:132kB local_pcp:0kB free_cma:0kB [ 1406.471967] Node 0 active_anon:57796kB inactive_anon:68028kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127396kB dirty:0kB writeback:0kB shmem:72272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1406.509256] lowmem_reserve[]: [ 1406.527313] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1406.537199] 0 0 0 0 0 [ 1406.540841] syz-executor.5 cpuset= [ 1406.543314] Node 0 [ 1406.543316] / mems_allowed=0-1 [ 1406.552277] CPU: 1 PID: 4039 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1406.555498] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.560146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.560150] Call Trace: [ 1406.560170] dump_stack+0x1b2/0x281 [ 1406.560184] warn_alloc.cold+0x96/0x1cc [ 1406.560195] ? zone_watermark_ok_safe+0x220/0x220 [ 1406.560204] ? usleep_range+0x130/0x130 [ 1406.560216] ? try_to_free_pages+0x23f/0x6e0 [ 1406.595790] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1406.597039] ? _find_next_bit+0xdb/0x100 [ 1406.597050] ? run_timer_softirq+0x5a0/0x5a0 [ 1406.597072] __alloc_pages_nodemask+0x2127/0x2720 [ 1406.597093] ? lock_acquire+0x170/0x3f0 [ 1406.600699] (null) [ 1406.604682] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1406.620277] syz-executor.3 cpuset= [ 1406.624935] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1406.635446] / [ 1406.638197] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1406.646197] lowmem_reserve[]: [ 1406.649132] alloc_pages_current+0x155/0x260 [ 1406.649149] ion_page_pool_alloc+0x118/0x1b0 [ 1406.649160] ion_system_heap_allocate+0x133/0x8c0 [ 1406.649173] ? _raw_spin_unlock+0x29/0x40 [ 1406.649183] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1406.649192] ? ion_system_contig_heap_create+0x130/0x130 [ 1406.649203] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1406.649212] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1406.649222] ion_alloc+0x27a/0x810 [ 1406.663210] 0 [ 1406.665323] ? ion_dma_buf_release+0x40/0x40 [ 1406.670199] mems_allowed=0-1 [ 1406.672791] ? __might_fault+0x177/0x1b0 [ 1406.686103] 0 [ 1406.686162] ion_ioctl+0xea/0x1f0 [ 1406.705054] 0 [ 1406.706330] ? ion_query_heaps+0x360/0x360 [ 1406.725048] 0 [ 1406.728388] ? ion_query_heaps+0x360/0x360 [ 1406.728400] do_vfs_ioctl+0x75a/0xff0 [ 1406.728412] ? ioctl_preallocate+0x1a0/0x1a0 [ 1406.728421] ? lock_downgrade+0x740/0x740 [ 1406.728433] ? __fget+0x225/0x360 [ 1406.745011] 0 [ 1406.745107] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.762790] ? security_file_ioctl+0x83/0xb0 [ 1406.767189] SyS_ioctl+0x7f/0xb0 [ 1406.767196] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.767208] do_syscall_64+0x1d5/0x640 [ 1406.767225] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1406.767235] RIP: 0033:0x465f69 [ 1406.772385] Node 1 [ 1406.774541] RSP: 002b:00007febda737188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.796749] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1406.803238] Normal free:26492kB min:53696kB low:67120kB high:80544kB active_anon:2444kB inactive_anon:29052kB active_file:56kB inactive_file:60kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:672kB pagetables:784kB bounce:0kB free_pcp:128kB local_pcp:0kB free_cma:0kB [ 1406.804011] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1406.839179] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1406.846464] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1406.853721] R13: 00007ffda11ce07f R14: 00007febda737300 R15: 0000000000022000 [ 1406.861449] CPU: 0 PID: 3992 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1406.863818] Node 1 active_anon:2444kB inactive_anon:29052kB active_file:56kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1406.869242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.869246] Call Trace: [ 1406.869262] dump_stack+0x1b2/0x281 [ 1406.869275] warn_alloc.cold+0x96/0x1cc [ 1406.869287] ? zone_watermark_ok_safe+0x220/0x220 [ 1406.896444] Node 0 [ 1406.905853] ? usleep_range+0x130/0x130 [ 1406.908440] DMA free:10960kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.912018] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1406.915962] lowmem_reserve[]: [ 1406.920789] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1406.920799] ? run_timer_softirq+0x5a0/0x5a0 [ 1406.920815] __alloc_pages_nodemask+0x2127/0x2720 [ 1406.923025] 0 [ 1406.926984] ? lock_acquire+0x170/0x3f0 [ 1406.927000] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1406.952821] 2717 [ 1406.957762] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1406.957776] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1406.957791] ? alloc_pages_current+0x135/0x260 [ 1406.960868] 2718 [ 1406.965866] alloc_pages_current+0x155/0x260 [ 1406.970266] 2718 [ 1406.975075] ion_page_pool_alloc+0x118/0x1b0 [ 1406.976863] 2718 [ 1406.980809] ion_system_heap_allocate+0x133/0x8c0 [ 1406.987669] ? _raw_spin_unlock+0x29/0x40 [ 1406.987678] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1406.987688] ? ion_system_contig_heap_create+0x130/0x130 [ 1406.992157] Node 0 [ 1406.997590] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1406.997600] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1406.997611] ion_alloc+0x27a/0x810 [ 1407.002176] DMA32 free:18048kB min:36200kB low:45248kB high:54296kB active_anon:57720kB inactive_anon:68028kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7552kB pagetables:4148kB bounce:0kB free_pcp:132kB local_pcp:132kB free_cma:0kB [ 1407.004215] ? ion_dma_buf_release+0x40/0x40 [ 1407.008625] lowmem_reserve[]: [ 1407.010666] ? __might_fault+0x177/0x1b0 [ 1407.015045] 0 [ 1407.017091] ion_ioctl+0xea/0x1f0 [ 1407.017101] ? ion_query_heaps+0x360/0x360 [ 1407.017114] ? ion_query_heaps+0x360/0x360 [ 1407.021926] 0 [ 1407.026056] do_vfs_ioctl+0x75a/0xff0 [ 1407.030972] 0 [ 1407.036391] ? ioctl_preallocate+0x1a0/0x1a0 [ 1407.036398] ? lock_downgrade+0x740/0x740 [ 1407.036411] ? __fget+0x225/0x360 [ 1407.038622] 0 [ 1407.043633] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.048466] 0 [ 1407.051976] ? security_file_ioctl+0x83/0xb0 [ 1407.084445] SyS_ioctl+0x7f/0xb0 [ 1407.087540] Node 0 [ 1407.091571] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.093355] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1407.096780] do_syscall_64+0x1d5/0x640 [ 1407.096794] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1407.096803] RIP: 0033:0x465f69 [ 1407.101020] lowmem_reserve[]: [ 1407.105227] RSP: 002b:00007fba6af7e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1407.107030] 0 [ 1407.110793] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1407.112570] 0 [ 1407.116954] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1407.116959] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1407.116964] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1407.116969] R13: 00007ffcb4b3e7df R14: 00007fba6af7e300 R15: 0000000000022000 [ 1407.129832] lowmem_reserve[]: [ 1407.133008] 0 [ 1407.144785] 0 [ 1407.146012] 0 [ 1407.181172] 0 [ 1407.185839] 0 [ 1407.186290] 0 [ 1407.194029] Node 1 Normal free:26492kB min:53696kB low:67120kB high:80544kB active_anon:2444kB inactive_anon:29052kB active_file:56kB inactive_file:60kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:672kB pagetables:784kB bounce:0kB free_pcp:128kB local_pcp:128kB free_cma:0kB [ 1407.194047] lowmem_reserve[]: 0 0 0 0 0 [ 1407.194065] Node 0 DMA: 22*4kB (UME) 19*8kB (ME) 44*16kB (UME) 43*32kB (UME) 19*64kB (UME) 10*128kB [ 1407.216153] 0 [ 1407.225622] (UM) [ 1407.266405] 0 [ 1407.279370] 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10960kB [ 1407.304024] Node 0 DMA: 23*4kB (UME) 21*8kB (UME) 44*16kB (UME) 43*32kB (UME) 19*64kB [ 1407.304071] Node 0 DMA32: 788*4kB (UME) 971*8kB (UME) 241*16kB (ME) 50*32kB (UME) 111*64kB (UM) 66*128kB (UM) 7*256kB (U) 3*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 35256kB [ 1407.322465] (UME) 10*128kB [ 1407.327616] Node 0 [ 1407.327623] (UM) [ 1407.330538] Normal: [ 1407.332761] 4*256kB [ 1407.334812] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1407.340702] (UME) [ 1407.349051] Node 1 Normal: [ 1407.351195] 2*512kB [ 1407.351202] 59*4kB [ 1407.354108] (UE) 2*1024kB [ 1407.356448] (UM) 86*8kB (UM) 66*16kB (UM) 58*32kB (UM) 185*64kB (UM) 23*128kB (UM) 12*256kB (UM) 57*512kB (UM) 2*1024kB (U) 0*2048kB 0*4096kB = 52924kB [ 1407.361972] (UE) [ 1407.375302] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1407.375309] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1407.375314] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1407.375320] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1407.375324] 25415 total pagecache pages [ 1407.375334] 0 pages in swap cache [ 1407.381285] 1*2048kB [ 1407.386224] Swap cache stats: add 0, delete 0, find 0/0 [ 1407.394872] warn_alloc_show_mem: 2 callbacks suppressed [ 1407.394875] Mem-Info: [ 1407.403939] Free swap = 0kB [ 1407.419456] (M) [ 1407.420350] Total swap = 0kB [ 1407.422242] 0*4096kB [ 1407.427626] 2097051 pages RAM [ 1407.427630] 0 pages HighMem/MovableOnly [ 1407.427633] 363840 pages reserved [ 1407.427636] 0 pages cma reserved [ 1407.427643] Out of memory (oom_kill_allocating_task): Kill process 4056 (in:imklog) score 0 or sacrifice child [ 1407.427686] Killed process 4054 (rsyslogd) total-vm:254332kB, anon-rss:408kB, file-rss:0kB, shmem-rss:0kB [ 1407.431270] oom_reaper: reaped process 4054 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1407.446419] = 10980kB [ 1407.476648] active_anon:14860 inactive_anon:24270 isolated_anon:0 [ 1407.476648] active_file:26 inactive_file:15 isolated_file:21 [ 1407.476648] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1407.476648] slab_reclaimable:12906 slab_unreclaimable:121037 [ 1407.476648] mapped:35497 shmem:25360 pagetables:1196 bounce:0 [ 1407.476648] free:24832 free_pcp:282 free_cma:0 [ 1407.486117] Node 0 [ 1407.490058] Node 0 active_anon:57496kB inactive_anon:68028kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127396kB dirty:0kB writeback:0kB shmem:72272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1407.492877] DMA32: [ 1407.528795] Node 1 active_anon:1944kB inactive_anon:29052kB active_file:96kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):84kB mapped:14592kB dirty:0kB writeback:0kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1407.559465] 736*4kB [ 1407.586182] Node 0 DMA free:10980kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1407.598508] (ME) [ 1407.615557] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1407.619852] 968*8kB [ 1407.622992] Node 0 [ 1407.622994] (ME) 242*16kB [ 1407.625309] DMA32 free:35660kB min:36200kB low:45248kB high:54296kB active_anon:57420kB inactive_anon:68028kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7520kB pagetables:4000kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1407.627567] (UME) [ 1407.641938] lowmem_reserve[]: 0 0 0 0 0 [ 1407.661562] 50*32kB [ 1407.664285] Node 0 [ 1407.664287] (UME) 111*64kB [ 1407.666628] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1407.666636] lowmem_reserve[]: [ 1407.668882] (UM) [ 1407.671811] 0 [ 1407.700069] 66*128kB [ 1407.701867] 0 [ 1407.703648] (UM) [ 1407.706048] 0 [ 1407.708636] 7*256kB [ 1407.710727] 0 [ 1407.711713] (U) [ 1407.714015] 0 [ 1407.715798] 3*512kB [ 1407.717839] Node 1 Normal free:53692kB min:53696kB low:67120kB high:80544kB active_anon:1940kB inactive_anon:29052kB active_file:156kB inactive_file:152kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:672kB pagetables:784kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1407.717859] lowmem_reserve[]: 0 0 0 0 0 [ 1407.717880] Node 0 DMA: 23*4kB (UME) 21*8kB [ 1407.723529] (U) [ 1407.763932] (UME) 44*16kB (UME) 43*32kB (UME) 19*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10980kB [ 1407.776183] 0*1024kB [ 1407.779453] Node 0 DMA32: 911*4kB (UME) 972*8kB (UME) 242*16kB (ME) 51*32kB (UME) 111*64kB (UM) 66*128kB (UM) 7*256kB (U) 3*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 35804kB [ 1407.782871] 0*2048kB [ 1407.797760] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1407.800817] 0*4096kB [ 1407.810894] Node 1 Normal: 183*4kB (UM) 85*8kB (UM) 54*16kB (UM) 48*32kB [ 1407.813325] = 35040kB [ 1407.813330] Node 0 [ 1407.820261] (UM) 189*64kB (UM) 26*128kB (UM) 13*256kB (UM) 58*512kB (UM) 2*1024kB (U) 0*2048kB 0*4096kB = 54308kB [ 1407.825932] Normal: [ 1407.835636] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1407.836089] 0*4kB [ 1407.838488] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1407.850544] 0*8kB [ 1407.857954] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1407.857959] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1407.857965] 25415 total pagecache pages [ 1407.860120] 0*16kB [ 1407.868999] 0 pages in swap cache [ 1407.869004] Swap cache stats: add 0, delete 0, find 0/0 [ 1407.869011] Free swap = 0kB [ 1407.882585] 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1407.895871] Total swap = 0kB [ 1407.906512] 2097051 pages RAM [ 1407.906853] Node 1 [ 1407.909600] 0 pages HighMem/MovableOnly [ 1407.909606] Normal: [ 1407.911821] 363840 pages reserved [ 1407.915771] 183*4kB [ 1407.918094] 0 pages cma reserved [ 1407.930962] (UM) 85*8kB (UM) 54*16kB (UM) 48*32kB (UM) 189*64kB (UM) 26*128kB (UM) 13*256kB (UM) 58*512kB (UM) 2*1024kB (U) 0*2048kB 0*4096kB = 54308kB [ 1407.944803] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1407.979957] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1408.046331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1408.055288] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1408.076335] 25392 total pagecache pages [ 1408.080334] 0 pages in swap cache [ 1408.083777] Swap cache stats: add 0, delete 0, find 0/0 [ 1408.136348] Free swap = 0kB [ 1408.139392] Total swap = 0kB [ 1408.142423] 2097051 pages RAM [ 1408.145519] 0 pages HighMem/MovableOnly [ 1408.156411] 363840 pages reserved [ 1408.186417] 0 pages cma reserved 18:05:04 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:04 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) 18:05:04 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) 18:05:04 executing program 5: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:04 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:04 executing program 5: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:04 executing program 5: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:04 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:04 executing program 5: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:04 executing program 5: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) [ 1409.898734] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1409.905488] batman_adv: batadv0: Removing interface: batadv_slave_0 18:05:04 executing program 5: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) [ 1409.951154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1409.985175] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1410.019552] device bridge_slave_1 left promiscuous mode [ 1410.038070] bridge0: port 2(bridge_slave_1) entered disabled state [ 1410.057164] device bridge_slave_0 left promiscuous mode [ 1410.062731] bridge0: port 1(bridge_slave_0) entered disabled state [ 1410.089204] device veth1_macvtap left promiscuous mode [ 1410.094553] device veth0_macvtap left promiscuous mode [ 1410.117722] device veth1_vlan left promiscuous mode [ 1410.122849] device veth0_vlan left promiscuous mode [ 1410.217504] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1410.255734] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1410.273331] CPU: 0 PID: 4047 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1410.281148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.290508] Call Trace: [ 1410.293106] dump_stack+0x1b2/0x281 [ 1410.296742] warn_alloc.cold+0x96/0x1cc [ 1410.300716] ? zone_watermark_ok_safe+0x220/0x220 [ 1410.305569] __alloc_pages_nodemask+0x2127/0x2720 [ 1410.310418] ? lock_acquire+0x170/0x3f0 [ 1410.314397] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1410.319277] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1410.324730] ? __mutex_unlock_slowpath+0x75/0x770 [ 1410.329568] ? alloc_pages_current+0x21c/0x260 [ 1410.334146] alloc_pages_current+0x155/0x260 [ 1410.338556] ion_page_pool_alloc+0x118/0x1b0 [ 1410.342965] ion_system_heap_allocate+0x133/0x8c0 [ 1410.347809] ? _raw_spin_unlock+0x29/0x40 [ 1410.351957] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1410.356885] ? ion_system_contig_heap_create+0x130/0x130 [ 1410.362340] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1410.367358] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1410.372202] ion_alloc+0x27a/0x810 [ 1410.375746] ? ion_dma_buf_release+0x40/0x40 [ 1410.380155] ? __might_fault+0x177/0x1b0 [ 1410.384218] ion_ioctl+0xea/0x1f0 [ 1410.387666] ? ion_query_heaps+0x360/0x360 [ 1410.391901] ? ion_query_heaps+0x360/0x360 [ 1410.396140] do_vfs_ioctl+0x75a/0xff0 [ 1410.399946] ? ioctl_preallocate+0x1a0/0x1a0 [ 1410.404439] ? lock_downgrade+0x740/0x740 [ 1410.408597] ? __fget+0x225/0x360 [ 1410.412140] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.416114] ? security_file_ioctl+0x83/0xb0 [ 1410.420521] SyS_ioctl+0x7f/0xb0 [ 1410.424002] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.427976] do_syscall_64+0x1d5/0x640 [ 1410.431873] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1410.437150] RIP: 0033:0x465f69 [ 1410.440335] RSP: 002b:00007face3f0d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1410.448051] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1410.455369] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1410.462676] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1410.470103] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1410.477389] R13: 00007ffd7dcc854f R14: 00007face3f0d300 R15: 0000000000022000 [ 1410.505072] Mem-Info: [ 1410.507668] active_anon:15215 inactive_anon:24269 isolated_anon:0 [ 1410.507668] active_file:2058 inactive_file:5096 isolated_file:12 [ 1410.507668] unevictable:0 dirty:88 writeback:0 unstable:0 [ 1410.507668] slab_reclaimable:13022 slab_unreclaimable:119727 [ 1410.507668] mapped:40249 shmem:25357 pagetables:1289 bounce:0 [ 1410.507668] free:167427 free_pcp:234 free_cma:0 [ 1410.523318] syz-executor.2: [ 1410.543103] syz-executor.4: [ 1410.545088] Node 0 active_anon:59204kB inactive_anon:68028kB active_file:8972kB inactive_file:19072kB unevictable:0kB isolated(anon):0kB isolated(file):48kB mapped:146404kB dirty:220kB writeback:0kB shmem:72264kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1410.554594] page allocation failure: order:4 [ 1410.580931] Node 1 active_anon:1656kB inactive_anon:29048kB active_file:60kB inactive_file:88kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:32kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1410.588865] page allocation failure: order:4 [ 1410.615956] Node 0 [ 1410.620257] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1410.622080] DMA free:11004kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1410.630773] (null) [ 1410.659797] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1410.666392] Node 0 DMA32 free:462320kB min:36200kB low:45248kB high:54296kB active_anon:59128kB inactive_anon:68028kB active_file:8484kB inactive_file:19928kB unevictable:0kB writepending:320kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4492kB bounce:0kB free_pcp:804kB local_pcp:252kB free_cma:0kB [ 1410.668710] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1410.700659] lowmem_reserve[]: [ 1410.706218] syz-executor.4 cpuset= [ 1410.708873] 0 [ 1410.711221] / [ 1410.714496] 0 [ 1410.719272] mems_allowed=0-1 [ 1410.723242] 0 0 0 [ 1410.725843] CPU: 1 PID: 4082 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1410.726484] Node 0 [ 1410.734149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.734154] Call Trace: [ 1410.734169] dump_stack+0x1b2/0x281 [ 1410.734182] warn_alloc.cold+0x96/0x1cc [ 1410.742161] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1410.745767] ? zone_watermark_ok_safe+0x220/0x220 [ 1410.745789] __alloc_pages_nodemask+0x2127/0x2720 [ 1410.749518] lowmem_reserve[]: [ 1410.752047] ? io_schedule_timeout+0x140/0x140 [ 1410.752064] ? lock_acquire+0x170/0x3f0 [ 1410.756032] 0 [ 1410.781012] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1410.781027] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1410.781038] ? __mutex_unlock_slowpath+0x75/0x770 [ 1410.781048] ? alloc_pages_current+0x84/0x260 [ 1410.781059] alloc_pages_current+0x155/0x260 [ 1410.781073] ion_page_pool_alloc+0x118/0x1b0 [ 1410.781082] ion_system_heap_allocate+0x133/0x8c0 [ 1410.781092] ? ion_alloc+0x187/0x810 [ 1410.781102] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1410.781111] ? ion_system_contig_heap_create+0x130/0x130 [ 1410.781120] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1410.781129] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1410.781139] ion_alloc+0x204/0x810 [ 1410.781153] ? ion_dma_buf_release+0x40/0x40 [ 1410.781164] ? __might_fault+0x177/0x1b0 [ 1410.799013] 0 [ 1410.802440] ion_ioctl+0xea/0x1f0 [ 1410.802452] ? ion_query_heaps+0x360/0x360 [ 1410.804273] 0 [ 1410.809068] ? ion_query_heaps+0x360/0x360 [ 1410.809078] do_vfs_ioctl+0x75a/0xff0 [ 1410.809089] ? ioctl_preallocate+0x1a0/0x1a0 [ 1410.809097] ? lock_downgrade+0x740/0x740 [ 1410.809109] ? __fget+0x225/0x360 [ 1410.809117] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.809127] ? security_file_ioctl+0x83/0xb0 [ 1410.809136] SyS_ioctl+0x7f/0xb0 [ 1410.809143] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.809153] do_syscall_64+0x1d5/0x640 [ 1410.809169] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1410.809176] RIP: 0033:0x465f69 [ 1410.809180] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1410.809189] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1410.809194] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1410.809199] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1410.809206] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1410.825002] 0 [ 1410.828597] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1410.832500] device hsr_slave_1 left promiscuous mode [ 1410.833219] 0 [ 1410.856570] device hsr_slave_0 left promiscuous mode [ 1410.862092] (null) [ 1410.928846] team0 (unregistering): Port device team_slave_1 removed [ 1410.969385] team0 (unregistering): Port device team_slave_0 removed [ 1410.975940] Node 1 [ 1411.012626] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1411.020075] CPU: 0 PID: 4081 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1411.021246] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1411.027862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.027866] Call Trace: [ 1411.027884] dump_stack+0x1b2/0x281 [ 1411.027903] warn_alloc.cold+0x96/0x1cc [ 1411.027914] ? zone_watermark_ok_safe+0x220/0x220 [ 1411.027937] __alloc_pages_nodemask+0x2127/0x2720 [ 1411.027945] ? __schedule+0x893/0x1de0 [ 1411.027960] ? lock_acquire+0x170/0x3f0 [ 1411.027973] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1411.076964] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1411.082421] ? __mutex_unlock_slowpath+0x75/0x770 [ 1411.087269] alloc_pages_current+0x155/0x260 [ 1411.091680] ion_page_pool_alloc+0x118/0x1b0 [ 1411.096107] ion_system_heap_allocate+0x133/0x8c0 [ 1411.100951] ? ion_alloc+0x187/0x810 [ 1411.104664] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1411.110117] ? ion_system_contig_heap_create+0x130/0x130 [ 1411.115591] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1411.120608] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1411.125453] ion_alloc+0x204/0x810 [ 1411.129002] ? ion_dma_buf_release+0x40/0x40 [ 1411.133416] ? __might_fault+0x177/0x1b0 [ 1411.137483] ion_ioctl+0xea/0x1f0 [ 1411.140937] ? ion_query_heaps+0x360/0x360 [ 1411.145175] ? ion_query_heaps+0x360/0x360 [ 1411.149408] do_vfs_ioctl+0x75a/0xff0 [ 1411.153209] ? ioctl_preallocate+0x1a0/0x1a0 [ 1411.157618] ? lock_downgrade+0x740/0x740 [ 1411.161767] ? __fget+0x225/0x360 [ 1411.165217] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.169193] ? security_file_ioctl+0x83/0xb0 [ 1411.174906] SyS_ioctl+0x7f/0xb0 [ 1411.178272] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.182274] do_syscall_64+0x1d5/0x640 [ 1411.186172] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.191359] RIP: 0033:0x465f69 [ 1411.194543] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1411.202252] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1411.209517] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1411.217131] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1411.224397] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1411.231663] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1411.239226] Normal free:195680kB min:53696kB low:67120kB high:80544kB active_anon:1656kB inactive_anon:29048kB active_file:4kB inactive_file:36kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:664kB bounce:0kB free_pcp:48kB local_pcp:0kB free_cma:0kB [ 1411.267138] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1411.274194] lowmem_reserve[]: 0 0 0 0 0 [ 1411.281918] Node 0 DMA: 48*4kB (UME) 21*8kB (UME) 44*16kB (UME) 43*32kB (UME) 18*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 11016kB [ 1411.301796] Node 0 DMA32: 164*4kB (E) 545*8kB (E) 1458*16kB (UME) 3655*32kB (UE) 1*64kB (U) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 145624kB [ 1411.319853] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1411.322624] bond0 (unregistering): Released all slaves [ 1411.330705] Node 1 Normal: 11996*4kB (UM) 3215*8kB (UM) 2609*16kB (U) 2505*32kB (U) 4*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 195864kB [ 1411.330776] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1411.330781] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1411.330789] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1411.380632] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1411.389323] 32612 total pagecache pages [ 1411.393303] 0 pages in swap cache [ 1411.400483] Swap cache stats: add 0, delete 0, find 0/0 [ 1411.405871] Free swap = 0kB [ 1411.409035] Total swap = 0kB [ 1411.412185] 2097051 pages RAM [ 1411.415290] 0 pages HighMem/MovableOnly [ 1411.422206] 363840 pages reserved [ 1411.425676] 0 pages cma reserved [ 1411.755189] oom_reaper: reaped process 4082 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1411.842419] oom_reaper: reaped process 4081 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1411.902939] rs:main Q:Reg invoked oom-killer: gfp_mask=0x1c200ca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), nodemask=(null), order=0, oom_score_adj=0 [ 1411.942037] rs:main Q:Reg cpuset=/ mems_allowed=0-1 [ 1411.968543] CPU: 1 PID: 4062 Comm: rs:main Q:Reg Not tainted 4.14.224-syzkaller #0 [ 1411.976270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.985621] Call Trace: [ 1411.988212] dump_stack+0x1b2/0x281 [ 1411.991840] dump_header+0x178/0x82f [ 1411.995548] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1412.000647] ? ___ratelimit+0x2cd/0x530 [ 1412.004620] oom_kill_process.cold+0x10/0xb18 [ 1412.009115] out_of_memory+0xe3e/0x1190 [ 1412.013086] ? oom_killer_disable+0x1c0/0x1c0 [ 1412.017570] ? mutex_trylock+0x152/0x1a0 [ 1412.021624] __alloc_pages_nodemask+0x23e1/0x2720 [ 1412.026466] ? trace_hardirqs_on+0x10/0x10 [ 1412.030696] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1412.035529] ? __radix_tree_lookup+0x1b5/0x2e0 [ 1412.040114] alloc_pages_current+0x155/0x260 [ 1412.044518] pagecache_get_page+0x3f5/0xab0 [ 1412.048835] grab_cache_page_write_begin+0x63/0x90 [ 1412.053769] ext4_da_write_begin+0x249/0xe70 [ 1412.058172] ? ext4_write_begin+0x1260/0x1260 [ 1412.062661] generic_perform_write+0x1c9/0x420 [ 1412.067239] ? __mnt_drop_write_file+0x5f/0x90 [ 1412.071808] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 1412.076464] ? current_time+0xb0/0xb0 [ 1412.080255] ? ext4_file_write_iter+0x1cc/0xd20 [ 1412.084913] __generic_file_write_iter+0x227/0x590 [ 1412.089834] ext4_file_write_iter+0x276/0xd20 [ 1412.094319] ? aa_file_perm+0x304/0xab0 [ 1412.098288] ? ext4_file_read_iter+0x330/0x330 [ 1412.102862] ? trace_hardirqs_on+0x10/0x10 [ 1412.107091] ? iov_iter_init+0xa6/0x1c0 [ 1412.111183] __vfs_write+0x44c/0x630 [ 1412.114908] ? kernel_read+0x110/0x110 [ 1412.118809] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1412.123822] vfs_write+0x17f/0x4d0 [ 1412.127358] SyS_write+0xf2/0x210 [ 1412.130805] ? SyS_read+0x210/0x210 [ 1412.134424] ? __do_page_fault+0x159/0xad0 [ 1412.138652] ? do_syscall_64+0x4c/0x640 [ 1412.142620] ? SyS_read+0x210/0x210 [ 1412.146240] do_syscall_64+0x1d5/0x640 [ 1412.150125] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1412.155306] RIP: 0033:0x7fa0535031cd [ 1412.159023] RSP: 002b:00007fa050abe590 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1412.166736] RAX: ffffffffffffffda RBX: 00007fa048005660 RCX: 00007fa0535031cd [ 1412.174117] RDX: 0000000000000091 RSI: 00007fa048005660 RDI: 0000000000000006 [ 1412.181381] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1412.188639] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fa0480053e0 [ 1412.195896] R13: 00007fa050abe5b0 R14: 00005632932573a0 R15: 0000000000000091 [ 1412.213691] Mem-Info: [ 1412.216924] active_anon:15209 inactive_anon:24269 isolated_anon:0 [ 1412.216924] active_file:22 inactive_file:27 isolated_file:16 [ 1412.216924] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1412.216924] slab_reclaimable:13029 slab_unreclaimable:120186 [ 1412.216924] mapped:44277 shmem:25357 pagetables:1322 bounce:0 [ 1412.216924] free:13871 free_pcp:0 free_cma:0 [ 1412.253756] Node 0 active_anon:59180kB inactive_anon:68028kB active_file:80kB inactive_file:96kB unevictable:0kB isolated(anon):0kB isolated(file):64kB mapped:162516kB dirty:4kB writeback:0kB shmem:72264kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1412.293486] Node 1 active_anon:1656kB inactive_anon:29048kB active_file:8kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1412.325288] Node 0 DMA free:10944kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1412.357278] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1412.362330] Node 0 DMA32 free:17712kB min:36200kB low:45248kB high:54296kB active_anon:59104kB inactive_anon:68028kB active_file:80kB inactive_file:96kB unevictable:0kB writepending:4kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7744kB pagetables:4624kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1412.394243] lowmem_reserve[]: 0 0 0 0 0 [ 1412.398753] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1412.428949] lowmem_reserve[]: 0 0 0 0 0 [ 1412.432948] Node 1 Normal free:26828kB min:53696kB low:67120kB high:80544kB active_anon:1656kB inactive_anon:29048kB active_file:8kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:664kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1412.464807] lowmem_reserve[]: 0 0 0 0 0 [ 1412.469072] Node 0 DMA: 30*4kB (UME) 21*8kB (UME) 44*16kB (UME) 43*32kB (UME) 18*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10944kB [ 1412.490675] Node 0 DMA32: 899*4kB (UME) 937*8kB (UME) 251*16kB (UME) 60*32kB (UME) 16*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18180kB [ 1412.505335] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1412.519570] Node 1 Normal: 9*4kB (M) 2*8kB (M) 2*16kB (UM) 829*32kB (U) 4*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26868kB [ 1412.532748] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1412.544887] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1412.554290] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1412.566513] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1412.575096] 25391 total pagecache pages [ 1412.581971] 0 pages in swap cache [ 1412.585448] Swap cache stats: add 0, delete 0, find 0/0 [ 1412.591744] Free swap = 0kB [ 1412.594756] Total swap = 0kB [ 1412.604918] 2097051 pages RAM [ 1412.610294] 0 pages HighMem/MovableOnly [ 1412.614260] 363840 pages reserved [ 1412.620571] 0 pages cma reserved [ 1412.623942] Out of memory (oom_kill_allocating_task): Kill process 4062 (rs:main Q:Reg) score 0 or sacrifice child [ 1412.635824] Killed process 4058 (rsyslogd) total-vm:254332kB, anon-rss:672kB, file-rss:0kB, shmem-rss:0kB [ 1412.650240] oom_reaper: reaped process 4058 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1412.713921] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1412.762709] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1412.778334] CPU: 1 PID: 7967 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1412.785798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.786079] syz-executor.4: [ 1412.795145] Call Trace: [ 1412.795153] page allocation failure: order:0 [ 1412.798156] dump_stack+0x1b2/0x281 [ 1412.798168] dump_header+0x178/0x82f [ 1412.798178] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1412.798187] ? ___ratelimit+0x2cd/0x530 [ 1412.798199] oom_kill_process.cold+0x10/0xb18 [ 1412.809130] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1412.812477] out_of_memory+0xe3e/0x1190 [ 1412.822097] (null) [ 1412.826011] ? oom_killer_disable+0x1c0/0x1c0 [ 1412.826021] ? mutex_trylock+0x152/0x1a0 [ 1412.826031] __alloc_pages_nodemask+0x23e1/0x2720 [ 1412.826050] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1412.826071] alloc_pages_current+0x155/0x260 [ 1412.826080] filemap_fault+0xea3/0x1980 [ 1412.826098] ext4_filemap_fault+0x84/0xb0 [ 1412.833207] syz-executor.4 cpuset= [ 1412.837129] __do_fault+0xfa/0x380 [ 1412.837137] __handle_mm_fault+0x2497/0x4620 [ 1412.837146] ? vm_insert_page+0x7c0/0x7c0 [ 1412.837164] handle_mm_fault+0x391/0x860 [ 1412.837174] __do_page_fault+0x549/0xad0 [ 1412.837182] ? spurious_fault+0x640/0x640 [ 1412.837190] ? do_page_fault+0x60/0x500 [ 1412.837197] ? page_fault+0x2f/0x50 [ 1412.837204] page_fault+0x45/0x50 [ 1412.837211] RIP: 1e00:0x149375bf9fc [ 1412.837215] RSP: 03e7:000000c000483e40 EFLAGS: 00000003 [ 1412.850107] Mem-Info: [ 1412.862221] syz-executor.2: [ 1412.870770] active_anon:14957 inactive_anon:24269 isolated_anon:0 [ 1412.870770] active_file:13 inactive_file:13 isolated_file:0 [ 1412.870770] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1412.870770] slab_reclaimable:13029 slab_unreclaimable:120001 [ 1412.870770] mapped:44265 shmem:25357 pagetables:1292 bounce:0 [ 1412.870770] free:13826 free_pcp:30 free_cma:0 [ 1412.881760] page allocation failure: order:0 [ 1412.891119] Node 0 active_anon:58172kB inactive_anon:68028kB active_file:44kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:162468kB dirty:0kB writeback:0kB shmem:72264kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1412.905362] / [ 1412.919326] Node 1 active_anon:1656kB inactive_anon:29048kB active_file:8kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1412.922639] syz-executor.1: [ 1412.923862] Node 0 [ 1412.959061] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1412.981689] DMA free:10944kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1412.991172] mems_allowed=0-1 [ 1413.010706] lowmem_reserve[]: [ 1413.020906] (null) [ 1413.021342] 0 [ 1413.023569] syz-executor.2 cpuset= [ 1413.050724] 2717 [ 1413.058064] page allocation failure: order:0 [ 1413.059380] 2718 [ 1413.062466] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1413.064586] 2718 [ 1413.066398] (null) [ 1413.066404] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1413.066426] CPU: 0 PID: 4047 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1413.066432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.066436] Call Trace: [ 1413.066454] dump_stack+0x1b2/0x281 [ 1413.066468] warn_alloc.cold+0x96/0x1cc [ 1413.066479] ? zone_watermark_ok_safe+0x220/0x220 [ 1413.066489] ? usleep_range+0x130/0x130 [ 1413.066498] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1413.066510] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1413.066520] ? run_timer_softirq+0x5a0/0x5a0 [ 1413.066535] __alloc_pages_nodemask+0x2127/0x2720 [ 1413.066551] ? lock_acquire+0x170/0x3f0 [ 1413.066566] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1413.089548] 2718 [ 1413.089830] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1413.102681] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1413.102701] alloc_pages_current+0x155/0x260 [ 1413.112044] Node 0 [ 1413.114598] ion_page_pool_alloc+0x118/0x1b0 [ 1413.118225] DMA32 free:18172kB min:36200kB low:45248kB high:54296kB active_anon:58096kB inactive_anon:68028kB active_file:32kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7616kB pagetables:4504kB bounce:0kB free_pcp:88kB local_pcp:8kB free_cma:0kB [ 1413.122153] ion_system_heap_allocate+0x133/0x8c0 [ 1413.126978] lowmem_reserve[]: [ 1413.130935] ? _raw_spin_unlock+0x29/0x40 [ 1413.136025] 0 [ 1413.141006] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1413.145380] 0 [ 1413.150200] ? ion_system_contig_heap_create+0x130/0x130 [ 1413.150211] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1413.150222] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1413.154171] 0 [ 1413.159013] ion_alloc+0x27a/0x810 [ 1413.159027] ? ion_dma_buf_release+0x40/0x40 [ 1413.159039] ? __might_fault+0x177/0x1b0 [ 1413.161071] 0 [ 1413.165546] ion_ioctl+0xea/0x1f0 [ 1413.170993] 0 [ 1413.175389] ? ion_query_heaps+0x360/0x360 [ 1413.181999] ? ion_query_heaps+0x360/0x360 [ 1413.210006] Node 0 [ 1413.214811] do_vfs_ioctl+0x75a/0xff0 [ 1413.217925] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1413.222029] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.223799] lowmem_reserve[]: [ 1413.228705] ? lock_downgrade+0x740/0x740 [ 1413.228718] ? __fget+0x225/0x360 [ 1413.228731] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.230505] 0 [ 1413.235947] ? security_file_ioctl+0x83/0xb0 [ 1413.235957] SyS_ioctl+0x7f/0xb0 [ 1413.235964] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.235975] do_syscall_64+0x1d5/0x640 [ 1413.240975] 0 [ 1413.245812] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1413.247597] 0 [ 1413.251117] RIP: 0033:0x465f69 [ 1413.255495] 0 [ 1413.259539] RSP: 002b:00007face3f0d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.259550] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1413.259555] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1413.259561] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1413.261338] 0 [ 1413.264764] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1413.264771] R13: 00007ffd7dcc854f R14: 00007face3f0d300 R15: 0000000000022000 [ 1413.272795] CPU: 0 PID: 4082 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1413.275002] Node 1 [ 1413.277190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.277193] Call Trace: [ 1413.277210] dump_stack+0x1b2/0x281 [ 1413.277223] warn_alloc.cold+0x96/0x1cc [ 1413.277235] ? zone_watermark_ok_safe+0x220/0x220 [ 1413.277244] ? usleep_range+0x130/0x130 [ 1413.277252] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1413.277263] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1413.277273] ? run_timer_softirq+0x5a0/0x5a0 [ 1413.277288] __alloc_pages_nodemask+0x2127/0x2720 [ 1413.277304] ? lock_acquire+0x170/0x3f0 [ 1413.277318] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1413.277329] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1413.277343] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1413.277362] alloc_pages_current+0x155/0x260 [ 1413.277373] ion_page_pool_alloc+0x118/0x1b0 [ 1413.277382] ion_system_heap_allocate+0x133/0x8c0 [ 1413.277392] ? ion_alloc+0x187/0x810 [ 1413.277400] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1413.277409] ? ion_system_contig_heap_create+0x130/0x130 [ 1413.277418] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1413.277427] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1413.277438] ion_alloc+0x204/0x810 [ 1413.277452] ? ion_dma_buf_release+0x40/0x40 [ 1413.277464] ? __might_fault+0x177/0x1b0 [ 1413.277477] ion_ioctl+0xea/0x1f0 [ 1413.277486] ? ion_query_heaps+0x360/0x360 [ 1413.277500] ? ion_query_heaps+0x360/0x360 [ 1413.277510] do_vfs_ioctl+0x75a/0xff0 [ 1413.301238] Normal free:26828kB min:53696kB low:67120kB high:80544kB active_anon:1656kB inactive_anon:29048kB active_file:8kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:664kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1413.306187] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.306199] ? lock_downgrade+0x740/0x740 [ 1413.310583] lowmem_reserve[]: [ 1413.313671] ? __fget+0x225/0x360 [ 1413.317809] 0 [ 1413.321232] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.325178] 0 [ 1413.326962] ? security_file_ioctl+0x83/0xb0 [ 1413.326972] SyS_ioctl+0x7f/0xb0 [ 1413.326980] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.331363] 0 [ 1413.334709] do_syscall_64+0x1d5/0x640 [ 1413.338682] 0 [ 1413.342538] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1413.344309] 0 [ 1413.349474] RIP: 0033:0x465f69 [ 1413.349479] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.349488] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1413.349495] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1413.354547] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1413.354554] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1413.356350] Node 0 [ 1413.364013] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1413.366015] / [ 1413.391172] DMA: [ 1413.396862] mems_allowed=0-1 [ 1413.422199] 31*4kB [ 1413.425871] CPU: 0 PID: 4081 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1413.434958] (UME) [ 1413.436480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.436485] Call Trace: [ 1413.436504] dump_stack+0x1b2/0x281 [ 1413.436517] warn_alloc.cold+0x96/0x1cc [ 1413.440463] 21*8kB [ 1413.445548] ? zone_watermark_ok_safe+0x220/0x220 [ 1413.450558] (UME) [ 1413.454924] ? usleep_range+0x130/0x130 [ 1413.459753] 44*16kB [ 1413.463688] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1413.463699] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1413.468527] (UME) [ 1413.473005] ? run_timer_softirq+0x5a0/0x5a0 [ 1413.478442] 43*32kB [ 1413.482820] __alloc_pages_nodemask+0x2127/0x2720 [ 1413.487217] (UME) [ 1413.492027] ? lock_acquire+0x170/0x3f0 [ 1413.495701] 18*64kB (UME) 10*128kB [ 1413.501144] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1413.501158] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1413.506603] (UM) [ 1413.511589] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1413.516427] 4*256kB [ 1413.519935] ? alloc_pages_current+0xe3/0x260 [ 1413.524310] (UME) [ 1413.528350] alloc_pages_current+0x155/0x260 [ 1413.528363] ion_page_pool_alloc+0x118/0x1b0 [ 1413.528373] ion_system_heap_allocate+0x133/0x8c0 [ 1413.531799] 2*512kB [ 1413.536015] ? ion_alloc+0x187/0x810 [ 1413.536025] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1413.536035] ? ion_system_contig_heap_create+0x130/0x130 [ 1413.540242] (UE) [ 1413.544025] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1413.544037] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1413.571930] warn_alloc_show_mem: 2 callbacks suppressed [ 1413.571933] Mem-Info: [ 1413.576270] ion_alloc+0x204/0x810 [ 1413.576287] ? ion_dma_buf_release+0x40/0x40 [ 1413.580412] active_anon:14957 inactive_anon:24269 isolated_anon:0 [ 1413.580412] active_file:10 inactive_file:12 isolated_file:0 [ 1413.580412] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1413.580412] slab_reclaimable:13029 slab_unreclaimable:119950 [ 1413.580412] mapped:44265 shmem:25357 pagetables:1292 bounce:0 [ 1413.580412] free:13986 free_pcp:52 free_cma:0 [ 1413.583489] ? __might_fault+0x177/0x1b0 [ 1413.586942] Node 0 active_anon:58172kB inactive_anon:68028kB active_file:32kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:162468kB dirty:0kB writeback:0kB shmem:72264kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1413.588700] ion_ioctl+0xea/0x1f0 [ 1413.592651] Node 1 active_anon:1656kB inactive_anon:29048kB active_file:8kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1413.594426] ? ion_query_heaps+0x360/0x360 [ 1413.598831] 2*1024kB [ 1413.602154] ? ion_query_heaps+0x360/0x360 [ 1413.606121] Node 0 [ 1413.607884] do_vfs_ioctl+0x75a/0xff0 [ 1413.611752] DMA free:10944kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1413.613529] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.618707] (UE) [ 1413.620470] ? lock_downgrade+0x740/0x740 [ 1413.620484] ? __fget+0x225/0x360 [ 1413.623646] 1*2048kB [ 1413.631331] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.631342] ? security_file_ioctl+0x83/0xb0 [ 1413.631351] SyS_ioctl+0x7f/0xb0 [ 1413.638616] lowmem_reserve[]: [ 1413.645851] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.653116] (M) [ 1413.660355] do_syscall_64+0x1d5/0x640 [ 1413.660375] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1413.662585] 0 [ 1413.669833] RIP: 0033:0x465f69 [ 1413.669838] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.669848] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1413.669855] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1413.671549] 0*4096kB [ 1413.673590] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1413.673597] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1413.676692] = 10948kB [ 1413.678911] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1413.822620] 2717 [ 1413.828744] Node 0 [ 1413.836033] 2718 [ 1413.839342] DMA32: [ 1413.868694] 2718 [ 1413.879300] 273*4kB [ 1413.909955] 2718 [ 1413.912263] (ME) [ 1414.249485] Node 0 DMA32 free:170808kB min:36200kB low:45248kB high:54296kB active_anon:58512kB inactive_anon:68028kB active_file:2564kB inactive_file:8712kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7680kB pagetables:4656kB bounce:0kB free_pcp:1284kB local_pcp:572kB free_cma:0kB [ 1414.284146] 945*8kB (UME) 241*16kB (UME) 60*32kB (UME) 3290*64kB (UM) 299*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 263260kB [ 1414.325973] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1414.337636] Node 1 Normal: 10*4kB (M) 14*8kB (UM) 6*16kB (UM) 829*32kB (U) 0*64kB 1*128kB (U) 1*256kB (U) 0*512kB 32*1024kB (U) 17*2048kB (U) 1*4096kB (U) = 98840kB [ 1414.365918] lowmem_reserve[]: 0 0 0 0 0 [ 1414.369949] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1414.395712] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1414.407975] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1414.409836] syz-executor.2: [ 1414.413210] CPU: 1 PID: 4082 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1414.413216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1414.413220] Call Trace: [ 1414.413238] dump_stack+0x1b2/0x281 [ 1414.413250] warn_alloc.cold+0x96/0x1cc [ 1414.413261] ? zone_watermark_ok_safe+0x220/0x220 [ 1414.413283] __alloc_pages_nodemask+0x2127/0x2720 [ 1414.428701] page allocation failure: order:4 [ 1414.433418] ? _raw_spin_unlock_irq+0x5a/0x80 [ 1414.439918] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1414.443552] ? finish_task_switch+0x178/0x610 [ 1414.468674] (null) [ 1414.469128] ? finish_task_switch+0x14d/0x610 [ 1414.469142] ? lock_acquire+0x170/0x3f0 [ 1414.473613] syz-executor.2 cpuset= [ 1414.475750] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1414.492532] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1414.495928] / mems_allowed=0-1 [ 1414.497997] ? __mutex_unlock_slowpath+0x75/0x770 [ 1414.498010] ? ion_page_pool_remove+0x111/0x280 [ 1414.509881] lowmem_reserve[]: 0 [ 1414.510652] alloc_pages_current+0x155/0x260 [ 1414.510666] ion_page_pool_alloc+0x118/0x1b0 [ 1414.513920] 0 [ 1414.518306] ion_system_heap_allocate+0x133/0x8c0 [ 1414.518318] ? _raw_spin_unlock+0x29/0x40 [ 1414.518326] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1414.518334] ? ion_system_contig_heap_create+0x130/0x130 [ 1414.518345] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1414.518354] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1414.518364] ion_alloc+0x27a/0x810 [ 1414.518380] ? ion_dma_buf_release+0x40/0x40 [ 1414.535945] 0 [ 1414.538416] ? __might_fault+0x177/0x1b0 [ 1414.543837] 0 [ 1414.548849] ion_ioctl+0xea/0x1f0 [ 1414.548861] ? ion_query_heaps+0x360/0x360 [ 1414.548872] ? ion_query_heaps+0x360/0x360 [ 1414.548881] do_vfs_ioctl+0x75a/0xff0 [ 1414.548893] ? ioctl_preallocate+0x1a0/0x1a0 [ 1414.548901] ? lock_downgrade+0x740/0x740 [ 1414.548914] ? __fget+0x225/0x360 [ 1414.595928] 0 [ 1414.596873] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.598651] Node 1 [ 1414.602603] ? security_file_ioctl+0x83/0xb0 [ 1414.602615] Normal free:26944kB min:53696kB low:67120kB high:80544kB active_anon:1656kB inactive_anon:29048kB active_file:8kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:664kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1414.602620] lowmem_reserve[]: [ 1414.604840] SyS_ioctl+0x7f/0xb0 [ 1414.643352] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.647327] do_syscall_64+0x1d5/0x640 [ 1414.648685] 0 0 0 [ 1414.651208] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1414.651216] RIP: 0033:0x465f69 [ 1414.653350] 0 [ 1414.658515] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.658524] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1414.658528] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1414.658533] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1414.658537] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1414.658542] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1414.662015] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1414.665960] CPU: 0 PID: 4081 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1414.674781] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1414.678485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1414.678489] Call Trace: [ 1414.678504] dump_stack+0x1b2/0x281 [ 1414.678517] warn_alloc.cold+0x96/0x1cc [ 1414.678529] ? zone_watermark_ok_safe+0x220/0x220 [ 1414.678552] __alloc_pages_nodemask+0x2127/0x2720 [ 1414.678562] ? lock_acquire+0x170/0x3f0 [ 1414.678574] ? lock_acquire+0x170/0x3f0 [ 1414.678588] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1414.678604] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1414.678616] ? __mutex_unlock_slowpath+0x75/0x770 [ 1414.678629] alloc_pages_current+0x155/0x260 [ 1414.686237] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1414.693153] ion_page_pool_alloc+0x118/0x1b0 [ 1414.693164] ion_system_heap_allocate+0x133/0x8c0 [ 1414.700442] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1414.707670] ? _raw_spin_unlock+0x29/0x40 [ 1414.707679] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1414.707690] ? ion_system_contig_heap_create+0x130/0x130 [ 1414.716512] 28446 total pagecache pages [ 1414.724276] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1414.732844] 0 pages in swap cache [ 1414.742160] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1414.742172] ion_alloc+0x27a/0x810 [ 1414.742186] ? ion_dma_buf_release+0x40/0x40 [ 1414.744745] Swap cache stats: add 0, delete 0, find 0/0 [ 1414.748353] ? __might_fault+0x177/0x1b0 [ 1414.748364] ion_ioctl+0xea/0x1f0 [ 1414.748374] ? ion_query_heaps+0x360/0x360 [ 1414.752320] Free swap = 0kB [ 1414.757157] ? ion_query_heaps+0x360/0x360 [ 1414.757167] do_vfs_ioctl+0x75a/0xff0 [ 1414.757179] ? ioctl_preallocate+0x1a0/0x1a0 [ 1414.761990] Total swap = 0kB [ 1414.765941] ? lock_downgrade+0x740/0x740 [ 1414.765954] ? __fget+0x225/0x360 [ 1414.765963] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.769913] 2097051 pages RAM [ 1414.774729] ? security_file_ioctl+0x83/0xb0 [ 1414.780166] 0 pages HighMem/MovableOnly [ 1414.784973] SyS_ioctl+0x7f/0xb0 [ 1414.789379] 363840 pages reserved [ 1414.798181] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.798193] do_syscall_64+0x1d5/0x640 [ 1414.798215] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1414.802596] 0 pages cma reserved [ 1414.807415] RIP: 0033:0x465f69 [ 1414.807421] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.807430] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1414.807437] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1414.816003] Out of memory (oom_kill_allocating_task): Kill process 7967 (syz-fuzzer) score 0 or sacrifice child [ 1414.820118] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1414.820125] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1414.825106] Killed process 2999 (syz-executor.5) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 1414.830466] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1414.855909] 0 [ 1414.875668] oom_reaper: reaped process 2999 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1414.910680] warn_alloc_show_mem: 2 callbacks suppressed [ 1414.910684] Mem-Info: [ 1414.925903] Node 0 [ 1414.932993] active_anon:15009 inactive_anon:24271 isolated_anon:0 [ 1414.932993] active_file:934 inactive_file:2193 isolated_file:0 [ 1414.932993] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1414.932993] slab_reclaimable:13045 slab_unreclaimable:122076 [ 1414.932993] mapped:37291 shmem:25360 pagetables:1270 bounce:0 [ 1414.932993] free:86366 free_pcp:237 free_cma:0 [ 1414.958690] DMA: [ 1414.965362] Node 0 active_anon:58384kB inactive_anon:68036kB active_file:3728kB inactive_file:8760kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:134572kB dirty:0kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1414.985881] 31*4kB [ 1414.990519] Node 1 active_anon:1652kB inactive_anon:29048kB active_file:8kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1415.018674] (UME) [ 1415.055859] Node 0 [ 1415.073432] 43*8kB [ 1415.132534] IPVS: ftp: loaded support on port[0] = 21 [ 1415.162483] (UME) 45*16kB (UME) 43*32kB (UME) 16*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 11012kB [ 1415.175869] DMA free:11012kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1415.175874] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1415.175892] Node 0 DMA32 free:327976kB min:36200kB low:45248kB high:54296kB active_anon:59268kB inactive_anon:68040kB active_file:4232kB inactive_file:8440kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4560kB bounce:0kB free_pcp:344kB local_pcp:76kB free_cma:0kB [ 1415.175909] lowmem_reserve[]: 0 0 0 0 0 [ 1415.205046] Node 0 [ 1415.262881] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1415.293948] DMA32: 4799*4kB (UE) 12385*8kB (UE) 8127*16kB (UME) 1902*32kB (UME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 309620kB [ 1415.326097] lowmem_reserve[]: 0 0 0 0 0 [ 1415.336725] Node 1 Normal free:27128kB min:53696kB low:67120kB high:80544kB active_anon:1648kB inactive_anon:29048kB active_file:8kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:664kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 1415.356632] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1415.395840] lowmem_reserve[]: [ 1415.400559] Node 1 Normal: 10*4kB (M) 42*8kB (UM) 15*16kB (UM) 829*32kB (U) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27208kB [ 1415.409715] 0 0 0 0 0 [ 1415.428989] Node 0 DMA: 31*4kB (UME) 43*8kB (UME) 45*16kB (UME) 43*32kB (UME) 16*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 11012kB [ 1415.460081] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1415.469039] Node 0 DMA32: 91*4kB (UME) 3514*8kB (UME) 8156*16kB (UE) 1907*32kB (UME) 4*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 220252kB [ 1415.489180] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1415.504428] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1415.504859] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1415.526051] Node 1 Normal: 10*4kB (M) 42*8kB (UM) 15*16kB (UM) 829*32kB (U) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27208kB [ 1415.531041] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1415.551886] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1415.554121] 28751 total pagecache pages [ 1415.561780] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1415.573717] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1415.575741] 0 pages in swap cache [ 1415.582792] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1415.594856] 28751 total pagecache pages [ 1415.600279] 0 pages in swap cache [ 1415.603739] Swap cache stats: add 0, delete 0, find 0/0 [ 1415.610657] Free swap = 0kB [ 1415.613722] Total swap = 0kB [ 1415.617653] 2097051 pages RAM [ 1415.618472] Swap cache stats: add 0, delete 0, find 0/0 [ 1415.621490] 0 pages HighMem/MovableOnly [ 1415.630220] chnl_net:caif_netlink_parms(): no params data found [ 1415.630996] 363840 pages reserved [ 1415.640662] 0 pages cma reserved [ 1415.656902] Free swap = 0kB [ 1415.659945] Total swap = 0kB [ 1415.662958] 2097051 pages RAM [ 1415.685851] 0 pages HighMem/MovableOnly [ 1415.689852] 363840 pages reserved [ 1415.693294] 0 pages cma reserved [ 1415.896342] bridge0: port 1(bridge_slave_0) entered blocking state [ 1415.902780] bridge0: port 1(bridge_slave_0) entered disabled state [ 1415.940349] device bridge_slave_0 entered promiscuous mode [ 1415.950621] bridge0: port 2(bridge_slave_1) entered blocking state [ 1415.979464] bridge0: port 2(bridge_slave_1) entered disabled state [ 1416.000742] device bridge_slave_1 entered promiscuous mode [ 1416.044873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1416.051903] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1416.079967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1416.086742] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1416.115824] Bluetooth: hci2 command 0x0409 tx timeout [ 1416.120572] device bridge_slave_1 left promiscuous mode [ 1416.128166] bridge0: port 2(bridge_slave_1) entered disabled state [ 1416.135550] device bridge_slave_0 left promiscuous mode [ 1416.159627] bridge0: port 1(bridge_slave_0) entered disabled state [ 1416.180663] device veth1_macvtap left promiscuous mode [ 1416.186054] device veth0_macvtap left promiscuous mode [ 1416.191370] device veth1_vlan left promiscuous mode [ 1416.219713] device veth0_vlan left promiscuous mode [ 1416.461435] device hsr_slave_1 left promiscuous mode [ 1416.483092] device hsr_slave_0 left promiscuous mode [ 1416.522070] team0 (unregistering): Port device team_slave_1 removed [ 1416.543769] team0 (unregistering): Port device team_slave_0 removed [ 1416.570034] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1416.603197] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1416.691774] bond0 (unregistering): Released all slaves [ 1416.778421] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1416.804665] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1416.864681] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1416.904632] team0: Port device team_slave_0 added 18:05:11 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1416.932952] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1416.960258] team0: Port device team_slave_1 added [ 1417.039307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1417.055764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1417.130233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1417.163565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1417.196585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1417.293158] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1417.322244] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1417.347506] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1417.416061] device hsr_slave_0 entered promiscuous mode [ 1417.432023] device hsr_slave_1 entered promiscuous mode [ 1417.452749] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1417.477266] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1417.750231] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1417.841169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1417.867913] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1417.877180] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1417.883318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1417.896192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1417.915996] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1417.922074] 8021q: adding VLAN 0 to HW filter on device team0 [ 1417.946469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1417.953506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1417.966430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1417.989053] bridge0: port 1(bridge_slave_0) entered blocking state [ 1417.995423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1418.029298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1418.195700] Bluetooth: hci2 command 0x041b tx timeout [ 1419.153459] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1419.160527] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1419.172585] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1419.179988] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1419.192986] device bridge_slave_1 left promiscuous mode [ 1419.199145] bridge0: port 2(bridge_slave_1) entered disabled state [ 1419.210366] device bridge_slave_0 left promiscuous mode [ 1419.230044] bridge0: port 1(bridge_slave_0) entered disabled state [ 1419.240033] device veth1_macvtap left promiscuous mode [ 1419.245339] device veth0_macvtap left promiscuous mode [ 1419.255684] device veth1_vlan left promiscuous mode [ 1419.260747] device veth0_vlan left promiscuous mode [ 1419.391688] device hsr_slave_1 left promiscuous mode [ 1419.413967] device hsr_slave_0 left promiscuous mode [ 1419.437849] team0 (unregistering): Port device team_slave_1 removed [ 1419.458031] team0 (unregistering): Port device team_slave_0 removed [ 1419.473517] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1419.493289] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1419.532167] bond0 (unregistering): Released all slaves [ 1420.273017] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1420.280097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1420.287942] Bluetooth: hci2 command 0x040f tx timeout [ 1420.288181] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1420.300933] bridge0: port 2(bridge_slave_1) entered blocking state [ 1420.307322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1420.319938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1420.327167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1420.337861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1420.344686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1420.355148] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1420.364426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1420.373860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1420.385944] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1420.395111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1420.402371] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1420.410157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1420.417952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1420.425804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1420.433384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1420.443604] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1420.450703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1420.458668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1420.468158] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1420.474156] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1420.488951] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1420.497705] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1420.503935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1420.512312] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1420.523839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1420.611235] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1420.621352] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1420.629240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1420.637868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1420.700615] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1420.711059] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1420.718870] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1420.729598] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1420.736322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1420.743775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1420.753575] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1420.761447] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1420.769459] device veth0_vlan entered promiscuous mode [ 1420.783167] device veth1_vlan entered promiscuous mode [ 1420.789257] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1420.798605] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1420.811844] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1420.822057] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1420.829475] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1420.837513] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1420.844775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1420.852793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1420.862749] device veth0_macvtap entered promiscuous mode [ 1420.869881] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1420.879247] device veth1_macvtap entered promiscuous mode [ 1420.885862] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1420.894999] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1420.905207] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1420.915170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1420.925722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1420.934955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1420.945198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1420.955381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1420.965699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1420.977121] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1420.984089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1420.991804] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1420.999325] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1421.006742] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1421.014505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1421.023585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1421.033879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1421.043653] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1421.053872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1421.063056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1421.072977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1421.084148] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1421.091285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1421.098418] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1421.106493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:05:16 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) 18:05:16 executing program 5: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:16 executing program 4: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:16 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) 18:05:16 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:16 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:16 executing program 4: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:16 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:16 executing program 4: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:16 executing program 4: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:16 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:16 executing program 4: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) [ 1422.355585] Bluetooth: hci2 command 0x0419 tx timeout [ 1423.235558] Bluetooth: hci1 command 0x0406 tx timeout [ 1423.309708] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1423.328129] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1423.355389] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1423.358732] syz-executor.2 cpuset= [ 1423.360528] CPU: 1 PID: 4399 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1423.360535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1423.360538] Call Trace: [ 1423.360554] dump_stack+0x1b2/0x281 [ 1423.368076] / [ 1423.371853] warn_alloc.cold+0x96/0x1cc [ 1423.393019] ? zone_watermark_ok_safe+0x220/0x220 [ 1423.394335] mems_allowed=0-1 [ 1423.397867] __alloc_pages_nodemask+0x2127/0x2720 [ 1423.397880] ? retint_kernel+0x2d/0x2d [ 1423.397900] ? lock_acquire+0x170/0x3f0 [ 1423.413648] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1423.418486] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1423.423931] ? __mutex_unlock_slowpath+0x75/0x770 [ 1423.428775] alloc_pages_current+0x155/0x260 [ 1423.433181] ion_page_pool_alloc+0x118/0x1b0 [ 1423.437582] ion_system_heap_allocate+0x133/0x8c0 [ 1423.442416] ? ion_alloc+0x187/0x810 [ 1423.446118] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1423.451556] ? ion_system_contig_heap_create+0x130/0x130 [ 1423.456996] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1423.462004] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1423.466839] ion_alloc+0x204/0x810 [ 1423.470388] ? ion_dma_buf_release+0x40/0x40 [ 1423.474788] ? __might_fault+0x177/0x1b0 [ 1423.478840] ion_ioctl+0xea/0x1f0 [ 1423.482278] ? ion_query_heaps+0x360/0x360 [ 1423.486504] ? ion_query_heaps+0x360/0x360 [ 1423.490732] do_vfs_ioctl+0x75a/0xff0 [ 1423.494530] ? ioctl_preallocate+0x1a0/0x1a0 [ 1423.498931] ? lock_downgrade+0x740/0x740 [ 1423.503075] ? __fget+0x225/0x360 [ 1423.506518] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.510480] ? security_file_ioctl+0x83/0xb0 [ 1423.514888] SyS_ioctl+0x7f/0xb0 [ 1423.518243] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.522206] do_syscall_64+0x1d5/0x640 [ 1423.526084] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1423.531261] RIP: 0033:0x465f69 [ 1423.534444] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1423.542137] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1423.549398] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1423.556654] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1423.563912] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1423.571180] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1423.578460] CPU: 0 PID: 4408 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1423.579932] warn_alloc_show_mem: 1 callbacks suppressed [ 1423.579935] Mem-Info: [ 1423.586252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1423.586257] Call Trace: [ 1423.586275] dump_stack+0x1b2/0x281 [ 1423.586288] warn_alloc.cold+0x96/0x1cc [ 1423.586299] ? zone_watermark_ok_safe+0x220/0x220 [ 1423.586320] __alloc_pages_nodemask+0x2127/0x2720 [ 1423.586331] ? lock_acquire+0x170/0x3f0 [ 1423.586344] ? lock_acquire+0x170/0x3f0 [ 1423.586360] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1423.586383] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1423.586395] ? __mutex_unlock_slowpath+0x75/0x770 [ 1423.586404] ? retint_kernel+0x2d/0x2d [ 1423.586418] alloc_pages_current+0x155/0x260 [ 1423.586431] ion_page_pool_alloc+0x118/0x1b0 [ 1423.586443] ion_system_heap_allocate+0x133/0x8c0 [ 1423.586453] ? ion_alloc+0x187/0x810 [ 1423.586463] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1423.586473] ? ion_system_contig_heap_create+0x130/0x130 [ 1423.586483] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1423.586492] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1423.586504] ion_alloc+0x204/0x810 [ 1423.586518] ? ion_dma_buf_release+0x40/0x40 [ 1423.586530] ? __might_fault+0x177/0x1b0 [ 1423.586543] ion_ioctl+0xea/0x1f0 [ 1423.586552] ? ion_query_heaps+0x360/0x360 [ 1423.586566] ? ion_query_heaps+0x360/0x360 [ 1423.586576] do_vfs_ioctl+0x75a/0xff0 [ 1423.586587] ? ioctl_preallocate+0x1a0/0x1a0 [ 1423.586595] ? lock_downgrade+0x740/0x740 [ 1423.586609] ? __fget+0x225/0x360 [ 1423.586618] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.586628] ? security_file_ioctl+0x83/0xb0 [ 1423.586638] SyS_ioctl+0x7f/0xb0 [ 1423.586645] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.586656] do_syscall_64+0x1d5/0x640 [ 1423.586670] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1423.586678] RIP: 0033:0x465f69 [ 1423.586683] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1423.586693] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1423.586699] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1423.586704] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1423.586710] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1423.586715] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1423.808682] active_anon:15744 inactive_anon:24267 isolated_anon:0 [ 1423.808682] active_file:1591 inactive_file:5729 isolated_file:0 [ 1423.808682] unevictable:0 dirty:76 writeback:0 unstable:0 [ 1423.808682] slab_reclaimable:13134 slab_unreclaimable:118219 [ 1423.808682] mapped:57455 shmem:25352 pagetables:1331 bounce:0 [ 1423.808682] free:264281 free_pcp:254 free_cma:0 [ 1423.842622] Node 0 active_anon:61144kB inactive_anon:68020kB active_file:1204kB inactive_file:15104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:205844kB dirty:128kB writeback:0kB shmem:72244kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1423.871290] Node 1 active_anon:1832kB inactive_anon:29048kB active_file:5160kB inactive_file:7812kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:23976kB dirty:176kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1423.899387] Node 0 DMA free:11104kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1423.926511] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1423.931566] Node 0 DMA32 free:648136kB min:36200kB low:45248kB high:54296kB active_anon:61100kB inactive_anon:68020kB active_file:1204kB inactive_file:15108kB unevictable:0kB writepending:128kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:4664kB bounce:0kB free_pcp:264kB local_pcp:108kB free_cma:0kB [ 1423.961905] lowmem_reserve[]: 0 0 0 0 0 [ 1423.966125] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1423.992075] lowmem_reserve[]: 0 0 0 0 0 [ 1423.996276] Node 1 Normal free:281208kB min:53696kB low:67120kB high:80544kB active_anon:1832kB inactive_anon:29048kB active_file:5164kB inactive_file:7808kB unevictable:0kB writepending:176kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:660kB bounce:0kB free_pcp:636kB local_pcp:0kB free_cma:0kB [ 1424.026031] lowmem_reserve[]: 0 0 0 0 0 [ 1424.030028] Node 0 DMA: 45*4kB (UME) 63*8kB (UME) 57*16kB (UME) 46*32kB (UME) 10*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 11132kB [ 1424.046459] Node 0 DMA32: 32*4kB (UME) 542*8kB (E) 9978*16kB (UME) 10064*32kB (UME) 848*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 541712kB [ 1424.062304] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1424.073298] Node 1 Normal: 5468*4kB (UM) 3589*8kB (U) 2446*16kB (U) 2708*32kB (U) 1304*64kB (U) 163*128kB (U) 2*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 281208kB [ 1424.088790] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1424.097880] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1424.106716] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1424.115868] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1424.124447] 32563 total pagecache pages [ 1424.128731] 0 pages in swap cache [ 1424.132183] Swap cache stats: add 0, delete 0, find 0/0 [ 1424.137783] Free swap = 0kB [ 1424.140796] Total swap = 0kB [ 1424.143812] 2097051 pages RAM [ 1424.147182] 0 pages HighMem/MovableOnly [ 1424.151148] 363840 pages reserved [ 1424.154589] 0 pages cma reserved [ 1424.978609] syz-executor.3 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1424.993654] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1425.013363] CPU: 1 PID: 4124 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1425.021212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1425.030548] Call Trace: [ 1425.033119] dump_stack+0x1b2/0x281 [ 1425.036725] dump_header+0x178/0x82f [ 1425.040428] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1425.045508] ? ___ratelimit+0x2cd/0x530 [ 1425.049457] oom_kill_process.cold+0x10/0xb18 [ 1425.053932] out_of_memory+0xe3e/0x1190 [ 1425.057898] ? oom_killer_disable+0x1c0/0x1c0 [ 1425.062405] ? mutex_trylock+0x152/0x1a0 [ 1425.066442] __alloc_pages_nodemask+0x23e1/0x2720 [ 1425.071266] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1425.076098] alloc_pages_current+0x155/0x260 [ 1425.080482] filemap_fault+0xea3/0x1980 [ 1425.084448] ext4_filemap_fault+0x84/0xb0 [ 1425.088574] __do_fault+0xfa/0x380 [ 1425.092087] __handle_mm_fault+0x2497/0x4620 [ 1425.096471] ? vm_insert_page+0x7c0/0x7c0 [ 1425.100592] ? nanosleep_copyout+0x100/0x100 [ 1425.104982] handle_mm_fault+0x391/0x860 [ 1425.109021] __do_page_fault+0x549/0xad0 [ 1425.113059] ? spurious_fault+0x640/0x640 [ 1425.117196] ? do_page_fault+0x60/0x500 [ 1425.121163] ? page_fault+0x2f/0x50 [ 1425.124785] page_fault+0x45/0x50 [ 1425.128213] RIP: 15b566:0x3 [ 1425.131117] RSP: 0006:00007fff692e4e2c EFLAGS: 00000045 [ 1425.137820] Mem-Info: [ 1425.145634] active_anon:15834 inactive_anon:24267 isolated_anon:0 [ 1425.145634] active_file:19 inactive_file:20 isolated_file:0 [ 1425.145634] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1425.145634] slab_reclaimable:13131 slab_unreclaimable:118142 [ 1425.145634] mapped:53053 shmem:25352 pagetables:1419 bounce:0 [ 1425.145634] free:25137 free_pcp:66 free_cma:0 [ 1425.239339] Node 0 active_anon:61504kB inactive_anon:68020kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:197616kB dirty:0kB writeback:0kB shmem:72244kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1425.424685] Node 1 active_anon:1832kB inactive_anon:29048kB active_file:48kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14596kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1425.520063] Node 0 DMA free:11056kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1425.605172] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1425.610225] Node 0 DMA32 free:35744kB min:36200kB low:45248kB high:54296kB active_anon:61428kB inactive_anon:68020kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:5016kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1425.774420] lowmem_reserve[]: 0 0 0 0 0 [ 1425.820821] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1425.868772] lowmem_reserve[]: 0 0 0 0 0 [ 1425.872784] Node 1 Normal free:53324kB min:53696kB low:67120kB high:80544kB active_anon:1832kB inactive_anon:29048kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:576kB pagetables:660kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1425.950586] lowmem_reserve[]: 0 0 0 0 0 [ 1425.954591] Node 0 DMA: 26*4kB (UME) 63*8kB (UME) 57*16kB (UME) 46*32kB (UME) 10*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 11056kB [ 1426.067622] Node 0 DMA32: 725*4kB (ME) 944*8kB (UME) 263*16kB (UME) 65*32kB (UME) 283*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36132kB [ 1426.122983] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1426.218034] Node 1 Normal: 32*4kB (UM) 23*8kB (UM) 14*16kB (M) 14*32kB (UM) 345*64kB (UM) 173*128kB (UM) 9*256kB (UM) 6*512kB (M) 1*1024kB (M) 1*2048kB (M) 0*4096kB = 53656kB [ 1426.310942] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1426.377429] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1426.435397] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1426.444258] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1426.551838] 25379 total pagecache pages [ 1426.582986] 0 pages in swap cache [ 1426.601922] Swap cache stats: add 0, delete 0, find 0/0 [ 1426.641431] Free swap = 0kB [ 1426.644557] Total swap = 0kB [ 1426.682493] 2097051 pages RAM [ 1426.702525] 0 pages HighMem/MovableOnly [ 1426.733425] 363840 pages reserved [ 1426.755015] 0 pages cma reserved [ 1426.786395] Out of memory (oom_kill_allocating_task): Kill process 4124 (syz-executor.3) score 0 or sacrifice child [ 1426.854284] Killed process 4399 (syz-executor.3) total-vm:93384kB, anon-rss:2204kB, file-rss:34820kB, shmem-rss:0kB [ 1426.954529] oom_reaper: reaped process 4399 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1427.051399] ion_system_heap invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=0 [ 1427.124879] ion_system_heap cpuset=/ mems_allowed=0-1 [ 1427.150452] CPU: 0 PID: 4244 Comm: ion_system_heap Not tainted 4.14.224-syzkaller #0 [ 1427.158347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1427.167705] Call Trace: [ 1427.170291] dump_stack+0x1b2/0x281 [ 1427.173914] dump_header+0x178/0x82f [ 1427.177626] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1427.182741] ? ___ratelimit+0x2cd/0x530 [ 1427.186711] oom_kill_process.cold+0x10/0xb18 [ 1427.191199] ? lock_downgrade+0x740/0x740 [ 1427.195341] out_of_memory+0x2dc/0x1190 [ 1427.199313] ? oom_killer_disable+0x1c0/0x1c0 [ 1427.203799] ? mutex_trylock+0x152/0x1a0 [ 1427.207854] __alloc_pages_nodemask+0x23e1/0x2720 [ 1427.212703] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1427.217549] ? kmem_cache_alloc_node_trace+0x153/0x400 [ 1427.222811] ? cache_grow_begin+0x41/0x630 [ 1427.227032] cache_grow_begin+0x91/0x630 [ 1427.231086] ? cache_grow_begin+0x91/0x630 [ 1427.231843] syz-executor.3: [ 1427.235306] fallback_alloc+0x207/0x2c0 [ 1427.235319] kmem_cache_alloc_node_trace+0xed/0x400 [ 1427.235329] alloc_vmap_area+0xf0/0x7c0 [ 1427.235342] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1427.235350] ? purge_vmap_area_lazy+0xb0/0xb0 [ 1427.235356] ? __get_vm_area_node+0xed/0x340 [ 1427.235363] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1427.235373] __get_vm_area_node+0x126/0x340 [ 1427.243390] page allocation failure: order:0 [ 1427.247329] vmap+0xd5/0x290 [ 1427.247339] ? ion_heap_clear_pages+0x23/0x70 [ 1427.247345] ? vunmap+0x50/0x50 [ 1427.247351] ? __vunmap+0x21c/0x300 [ 1427.247362] ion_heap_clear_pages+0x23/0x70 [ 1427.247372] ion_heap_sglist_zero+0x165/0x220 [ 1427.247381] ? ion_heap_clear_pages+0x70/0x70 [ 1427.247392] ? finish_task_switch+0x178/0x610 [ 1427.247415] ? pagerange_is_ram_callback+0x100/0x100 [ 1427.263143] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1427.265651] ? ion_heap_deferred_free+0x222/0x470 [ 1427.265662] ion_system_heap_free+0x1d0/0x240 [ 1427.265675] ion_buffer_destroy+0x132/0x190 [ 1427.265683] ion_heap_deferred_free+0x22a/0x470 [ 1427.265691] ? __schedule+0x857/0x1de0 [ 1427.265701] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1427.272091] (null) [ 1427.275258] ? wait_woken+0x230/0x230 [ 1427.275268] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1427.275276] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1427.275286] kthread+0x30d/0x420 [ 1427.275295] ? kthread_create_on_node+0xd0/0xd0 [ 1427.275304] ret_from_fork+0x24/0x30 [ 1427.298009] Mem-Info: [ 1427.301411] syz-executor.3 cpuset= [ 1427.302911] active_anon:15298 inactive_anon:24267 isolated_anon:0 [ 1427.302911] active_file:27 inactive_file:0 isolated_file:0 [ 1427.302911] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1427.302911] slab_reclaimable:13130 slab_unreclaimable:117961 [ 1427.302911] mapped:53052 shmem:25352 pagetables:1418 bounce:0 [ 1427.302911] free:13949 free_pcp:64 free_cma:0 [ 1427.307407] / mems_allowed=0-1 [ 1427.307424] CPU: 1 PID: 4399 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1427.307430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1427.307434] Call Trace: [ 1427.307451] dump_stack+0x1b2/0x281 [ 1427.307465] warn_alloc.cold+0x96/0x1cc [ 1427.307476] ? zone_watermark_ok_safe+0x220/0x220 [ 1427.307485] ? usleep_range+0x130/0x130 [ 1427.307493] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1427.307505] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1427.307516] ? run_timer_softirq+0x5a0/0x5a0 [ 1427.307532] __alloc_pages_nodemask+0x2127/0x2720 [ 1427.307547] ? lock_acquire+0x170/0x3f0 [ 1427.307564] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1427.334278] Node 0 active_anon:59360kB inactive_anon:68020kB active_file:36kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:197616kB dirty:0kB writeback:0kB shmem:72244kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1427.337820] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1427.337838] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1427.342492] Node 1 active_anon:1832kB inactive_anon:29048kB active_file:72kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1427.346355] ? __alloc_pages_nodemask+0x277/0x2720 [ 1427.346368] alloc_pages_current+0x155/0x260 [ 1427.346381] ion_page_pool_alloc+0x118/0x1b0 [ 1427.351028] Node 0 [ 1427.353160] ion_system_heap_allocate+0x133/0x8c0 [ 1427.356956] DMA free:10976kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1427.362014] ? ion_alloc+0x187/0x810 [ 1427.366664] lowmem_reserve[]: [ 1427.370002] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1427.374633] 0 2717 [ 1427.378333] ? ion_system_contig_heap_create+0x130/0x130 [ 1427.378343] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1427.378354] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1427.380734] 2718 [ 1427.384262] ion_alloc+0x204/0x810 [ 1427.417425] 2718 [ 1427.420583] ? ion_dma_buf_release+0x40/0x40 [ 1427.428349] 2718 [ 1427.437676] ? __might_fault+0x177/0x1b0 [ 1427.437689] ion_ioctl+0xea/0x1f0 [ 1427.443854] ? ion_query_heaps+0x360/0x360 [ 1427.447819] Node 0 [ 1427.452625] ? ion_query_heaps+0x360/0x360 [ 1427.456591] DMA32 free:17996kB min:36200kB low:45248kB high:54296kB active_anon:59284kB inactive_anon:68020kB active_file:36kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:5012kB bounce:0kB free_pcp:136kB local_pcp:0kB free_cma:0kB [ 1427.461654] do_vfs_ioctl+0x75a/0xff0 [ 1427.466667] lowmem_reserve[]: [ 1427.471047] ? ioctl_preallocate+0x1a0/0x1a0 [ 1427.475893] 0 [ 1427.479833] ? lock_downgrade+0x740/0x740 [ 1427.484645] 0 [ 1427.512222] ? __fget+0x225/0x360 [ 1427.512231] ? do_vfs_ioctl+0xff0/0xff0 [ 1427.512242] ? security_file_ioctl+0x83/0xb0 [ 1427.516721] 0 [ 1427.522142] SyS_ioctl+0x7f/0xb0 [ 1427.549225] 0 [ 1427.554112] ? do_vfs_ioctl+0xff0/0xff0 [ 1427.558524] 0 [ 1427.562908] do_syscall_64+0x1d5/0x640 [ 1427.569967] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.595667] Node 0 [ 1427.599335] RIP: 0033:0x465f69 [ 1427.602417] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1427.607833] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1427.607843] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1427.607847] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1427.607853] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1427.607857] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1427.607864] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1427.610221] lowmem_reserve[]: [ 1427.620088] warn_alloc_show_mem: 1 callbacks suppressed [ 1427.620091] Mem-Info: [ 1427.621938] 0 [ 1427.625573] active_anon:15298 inactive_anon:24267 isolated_anon:0 [ 1427.625573] active_file:27 inactive_file:0 isolated_file:0 [ 1427.625573] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1427.625573] slab_reclaimable:13130 slab_unreclaimable:117961 [ 1427.625573] mapped:53052 shmem:25352 pagetables:1418 bounce:0 [ 1427.625573] free:13949 free_pcp:64 free_cma:0 [ 1427.625589] Node 0 active_anon:59360kB inactive_anon:68020kB active_file:36kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:197616kB dirty:0kB writeback:0kB shmem:72244kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1427.625604] Node 1 active_anon:1832kB inactive_anon:29048kB active_file:72kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1427.625607] Node 0 DMA free:10976kB min:204kB low:252kB high:300kB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1427.625627] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1427.625646] Node 0 DMA32 free:17996kB min:36200kB low:45248kB high:54296kB active_anon:59284kB inactive_anon:68020kB active_file:36kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7808kB pagetables:5012kB bounce:0kB free_pcp:136kB local_pcp:136kB free_cma:0kB [ 1427.625666] lowmem_reserve[]: 0 0 0 0 0 [ 1427.625684] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1427.625702] lowmem_reserve[]: 0 0 0 0 0 [ 1427.625722] Node 1 Normal free:26824kB min:53696kB low:67120kB high:80544kB active_anon:1832kB inactive_anon:29048kB active_file:40kB inactive_file:36kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:660kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 1427.625741] lowmem_reserve[]: 0 0 0 0 0 [ 1427.625760] Node 0 DMA: 22*4kB (UME) 55*8kB (UME) 57*16kB (UME) 46*32kB (UME) 10*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) [ 1427.654224] 0 [ 1427.661810] 1*2048kB [ 1427.708790] 0 [ 1427.712521] (M) [ 1427.712952] 0 [ 1427.717398] 0*4096kB = 10976kB [ 1427.717407] Node 0 DMA32: 746*4kB (UME) 945*8kB (UME) 263*16kB (ME) 64*32kB (ME) 3*64kB (UM) 2*128kB (UM) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 18016kB [ 1427.717476] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB [ 1427.742389] 0 [ 1427.748757] 0*128kB [ 1427.802719] 0*256kB [ 1427.829467] Node 1 [ 1427.863469] 0*512kB [ 1427.896949] Normal free:26824kB min:53696kB low:67120kB high:80544kB active_anon:1832kB inactive_anon:29048kB active_file:40kB inactive_file:36kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:660kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1427.932212] 0*1024kB [ 1427.950150] lowmem_reserve[]: [ 1427.991758] 0*2048kB [ 1428.013663] 0 [ 1428.054686] 0*4096kB [ 1428.063880] 0 [ 1428.080070] = 0kB [ 1428.091889] 0 [ 1428.109414] Node 1 [ 1428.137402] 0 0 [ 1428.160457] Node 0 DMA: 22*4kB (UME) 55*8kB (UME) 57*16kB (UME) 46*32kB (UME) 10*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 10976kB [ 1428.161106] Normal: [ 1428.187383] Node 0 DMA32: 746*4kB (UME) 945*8kB (UME) 263*16kB (ME) 64*32kB (ME) 3*64kB (UM) 2*128kB (UM) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 18016kB [ 1428.202690] 30*4kB (M) 22*8kB (M) 14*16kB (M) 12*32kB (M) 17*64kB (M) 128*128kB (UM) 9*256kB (UM) 6*512kB (M) 1*1024kB (M) 1*2048kB (M) 0*4096kB = 26824kB [ 1428.210526] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1428.242880] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1428.245858] Node 1 Normal: 30*4kB (M) 22*8kB (M) 14*16kB (M) 12*32kB (M) 17*64kB (M) 128*128kB (UM) 9*256kB (UM) 6*512kB (M) 1*1024kB (M) 1*2048kB (M) 0*4096kB = 26824kB [ 1428.268718] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1428.278437] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1428.293677] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1428.297319] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1428.320908] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1428.323368] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1428.342292] 25379 total pagecache pages [ 1428.352299] 0 pages in swap cache [ 1428.354295] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1428.362498] Swap cache stats: add 0, delete 0, find 0/0 [ 1428.370613] 25379 total pagecache pages [ 1428.374598] 0 pages in swap cache [ 1428.382489] Free swap = 0kB [ 1428.389514] Total swap = 0kB [ 1428.391860] Swap cache stats: add 0, delete 0, find 0/0 [ 1428.392548] 2097051 pages RAM [ 1428.411501] 0 pages HighMem/MovableOnly [ 1428.417514] 363840 pages reserved [ 1428.417541] Free swap = 0kB [ 1428.420957] 0 pages cma reserved [ 1428.423960] Total swap = 0kB [ 1428.488112] 2097051 pages RAM [ 1429.013436] 0 pages HighMem/MovableOnly [ 1429.017522] 363840 pages reserved [ 1429.020966] 0 pages cma reserved [ 1429.024326] Out of memory: Kill process 2983 (syz-executor.0) score 1005 or sacrifice child [ 1429.032910] Killed process 2983 (syz-executor.0) total-vm:93384kB, anon-rss:2200kB, file-rss:34628kB, shmem-rss:0kB [ 1429.063249] oom_reaper: reaped process 2983 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 18:05:23 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1437.749181] IPVS: ftp: loaded support on port[0] = 21 [ 1437.810778] IPVS: ftp: loaded support on port[0] = 21 [ 1437.891107] chnl_net:caif_netlink_parms(): no params data found [ 1438.030820] chnl_net:caif_netlink_parms(): no params data found [ 1438.040192] bridge0: port 1(bridge_slave_0) entered blocking state [ 1438.046784] bridge0: port 1(bridge_slave_0) entered disabled state [ 1438.053627] device bridge_slave_0 entered promiscuous mode [ 1438.070124] bridge0: port 2(bridge_slave_1) entered blocking state [ 1438.077250] bridge0: port 2(bridge_slave_1) entered disabled state [ 1438.084122] device bridge_slave_1 entered promiscuous mode [ 1438.107920] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1438.117091] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1438.149301] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1438.156628] team0: Port device team_slave_0 added [ 1438.162147] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1438.170810] team0: Port device team_slave_1 added [ 1438.203429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1438.210078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1438.235813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1438.246113] bridge0: port 1(bridge_slave_0) entered blocking state [ 1438.252492] bridge0: port 1(bridge_slave_0) entered disabled state [ 1438.260689] device bridge_slave_0 entered promiscuous mode [ 1438.268472] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1438.274970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1438.300212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1438.310513] bridge0: port 2(bridge_slave_1) entered blocking state [ 1438.317799] bridge0: port 2(bridge_slave_1) entered disabled state [ 1438.325198] device bridge_slave_1 entered promiscuous mode [ 1438.331663] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1438.339871] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1438.371550] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1438.382665] device hsr_slave_0 entered promiscuous mode [ 1438.388384] device hsr_slave_1 entered promiscuous mode [ 1438.396285] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1438.404175] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1438.418253] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1438.436383] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1438.443672] team0: Port device team_slave_0 added [ 1438.449746] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1438.457450] team0: Port device team_slave_1 added [ 1438.487280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1438.493576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1438.518812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1438.532763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1438.539506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1438.565059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1438.578786] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1438.586383] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1438.627850] device hsr_slave_0 entered promiscuous mode [ 1438.633474] device hsr_slave_1 entered promiscuous mode [ 1438.644058] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1438.651397] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1438.728502] bridge0: port 2(bridge_slave_1) entered blocking state [ 1438.734873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1438.741450] bridge0: port 1(bridge_slave_0) entered blocking state [ 1438.747839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1438.780970] bridge0: port 2(bridge_slave_1) entered blocking state [ 1438.787506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1438.794104] bridge0: port 1(bridge_slave_0) entered blocking state [ 1438.800520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1438.833535] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1438.840004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1438.848944] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1438.862344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1438.869715] bridge0: port 1(bridge_slave_0) entered disabled state [ 1438.877090] bridge0: port 2(bridge_slave_1) entered disabled state [ 1438.884072] bridge0: port 1(bridge_slave_0) entered disabled state [ 1438.891479] bridge0: port 2(bridge_slave_1) entered disabled state [ 1438.899478] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1438.908192] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1438.914243] 8021q: adding VLAN 0 to HW filter on device team0 [ 1438.928337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1438.938013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1438.947583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1438.953616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1438.961381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1438.969169] bridge0: port 1(bridge_slave_0) entered blocking state [ 1438.975564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1438.982370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1438.990717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1438.998385] bridge0: port 2(bridge_slave_1) entered blocking state [ 1439.004764] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1439.013335] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1439.022808] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1439.029155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1439.039257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1439.050008] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1439.058128] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1439.064246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1439.073125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1439.081060] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1439.088767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1439.096123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1439.103284] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1439.113775] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1439.120093] 8021q: adding VLAN 0 to HW filter on device team0 [ 1439.130526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1439.138938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1439.146202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1439.153907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1439.161986] bridge0: port 1(bridge_slave_0) entered blocking state [ 1439.168367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1439.175708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1439.183296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1439.193268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1439.202716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1439.211227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1439.219135] bridge0: port 2(bridge_slave_1) entered blocking state [ 1439.225531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1439.234988] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1439.243302] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1439.250970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1439.260606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1439.268797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1439.279261] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1439.287281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1439.294966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1439.304223] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1439.312166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1439.321713] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1439.328000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1439.342557] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1439.350221] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1439.357044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1439.365651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1439.373260] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1439.382918] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1439.391808] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1439.398469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1439.406969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1439.415047] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1439.421742] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1439.431533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1439.439370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1439.447472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1439.458002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1439.465715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1439.473396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1439.484348] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1439.490457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1439.499696] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1439.519156] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1439.527225] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1439.533489] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1439.546621] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1439.557931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1439.598305] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1439.610438] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1439.617776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1439.626063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1439.665464] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1439.672567] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1439.680806] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1439.690663] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1439.701322] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1439.709873] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1439.720690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1439.729240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1439.737387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1439.745091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1439.754564] device veth0_vlan entered promiscuous mode [ 1439.765275] device veth1_vlan entered promiscuous mode [ 1439.771099] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1439.778054] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1439.785434] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1439.792250] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1439.799989] Bluetooth: hci0 command 0x0409 tx timeout [ 1439.803848] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1439.808262] Bluetooth: hci5 command 0x0409 tx timeout [ 1439.825013] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1439.835501] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1439.842524] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1439.851302] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1439.859276] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1439.868723] device veth0_macvtap entered promiscuous mode [ 1439.875202] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1439.882222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1439.889895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1439.897886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1439.906120] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1439.916266] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1439.924094] device veth0_vlan entered promiscuous mode [ 1439.930886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1439.939387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1439.947545] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1439.955772] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1439.963042] device veth1_macvtap entered promiscuous mode [ 1439.973636] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1439.983701] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1439.993358] device veth1_vlan entered promiscuous mode [ 1440.000068] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1440.007230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.017719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.027572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.037885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.047063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.056840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.065995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.075755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.085873] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1440.092787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1440.101144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1440.108615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1440.117136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1440.126837] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1440.136481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.146223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.156712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.167084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.176242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.185994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.195733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.205714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.216072] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1440.222966] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1440.233880] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1440.241443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1440.249563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1440.261627] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1440.274997] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1440.281970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1440.290735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1440.301034] device veth0_macvtap entered promiscuous mode [ 1440.308246] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1440.318153] device veth1_macvtap entered promiscuous mode [ 1440.327303] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1440.340333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1440.350810] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1440.384721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.397245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.407876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.418271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.427437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.437596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.446734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.456776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.466157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1440.475914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.485823] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1440.492751] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1440.501502] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1440.509206] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1440.516672] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1440.524451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1440.534614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.545610] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.555571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.565485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.574765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.584547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.593673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.603493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.612707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1440.622459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.632435] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1440.639505] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1440.650846] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1440.659353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:05:35 executing program 5: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:35 executing program 4: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:35 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) 18:05:35 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:35 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:35 executing program 5: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:35 executing program 2: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:36 executing program 4: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:36 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:36 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:36 executing program 4: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:36 executing program 2: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:36 executing program 4: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:36 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) [ 1441.874505] Bluetooth: hci5 command 0x041b tx timeout [ 1441.879902] Bluetooth: hci0 command 0x041b tx timeout [ 1442.046390] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1442.068673] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1442.069720] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1442.073912] CPU: 1 PID: 4974 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1442.093371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1442.102704] Call Trace: [ 1442.105279] dump_stack+0x1b2/0x281 [ 1442.108902] warn_alloc.cold+0x96/0x1cc [ 1442.112857] ? zone_watermark_ok_safe+0x220/0x220 [ 1442.117689] __alloc_pages_nodemask+0x2127/0x2720 [ 1442.122516] ? lock_acquire+0x170/0x3f0 [ 1442.126472] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1442.131297] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1442.136726] ? __mutex_unlock_slowpath+0x75/0x770 [ 1442.141550] alloc_pages_current+0x155/0x260 [ 1442.145941] ion_page_pool_alloc+0x118/0x1b0 [ 1442.150332] ion_system_heap_allocate+0x133/0x8c0 [ 1442.155152] ? ion_alloc+0x187/0x810 [ 1442.158844] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1442.164272] ? ion_system_contig_heap_create+0x130/0x130 [ 1442.169700] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1442.174694] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1442.179517] ion_alloc+0x204/0x810 [ 1442.183042] ? ion_dma_buf_release+0x40/0x40 [ 1442.187429] ? __might_fault+0x177/0x1b0 [ 1442.191473] ion_ioctl+0xea/0x1f0 [ 1442.194905] ? ion_query_heaps+0x360/0x360 [ 1442.199120] ? ion_query_heaps+0x360/0x360 [ 1442.203336] do_vfs_ioctl+0x75a/0xff0 [ 1442.207116] ? ioctl_preallocate+0x1a0/0x1a0 [ 1442.211513] ? lock_downgrade+0x740/0x740 [ 1442.215646] ? __fget+0x225/0x360 [ 1442.219253] ? do_vfs_ioctl+0xff0/0xff0 [ 1442.223209] ? security_file_ioctl+0x83/0xb0 [ 1442.227598] SyS_ioctl+0x7f/0xb0 [ 1442.230943] ? do_vfs_ioctl+0xff0/0xff0 [ 1442.234899] do_syscall_64+0x1d5/0x640 [ 1442.238769] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1442.243949] RIP: 0033:0x465f69 [ 1442.247117] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1442.254804] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1442.262052] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1442.269300] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1442.276546] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1442.283795] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1442.305251] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1442.310403] CPU: 0 PID: 4968 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1442.311466] Mem-Info: [ 1442.318186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1442.318190] Call Trace: [ 1442.318206] dump_stack+0x1b2/0x281 [ 1442.318220] warn_alloc.cold+0x96/0x1cc [ 1442.318231] ? zone_watermark_ok_safe+0x220/0x220 [ 1442.318241] ? nvme_queue_rq+0x3c0/0x1ac0 [ 1442.318261] __alloc_pages_nodemask+0x2127/0x2720 [ 1442.318272] ? __schedule+0x893/0x1de0 [ 1442.320729] active_anon:15442 inactive_anon:24273 isolated_anon:36 [ 1442.320729] active_file:2408 inactive_file:4668 isolated_file:12 [ 1442.320729] unevictable:0 dirty:38 writeback:0 unstable:0 [ 1442.320729] slab_reclaimable:13119 slab_unreclaimable:116877 [ 1442.320729] mapped:57919 shmem:25361 pagetables:1496 bounce:0 [ 1442.320729] free:244662 free_pcp:119 free_cma:0 [ 1442.330015] ? lock_acquire+0x170/0x3f0 [ 1442.330029] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1442.330045] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1442.330056] ? __mutex_unlock_slowpath+0x75/0x770 [ 1442.330070] alloc_pages_current+0x155/0x260 [ 1442.337276] Node 0 active_anon:60028kB inactive_anon:68048kB active_file:9064kB inactive_file:18168kB unevictable:0kB isolated(anon):144kB isolated(file):0kB mapped:216248kB dirty:108kB writeback:0kB shmem:72284kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1442.340204] ion_page_pool_alloc+0x118/0x1b0 [ 1442.340215] ion_system_heap_allocate+0x133/0x8c0 [ 1442.340225] ? ion_alloc+0x187/0x810 [ 1442.345119] Node 1 active_anon:1740kB inactive_anon:29044kB active_file:568kB inactive_file:504kB unevictable:0kB isolated(anon):0kB isolated(file):48kB mapped:15428kB dirty:44kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1442.349177] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1442.349188] ? ion_system_contig_heap_create+0x130/0x130 [ 1442.349200] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1442.356808] Node 0 [ 1442.357916] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1442.357929] ion_alloc+0x204/0x810 [ 1442.357951] ? ion_dma_buf_release+0x40/0x40 [ 1442.392184] DMA free:11136kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1442.396018] ? __might_fault+0x177/0x1b0 [ 1442.396035] ion_ioctl+0xea/0x1f0 [ 1442.396045] ? ion_query_heaps+0x360/0x360 [ 1442.396058] ? ion_query_heaps+0x360/0x360 [ 1442.396068] do_vfs_ioctl+0x75a/0xff0 [ 1442.396079] ? ioctl_preallocate+0x1a0/0x1a0 [ 1442.405688] lowmem_reserve[]: [ 1442.406361] ? lock_downgrade+0x740/0x740 [ 1442.411484] 0 [ 1442.415798] ? __fget+0x225/0x360 [ 1442.415808] ? do_vfs_ioctl+0xff0/0xff0 [ 1442.415818] ? security_file_ioctl+0x83/0xb0 [ 1442.415829] SyS_ioctl+0x7f/0xb0 [ 1442.444253] 2717 [ 1442.448582] ? do_vfs_ioctl+0xff0/0xff0 [ 1442.448595] do_syscall_64+0x1d5/0x640 [ 1442.448612] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1442.453454] 2718 [ 1442.457115] RIP: 0033:0x465f69 [ 1442.457120] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1442.457129] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1442.457134] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1442.457139] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1442.457143] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1442.457149] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1442.658637] 2718 2718 [ 1442.661144] Node 0 DMA32 free:637180kB min:36200kB low:45248kB high:54296kB active_anon:57904kB inactive_anon:68048kB active_file:8976kB inactive_file:18392kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8000kB pagetables:5324kB bounce:0kB free_pcp:256kB local_pcp:200kB free_cma:0kB [ 1442.691129] lowmem_reserve[]: 0 0 0 0 0 [ 1442.695618] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1442.722299] lowmem_reserve[]: 0 0 0 0 0 [ 1442.726537] Node 1 Normal free:171548kB min:53696kB low:67120kB high:80544kB active_anon:1740kB inactive_anon:29044kB active_file:900kB inactive_file:908kB unevictable:0kB writepending:44kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:660kB bounce:0kB free_pcp:128kB local_pcp:128kB free_cma:0kB [ 1442.766837] lowmem_reserve[]: 0 0 0 0 0 [ 1442.770874] Node 0 DMA: 44*4kB (UME) 62*8kB (UME) 54*16kB (UME) 45*32kB (UME) 22*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 1*1024kB (E) 1*2048kB (U) 0*4096kB = 11168kB [ 1442.791303] Node 0 DMA32: 96*4kB (E) 545*8kB (ME) 11528*16kB (UE) 10627*32kB (UE) 58*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 532968kB [ 1442.809488] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1442.821747] Node 1 Normal: 3215*4kB (UM) 3429*8kB (UM) 3056*16kB (U) 2564*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 171236kB [ 1442.839687] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1442.848800] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1442.861150] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1442.870697] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1442.883065] 32359 total pagecache pages [ 1442.887272] 0 pages in swap cache [ 1442.890729] Swap cache stats: add 0, delete 0, find 0/0 [ 1442.899863] Free swap = 0kB [ 1442.902911] Total swap = 0kB [ 1442.906250] 2097051 pages RAM [ 1442.909352] 0 pages HighMem/MovableOnly [ 1442.913315] 363840 pages reserved [ 1442.924356] 0 pages cma reserved 18:05:37 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) 18:05:37 executing program 2: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) [ 1443.964127] Bluetooth: hci0 command 0x040f tx timeout [ 1443.972821] Bluetooth: hci5 command 0x040f tx timeout [ 1444.216408] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1444.249354] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1444.260016] CPU: 1 PID: 5002 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1444.267828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1444.277175] Call Trace: [ 1444.279763] dump_stack+0x1b2/0x281 [ 1444.283393] warn_alloc.cold+0x96/0x1cc [ 1444.287364] ? zone_watermark_ok_safe+0x220/0x220 [ 1444.292220] __alloc_pages_nodemask+0x2127/0x2720 [ 1444.297058] ? io_schedule_timeout+0x140/0x140 [ 1444.301642] ? lock_acquire+0x170/0x3f0 [ 1444.305617] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1444.310463] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1444.315915] ? __mutex_unlock_slowpath+0x75/0x770 [ 1444.320760] alloc_pages_current+0x155/0x260 [ 1444.325172] ion_page_pool_alloc+0x118/0x1b0 [ 1444.329577] ion_system_heap_allocate+0x133/0x8c0 [ 1444.334416] ? ion_alloc+0x187/0x810 [ 1444.338123] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1444.343571] ? ion_system_contig_heap_create+0x130/0x130 [ 1444.349020] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1444.354034] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1444.358881] ion_alloc+0x204/0x810 [ 1444.362422] ? ion_dma_buf_release+0x40/0x40 [ 1444.366826] ? __might_fault+0x177/0x1b0 [ 1444.370886] ion_ioctl+0xea/0x1f0 [ 1444.374335] ? ion_query_heaps+0x360/0x360 [ 1444.378570] ? ion_query_heaps+0x360/0x360 [ 1444.382800] do_vfs_ioctl+0x75a/0xff0 [ 1444.386596] ? ioctl_preallocate+0x1a0/0x1a0 [ 1444.390995] ? lock_downgrade+0x740/0x740 [ 1444.395143] ? __fget+0x225/0x360 [ 1444.398592] ? do_vfs_ioctl+0xff0/0xff0 [ 1444.402570] ? security_file_ioctl+0x83/0xb0 [ 1444.406978] SyS_ioctl+0x7f/0xb0 [ 1444.410340] ? do_vfs_ioctl+0xff0/0xff0 [ 1444.414311] do_syscall_64+0x1d5/0x640 [ 1444.418198] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1444.423377] RIP: 0033:0x465f69 [ 1444.426584] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1444.434290] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1444.441554] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1444.448814] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1444.456075] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1444.463336] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1444.483125] warn_alloc_show_mem: 1 callbacks suppressed [ 1444.483129] Mem-Info: [ 1444.491004] active_anon:15403 inactive_anon:24272 isolated_anon:0 [ 1444.491004] active_file:45 inactive_file:1201 isolated_file:0 [ 1444.491004] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1444.491004] slab_reclaimable:13119 slab_unreclaimable:117360 [ 1444.491004] mapped:53968 shmem:25360 pagetables:1474 bounce:0 [ 1444.491004] free:124603 free_pcp:261 free_cma:0 [ 1444.529702] Node 0 active_anon:59684kB inactive_anon:68044kB active_file:36kB inactive_file:3160kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:200300kB dirty:0kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1444.561550] Node 1 active_anon:1928kB inactive_anon:29044kB active_file:144kB inactive_file:1644kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:15572kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1444.592576] Node 0 DMA free:11144kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1444.625911] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1444.631036] Node 0 DMA32 free:298688kB min:36200kB low:45248kB high:54296kB active_anon:57560kB inactive_anon:68044kB active_file:36kB inactive_file:3560kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:7904kB pagetables:4980kB bounce:0kB free_pcp:336kB local_pcp:176kB free_cma:0kB [ 1444.664698] lowmem_reserve[]: 0 0 0 0 0 [ 1444.668789] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1444.700041] lowmem_reserve[]: 0 0 0 0 0 [ 1444.705244] Node 1 Normal free:106412kB min:53696kB low:67120kB high:80544kB active_anon:1928kB inactive_anon:29044kB active_file:144kB inactive_file:1672kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:576kB pagetables:768kB bounce:0kB free_pcp:716kB local_pcp:0kB free_cma:0kB [ 1444.738576] lowmem_reserve[]: 0 0 0 0 0 [ 1444.742852] Node 0 DMA: 32*4kB (UME) 51*8kB (UME) 54*16kB (UME) 45*32kB (UME) 24*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 1*1024kB (E) 1*2048kB (U) 0*4096kB = 11160kB [ 1444.765435] Node 0 DMA32: 98*4kB (UME) 735*8kB (UME) 10506*16kB (UME) 3830*32kB (UME) 31*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 298912kB [ 1444.780211] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1444.791344] Node 1 Normal: 2122*4kB (UM) 2287*8kB (UM) 1617*16kB (UM) 5*32kB (UM) 1*64kB (U) 6*128kB (UM) 1*256kB (U) 37*512kB (U) 1*1024kB (U) 2*2048kB (UM) 7*4096kB (U) = 106640kB [ 1444.808228] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1444.817471] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1444.826376] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1444.837967] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1444.847003] 27233 total pagecache pages [ 1444.851160] 0 pages in swap cache [ 1444.854998] Swap cache stats: add 0, delete 0, find 0/0 [ 1444.860411] Free swap = 0kB [ 1444.863589] Total swap = 0kB [ 1444.867465] 2097051 pages RAM [ 1444.870686] 0 pages HighMem/MovableOnly [ 1444.875123] 363840 pages reserved [ 1444.878624] 0 pages cma reserved 18:05:39 executing program 2: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:39 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:39 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:39 executing program 3: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:39 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:39 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:39 executing program 2: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:39 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:39 executing program 3: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:39 executing program 2: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:40 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:05:40 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:40 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:40 executing program 3: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:40 executing program 2: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:40 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:40 executing program 3: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:40 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:40 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) [ 1446.034386] Bluetooth: hci5 command 0x0419 tx timeout [ 1446.039971] Bluetooth: hci0 command 0x0419 tx timeout 18:05:40 executing program 2: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:40 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:40 executing program 3: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:41 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:05:41 executing program 2: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:41 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:41 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:41 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:41 executing program 3: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:41 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:41 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:41 executing program 3: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:41 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:41 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:41 executing program 3: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:42 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:05:42 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:42 executing program 3: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:05:42 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:42 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:42 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:42 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:42 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:05:42 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:42 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:42 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:42 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) [ 1448.222579] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1448.264097] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1448.280756] CPU: 0 PID: 5110 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1448.288575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1448.297925] Call Trace: [ 1448.300516] dump_stack+0x1b2/0x281 [ 1448.304144] warn_alloc.cold+0x96/0x1cc [ 1448.308115] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1448.313129] ? zone_watermark_ok_safe+0x220/0x220 [ 1448.317987] __alloc_pages_nodemask+0x2127/0x2720 [ 1448.322834] ? lock_acquire+0x170/0x3f0 [ 1448.326814] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1448.331663] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1448.337115] ? __mutex_unlock_slowpath+0x75/0x770 [ 1448.341962] alloc_pages_current+0x155/0x260 [ 1448.346373] ion_page_pool_alloc+0x118/0x1b0 [ 1448.350788] ion_system_heap_allocate+0x133/0x8c0 [ 1448.355637] ? ion_alloc+0x187/0x810 [ 1448.359353] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1448.364810] ? ion_system_contig_heap_create+0x130/0x130 [ 1448.370261] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1448.375286] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1448.380135] ion_alloc+0x204/0x810 [ 1448.383680] ? ion_dma_buf_release+0x40/0x40 [ 1448.388092] ? __might_fault+0x177/0x1b0 [ 1448.392159] ion_ioctl+0xea/0x1f0 [ 1448.395713] ? ion_query_heaps+0x360/0x360 [ 1448.399949] ? ion_query_heaps+0x360/0x360 [ 1448.404179] do_vfs_ioctl+0x75a/0xff0 [ 1448.407978] ? ioctl_preallocate+0x1a0/0x1a0 [ 1448.412385] ? lock_downgrade+0x740/0x740 [ 1448.416540] ? __fget+0x225/0x360 [ 1448.419989] ? do_vfs_ioctl+0xff0/0xff0 [ 1448.423962] ? security_file_ioctl+0x83/0xb0 [ 1448.428367] SyS_ioctl+0x7f/0xb0 [ 1448.431726] ? do_vfs_ioctl+0xff0/0xff0 [ 1448.435698] do_syscall_64+0x1d5/0x640 [ 1448.439588] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1448.444771] RIP: 0033:0x465f69 [ 1448.447954] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1448.455659] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1448.462929] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1448.470196] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1448.477469] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1448.484737] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1448.715022] Mem-Info: [ 1448.717608] active_anon:15559 inactive_anon:24272 isolated_anon:0 [ 1448.717608] active_file:1251 inactive_file:2512 isolated_file:0 [ 1448.717608] unevictable:0 dirty:85 writeback:0 unstable:0 [ 1448.717608] slab_reclaimable:13250 slab_unreclaimable:116448 [ 1448.717608] mapped:55662 shmem:25360 pagetables:1604 bounce:0 [ 1448.717608] free:557673 free_pcp:169 free_cma:0 [ 1448.751977] Node 0 active_anon:60496kB inactive_anon:68044kB active_file:4184kB inactive_file:8732kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:206612kB dirty:280kB writeback:0kB shmem:72280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1448.788183] Node 1 active_anon:1740kB inactive_anon:29044kB active_file:820kB inactive_file:1316kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16036kB dirty:60kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1448.815824] Node 0 DMA free:11184kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1448.842745] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1448.848310] Node 0 DMA32 free:782284kB min:36200kB low:45248kB high:54296kB active_anon:58372kB inactive_anon:68044kB active_file:4184kB inactive_file:8732kB unevictable:0kB writepending:280kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8096kB pagetables:5756kB bounce:0kB free_pcp:796kB local_pcp:776kB free_cma:0kB [ 1448.878360] lowmem_reserve[]: 0 0 0 0 0 [ 1448.882495] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1448.908456] lowmem_reserve[]: 0 0 0 0 0 [ 1448.912574] Node 1 Normal free:899236kB min:53696kB low:67120kB high:80544kB active_anon:1740kB inactive_anon:29044kB active_file:820kB inactive_file:1316kB unevictable:0kB writepending:60kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:512kB pagetables:660kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1448.943004] lowmem_reserve[]: 0 0 0 0 0 [ 1448.947353] Node 0 DMA: 44*4kB (UME) 60*8kB (UME) 54*16kB (UME) 44*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 1*1024kB (E) 1*2048kB (U) 0*4096kB = 11184kB [ 1448.963905] Node 0 DMA32: 5929*4kB (U) 16750*8kB (UE) 18364*16kB (UE) 10324*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 781908kB [ 1448.978141] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1448.989244] Node 1 Normal: 3211*4kB (UM) 3341*8kB (UM) 2957*16kB (UM) 2464*32kB (UM) 0*64kB 0*128kB 0*256kB 577*512kB (U) 50*1024kB (U) 35*2048kB (U) 24*4096kB (U) = 682340kB [ 1449.005440] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1449.014739] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1449.023451] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1449.032706] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1449.041692] 29147 total pagecache pages [ 1449.046007] 0 pages in swap cache [ 1449.049561] Swap cache stats: add 0, delete 0, find 0/0 [ 1449.055257] Free swap = 0kB [ 1449.058365] Total swap = 0kB [ 1449.061462] 2097051 pages RAM [ 1449.065493] 0 pages HighMem/MovableOnly [ 1449.069551] 363840 pages reserved [ 1449.073070] 0 pages cma reserved 18:05:45 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:05:45 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) 18:05:45 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:45 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:45 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:05:45 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:05:45 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:45 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:45 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:45 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:45 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:45 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) [ 1451.877024] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1451.888926] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1451.901675] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1451.907367] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1451.919523] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1451.924945] CPU: 1 PID: 5144 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1451.932735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1451.942085] Call Trace: [ 1451.944675] dump_stack+0x1b2/0x281 [ 1451.948306] warn_alloc.cold+0x96/0x1cc [ 1451.952277] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1451.957290] ? zone_watermark_ok_safe+0x220/0x220 [ 1451.962141] __alloc_pages_nodemask+0x2127/0x2720 [ 1451.966986] ? lock_acquire+0x170/0x3f0 [ 1451.970960] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1451.975806] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1451.981272] ? __mutex_unlock_slowpath+0x75/0x770 [ 1451.986114] alloc_pages_current+0x155/0x260 [ 1451.990522] ion_page_pool_alloc+0x118/0x1b0 [ 1451.994927] ion_system_heap_allocate+0x133/0x8c0 [ 1451.999766] ? ion_alloc+0x187/0x810 [ 1452.003475] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1452.008920] ? ion_system_contig_heap_create+0x130/0x130 [ 1452.014365] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1452.019383] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1452.024231] ion_alloc+0x204/0x810 [ 1452.027769] ? ion_dma_buf_release+0x40/0x40 [ 1452.032171] ? __might_fault+0x177/0x1b0 [ 1452.034512] syz-executor.1 cpuset= [ 1452.036230] ion_ioctl+0xea/0x1f0 [ 1452.036242] ? ion_query_heaps+0x360/0x360 [ 1452.036254] ? ion_query_heaps+0x360/0x360 [ 1452.042009] / [ 1452.043212] do_vfs_ioctl+0x75a/0xff0 [ 1452.056399] mems_allowed=0-1 [ 1452.057128] ? ioctl_preallocate+0x1a0/0x1a0 [ 1452.064602] ? lock_downgrade+0x740/0x740 [ 1452.068746] ? __fget+0x225/0x360 [ 1452.072188] ? do_vfs_ioctl+0xff0/0xff0 [ 1452.076156] ? security_file_ioctl+0x83/0xb0 [ 1452.080557] SyS_ioctl+0x7f/0xb0 [ 1452.083916] ? do_vfs_ioctl+0xff0/0xff0 [ 1452.087885] do_syscall_64+0x1d5/0x640 [ 1452.091768] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1452.096943] RIP: 0033:0x465f69 [ 1452.100119] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1452.107808] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1452.115066] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1452.122326] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1452.129593] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1452.136848] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1452.149329] CPU: 0 PID: 5147 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1452.157136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.166486] Call Trace: [ 1452.169077] dump_stack+0x1b2/0x281 [ 1452.169305] Mem-Info: [ 1452.172722] warn_alloc.cold+0x96/0x1cc [ 1452.172735] ? zone_watermark_ok_safe+0x220/0x220 [ 1452.172756] __alloc_pages_nodemask+0x2127/0x2720 [ 1452.175232] active_anon:15642 inactive_anon:24272 isolated_anon:0 [ 1452.175232] active_file:261 inactive_file:602 isolated_file:0 [ 1452.175232] unevictable:0 dirty:5 writeback:0 unstable:0 [ 1452.175232] slab_reclaimable:13277 slab_unreclaimable:114846 [ 1452.175232] mapped:53717 shmem:25360 pagetables:1650 bounce:0 [ 1452.175232] free:142099 free_pcp:171 free_cma:0 [ 1452.179092] ? io_schedule_timeout+0x140/0x140 [ 1452.179114] ? lock_acquire+0x170/0x3f0 [ 1452.179128] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1452.184023] Node 0 active_anon:60476kB inactive_anon:68040kB active_file:240kB inactive_file:1388kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:198832kB dirty:16kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1452.188774] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1452.188787] ? __mutex_unlock_slowpath+0x75/0x770 [ 1452.188808] alloc_pages_current+0x155/0x260 [ 1452.223457] Node 1 active_anon:2092kB inactive_anon:29048kB active_file:804kB inactive_file:1020kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16036kB dirty:4kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1452.226926] ion_page_pool_alloc+0x118/0x1b0 [ 1452.226939] ion_system_heap_allocate+0x133/0x8c0 [ 1452.226948] ? ion_alloc+0x187/0x810 [ 1452.226957] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1452.226967] ? ion_system_contig_heap_create+0x130/0x130 [ 1452.226976] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1452.226987] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1452.226998] ion_alloc+0x204/0x810 [ 1452.227011] ? ion_dma_buf_release+0x40/0x40 [ 1452.227022] ? __might_fault+0x177/0x1b0 [ 1452.227035] ion_ioctl+0xea/0x1f0 [ 1452.227045] ? ion_query_heaps+0x360/0x360 [ 1452.227056] ? ion_query_heaps+0x360/0x360 [ 1452.227066] do_vfs_ioctl+0x75a/0xff0 [ 1452.231757] Node 0 [ 1452.235861] ? ioctl_preallocate+0x1a0/0x1a0 [ 1452.235871] ? lock_downgrade+0x740/0x740 [ 1452.235883] ? __fget+0x225/0x360 [ 1452.235891] ? do_vfs_ioctl+0xff0/0xff0 [ 1452.235901] ? security_file_ioctl+0x83/0xb0 [ 1452.235909] SyS_ioctl+0x7f/0xb0 [ 1452.235916] ? do_vfs_ioctl+0xff0/0xff0 [ 1452.235927] do_syscall_64+0x1d5/0x640 [ 1452.235943] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1452.235951] RIP: 0033:0x465f69 [ 1452.235956] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1452.235966] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1452.235972] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1452.235977] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1452.235982] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1452.235988] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1452.243487] CPU: 0 PID: 5141 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1452.269896] DMA free:11072kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1452.274226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.274231] Call Trace: [ 1452.274247] dump_stack+0x1b2/0x281 [ 1452.274260] warn_alloc.cold+0x96/0x1cc [ 1452.274271] ? zone_watermark_ok_safe+0x220/0x220 [ 1452.274291] __alloc_pages_nodemask+0x2127/0x2720 [ 1452.274306] ? lock_acquire+0x170/0x3f0 [ 1452.274320] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1452.274336] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1452.274347] ? __mutex_unlock_slowpath+0x75/0x770 [ 1452.274361] alloc_pages_current+0x155/0x260 [ 1452.274375] ion_page_pool_alloc+0x118/0x1b0 [ 1452.274386] ion_system_heap_allocate+0x133/0x8c0 [ 1452.274396] ? ion_alloc+0x187/0x810 [ 1452.274404] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1452.274414] ? ion_system_contig_heap_create+0x130/0x130 [ 1452.274424] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1452.274436] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1452.279979] lowmem_reserve[]: [ 1452.306160] ion_alloc+0x204/0x810 [ 1452.306175] ? ion_dma_buf_release+0x40/0x40 [ 1452.306186] ? __might_fault+0x177/0x1b0 [ 1452.306198] ion_ioctl+0xea/0x1f0 [ 1452.306206] ? ion_query_heaps+0x360/0x360 [ 1452.306216] ? ion_query_heaps+0x360/0x360 [ 1452.306225] do_vfs_ioctl+0x75a/0xff0 [ 1452.306235] ? ioctl_preallocate+0x1a0/0x1a0 [ 1452.306244] ? lock_downgrade+0x740/0x740 [ 1452.306255] ? __fget+0x225/0x360 [ 1452.306264] ? do_vfs_ioctl+0xff0/0xff0 [ 1452.306273] ? security_file_ioctl+0x83/0xb0 [ 1452.306282] SyS_ioctl+0x7f/0xb0 [ 1452.306289] ? do_vfs_ioctl+0xff0/0xff0 [ 1452.306299] do_syscall_64+0x1d5/0x640 [ 1452.306316] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1452.306326] RIP: 0033:0x465f69 [ 1452.312074] 0 [ 1452.315540] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1452.315552] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1452.315557] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1452.315563] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1452.315567] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1452.315571] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1452.693368] 2717 2718 2718 2718 [ 1452.696882] Node 0 DMA32 free:628896kB min:36200kB low:45248kB high:54296kB active_anon:58352kB inactive_anon:68040kB active_file:236kB inactive_file:2988kB unevictable:0kB writepending:16kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8160kB pagetables:5728kB bounce:0kB free_pcp:264kB local_pcp:240kB free_cma:0kB [ 1452.727043] lowmem_reserve[]: 0 0 0 0 0 [ 1452.731109] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1452.760270] lowmem_reserve[]: 0 0 0 0 0 [ 1452.768459] Node 1 Normal free:97552kB min:53696kB low:67120kB high:80544kB active_anon:2092kB inactive_anon:29048kB active_file:804kB inactive_file:1020kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:576kB pagetables:872kB bounce:0kB free_pcp:720kB local_pcp:0kB free_cma:0kB [ 1452.801536] lowmem_reserve[]: 0 0 0 0 0 [ 1452.806094] Node 0 DMA: 35*4kB (UME) 20*8kB (UME) 13*16kB (ME) 10*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (U) 0*4096kB = 11132kB [ 1452.827113] Node 0 DMA32: 1*4kB (U) 452*8kB (ME) 16714*16kB (UME) 8605*32kB (UME) 92*64kB (UM) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 552548kB [ 1452.863961] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1452.884698] Node 1 Normal: 3248*4kB (UM) 3354*8kB (UM) 2956*16kB (UM) 1261*32kB (UM) 6*64kB (UM) 3*128kB (UM) 0*256kB 2*512kB (UM) 2*1024kB (UM) 2*2048kB (UM) 11*4096kB (U) = 180464kB [ 1452.931822] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1452.951521] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1452.976447] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1453.007027] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1453.015703] 26678 total pagecache pages [ 1453.029169] 0 pages in swap cache [ 1453.032651] Swap cache stats: add 0, delete 0, find 0/0 [ 1453.047054] Free swap = 0kB [ 1453.050099] Total swap = 0kB [ 1453.053115] 2097051 pages RAM [ 1453.070210] 0 pages HighMem/MovableOnly [ 1453.074250] 363840 pages reserved [ 1453.077694] 0 pages cma reserved [ 1454.329338] oom_reaper: reaped process 5144 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1454.457269] oom_reaper: reaped process 5141 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1454.485537] in:imklog invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1454.512265] in:imklog cpuset=/ mems_allowed=0-1 [ 1454.521263] CPU: 0 PID: 4136 Comm: in:imklog Not tainted 4.14.224-syzkaller #0 [ 1454.528631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1454.538144] Call Trace: [ 1454.540758] dump_stack+0x1b2/0x281 [ 1454.544514] dump_header+0x178/0x82f [ 1454.548214] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1454.553434] ? ___ratelimit+0x2cd/0x530 [ 1454.557505] oom_kill_process.cold+0x10/0xb18 [ 1454.562040] out_of_memory+0xe3e/0x1190 [ 1454.566132] ? oom_killer_disable+0x1c0/0x1c0 [ 1454.570728] ? mutex_trylock+0x152/0x1a0 [ 1454.574996] __alloc_pages_nodemask+0x23e1/0x2720 [ 1454.580040] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1454.584889] alloc_pages_current+0x155/0x260 [ 1454.589404] filemap_fault+0xea3/0x1980 [ 1454.593381] ext4_filemap_fault+0x84/0xb0 [ 1454.597525] __do_fault+0xfa/0x380 [ 1454.601096] __handle_mm_fault+0x2497/0x4620 [ 1454.605495] ? vm_insert_page+0x7c0/0x7c0 [ 1454.609633] ? lock_downgrade+0x740/0x740 [ 1454.613773] handle_mm_fault+0x391/0x860 [ 1454.617824] __do_page_fault+0x549/0xad0 [ 1454.621962] ? spurious_fault+0x640/0x640 [ 1454.626302] ? do_page_fault+0x60/0x500 [ 1454.630335] ? page_fault+0x2f/0x50 [ 1454.633954] page_fault+0x45/0x50 [ 1454.637397] RIP: 1fa0:0x1f9f [ 1454.640412] RSP: 0000:000055d320bb09d0 EFLAGS: 7f07b072eda0 [ 1454.642750] Mem-Info: [ 1454.643463] syz-executor.5: [ 1454.648564] active_anon:15619 inactive_anon:24272 isolated_anon:0 [ 1454.648564] active_file:0 inactive_file:2 isolated_file:0 [ 1454.648564] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1454.648564] slab_reclaimable:13276 slab_unreclaimable:115471 [ 1454.648564] mapped:53172 shmem:25360 pagetables:1650 bounce:0 [ 1454.648564] free:13967 free_pcp:108 free_cma:0 [ 1454.657050] syz-executor.4: [ 1454.689707] Node 0 active_anon:60384kB inactive_anon:68040kB active_file:0kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:198080kB dirty:0kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1454.697021] page allocation failure: order:0 [ 1454.722883] Node 1 active_anon:2092kB inactive_anon:29048kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14608kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1454.730888] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1454.756724] Node 0 [ 1454.763501] page allocation failure: order:0 [ 1454.763906] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1454.766198] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1454.770835] lowmem_reserve[]: [ 1454.804160] (null) [ 1454.807503] (null) [ 1454.809558] syz-executor.5 cpuset= [ 1454.811701] syz-executor.4 cpuset= [ 1454.811703] / mems_allowed=0-1 [ 1454.822136] CPU: 0 PID: 5141 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1454.822965] / [ 1454.829924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1454.829973] mems_allowed=0-1 [ 1454.831808] Call Trace: [ 1454.847145] dump_stack+0x1b2/0x281 [ 1454.850766] warn_alloc.cold+0x96/0x1cc [ 1454.854733] ? zone_watermark_ok_safe+0x220/0x220 [ 1454.859565] ? usleep_range+0x130/0x130 [ 1454.863528] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1454.868622] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1454.873627] ? run_timer_softirq+0x5a0/0x5a0 [ 1454.878035] __alloc_pages_nodemask+0x2127/0x2720 [ 1454.882870] ? lock_acquire+0x170/0x3f0 [ 1454.886839] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1454.891687] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1454.896270] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1454.901722] alloc_pages_current+0x155/0x260 [ 1454.906125] ion_page_pool_alloc+0x118/0x1b0 [ 1454.910527] ion_system_heap_allocate+0x133/0x8c0 [ 1454.915360] ? ion_alloc+0x187/0x810 [ 1454.919069] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1454.924511] ? ion_system_contig_heap_create+0x130/0x130 [ 1454.929955] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1454.934971] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1454.939806] ion_alloc+0x204/0x810 [ 1454.943340] ? ion_dma_buf_release+0x40/0x40 [ 1454.947744] ? __might_fault+0x177/0x1b0 [ 1454.951936] ion_ioctl+0xea/0x1f0 [ 1454.955380] ? ion_query_heaps+0x360/0x360 [ 1454.959609] ? ion_query_heaps+0x360/0x360 [ 1454.963921] do_vfs_ioctl+0x75a/0xff0 [ 1454.967840] ? ioctl_preallocate+0x1a0/0x1a0 [ 1454.972237] ? lock_downgrade+0x740/0x740 [ 1454.976378] ? __fget+0x225/0x360 [ 1454.979837] ? do_vfs_ioctl+0xff0/0xff0 [ 1454.983802] ? security_file_ioctl+0x83/0xb0 [ 1454.988323] SyS_ioctl+0x7f/0xb0 [ 1454.991679] ? do_vfs_ioctl+0xff0/0xff0 [ 1454.995651] do_syscall_64+0x1d5/0x640 [ 1454.999540] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1455.004719] RIP: 0033:0x465f69 [ 1455.007897] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1455.015612] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1455.022887] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1455.030147] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1455.037531] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1455.044791] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1455.052172] CPU: 1 PID: 5144 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1455.052995] 0 [ 1455.060098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1455.060102] Call Trace: [ 1455.060120] dump_stack+0x1b2/0x281 [ 1455.060133] warn_alloc.cold+0x96/0x1cc [ 1455.060144] ? zone_watermark_ok_safe+0x220/0x220 [ 1455.060152] ? usleep_range+0x130/0x130 [ 1455.060160] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1455.060170] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1455.060181] ? run_timer_softirq+0x5a0/0x5a0 [ 1455.061975] 2717 [ 1455.071417] __alloc_pages_nodemask+0x2127/0x2720 [ 1455.071432] ? lock_acquire+0x170/0x3f0 [ 1455.071446] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1455.071459] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1455.074350] 2718 [ 1455.077652] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1455.081604] 2718 [ 1455.086453] alloc_pages_current+0x155/0x260 [ 1455.086466] ion_page_pool_alloc+0x118/0x1b0 [ 1455.086476] ion_system_heap_allocate+0x133/0x8c0 [ 1455.086486] ? ion_alloc+0x187/0x810 [ 1455.086494] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1455.086508] ? ion_system_contig_heap_create+0x130/0x130 [ 1455.086520] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1455.090602] 2718 [ 1455.095741] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1455.095753] ion_alloc+0x204/0x810 [ 1455.095766] ? ion_dma_buf_release+0x40/0x40 [ 1455.095778] ? __might_fault+0x177/0x1b0 [ 1455.095790] ion_ioctl+0xea/0x1f0 [ 1455.105301] ? ion_query_heaps+0x360/0x360 [ 1455.105314] ? ion_query_heaps+0x360/0x360 [ 1455.105324] do_vfs_ioctl+0x75a/0xff0 [ 1455.105335] ? ioctl_preallocate+0x1a0/0x1a0 [ 1455.105345] ? lock_downgrade+0x740/0x740 [ 1455.107393] Node 0 [ 1455.112225] ? __fget+0x225/0x360 [ 1455.116225] DMA32 free:18136kB min:36200kB low:45248kB high:54296kB active_anon:58168kB inactive_anon:68040kB active_file:0kB inactive_file:72kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8160kB pagetables:5728kB bounce:0kB free_pcp:296kB local_pcp:296kB free_cma:0kB [ 1455.121015] ? do_vfs_ioctl+0xff0/0xff0 [ 1455.125537] lowmem_reserve[]: [ 1455.127550] ? security_file_ioctl+0x83/0xb0 [ 1455.133101] 0 [ 1455.135155] SyS_ioctl+0x7f/0xb0 [ 1455.135165] ? do_vfs_ioctl+0xff0/0xff0 [ 1455.135175] do_syscall_64+0x1d5/0x640 [ 1455.135190] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1455.135199] RIP: 0033:0x465f69 [ 1455.139632] 0 [ 1455.144022] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1455.144032] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1455.144037] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1455.144042] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1455.144046] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1455.144051] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1455.164572] warn_alloc_show_mem: 2 callbacks suppressed [ 1455.164575] Mem-Info: [ 1455.168617] 0 [ 1455.170685] active_anon:15591 inactive_anon:24272 isolated_anon:0 [ 1455.170685] active_file:15 inactive_file:14 isolated_file:0 [ 1455.170685] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1455.170685] slab_reclaimable:13276 slab_unreclaimable:115474 [ 1455.170685] mapped:53158 shmem:25360 pagetables:1650 bounce:0 [ 1455.170685] free:13936 free_pcp:138 free_cma:0 [ 1455.175693] 0 0 [ 1455.175703] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1455.175719] lowmem_reserve[]: 0 0 0 0 0 [ 1455.175739] Node 1 Normal free:26764kB min:53696kB low:67120kB high:80544kB active_anon:2072kB inactive_anon:29048kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:872kB bounce:0kB free_pcp:140kB local_pcp:20kB free_cma:0kB [ 1455.175756] lowmem_reserve[]: 0 0 0 0 0 [ 1455.175776] Node 0 DMA: 20*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) [ 1455.189243] Node 0 active_anon:60292kB inactive_anon:68040kB active_file:40kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:198040kB dirty:0kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1455.191441] 23*64kB [ 1455.199195] Node 1 active_anon:2072kB inactive_anon:29048kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1455.199968] (UME) [ 1455.210794] Node 0 [ 1455.212687] 13*128kB [ 1455.218558] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1455.246767] (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (U) 0*4096kB = 10968kB [ 1455.246803] Node 0 DMA32: 135*4kB (UME) 464*8kB (UME) 145*16kB (UME) 158*32kB (UME) 97*64kB (UM) 2*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB [ 1455.263169] lowmem_reserve[]: [ 1455.263715] 0*4096kB = 18092kB [ 1455.263723] Node 0 Normal: 0*4kB 0*8kB [ 1455.267705] 0 [ 1455.271708] 0*16kB 0*32kB [ 1455.287638] 2717 [ 1455.313554] 0*64kB [ 1455.324707] 2718 [ 1455.353292] 0*128kB [ 1455.432682] 2718 [ 1455.527372] 0*256kB [ 1455.535227] 2718 [ 1455.553279] 0*512kB [ 1455.589267] 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1455.589281] Node 1 Normal: 0*4kB 0*8kB 2*16kB (UM) 1*32kB (M) 101*64kB (U) 8*128kB (U) 1*256kB (U) 2*512kB (UM) 67*1024kB (UM) 29*2048kB (UM) 5*4096kB (U) = 157312kB [ 1455.589351] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1455.589356] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1455.589361] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1455.589366] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1455.589369] 25944 total pagecache pages [ 1455.589380] 0 pages in swap cache [ 1455.594235] Node 0 [ 1455.673271] Swap cache stats: add 0, delete 0, find 0/0 [ 1455.681578] Free swap = 0kB [ 1455.703292] DMA32 free:55224kB min:36200kB low:45248kB high:54296kB active_anon:58168kB inactive_anon:68040kB active_file:40kB inactive_file:32kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8160kB pagetables:5728kB bounce:0kB free_pcp:412kB local_pcp:236kB free_cma:0kB [ 1455.706581] Total swap = 0kB [ 1455.783489] lowmem_reserve[]: 0 0 0 0 0 [ 1455.787852] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1455.803282] 2097051 pages RAM [ 1455.847074] 0 pages HighMem/MovableOnly [ 1455.851081] 363840 pages reserved [ 1455.873259] 0 pages cma reserved [ 1455.873606] lowmem_reserve[]: [ 1455.876719] Out of memory (oom_kill_allocating_task): Kill process 4136 (in:imklog) score 0 or sacrifice child [ 1455.876725] 0 [ 1455.879863] Killed process 4134 (rsyslogd) total-vm:254332kB, anon-rss:992kB, file-rss:0kB, shmem-rss:0kB [ 1455.917532] 0 0 0 0 [ 1455.919910] Node 1 Normal free:53324kB min:53696kB low:67120kB high:80544kB active_anon:2072kB inactive_anon:29048kB active_file:1156kB inactive_file:1308kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:872kB bounce:0kB free_pcp:1396kB local_pcp:660kB free_cma:0kB [ 1455.950550] lowmem_reserve[]: 0 0 0 0 0 [ 1455.956126] Node 0 DMA: 20*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (U) 0*4096kB = 10968kB [ 1455.964675] oom_reaper: reaped process 4134 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1455.975513] Node 0 DMA32: 196*4kB (UME) 641*8kB (UME) 151*16kB (UME) 99*32kB (UME) 66*64kB (UM) 21*128kB (UM) 2*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18920kB [ 1455.997290] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1456.008275] Node 1 Normal: 3990*4kB (UM) 218*8kB (UM) 296*16kB (UM) 271*32kB (UM) 1*64kB (M) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 32200kB [ 1456.023059] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1456.032221] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1456.041624] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1456.044217] systemd-journal invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1456.070026] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1456.076758] systemd-journal cpuset=/ mems_allowed=0-1 [ 1456.087897] CPU: 1 PID: 2915 Comm: systemd-journal Not tainted 4.14.224-syzkaller #0 [ 1456.096019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1456.097511] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1456.105513] Call Trace: [ 1456.105532] dump_stack+0x1b2/0x281 [ 1456.105545] dump_header+0x178/0x82f [ 1456.105555] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1456.105564] ? ___ratelimit+0x2cd/0x530 [ 1456.105574] oom_kill_process.cold+0x10/0xb18 [ 1456.105591] out_of_memory+0xe3e/0x1190 [ 1456.105603] ? oom_killer_disable+0x1c0/0x1c0 [ 1456.105610] ? mutex_trylock+0x152/0x1a0 [ 1456.105620] __alloc_pages_nodemask+0x23e1/0x2720 [ 1456.105642] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1456.125944] syz-executor.5 cpuset= [ 1456.129371] alloc_pages_current+0x155/0x260 [ 1456.151808] / [ 1456.155498] filemap_fault+0xea3/0x1980 [ 1456.172632] 25399 total pagecache pages [ 1456.174298] ext4_filemap_fault+0x84/0xb0 [ 1456.174309] __do_fault+0xfa/0x380 [ 1456.174318] __handle_mm_fault+0x2497/0x4620 [ 1456.174327] ? vm_insert_page+0x7c0/0x7c0 [ 1456.174338] ? putname+0xcd/0x110 [ 1456.174355] handle_mm_fault+0x391/0x860 [ 1456.174368] __do_page_fault+0x549/0xad0 [ 1456.180531] 0 pages in swap cache [ 1456.182478] ? spurious_fault+0x640/0x640 [ 1456.198557] mems_allowed=0-1 [ 1456.202020] ? do_page_fault+0x60/0x500 [ 1456.218433] Swap cache stats: add 0, delete 0, find 0/0 [ 1456.220987] ? page_fault+0x2f/0x50 [ 1456.229953] page_fault+0x45/0x50 [ 1456.233418] RIP: 998f1040:0x7ffc84067580 [ 1456.237629] RSP: 840675c0:000000000000000d EFLAGS: ffffffff [ 1456.237648] CPU: 0 PID: 5141 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1456.242406] Mem-Info: [ 1456.250972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1456.250976] Call Trace: [ 1456.250992] dump_stack+0x1b2/0x281 [ 1456.251005] warn_alloc.cold+0x96/0x1cc [ 1456.263860] active_anon:15317 inactive_anon:24272 isolated_anon:0 [ 1456.263860] active_file:42 inactive_file:12 isolated_file:0 [ 1456.263860] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1456.263860] slab_reclaimable:13275 slab_unreclaimable:115857 [ 1456.263860] mapped:53173 shmem:25360 pagetables:1619 bounce:0 [ 1456.263860] free:14668 free_pcp:0 free_cma:0 [ 1456.270648] ? zone_watermark_ok_safe+0x220/0x220 [ 1456.273247] Node 0 active_anon:59196kB inactive_anon:68040kB active_file:52kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:198040kB dirty:0kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1456.276934] __alloc_pages_nodemask+0x2127/0x2720 [ 1456.280894] Node 1 active_anon:2072kB inactive_anon:29048kB active_file:116kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14652kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1456.314019] ? ___preempt_schedule+0x16/0x18 [ 1456.314033] ? lock_acquire+0x170/0x3f0 [ 1456.314047] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1456.314064] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1456.320215] Node 0 [ 1456.346701] ? __mutex_unlock_slowpath+0x75/0x770 [ 1456.346714] ? ion_page_pool_remove+0x82/0x280 [ 1456.346725] alloc_pages_current+0x155/0x260 [ 1456.346737] ion_page_pool_alloc+0x118/0x1b0 [ 1456.351578] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1456.378927] ion_system_heap_allocate+0x133/0x8c0 [ 1456.378938] ? _raw_spin_unlock+0x29/0x40 [ 1456.378947] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1456.378959] ? ion_system_contig_heap_create+0x130/0x130 [ 1456.383452] lowmem_reserve[]: [ 1456.387441] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1456.392261] 0 [ 1456.397718] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1456.397731] ion_alloc+0x27a/0x810 [ 1456.397745] ? ion_dma_buf_release+0x40/0x40 [ 1456.397757] ? __might_fault+0x177/0x1b0 [ 1456.399988] 2717 [ 1456.404825] ion_ioctl+0xea/0x1f0 [ 1456.404836] ? ion_query_heaps+0x360/0x360 [ 1456.404849] ? ion_query_heaps+0x360/0x360 [ 1456.409549] 2718 [ 1456.413950] do_vfs_ioctl+0x75a/0xff0 [ 1456.413962] ? ioctl_preallocate+0x1a0/0x1a0 [ 1456.413970] ? lock_downgrade+0x740/0x740 [ 1456.413982] ? __fget+0x225/0x360 [ 1456.418379] 2718 [ 1456.444166] ? do_vfs_ioctl+0xff0/0xff0 [ 1456.444176] ? security_file_ioctl+0x83/0xb0 [ 1456.444185] SyS_ioctl+0x7f/0xb0 [ 1456.444193] ? do_vfs_ioctl+0xff0/0xff0 [ 1456.444204] do_syscall_64+0x1d5/0x640 [ 1456.449033] 2718 [ 1456.453245] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1456.453253] RIP: 0033:0x465f69 [ 1456.453259] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 [ 1456.463605] ORIG_RAX: 0000000000000010 [ 1456.463611] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1456.463615] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1456.463620] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1456.463625] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1456.463629] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1456.473087] Free swap = 0kB [ 1456.481473] Node 0 [ 1456.481953] Total swap = 0kB [ 1456.486399] DMA32 free:17852kB min:36200kB low:45248kB high:54296kB active_anon:57072kB inactive_anon:68040kB active_file:48kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8032kB pagetables:5604kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1456.486402] lowmem_reserve[]: 0 0 0 0 0 [ 1456.486422] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1456.486438] lowmem_reserve[]: 0 0 0 0 0 [ 1456.486458] Node 1 [ 1456.499536] 2097051 pages RAM [ 1456.503186] Normal free:29852kB min:53696kB low:67120kB high:80544kB active_anon:2072kB inactive_anon:29048kB active_file:116kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:872kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1456.504871] 0 pages HighMem/MovableOnly [ 1456.507021] lowmem_reserve[]: [ 1456.510807] 363840 pages reserved [ 1456.510811] 0 pages cma reserved [ 1456.518276] 0 [ 1456.723491] warn_alloc_show_mem: 1 callbacks suppressed [ 1456.723495] Mem-Info: [ 1456.733183] 0 0 0 0 [ 1456.735654] Node 0 DMA: 20*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (U) 0*4096kB = 10968kB [ 1456.752335] active_anon:15317 inactive_anon:24272 isolated_anon:0 [ 1456.752335] active_file:92 inactive_file:1112 isolated_file:0 [ 1456.752335] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1456.752335] slab_reclaimable:13275 slab_unreclaimable:115857 [ 1456.752335] mapped:53923 shmem:25360 pagetables:1619 bounce:0 [ 1456.752335] free:69349 free_pcp:56 free_cma:0 [ 1456.787467] Node 0 DMA32: 338*4kB (UME) 839*8kB (UME) 164*16kB (UME) 104*32kB (UME) 33*64kB (UM) 21*128kB (UM) 2*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19328kB [ 1456.807688] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1456.818751] Node 0 active_anon:59196kB inactive_anon:68040kB active_file:52kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:198040kB dirty:0kB writeback:0kB shmem:72276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1456.850376] Node 1 Normal: 2*4kB (UM) 1*8kB (U) 1*16kB (M) 220*32kB (U) 29*64kB (UM) 163*128kB (UM) 32*256kB (UM) 1*512kB (M) 41*1024kB (UM) 87*2048kB (UM) 8*4096kB (U) = 291424kB [ 1456.874715] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1456.887005] Node 1 active_anon:2072kB inactive_anon:29048kB active_file:316kB inactive_file:5212kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:18252kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1456.918710] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1456.927872] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1456.941652] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1456.950341] Node 0 DMA free:10968kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1456.983092] 27034 total pagecache pages [ 1456.987613] 0 pages in swap cache [ 1456.991304] Swap cache stats: add 0, delete 0, find 0/0 [ 1456.998476] Free swap = 0kB [ 1457.001852] Total swap = 0kB [ 1457.004924] 2097051 pages RAM [ 1457.008037] 0 pages HighMem/MovableOnly [ 1457.012017] 363840 pages reserved [ 1457.015618] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1457.020668] Node 0 DMA32 free:45212kB min:36200kB low:45248kB high:54296kB active_anon:57028kB inactive_anon:68040kB active_file:32kB inactive_file:156kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8000kB pagetables:5552kB bounce:0kB free_pcp:472kB local_pcp:244kB free_cma:0kB [ 1457.050771] 0 pages cma reserved [ 1457.054192] Out of memory (oom_kill_allocating_task): Kill process 2915 (systemd-journal) score 0 or sacrifice child [ 1457.065248] Killed process 2915 (systemd-journal) total-vm:46096kB, anon-rss:476kB, file-rss:4kB, shmem-rss:3800kB [ 1457.079644] lowmem_reserve[]: 0 0 0 0 0 [ 1457.085728] oom_reaper: reaped process 2915 (systemd-journal), now anon-rss:0kB, file-rss:0kB, shmem-rss:3808kB [ 1457.086050] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1457.127523] lowmem_reserve[]: 0 0 0 0 0 [ 1457.145953] Node 1 Normal free:285536kB min:53696kB low:67120kB high:80544kB active_anon:2052kB inactive_anon:29048kB active_file:540kB inactive_file:9600kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:608kB pagetables:984kB bounce:0kB free_pcp:264kB local_pcp:112kB free_cma:0kB [ 1457.161046] systemd[1]: systemd-journald.service: Failed with result 'signal'. [ 1457.204936] lowmem_reserve[]: 0 0 0 0 0 [ 1457.209352] Node 0 DMA: 20*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (U) 0*4096kB = 10968kB [ 1457.226706] Node 0 DMA32: 118*4kB (UE) 676*8kB (UME) 161*16kB (UE) 106*32kB (UME) 422*64kB (UM) 26*128kB (UM) 4*256kB (U) 1*512kB (U) 3*1024kB (U) 0*2048kB 0*4096kB = 46792kB [ 1457.243425] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 18:05:51 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1457.254071] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 1457.255550] Node 1 Normal: 2*4kB (UM) 0*8kB 2*16kB (UM) 212*32kB (UM) 333*64kB (UM) 224*128kB (U) 115*256kB (U) 2*512kB (U) 2*1024kB (UM) 55*2048kB (UM) 16*4096kB (U) = 267496kB [ 1457.297976] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 1457.304722] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1457.314895] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1457.328699] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 1457.337948] systemd[1]: Stopped Journal Service. [ 1457.343812] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1457.372571] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1457.392930] systemd[1]: Starting Journal Service... [ 1457.404448] 28975 total pagecache pages [ 1457.424307] 0 pages in swap cache [ 1457.433948] Swap cache stats: add 0, delete 0, find 0/0 [ 1457.444434] Free swap = 0kB [ 1457.447645] Total swap = 0kB [ 1457.450869] 2097051 pages RAM [ 1457.466198] 0 pages HighMem/MovableOnly [ 1457.471412] 363840 pages reserved [ 1457.481676] 0 pages cma reserved [ 1457.591997] systemd-journald[5177]: File /run/log/journal/64dd78f1a75445a997c532444ad0f085/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 1457.676946] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1457.713827] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1457.718994] CPU: 0 PID: 5144 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1457.727015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1457.736523] Call Trace: [ 1457.739152] dump_stack+0x1b2/0x281 [ 1457.742793] warn_alloc.cold+0x96/0x1cc [ 1457.746780] ? zone_watermark_ok_safe+0x220/0x220 [ 1457.751815] __alloc_pages_nodemask+0x2127/0x2720 [ 1457.756670] ? lock_acquire+0x170/0x3f0 [ 1457.760656] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1457.765510] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1457.770966] ? __mutex_unlock_slowpath+0x75/0x770 [ 1457.775824] alloc_pages_current+0x155/0x260 [ 1457.780242] ion_page_pool_alloc+0x118/0x1b0 [ 1457.784768] ion_system_heap_allocate+0x133/0x8c0 [ 1457.789807] ? _raw_spin_unlock+0x29/0x40 [ 1457.793964] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1457.799046] ? ion_system_contig_heap_create+0x130/0x130 [ 1457.804506] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1457.809529] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1457.814601] ion_alloc+0x27a/0x810 [ 1457.818157] ? ion_dma_buf_release+0x40/0x40 [ 1457.822578] ? __might_fault+0x177/0x1b0 [ 1457.826648] ion_ioctl+0xea/0x1f0 [ 1457.830106] ? ion_query_heaps+0x360/0x360 [ 1457.834351] ? ion_query_heaps+0x360/0x360 [ 1457.838595] do_vfs_ioctl+0x75a/0xff0 [ 1457.842405] ? ioctl_preallocate+0x1a0/0x1a0 [ 1457.846822] ? lock_downgrade+0x740/0x740 [ 1457.850982] ? __fget+0x225/0x360 [ 1457.854444] ? do_vfs_ioctl+0xff0/0xff0 [ 1457.858559] ? security_file_ioctl+0x83/0xb0 [ 1457.862977] SyS_ioctl+0x7f/0xb0 [ 1457.866497] ? do_vfs_ioctl+0xff0/0xff0 [ 1457.870478] do_syscall_64+0x1d5/0x640 [ 1457.874375] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1457.879567] RIP: 0033:0x465f69 [ 1457.882765] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1457.890779] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1457.898107] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1457.905384] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1457.912680] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1457.919958] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1457.933498] systemd[1]: Started System Logging Service. [ 1458.035967] systemd[1]: Started Journal Service. [ 1458.256792] Mem-Info: [ 1458.259408] active_anon:15558 inactive_anon:26304 isolated_anon:0 [ 1458.259408] active_file:1486 inactive_file:2976 isolated_file:0 [ 1458.259408] unevictable:0 dirty:64 writeback:0 unstable:0 [ 1458.259408] slab_reclaimable:13284 slab_unreclaimable:116952 [ 1458.259408] mapped:55408 shmem:27408 pagetables:1645 bounce:0 [ 1458.259408] free:61536 free_pcp:526 free_cma:0 [ 1458.343138] Node 0 active_anon:60228kB inactive_anon:76168kB active_file:2164kB inactive_file:4412kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:198428kB dirty:136kB writeback:0kB shmem:80468kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1458.403131] Node 1 active_anon:2004kB inactive_anon:29048kB active_file:3780kB inactive_file:7492kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:23204kB dirty:120kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1458.463124] Node 0 DMA free:11124kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1458.533113] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1458.538336] Node 0 DMA32 free:110560kB min:36200kB low:45248kB high:54296kB active_anon:58104kB inactive_anon:76168kB active_file:2160kB inactive_file:4412kB unevictable:0kB writepending:184kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8160kB pagetables:5804kB bounce:0kB free_pcp:808kB local_pcp:176kB free_cma:0kB [ 1458.603902] lowmem_reserve[]: 0 0 0 0 0 [ 1458.608124] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1458.663076] lowmem_reserve[]: 0 0 0 0 0 [ 1458.667113] Node 1 Normal free:232284kB min:53696kB low:67120kB high:80544kB active_anon:2004kB inactive_anon:29048kB active_file:3780kB inactive_file:7492kB unevictable:0kB writepending:120kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:776kB bounce:0kB free_pcp:1160kB local_pcp:524kB free_cma:0kB [ 1458.733696] lowmem_reserve[]: 0 0 0 0 0 [ 1458.737732] Node 0 DMA: 191*4kB (UME) 20*8kB (UME) 23*16kB (UME) 8*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (U) 0*4096kB = 11852kB [ 1458.773064] Node 0 DMA32: 16*4kB (M) 13*8kB (ME) 155*16kB (UME) 3812*32kB (UME) 41*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 127256kB [ 1458.787369] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1458.803096] Node 1 Normal: 5613*4kB (UM) 4802*8kB (UM) 1532*16kB (UM) 1314*32kB (UM) 1723*64kB (UM) 464*128kB (UM) 164*256kB (UM) 86*512kB (U) 34*1024kB (U) 1*2048kB (U) 0*4096kB = 419972kB [ 1458.843069] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1458.852092] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1458.862054] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1458.883082] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1458.891687] 31981 total pagecache pages [ 1458.913087] 0 pages in swap cache [ 1458.916577] Swap cache stats: add 0, delete 0, find 0/0 [ 1458.923351] Free swap = 0kB [ 1458.933324] Total swap = 0kB [ 1458.936493] 2097051 pages RAM [ 1458.939756] 0 pages HighMem/MovableOnly [ 1458.953080] 363840 pages reserved [ 1458.956746] 0 pages cma reserved [ 1459.545510] ion_system_heap invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=0 [ 1459.558363] ion_system_heap cpuset=/ mems_allowed=0-1 [ 1459.568601] CPU: 1 PID: 4244 Comm: ion_system_heap Not tainted 4.14.224-syzkaller #0 [ 1459.576517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1459.585872] Call Trace: [ 1459.588480] dump_stack+0x1b2/0x281 [ 1459.592111] dump_header+0x178/0x82f [ 1459.595996] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1459.601106] ? ___ratelimit+0x2cd/0x530 [ 1459.605114] oom_kill_process.cold+0x10/0xb18 [ 1459.609614] ? lock_downgrade+0x740/0x740 [ 1459.613806] out_of_memory+0x2dc/0x1190 [ 1459.617898] ? oom_killer_disable+0x1c0/0x1c0 [ 1459.622393] ? mutex_trylock+0x152/0x1a0 [ 1459.626445] __alloc_pages_nodemask+0x23e1/0x2720 [ 1459.631459] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1459.635517] syz-executor.5: page allocation failure: order:0 [ 1459.636349] ? kmem_cache_alloc_node_trace+0x153/0x400 [ 1459.636354] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1459.642144] ? cache_grow_begin+0x41/0x630 [ 1459.649364] syz-executor.5 cpuset= [ 1459.655024] cache_grow_begin+0x91/0x630 [ 1459.655034] ? cache_grow_begin+0x91/0x630 [ 1459.655043] fallback_alloc+0x207/0x2c0 [ 1459.655054] kmem_cache_alloc_node_trace+0xed/0x400 [ 1459.655065] alloc_vmap_area+0xf0/0x7c0 [ 1459.659285] / [ 1459.662824] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1459.668777] mems_allowed=0-1 [ 1459.671118] ? purge_vmap_area_lazy+0xb0/0xb0 [ 1459.698746] ? __get_vm_area_node+0xed/0x340 [ 1459.703148] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1459.708424] __get_vm_area_node+0x126/0x340 [ 1459.712906] vmap+0xd5/0x290 [ 1459.715921] ? ion_heap_clear_pages+0x23/0x70 [ 1459.720403] ? vunmap+0x50/0x50 [ 1459.723675] ? __vunmap+0x21c/0x300 [ 1459.727301] ion_heap_clear_pages+0x23/0x70 [ 1459.731611] ion_heap_sglist_zero+0x165/0x220 [ 1459.736097] ? ion_heap_clear_pages+0x70/0x70 [ 1459.740617] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1459.745635] ? pagerange_is_ram_callback+0x100/0x100 [ 1459.750730] ? ion_heap_deferred_free+0x222/0x470 [ 1459.755564] ion_system_heap_free+0x1d0/0x240 [ 1459.760049] ion_buffer_destroy+0x132/0x190 [ 1459.764367] ion_heap_deferred_free+0x22a/0x470 [ 1459.769040] ? __schedule+0x857/0x1de0 [ 1459.772916] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1459.777576] ? wait_woken+0x230/0x230 [ 1459.781369] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1459.786587] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1459.791289] kthread+0x30d/0x420 [ 1459.794641] ? kthread_create_on_node+0xd0/0xd0 [ 1459.799303] ret_from_fork+0x24/0x30 [ 1459.805168] CPU: 0 PID: 5141 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1459.809671] Mem-Info: [ 1459.813137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1459.813141] Call Trace: [ 1459.813158] dump_stack+0x1b2/0x281 [ 1459.813171] warn_alloc.cold+0x96/0x1cc [ 1459.815700] active_anon:15566 inactive_anon:26304 isolated_anon:0 [ 1459.815700] active_file:10 inactive_file:22 isolated_file:0 [ 1459.815700] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1459.815700] slab_reclaimable:13281 slab_unreclaimable:116537 [ 1459.815700] mapped:52570 shmem:27408 pagetables:1645 bounce:0 [ 1459.815700] free:14014 free_pcp:239 free_cma:0 [ 1459.825043] ? zone_watermark_ok_safe+0x220/0x220 [ 1459.825054] ? usleep_range+0x130/0x130 [ 1459.825061] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1459.825072] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1459.827776] Node 0 active_anon:60280kB inactive_anon:76168kB active_file:12kB inactive_file:76kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:195688kB dirty:0kB writeback:0kB shmem:80468kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1459.831384] ? run_timer_softirq+0x5a0/0x5a0 [ 1459.835373] Node 1 active_anon:1984kB inactive_anon:29048kB active_file:28kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1459.868673] __alloc_pages_nodemask+0x2127/0x2720 [ 1459.868692] ? lock_acquire+0x170/0x3f0 [ 1459.873660] Node 0 [ 1459.877619] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1459.882708] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1459.887852] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1459.887868] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1459.887882] ? alloc_pages_current+0x73/0x260 [ 1459.915600] lowmem_reserve[]: [ 1459.919989] alloc_pages_current+0x155/0x260 [ 1459.947061] 0 [ 1459.951881] ion_page_pool_alloc+0x118/0x1b0 [ 1459.955862] 2717 [ 1459.958079] ion_system_heap_allocate+0x133/0x8c0 [ 1459.962897] 2718 [ 1459.988811] ? _raw_spin_unlock+0x29/0x40 [ 1459.988821] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1459.988833] ? ion_system_contig_heap_create+0x130/0x130 [ 1459.993332] 2718 [ 1459.998764] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1460.003257] 2718 [ 1460.006334] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1460.012651] ion_alloc+0x27a/0x810 [ 1460.017104] Node 0 [ 1460.019162] ? ion_dma_buf_release+0x40/0x40 [ 1460.024013] DMA32 free:18032kB min:36200kB low:45248kB high:54296kB active_anon:58156kB inactive_anon:76168kB active_file:8kB inactive_file:76kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8160kB pagetables:5804kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1460.026039] ? __might_fault+0x177/0x1b0 [ 1460.030214] lowmem_reserve[]: [ 1460.035292] ion_ioctl+0xea/0x1f0 [ 1460.035302] ? ion_query_heaps+0x360/0x360 [ 1460.035314] ? ion_query_heaps+0x360/0x360 [ 1460.040849] 0 [ 1460.042907] do_vfs_ioctl+0x75a/0xff0 [ 1460.047923] 0 [ 1460.050059] ? ioctl_preallocate+0x1a0/0x1a0 [ 1460.054899] 0 [ 1460.058592] ? lock_downgrade+0x740/0x740 [ 1460.060815] 0 [ 1460.065214] ? __fget+0x225/0x360 [ 1460.065224] ? do_vfs_ioctl+0xff0/0xff0 [ 1460.065235] ? security_file_ioctl+0x83/0xb0 [ 1460.093389] 0 [ 1460.097512] SyS_ioctl+0x7f/0xb0 [ 1460.104040] ? do_vfs_ioctl+0xff0/0xff0 [ 1460.104050] do_syscall_64+0x1d5/0x640 [ 1460.104066] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1460.104074] RIP: 0033:0x465f69 [ 1460.108291] Node 0 [ 1460.112678] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1460.114511] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1460.118338] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1460.120120] lowmem_reserve[]: [ 1460.124528] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1460.124533] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1460.124538] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1460.124542] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1460.139281] Mem-Info: [ 1460.188640] 0 [ 1460.203066] active_anon:15566 inactive_anon:26304 isolated_anon:0 [ 1460.203066] active_file:16 inactive_file:16 isolated_file:0 [ 1460.203066] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1460.203066] slab_reclaimable:13281 slab_unreclaimable:116537 [ 1460.203066] mapped:52570 shmem:27408 pagetables:1645 bounce:0 [ 1460.203066] free:13935 free_pcp:61 free_cma:0 [ 1460.212943] syz-executor.4: [ 1460.219393] Node 0 active_anon:60280kB inactive_anon:76168kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:195688kB dirty:0kB writeback:0kB shmem:80468kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1460.231561] page allocation failure: order:0 [ 1460.235998] Node 1 active_anon:1984kB inactive_anon:29048kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1460.241350] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1460.243831] Node 0 DMA free:10968kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1460.250826] (null) [ 1460.280848] lowmem_reserve[]: [ 1460.287251] syz-executor.4 cpuset= [ 1460.315583] 0 [ 1460.345947] / [ 1460.358006] 2717 [ 1460.379320] mems_allowed=0-1 [ 1460.387974] 2718 [ 1460.390139] CPU: 1 PID: 5144 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1460.393284] 2718 [ 1460.395309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1460.409429] 2718 [ 1460.414693] Call Trace: [ 1460.414713] dump_stack+0x1b2/0x281 [ 1460.414727] warn_alloc.cold+0x96/0x1cc [ 1460.414738] ? zone_watermark_ok_safe+0x220/0x220 [ 1460.414747] ? usleep_range+0x130/0x130 [ 1460.414757] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1460.419387] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1460.430237] Node 0 [ 1460.432043] ? run_timer_softirq+0x5a0/0x5a0 [ 1460.441038] DMA32 free:18028kB min:36200kB low:45248kB high:54296kB active_anon:58156kB inactive_anon:76168kB active_file:40kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8160kB pagetables:5804kB bounce:0kB free_pcp:124kB local_pcp:0kB free_cma:0kB [ 1460.441106] __alloc_pages_nodemask+0x2127/0x2720 [ 1460.453227] lowmem_reserve[]: [ 1460.481065] ? lock_acquire+0x170/0x3f0 [ 1460.481082] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1460.481092] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1460.481107] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1460.481124] alloc_pages_current+0x155/0x260 [ 1460.481137] ion_page_pool_alloc+0x118/0x1b0 [ 1460.481146] ion_system_heap_allocate+0x133/0x8c0 [ 1460.481158] ? _raw_spin_unlock+0x29/0x40 [ 1460.481167] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1460.481176] ? ion_system_contig_heap_create+0x130/0x130 [ 1460.481185] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1460.481196] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1460.493141] 0 [ 1460.497933] ion_alloc+0x27a/0x810 [ 1460.502406] 0 [ 1460.508110] ? ion_dma_buf_release+0x40/0x40 [ 1460.508122] ? __might_fault+0x177/0x1b0 [ 1460.508133] ion_ioctl+0xea/0x1f0 [ 1460.508142] ? ion_query_heaps+0x360/0x360 [ 1460.508153] ? ion_query_heaps+0x360/0x360 [ 1460.508163] do_vfs_ioctl+0x75a/0xff0 [ 1460.508174] ? ioctl_preallocate+0x1a0/0x1a0 [ 1460.508182] ? lock_downgrade+0x740/0x740 [ 1460.508195] ? __fget+0x225/0x360 [ 1460.508203] ? do_vfs_ioctl+0xff0/0xff0 [ 1460.508213] ? security_file_ioctl+0x83/0xb0 [ 1460.508224] SyS_ioctl+0x7f/0xb0 [ 1460.519704] 0 [ 1460.521939] ? do_vfs_ioctl+0xff0/0xff0 [ 1460.526559] 0 [ 1460.531170] do_syscall_64+0x1d5/0x640 [ 1460.541960] 0 [ 1460.546686] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1460.546695] RIP: 0033:0x465f69 [ 1460.546699] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1460.546708] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1460.546713] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1460.546717] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1460.546722] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1460.546727] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1460.671034] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1460.697503] lowmem_reserve[]: 0 0 0 0 0 [ 1460.702057] Node 1 Normal free:385364kB min:53696kB low:67120kB high:80544kB active_anon:1984kB inactive_anon:29048kB active_file:20kB inactive_file:2420kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:776kB bounce:0kB free_pcp:392kB local_pcp:232kB free_cma:0kB [ 1460.731882] lowmem_reserve[]: 0 0 0 0 0 [ 1460.736227] Node 0 DMA: 20*4kB (ME) 21*8kB (UME) 14*16kB (UME) 6*32kB (ME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (U) 0*4096kB = 10968kB [ 1460.752677] Node 0 DMA32: 339*4kB (ME) 120*8kB (UME) 192*16kB (UME) 272*32kB (UME) 54*64kB (UM) 4*128kB (M) 0*256kB 0*512kB 2*1024kB (U) 0*2048kB 0*4096kB = 20108kB [ 1460.768372] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1460.779629] Node 1 Normal: 2*4kB (UM) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (M) 2*256kB (UM) 4*512kB (M) 279*1024kB (UM) 140*2048kB (UM) 24*4096kB (U) = 673512kB [ 1460.795552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1460.805094] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1460.814370] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1460.823841] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1460.832946] 28365 total pagecache pages [ 1460.836935] 0 pages in swap cache [ 1460.840398] Swap cache stats: add 0, delete 0, find 0/0 [ 1460.845978] Free swap = 0kB [ 1460.849794] Total swap = 0kB [ 1460.853427] 2097051 pages RAM [ 1460.856958] 0 pages HighMem/MovableOnly [ 1460.872952] 363840 pages reserved [ 1460.876430] 0 pages cma reserved [ 1460.971459] 0 0 0 0 [ 1461.172975] Node 1 Normal free:1935876kB min:53696kB low:67120kB high:80544kB active_anon:1984kB inactive_anon:29048kB active_file:20kB inactive_file:4032kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:776kB bounce:0kB free_pcp:380kB local_pcp:180kB free_cma:0kB [ 1461.203391] lowmem_reserve[]: 0 0 0 0 0 [ 1461.213299] Node 0 DMA: 20*4kB (ME) 23*8kB (UME) 14*16kB (UME) 6*32kB (ME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (U) 0*4096kB = 10984kB [ 1461.236652] Node 0 DMA32: 480*4kB (UME) 1115*8kB (UME) 403*16kB (UME) 1157*32kB (UME) 1432*64kB (UM) 31*128kB (UM) 9*256kB (UM) 1*512kB (U) 13*1024kB (U) 0*2048kB 0*4096kB = 166056kB [ 1461.257116] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1461.269034] Node 1 Normal: 2016*4kB (U) 2010*8kB (U) 1705*16kB (U) 667*32kB (UM) 1011*64kB (UM) 740*128kB (U) 456*256kB (U) 51*512kB (UM) 309*1024kB (UM) 336*2048kB (UM) 154*4096kB (U) = 2010368kB [ 1461.291710] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1461.301358] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1461.314633] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1461.325427] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1461.337045] 28456 total pagecache pages [ 1461.341051] 0 pages in swap cache [ 1461.347655] Swap cache stats: add 0, delete 0, find 0/0 [ 1461.355746] Free swap = 0kB [ 1461.358883] Total swap = 0kB [ 1461.361900] 2097051 pages RAM [ 1461.368701] 0 pages HighMem/MovableOnly [ 1461.375531] 363840 pages reserved [ 1461.379000] 0 pages cma reserved [ 1461.382558] Out of memory: Kill process 2975 (syz-executor.0) score 1005 or sacrifice child [ 1461.394615] Killed process 2975 (syz-executor.0) total-vm:93252kB, anon-rss:2196kB, file-rss:34628kB, shmem-rss:0kB 18:05:57 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:57 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:57 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x0, 0xf}) 18:05:57 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:05:57 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:05:57 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) [ 1462.867902] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1462.881032] nbd: must specify at least one socket 18:05:57 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:57 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:57 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:57 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) 18:05:57 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000}) [ 1463.058585] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1463.094616] nbd: must specify at least one socket [ 1463.107310] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1463.117325] nbd: must specify at least one socket 18:05:57 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:57 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:05:58 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1463.288367] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1463.321313] nbd: must specify at least one socket [ 1463.365519] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1463.397303] nbd: must specify at least one socket 18:05:58 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1463.512370] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1463.549481] nbd: must specify at least one socket [ 1464.211585] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1464.226453] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1464.228365] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1464.248844] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1464.251912] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1464.257059] CPU: 0 PID: 5199 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1464.269115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1464.272684] syz-executor.5 cpuset= [ 1464.278463] Call Trace: [ 1464.278469] / [ 1464.282007] dump_stack+0x1b2/0x281 [ 1464.289884] warn_alloc.cold+0x96/0x1cc [ 1464.293847] ? zone_watermark_ok_safe+0x220/0x220 [ 1464.298695] __alloc_pages_nodemask+0x2127/0x2720 [ 1464.302679] mems_allowed=0-1 [ 1464.303533] ? lock_acquire+0x170/0x3f0 [ 1464.310584] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1464.315562] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1464.321007] ? __mutex_unlock_slowpath+0x75/0x770 [ 1464.325968] alloc_pages_current+0x155/0x260 [ 1464.330415] ion_page_pool_alloc+0x118/0x1b0 [ 1464.334814] ion_system_heap_allocate+0x133/0x8c0 [ 1464.339663] ? ion_alloc+0x187/0x810 [ 1464.343374] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1464.349067] ? ion_system_contig_heap_create+0x130/0x130 [ 1464.354508] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1464.359513] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1464.364348] ion_alloc+0x204/0x810 [ 1464.367881] ? ion_dma_buf_release+0x40/0x40 [ 1464.372282] ? __might_fault+0x177/0x1b0 [ 1464.376342] ion_ioctl+0xea/0x1f0 [ 1464.379783] ? ion_query_heaps+0x360/0x360 [ 1464.384011] ? lock_downgrade+0x740/0x740 [ 1464.388181] ? _raw_spin_unlock_irq+0x24/0x80 [ 1464.392671] ? ion_query_heaps+0x360/0x360 [ 1464.396898] do_vfs_ioctl+0x75a/0xff0 [ 1464.400795] ? ioctl_preallocate+0x1a0/0x1a0 [ 1464.405307] ? lock_downgrade+0x740/0x740 [ 1464.409535] ? __fget+0x225/0x360 [ 1464.412977] ? do_vfs_ioctl+0xff0/0xff0 [ 1464.416942] ? security_file_ioctl+0x83/0xb0 [ 1464.421341] SyS_ioctl+0x7f/0xb0 [ 1464.424695] ? do_vfs_ioctl+0xff0/0xff0 [ 1464.428662] do_syscall_64+0x1d5/0x640 [ 1464.432542] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1464.439807] RIP: 0033:0x465f69 [ 1464.442987] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1464.450795] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1464.458056] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1464.465315] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1464.472575] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1464.479833] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1464.487110] CPU: 1 PID: 5196 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1464.494959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1464.504317] Call Trace: [ 1464.505761] warn_alloc_show_mem: 1 callbacks suppressed [ 1464.505764] Mem-Info: [ 1464.506915] dump_stack+0x1b2/0x281 [ 1464.506930] warn_alloc.cold+0x96/0x1cc [ 1464.506946] ? zone_watermark_ok_safe+0x220/0x220 [ 1464.512365] active_anon:15918 inactive_anon:26304 isolated_anon:12 [ 1464.512365] active_file:1523 inactive_file:2043 isolated_file:0 [ 1464.512365] unevictable:0 dirty:132 writeback:0 unstable:0 [ 1464.512365] slab_reclaimable:13296 slab_unreclaimable:117177 [ 1464.512365] mapped:55131 shmem:27408 pagetables:1847 bounce:0 [ 1464.512365] free:233332 free_pcp:274 free_cma:0 [ 1464.514703] __alloc_pages_nodemask+0x2127/0x2720 [ 1464.514712] ? __schedule+0x893/0x1de0 [ 1464.514727] ? lock_acquire+0x170/0x3f0 [ 1464.514748] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1464.514763] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1464.514773] ? __mutex_unlock_slowpath+0x75/0x770 [ 1464.514787] alloc_pages_current+0x155/0x260 [ 1464.514801] ion_page_pool_alloc+0x118/0x1b0 [ 1464.514812] ion_system_heap_allocate+0x133/0x8c0 [ 1464.514822] ? ion_alloc+0x187/0x810 [ 1464.514832] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1464.527618] Node 0 active_anon:61768kB inactive_anon:76172kB active_file:4012kB inactive_file:6696kB unevictable:0kB isolated(anon):48kB isolated(file):0kB mapped:202516kB dirty:500kB writeback:0kB shmem:80472kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1464.561758] ? ion_system_contig_heap_create+0x130/0x130 [ 1464.561772] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1464.561783] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1464.561794] ion_alloc+0x204/0x810 [ 1464.561807] ? ion_dma_buf_release+0x40/0x40 [ 1464.561818] ? __might_fault+0x177/0x1b0 [ 1464.561829] ion_ioctl+0xea/0x1f0 [ 1464.561837] ? ion_query_heaps+0x360/0x360 [ 1464.561848] ? ion_query_heaps+0x360/0x360 [ 1464.561857] do_vfs_ioctl+0x75a/0xff0 [ 1464.561868] ? ioctl_preallocate+0x1a0/0x1a0 [ 1464.561877] ? lock_downgrade+0x740/0x740 [ 1464.561890] ? __fget+0x225/0x360 [ 1464.561898] ? do_vfs_ioctl+0xff0/0xff0 [ 1464.561906] ? security_file_ioctl+0x83/0xb0 [ 1464.561916] SyS_ioctl+0x7f/0xb0 [ 1464.570278] Node 1 active_anon:1904kB inactive_anon:29044kB active_file:2080kB inactive_file:1476kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:18008kB dirty:28kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1464.570874] ? do_vfs_ioctl+0xff0/0xff0 [ 1464.580285] Node 0 [ 1464.585268] do_syscall_64+0x1d5/0x640 [ 1464.585287] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1464.585294] RIP: 0033:0x465f69 [ 1464.585298] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1464.585306] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1464.585311] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1464.585316] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1464.585321] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1464.585327] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1464.586779] CPU: 1 PID: 5191 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1464.603474] DMA free:11064kB min:204kB low:252kB high:300kB active_anon:4172kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1464.603884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1464.603888] Call Trace: [ 1464.603905] dump_stack+0x1b2/0x281 [ 1464.603918] warn_alloc.cold+0x96/0x1cc [ 1464.607696] lowmem_reserve[]: [ 1464.613060] ? zone_watermark_ok_safe+0x220/0x220 [ 1464.613083] __alloc_pages_nodemask+0x2127/0x2720 [ 1464.613097] ? lock_acquire+0x170/0x3f0 [ 1464.613111] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1464.613127] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1464.613137] ? __mutex_unlock_slowpath+0x75/0x770 [ 1464.613157] alloc_pages_current+0x155/0x260 [ 1464.613171] ion_page_pool_alloc+0x118/0x1b0 [ 1464.613181] ion_system_heap_allocate+0x133/0x8c0 [ 1464.613191] ? ion_alloc+0x187/0x810 [ 1464.613202] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1464.649601] 0 [ 1464.651842] ? ion_system_contig_heap_create+0x130/0x130 [ 1464.651854] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1464.651865] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1464.651876] ion_alloc+0x204/0x810 [ 1464.656821] 2717 [ 1464.660240] ? ion_dma_buf_release+0x40/0x40 [ 1464.660252] ? __might_fault+0x177/0x1b0 [ 1464.660264] ion_ioctl+0xea/0x1f0 [ 1464.670740] 2718 [ 1464.672156] ? ion_query_heaps+0x360/0x360 [ 1464.672169] ? ion_query_heaps+0x360/0x360 [ 1464.672180] do_vfs_ioctl+0x75a/0xff0 [ 1464.677871] 2718 [ 1464.680665] ? ioctl_preallocate+0x1a0/0x1a0 [ 1464.680676] ? lock_downgrade+0x740/0x740 [ 1464.680689] ? __fget+0x225/0x360 [ 1464.690167] 2718 [ 1464.693053] ? do_vfs_ioctl+0xff0/0xff0 [ 1464.693066] ? security_file_ioctl+0x83/0xb0 [ 1464.693075] SyS_ioctl+0x7f/0xb0 [ 1464.693083] ? do_vfs_ioctl+0xff0/0xff0 [ 1464.693094] do_syscall_64+0x1d5/0x640 [ 1464.693115] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1464.693122] RIP: 0033:0x465f69 [ 1464.693126] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1464.693140] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1464.693147] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1464.700554] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1464.709172] Node 0 [ 1464.735774] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1464.735779] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1465.047249] DMA32 free:459996kB min:36200kB low:45248kB high:54296kB active_anon:57596kB inactive_anon:76172kB active_file:4056kB inactive_file:6772kB unevictable:0kB writepending:544kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:6668kB bounce:0kB free_pcp:428kB local_pcp:356kB free_cma:0kB [ 1465.077954] lowmem_reserve[]: 0 0 0 0 0 [ 1465.081961] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1465.107576] lowmem_reserve[]: 0 0 0 0 0 [ 1465.111570] Node 1 Normal free:169936kB min:53696kB low:67120kB high:80544kB active_anon:1904kB inactive_anon:29044kB active_file:2032kB inactive_file:1548kB unevictable:0kB writepending:28kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:720kB bounce:0kB free_pcp:684kB local_pcp:684kB free_cma:0kB [ 1465.140931] lowmem_reserve[]: 0 0 0 0 0 [ 1465.144986] Node 0 DMA: 44*4kB (UME) 55*8kB (UME) 51*16kB (UME) 41*32kB (UME) 24*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 0*2048kB 0*4096kB = 11064kB [ 1465.160875] Node 0 DMA32: 79*4kB (UME) 65*8kB (UME) 3233*16kB (UME) 9696*32kB (UE) 23*64kB (U) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 364692kB [ 1465.175948] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1465.187122] Node 1 Normal: 3222*4kB (UM) 3408*8kB (UM) 3036*16kB (UM) 2526*32kB (UM) 4*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 169944kB [ 1465.202486] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1465.211789] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1465.220840] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1465.230172] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1465.239210] 31023 total pagecache pages [ 1465.251787] 0 pages in swap cache [ 1465.255864] Swap cache stats: add 0, delete 0, find 0/0 [ 1465.261231] Free swap = 0kB [ 1465.272694] Total swap = 0kB [ 1465.275730] 2097051 pages RAM [ 1465.278823] 0 pages HighMem/MovableOnly [ 1465.290919] 363840 pages reserved [ 1465.302743] 0 pages cma reserved [ 1465.697991] oom_reaper: reaped process 5199 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1465.726597] systemd-journal invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1465.743677] systemd-journal cpuset=/ mems_allowed=0-1 [ 1465.748900] CPU: 1 PID: 5177 Comm: systemd-journal Not tainted 4.14.224-syzkaller #0 [ 1465.756770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1465.766108] Call Trace: [ 1465.768787] dump_stack+0x1b2/0x281 [ 1465.772394] dump_header+0x178/0x82f [ 1465.772715] syz-executor.1: page allocation failure: order:0 [ 1465.776091] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1465.776102] ? ___ratelimit+0x2cd/0x530 [ 1465.781878] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1465.786958] oom_kill_process.cold+0x10/0xb18 [ 1465.786974] out_of_memory+0xe3e/0x1190 [ 1465.786987] ? oom_killer_disable+0x1c0/0x1c0 [ 1465.786995] ? mutex_trylock+0x152/0x1a0 [ 1465.803723] syz-executor.2: [ 1465.806488] __alloc_pages_nodemask+0x23e1/0x2720 [ 1465.810968] page allocation failure: order:0 [ 1465.815033] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1465.815057] alloc_pages_current+0x155/0x260 [ 1465.815068] filemap_fault+0xea3/0x1980 [ 1465.815086] ext4_filemap_fault+0x84/0xb0 [ 1465.815097] __do_fault+0xfa/0x380 [ 1465.815105] __handle_mm_fault+0x2497/0x4620 [ 1465.815115] ? ep_poll+0x1ab/0xa50 [ 1465.815122] ? vm_insert_page+0x7c0/0x7c0 [ 1465.815142] handle_mm_fault+0x391/0x860 [ 1465.828445] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1465.832184] __do_page_fault+0x549/0xad0 [ 1465.838425] (null) [ 1465.840522] ? spurious_fault+0x640/0x640 [ 1465.854905] syz-executor.1 cpuset= [ 1465.856110] ? do_page_fault+0x60/0x500 [ 1465.860227] / [ 1465.864269] ? page_fault+0x2f/0x50 [ 1465.881640] (null) [ 1465.881646] syz-executor.2 cpuset= [ 1465.885167] page_fault+0x45/0x50 [ 1465.885176] RIP: 0001:0xffffffffffffffff [ 1465.885180] RSP: 46cc1e0:00007ffdd53255b0 EFLAGS: 7ffdd53253c0 [ 1465.887737] Mem-Info: [ 1465.889152] / [ 1465.890856] active_anon:15893 inactive_anon:26304 isolated_anon:0 [ 1465.890856] active_file:39 inactive_file:0 isolated_file:0 [ 1465.890856] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1465.890856] slab_reclaimable:13296 slab_unreclaimable:117582 [ 1465.890856] mapped:52624 shmem:27408 pagetables:1847 bounce:0 [ 1465.890856] free:13884 free_pcp:63 free_cma:0 [ 1465.905029] mems_allowed=0-1 [ 1465.909622] Node 0 active_anon:61668kB inactive_anon:76172kB active_file:112kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:195904kB dirty:0kB writeback:0kB shmem:80472kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1465.920569] mems_allowed=0-1 [ 1465.952875] Node 1 active_anon:1904kB inactive_anon:29044kB active_file:44kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1465.965035] CPU: 0 PID: 5196 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1466.002566] Node 0 [ 1466.011935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1466.031249] Call Trace: [ 1466.032571] DMA free:10952kB min:204kB low:252kB high:300kB active_anon:4172kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1466.033823] dump_stack+0x1b2/0x281 [ 1466.063161] warn_alloc.cold+0x96/0x1cc [ 1466.067116] ? zone_watermark_ok_safe+0x220/0x220 [ 1466.071936] ? usleep_range+0x130/0x130 [ 1466.075888] ? try_to_free_pages+0x23f/0x6e0 [ 1466.080273] ? _find_next_bit+0xdb/0x100 [ 1466.082555] lowmem_reserve[]: [ 1466.084317] ? run_timer_softirq+0x5a0/0x5a0 [ 1466.084319] 0 2717 [ 1466.087412] __alloc_pages_nodemask+0x2127/0x2720 [ 1466.091790] 2718 [ 1466.094022] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1466.094034] ? migrate_swap_stop+0x880/0x880 [ 1466.110085] ? lock_acquire+0x170/0x3f0 [ 1466.114048] alloc_pages_current+0x155/0x260 [ 1466.118438] ion_page_pool_alloc+0x118/0x1b0 [ 1466.122553] 2718 2718 [ 1466.122830] ion_system_heap_allocate+0x133/0x8c0 [ 1466.122840] ? ion_alloc+0x187/0x810 [ 1466.130130] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1466.139240] ? ion_system_contig_heap_create+0x130/0x130 [ 1466.142553] Node 0 [ 1466.144671] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1466.144688] DMA32 free:17832kB min:36200kB low:45248kB high:54296kB active_anon:57496kB inactive_anon:76172kB active_file:52kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:6668kB bounce:0kB free_pcp:128kB local_pcp:120kB free_cma:0kB [ 1466.146894] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1466.151879] lowmem_reserve[]: [ 1466.180141] ion_alloc+0x204/0x810 [ 1466.180156] ? ion_dma_buf_release+0x40/0x40 [ 1466.180167] ? __might_fault+0x177/0x1b0 [ 1466.200015] ion_ioctl+0xea/0x1f0 [ 1466.203454] ? ion_query_heaps+0x360/0x360 [ 1466.207669] ? ion_query_heaps+0x360/0x360 [ 1466.211881] do_vfs_ioctl+0x75a/0xff0 [ 1466.215660] ? ioctl_preallocate+0x1a0/0x1a0 [ 1466.220048] ? lock_downgrade+0x740/0x740 [ 1466.222548] 0 0 [ 1466.224179] ? __fget+0x225/0x360 [ 1466.224184] 0 [ 1466.226140] ? do_vfs_ioctl+0xff0/0xff0 [ 1466.229565] 0 [ 1466.231349] ? security_file_ioctl+0x83/0xb0 [ 1466.241483] SyS_ioctl+0x7f/0xb0 [ 1466.244832] ? do_vfs_ioctl+0xff0/0xff0 [ 1466.248786] do_syscall_64+0x1d5/0x640 [ 1466.252545] 0 [ 1466.252672] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1466.254445] Node 0 [ 1466.259622] RIP: 0033:0x465f69 [ 1466.259631] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1466.259635] lowmem_reserve[]: [ 1466.261858] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1466.272545] 0 [ 1466.289913] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1466.289919] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1466.289924] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1466.289928] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1466.289933] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1466.306805] warn_alloc_show_mem: 2 callbacks suppressed [ 1466.306809] Mem-Info: [ 1466.321039] CPU: 1 PID: 5199 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1466.331632] active_anon:15893 inactive_anon:26304 isolated_anon:0 [ 1466.331632] active_file:16 inactive_file:14 isolated_file:0 [ 1466.331632] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1466.331632] slab_reclaimable:13296 slab_unreclaimable:117582 [ 1466.331632] mapped:52620 shmem:27408 pagetables:1847 bounce:0 [ 1466.331632] free:13884 free_pcp:63 free_cma:0 [ 1466.331927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1466.339220] Node 0 active_anon:61668kB inactive_anon:76172kB active_file:52kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:195888kB dirty:0kB writeback:0kB shmem:80472kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1466.344513] Call Trace: [ 1466.344533] dump_stack+0x1b2/0x281 [ 1466.344546] warn_alloc.cold+0x96/0x1cc [ 1466.344559] ? zone_watermark_ok_safe+0x220/0x220 [ 1466.344568] ? usleep_range+0x130/0x130 [ 1466.344576] ? try_to_free_pages+0x23f/0x6e0 [ 1466.344587] ? _find_next_bit+0xdb/0x100 [ 1466.354023] Node 1 active_anon:1904kB inactive_anon:29044kB active_file:12kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1466.354764] ? run_timer_softirq+0x5a0/0x5a0 [ 1466.395227] Node 0 [ 1466.397425] __alloc_pages_nodemask+0x2127/0x2720 [ 1466.432265] DMA free:10952kB min:204kB low:252kB high:300kB active_anon:4172kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1466.435248] ? lock_acquire+0x170/0x3f0 [ 1466.435264] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1466.435276] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1466.435291] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1466.440103] lowmem_reserve[]: [ 1466.444065] alloc_pages_current+0x155/0x260 [ 1466.444079] ion_page_pool_alloc+0x118/0x1b0 [ 1466.444088] ion_system_heap_allocate+0x133/0x8c0 [ 1466.444099] ? ion_alloc+0x187/0x810 [ 1466.444108] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1466.444118] ? ion_system_contig_heap_create+0x130/0x130 [ 1466.444128] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1466.444137] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1466.444148] ion_alloc+0x204/0x810 [ 1466.455580] 0 [ 1466.479628] ? ion_dma_buf_release+0x40/0x40 [ 1466.479640] ? __might_fault+0x177/0x1b0 [ 1466.479651] ion_ioctl+0xea/0x1f0 [ 1466.479661] ? ion_query_heaps+0x360/0x360 [ 1466.479671] ? lock_downgrade+0x740/0x740 [ 1466.479685] ? _raw_spin_unlock_irq+0x24/0x80 [ 1466.479693] ? ion_query_heaps+0x360/0x360 [ 1466.479702] do_vfs_ioctl+0x75a/0xff0 [ 1466.479713] ? ioctl_preallocate+0x1a0/0x1a0 [ 1466.491071] 0 [ 1466.491145] ? lock_downgrade+0x740/0x740 [ 1466.527371] 0 [ 1466.530140] ? __fget+0x225/0x360 [ 1466.539062] 2717 [ 1466.543032] ? do_vfs_ioctl+0xff0/0xff0 [ 1466.543043] ? security_file_ioctl+0x83/0xb0 [ 1466.543053] SyS_ioctl+0x7f/0xb0 [ 1466.543063] ? do_vfs_ioctl+0xff0/0xff0 [ 1466.543074] do_syscall_64+0x1d5/0x640 [ 1466.543090] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1466.556074] 2718 [ 1466.561434] RIP: 0033:0x465f69 [ 1466.570566] 0 [ 1466.571878] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 [ 1466.581946] 0 [ 1466.581998] ORIG_RAX: 0000000000000010 [ 1466.589865] 2718 [ 1466.590425] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1466.602196] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1466.610226] 2718 [ 1466.610894] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1466.619930] Node 1 [ 1466.620866] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1466.630204] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1466.632240] Node 0 [ 1466.719171] Normal free:81716kB min:53696kB low:67120kB high:80544kB active_anon:1904kB inactive_anon:29044kB active_file:12kB inactive_file:1708kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:720kB bounce:0kB free_pcp:124kB local_pcp:120kB free_cma:0kB [ 1466.750670] lowmem_reserve[]: 0 0 0 0 0 [ 1466.758846] Node 0 DMA: 20*4kB (ME) 53*8kB (UME) 51*16kB (UME) 41*32kB (UME) 24*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 0*2048kB 0*4096kB = 10952kB [ 1466.775204] Node 0 DMA32: 388*4kB (UME) 195*8kB (UME) 218*16kB (UME) 135*32kB (UME) 66*64kB (UM) 15*128kB (UM) 3*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17832kB [ 1466.790557] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1466.801458] Node 1 Normal: 0*4kB 1*8kB (M) 2*16kB (UM) 476*32kB (UM) 3*64kB (U) 1*128kB (U) 0*256kB 0*512kB 134*1024kB (U) 12*2048kB (U) 0*4096kB = 177384kB [ 1466.821761] DMA32 free:31400kB min:36200kB low:45248kB high:54296kB active_anon:57496kB inactive_anon:76172kB active_file:52kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8416kB pagetables:6668kB bounce:0kB free_pcp:128kB local_pcp:8kB free_cma:0kB [ 1466.850653] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1466.862961] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1466.872309] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1466.881918] lowmem_reserve[]: 0 0 0 0 0 [ 1466.886891] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1466.919038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1466.928473] 28478 total pagecache pages [ 1466.932472] 0 pages in swap cache [ 1466.939921] Swap cache stats: add 0, delete 0, find 0/0 [ 1466.945408] Free swap = 0kB [ 1466.948609] Total swap = 0kB [ 1466.951628] 2097051 pages RAM [ 1466.958447] lowmem_reserve[]: 0 0 0 0 0 [ 1466.962452] Node 1 Normal free:54184kB min:53696kB low:67120kB high:80544kB active_anon:1916kB inactive_anon:29044kB active_file:240kB inactive_file:3504kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:720kB bounce:0kB free_pcp:320kB local_pcp:148kB free_cma:0kB [ 1466.995434] 0 pages HighMem/MovableOnly [ 1466.999420] 363840 pages reserved [ 1467.023062] 0 pages cma reserved [ 1467.026478] Out of memory (oom_kill_allocating_task): Kill process 5177 (systemd-journal) score 0 or sacrifice child [ 1467.045136] lowmem_reserve[]: 0 0 0 0 0 [ 1467.049214] Node 0 DMA: 21*4kB (ME) 53*8kB (UME) 51*16kB (UME) 41*32kB (UME) 24*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 0*2048kB 0*4096kB = 10956kB [ 1467.072767] Killed process 5177 (systemd-journal) total-vm:46096kB, anon-rss:468kB, file-rss:0kB, shmem-rss:1384kB [ 1467.087436] Node 0 DMA32: 381*4kB (UME) 206*8kB (UME) 230*16kB (UME) 76*32kB (UME) 90*64kB (UM) 23*128kB (UM) 3*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18756kB [ 1467.114252] oom_reaper: reaped process 5196 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1467.142594] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1467.155098] kworker/u4:6 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 1467.163505] Node 1 Normal: 40*4kB (M) 17*8kB (UM) 21*16kB (UM) 454*32kB (UM) 16*64kB (UM) 10*128kB (UM) 2*256kB (M) 1*512kB (M) 1*1024kB (M) 4*2048kB (U) 0*4096kB = 27704kB [ 1467.172436] kworker/u4:6 cpuset= [ 1467.183418] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1467.189145] / [ 1467.195657] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1467.202837] mems_allowed=0-1 [ 1467.206060] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1467.209050] CPU: 1 PID: 9375 Comm: kworker/u4:6 Not tainted 4.14.224-syzkaller #0 [ 1467.218004] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1467.225570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1467.225586] Workqueue: events_unbound call_usermodehelper_exec_work [ 1467.225592] Call Trace: [ 1467.225608] dump_stack+0x1b2/0x281 [ 1467.225620] dump_header+0x178/0x82f [ 1467.236455] 27475 total pagecache pages [ 1467.243533] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1467.243542] ? ___ratelimit+0x2cd/0x530 [ 1467.243553] oom_kill_process.cold+0x10/0xb18 [ 1467.243563] ? lock_downgrade+0x740/0x740 [ 1467.243575] out_of_memory+0x2dc/0x1190 [ 1467.243587] ? oom_killer_disable+0x1c0/0x1c0 [ 1467.250116] 0 pages in swap cache [ 1467.252696] ? mutex_trylock+0x152/0x1a0 [ 1467.252708] __alloc_pages_nodemask+0x23e1/0x2720 [ 1467.252722] ? __save_stack_trace+0x63/0x160 [ 1467.252734] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1467.252741] ? fs_reclaim_release+0xd0/0x110 [ 1467.252757] ? kmem_cache_alloc_node+0x38b/0x410 [ 1467.252768] copy_process.part.0+0x265/0x71c0 [ 1467.256372] Swap cache stats: add 0, delete 0, find 0/0 [ 1467.260093] ? __lock_acquire+0x5fc/0x3f20 [ 1467.264149] Free swap = 0kB [ 1467.269162] ? debug_object_activate+0x292/0x490 [ 1467.280126] Total swap = 0kB [ 1467.281722] ? trace_hardirqs_on+0x10/0x10 [ 1467.285729] 2097051 pages RAM [ 1467.290157] ? static_obj+0x50/0x50 [ 1467.290170] ? call_usermodehelper_exec_work+0x2a0/0x2a0 [ 1467.290179] ? __cleanup_sighand+0x40/0x40 [ 1467.300822] 0 pages HighMem/MovableOnly [ 1467.302499] ? call_usermodehelper_exec_work+0x2a0/0x2a0 [ 1467.302508] _do_fork+0x184/0xc80 [ 1467.302519] ? fork_idle+0x270/0x270 [ 1467.302532] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1467.302541] ? process_one_work+0x6c4/0x14a0 [ 1467.302550] ? call_usermodehelper_exec_work+0x2a0/0x2a0 [ 1467.306951] 363840 pages reserved [ 1467.311776] kernel_thread+0x2f/0x40 [ 1467.321606] 0 pages cma reserved [ 1467.325366] call_usermodehelper_exec_work+0x1ac/0x2a0 [ 1467.325373] ? call_usermodehelper+0x80/0x80 [ 1467.325381] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1467.325396] process_one_work+0x793/0x14a0 [ 1467.325409] ? work_busy+0x320/0x320 [ 1467.431149] ? worker_thread+0x158/0xff0 [ 1467.435208] ? _raw_spin_unlock_irq+0x24/0x80 [ 1467.439708] worker_thread+0x5cc/0xff0 [ 1467.443604] ? rescuer_thread+0xc80/0xc80 [ 1467.447740] kthread+0x30d/0x420 [ 1467.451095] ? kthread_create_on_node+0xd0/0xd0 [ 1467.455759] ret_from_fork+0x24/0x30 [ 1467.692655] Mem-Info: [ 1467.695123] active_anon:15747 inactive_anon:26304 isolated_anon:0 [ 1467.695123] active_file:39 inactive_file:1018 isolated_file:0 [ 1467.695123] unevictable:0 dirty:19 writeback:0 unstable:0 [ 1467.695123] slab_reclaimable:13303 slab_unreclaimable:117557 [ 1467.695123] mapped:52845 shmem:27408 pagetables:1810 bounce:0 [ 1467.695123] free:304916 free_pcp:406 free_cma:0 [ 1467.832489] Node 0 active_anon:61068kB inactive_anon:76172kB active_file:84kB inactive_file:336kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194388kB dirty:16kB writeback:0kB shmem:80472kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1467.902500] Node 1 active_anon:1920kB inactive_anon:29044kB active_file:72kB inactive_file:3736kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16992kB dirty:60kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1467.942612] Node 0 DMA free:10952kB min:204kB low:252kB high:300kB active_anon:4172kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1467.979849] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1468.016476] Node 0 DMA32 free:500856kB min:36200kB low:45248kB high:54296kB active_anon:56848kB inactive_anon:76168kB active_file:100kB inactive_file:1000kB unevictable:0kB writepending:16kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8352kB pagetables:6468kB bounce:0kB free_pcp:1444kB local_pcp:724kB free_cma:0kB [ 1468.092472] lowmem_reserve[]: 0 0 0 0 0 [ 1468.096501] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1468.173308] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1468.175396] lowmem_reserve[]: [ 1468.185513] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1468.192766] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1468.209637] CPU: 1 PID: 5196 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1468.217437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1468.222449] syz-executor.2 cpuset= [ 1468.226777] Call Trace: [ 1468.226784] / [ 1468.230311] dump_stack+0x1b2/0x281 [ 1468.235750] mems_allowed=0-1 [ 1468.238202] warn_alloc.cold+0x96/0x1cc [ 1468.245240] ? zone_watermark_ok_safe+0x220/0x220 [ 1468.250070] __alloc_pages_nodemask+0x2127/0x2720 [ 1468.254890] ? __schedule+0x893/0x1de0 [ 1468.258762] ? lock_acquire+0x170/0x3f0 [ 1468.262723] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1468.267549] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1468.272991] ? __mutex_unlock_slowpath+0x75/0x770 [ 1468.277817] alloc_pages_current+0x155/0x260 [ 1468.282214] ion_page_pool_alloc+0x118/0x1b0 [ 1468.286603] ion_system_heap_allocate+0x133/0x8c0 [ 1468.291429] ? _raw_spin_unlock+0x29/0x40 [ 1468.295581] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1468.300490] ? ion_system_contig_heap_create+0x130/0x130 [ 1468.305949] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1468.310946] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1468.315769] ion_alloc+0x27a/0x810 [ 1468.319298] ? ion_dma_buf_release+0x40/0x40 [ 1468.323703] ? __might_fault+0x177/0x1b0 [ 1468.327746] ion_ioctl+0xea/0x1f0 [ 1468.331179] ? ion_query_heaps+0x360/0x360 [ 1468.335398] ? ion_query_heaps+0x360/0x360 [ 1468.339611] do_vfs_ioctl+0x75a/0xff0 [ 1468.343392] ? ioctl_preallocate+0x1a0/0x1a0 [ 1468.347778] ? lock_downgrade+0x740/0x740 [ 1468.351906] ? __fget+0x225/0x360 [ 1468.355342] ? do_vfs_ioctl+0xff0/0xff0 [ 1468.359308] ? security_file_ioctl+0x83/0xb0 [ 1468.363708] SyS_ioctl+0x7f/0xb0 [ 1468.367050] ? do_vfs_ioctl+0xff0/0xff0 [ 1468.371003] do_syscall_64+0x1d5/0x640 [ 1468.374891] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1468.380058] RIP: 0033:0x465f69 [ 1468.383226] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1468.390913] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1468.398173] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1468.405428] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1468.412472] 0 [ 1468.412681] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1468.412687] 0 [ 1468.414470] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1468.421725] 0 [ 1468.429716] warn_alloc_show_mem: 1 callbacks suppressed [ 1468.429720] Mem-Info: [ 1468.431902] CPU: 0 PID: 5199 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1468.433208] active_anon:15731 inactive_anon:26303 isolated_anon:0 [ 1468.433208] active_file:360 inactive_file:575 isolated_file:0 [ 1468.433208] unevictable:0 dirty:4 writeback:0 unstable:0 [ 1468.433208] slab_reclaimable:13311 slab_unreclaimable:117653 [ 1468.433208] mapped:52877 shmem:27408 pagetables:1797 bounce:0 [ 1468.433208] free:110616 free_pcp:230 free_cma:0 [ 1468.437955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1468.440361] Node 0 active_anon:61020kB inactive_anon:76168kB active_file:1400kB inactive_file:2172kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196932kB dirty:16kB writeback:0kB shmem:80472kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1468.448130] Call Trace: [ 1468.448148] dump_stack+0x1b2/0x281 [ 1468.448162] warn_alloc.cold+0x96/0x1cc [ 1468.448184] ? zone_watermark_ok_safe+0x220/0x220 [ 1468.481770] Node 1 active_anon:1904kB inactive_anon:29044kB active_file:40kB inactive_file:128kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14576kB dirty:0kB writeback:0kB shmem:29160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1468.491092] __alloc_pages_nodemask+0x2127/0x2720 [ 1468.491104] ? _raw_spin_unlock_irq+0x24/0x80 [ 1468.519107] Node 0 [ 1468.521666] ? lock_acquire+0x170/0x3f0 [ 1468.525284] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:4172kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1468.529219] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1468.534039] lowmem_reserve[]: [ 1468.561280] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1468.561293] ? __mutex_unlock_slowpath+0x75/0x770 [ 1468.561308] alloc_pages_current+0x155/0x260 [ 1468.566163] 0 [ 1468.570632] ion_page_pool_alloc+0x118/0x1b0 [ 1468.572860] 2717 [ 1468.576815] ion_system_heap_allocate+0x133/0x8c0 [ 1468.602598] 2718 [ 1468.607386] ? _raw_spin_unlock+0x29/0x40 [ 1468.610455] 2718 [ 1468.615900] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1468.615911] ? ion_system_contig_heap_create+0x130/0x130 [ 1468.615924] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1468.620733] 2718 [ 1468.625120] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1468.625131] ion_alloc+0x27a/0x810 [ 1468.625145] ? ion_dma_buf_release+0x40/0x40 [ 1468.631321] ? __might_fault+0x177/0x1b0 [ 1468.633370] Node 0 [ 1468.638181] ion_ioctl+0xea/0x1f0 [ 1468.640229] DMA32 free:362428kB min:36200kB low:45248kB high:54296kB active_anon:56848kB inactive_anon:76168kB active_file:1108kB inactive_file:2164kB unevictable:0kB writepending:16kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8352kB pagetables:6468kB bounce:0kB free_pcp:232kB local_pcp:228kB free_cma:0kB [ 1468.644367] ? ion_query_heaps+0x360/0x360 [ 1468.644381] ? lock_downgrade+0x740/0x740 [ 1468.646415] lowmem_reserve[]: [ 1468.651328] ? _raw_spin_unlock_irq+0x24/0x80 [ 1468.656759] 0 [ 1468.661748] ? ion_query_heaps+0x360/0x360 [ 1468.661758] do_vfs_ioctl+0x75a/0xff0 [ 1468.663809] 0 [ 1468.668624] ? ioctl_preallocate+0x1a0/0x1a0 [ 1468.672129] 0 0 [ 1468.676519] ? lock_downgrade+0x740/0x740 [ 1468.676532] ? __fget+0x225/0x360 [ 1468.676541] ? do_vfs_ioctl+0xff0/0xff0 [ 1468.680573] 0 [ 1468.682804] ? security_file_ioctl+0x83/0xb0 [ 1468.682814] SyS_ioctl+0x7f/0xb0 [ 1468.682822] ? do_vfs_ioctl+0xff0/0xff0 [ 1468.715026] do_syscall_64+0x1d5/0x640 [ 1468.715041] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1468.715050] RIP: 0033:0x465f69 [ 1468.719256] Node 0 [ 1468.723377] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1468.723387] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1468.723392] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1468.723399] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1468.726490] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1468.730962] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1468.730969] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1468.732759] lowmem_reserve[]: [ 1468.739198] 0 [ 1468.752472] systemd[1]: systemd-journald.service: Failed with result 'signal'. [ 1468.753936] 0 [ 1468.757007] 0 [ 1468.770008] 0 [ 1468.770523] Node 1 [ 1468.777049] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 1468.778472] Normal free:69080kB min:53696kB low:67120kB high:80544kB active_anon:1904kB inactive_anon:29044kB active_file:92kB inactive_file:76kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:720kB bounce:0kB free_pcp:688kB local_pcp:688kB free_cma:0kB [ 1468.785104] 0 [ 1468.786593] lowmem_reserve[]: [ 1468.788807] 0 0 [ 1468.796654] 0 0 0 0 0 [ 1468.796673] Node 0 DMA: 21*4kB (ME) 53*8kB (UME) 51*16kB (UME) 41*32kB (UME) 24*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 0*2048kB 0*4096kB = 10956kB [ 1468.796748] Node 0 DMA32: 5951*4kB (U) 11030*8kB (UE) 9819*16kB (UE) [ 1468.811402] 2884*32kB [ 1468.844144] Node 1 [ 1468.851096] (UE) [ 1468.858291] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 1468.861232] 0*64kB [ 1468.863392] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 1468.875047] 0*128kB [ 1468.887257] Normal free:69080kB min:53696kB low:67120kB high:80544kB active_anon:1904kB inactive_anon:29044kB active_file:92kB inactive_file:76kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:544kB pagetables:720kB bounce:0kB free_pcp:688kB local_pcp:0kB free_cma:0kB [ 1468.887260] lowmem_reserve[]: 0 0 0 0 0 [ 1468.887286] Node 0 DMA: 21*4kB (ME) 53*8kB (UME) 51*16kB (UME) 41*32kB (UME) 24*64kB (UME) [ 1468.915731] 0*256kB [ 1468.920708] systemd[1]: Stopped Journal Service. [ 1468.922580] 0*512kB [ 1468.952645] systemd[1]: Starting Journal Service... [ 1468.954367] 13*128kB [ 1469.007634] 0*1024kB [ 1469.013073] (UM) [ 1469.026890] 0*2048kB [ 1469.029523] 4*256kB [ 1469.032270] 0*4096kB [ 1469.034146] (UME) 2*512kB (UE) 3*1024kB (UE) 0*2048kB 0*4096kB = 10956kB [ 1469.041584] = 361436kB [ 1469.048390] Node 0 DMA32: 5735*4kB (U) 10990*8kB (UE) 9833*16kB (UE) 2883*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 360444kB [ 1469.064860] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB [ 1469.064896] Node 0 [ 1469.064900] 0*256kB 0*512kB [ 1469.071379] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB [ 1469.077254] 0*1024kB [ 1469.087349] = 0kB [ 1469.092314] Node 1 Normal: 2172*4kB (UM) 1735*8kB (UM) [ 1469.092620] 0*2048kB [ 1469.095796] 871*16kB [ 1469.097983] 0*4096kB [ 1469.100373] (UM) 1004*32kB (U) 3*64kB (U) 5*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 69464kB [ 1469.112393] = 0kB [ 1469.125433] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1469.132412] Node 1 Normal: 2172*4kB (UM) 1735*8kB (UM) 871*16kB (UM) 1004*32kB (U) 3*64kB (U) 5*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 69464kB [ 1469.140534] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1469.149545] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1469.162294] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1469.168438] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1469.179919] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1469.186221] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1469.196850] 28975 total pagecache pages [ 1469.202715] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1469.206341] 0 pages in swap cache [ 1469.215114] 28975 total pagecache pages [ 1469.221745] Swap cache stats: add 0, delete 0, find 0/0 [ 1469.222617] 0 pages in swap cache [ 1469.227778] Free swap = 0kB [ 1469.231207] Swap cache stats: add 0, delete 0, find 0/0 [ 1469.238126] Total swap = 0kB [ 1469.240375] Free swap = 0kB [ 1469.242644] 2097051 pages RAM [ 1469.242648] 0 pages HighMem/MovableOnly [ 1469.242654] 363840 pages reserved [ 1469.245655] Total swap = 0kB [ 1469.248748] 0 pages cma reserved [ 1469.252936] 2097051 pages RAM [ 1469.259770] Out of memory: Kill process 5198 (syz-executor.4) score 1005 or sacrifice child [ 1469.270173] 0 pages HighMem/MovableOnly [ 1469.277771] Killed process 5198 (syz-executor.4) total-vm:93252kB, anon-rss:2200kB, file-rss:34632kB, shmem-rss:0kB [ 1469.278760] 363840 pages reserved [ 1469.293403] 0 pages cma reserved [ 1469.313517] oom_reaper: reaped process 5198 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1469.859780] systemd-journald[5259]: File /run/log/journal/64dd78f1a75445a997c532444ad0f085/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 1470.345223] systemd[1]: Started Journal Service. 18:06:05 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:06:05 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:05 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:05 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:05 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:05 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1470.640045] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1470.651117] nbd: must specify at least one socket [ 1470.657565] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1470.674901] nbd: must specify at least one socket [ 1470.684922] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1470.694598] nbd: must specify at least one socket [ 1470.706172] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1470.728159] nbd: must specify at least one socket [ 1470.738990] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1470.752070] nbd: must specify at least one socket 18:06:05 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:05 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:05 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:05 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:05 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 18:06:05 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) [ 1470.921425] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1470.960648] nbd: must specify at least one socket 18:06:05 executing program 2: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:06:06 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:06:06 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:06 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) 18:06:06 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:06 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:06 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1471.639032] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1471.681735] nbd: must specify at least one socket 18:06:06 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:06:06 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:06 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:06 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1471.871688] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1471.916533] nbd: must specify at least one socket [ 1471.933990] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1471.950778] nbd: must specify at least one socket 18:06:06 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:06 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1472.137932] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1472.179430] nbd: must specify at least one socket [ 1472.433073] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1472.458395] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1472.469311] CPU: 1 PID: 5332 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1472.477134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1472.486498] Call Trace: [ 1472.489107] dump_stack+0x1b2/0x281 [ 1472.492745] warn_alloc.cold+0x96/0x1cc [ 1472.496720] ? zone_watermark_ok_safe+0x220/0x220 [ 1472.501582] __alloc_pages_nodemask+0x2127/0x2720 [ 1472.506437] ? lock_acquire+0x170/0x3f0 [ 1472.510421] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1472.515276] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1472.520736] ? __mutex_unlock_slowpath+0x75/0x770 [ 1472.525595] alloc_pages_current+0x155/0x260 [ 1472.530010] ion_page_pool_alloc+0x118/0x1b0 [ 1472.534423] ion_system_heap_allocate+0x133/0x8c0 [ 1472.539277] ? ion_alloc+0x187/0x810 [ 1472.543026] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1472.549705] ? ion_system_contig_heap_create+0x130/0x130 [ 1472.555168] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1472.560312] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1472.565181] ion_alloc+0x204/0x810 [ 1472.568743] ? ion_dma_buf_release+0x40/0x40 [ 1472.573165] ? __might_fault+0x177/0x1b0 [ 1472.577241] ion_ioctl+0xea/0x1f0 [ 1472.580705] ? ion_query_heaps+0x360/0x360 [ 1472.584946] ? ion_query_heaps+0x360/0x360 [ 1472.589183] do_vfs_ioctl+0x75a/0xff0 [ 1472.592990] ? ioctl_preallocate+0x1a0/0x1a0 [ 1472.597403] ? lock_downgrade+0x740/0x740 [ 1472.601570] ? __fget+0x225/0x360 [ 1472.605034] ? do_vfs_ioctl+0xff0/0xff0 [ 1472.609006] ? security_file_ioctl+0x83/0xb0 [ 1472.613419] SyS_ioctl+0x7f/0xb0 [ 1472.616779] ? do_vfs_ioctl+0xff0/0xff0 [ 1472.620764] do_syscall_64+0x1d5/0x640 [ 1472.624667] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1472.629874] RIP: 0033:0x465f69 [ 1472.633056] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1472.640767] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1472.648047] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1472.655315] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1472.662589] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1472.669867] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1472.898147] warn_alloc_show_mem: 1 callbacks suppressed [ 1472.898150] Mem-Info: [ 1472.911649] active_anon:16098 inactive_anon:28336 isolated_anon:0 [ 1472.911649] active_file:2151 inactive_file:2563 isolated_file:12 [ 1472.911649] unevictable:0 dirty:201 writeback:0 unstable:0 [ 1472.911649] slab_reclaimable:13385 slab_unreclaimable:122268 [ 1472.911649] mapped:55631 shmem:29456 pagetables:2297 bounce:0 [ 1472.911649] free:174789 free_pcp:387 free_cma:0 [ 1472.983590] Node 0 active_anon:61144kB inactive_anon:84300kB active_file:8152kB inactive_file:9648kB unevictable:0kB isolated(anon):0kB isolated(file):48kB mapped:207660kB dirty:796kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1473.043652] Node 1 active_anon:3180kB inactive_anon:29048kB active_file:484kB inactive_file:592kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14860kB dirty:32kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1473.101886] Node 0 DMA free:11148kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1473.157222] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1473.167937] Node 0 DMA32 free:389204kB min:36200kB low:45248kB high:54296kB active_anon:58980kB inactive_anon:84296kB active_file:8152kB inactive_file:9656kB unevictable:0kB writepending:808kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7440kB bounce:0kB free_pcp:856kB local_pcp:620kB free_cma:0kB [ 1473.232640] lowmem_reserve[]: 0 0 0 0 0 [ 1473.241172] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1473.294714] lowmem_reserve[]: 0 0 0 0 0 [ 1473.307981] Node 1 Normal free:622652kB min:53696kB low:67120kB high:80544kB active_anon:3180kB inactive_anon:29048kB active_file:484kB inactive_file:592kB unevictable:0kB writepending:32kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:832kB pagetables:1640kB bounce:0kB free_pcp:1288kB local_pcp:644kB free_cma:0kB [ 1473.338597] lowmem_reserve[]: 0 0 0 0 0 [ 1473.347167] Node 0 DMA: 21*4kB (ME) 55*8kB (UME) 52*16kB (UME) 40*32kB (UME) 8*64kB (ME) 6*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 11084kB [ 1473.380891] Node 0 DMA32: 6062*4kB (U) 11928*8kB (UE) 10442*16kB (UE) 3532*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 399768kB [ 1473.395276] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1473.406430] Node 1 Normal: 2221*4kB (UME) 1770*8kB (UME) 892*16kB (UME) 1028*32kB (UME) 2*64kB (ME) 1*128kB (M) 2*256kB (ME) 2*512kB (UE) 84*1024kB (UE) 56*2048kB (UME) 20*4096kB (U) = 354628kB [ 1473.434011] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1473.451843] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1473.477735] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1473.486828] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1473.496226] 34153 total pagecache pages [ 1473.500230] 0 pages in swap cache [ 1473.504414] Swap cache stats: add 0, delete 0, find 0/0 [ 1473.509787] Free swap = 0kB [ 1473.513703] Total swap = 0kB [ 1473.516732] 2097051 pages RAM [ 1473.519832] 0 pages HighMem/MovableOnly [ 1473.524951] 363840 pages reserved [ 1473.528413] 0 pages cma reserved 18:06:10 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:06:10 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(0x0, r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:10 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:10 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:10 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) 18:06:10 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) [ 1475.500377] nbd: must specify at least one socket [ 1475.557858] nbd: must specify at least one socket 18:06:10 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(0x0, r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:10 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(0x0, r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1475.704776] nla_parse: 2 callbacks suppressed [ 1475.704782] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 18:06:10 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1475.754672] nbd: must specify at least one socket [ 1475.768956] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1475.795859] nbd: must specify at least one socket 18:06:10 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(0x0, r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1475.818720] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1475.837524] nbd: must specify at least one socket [ 1475.927782] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1475.963427] nbd: must specify at least one socket 18:06:10 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:06:10 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:10 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) [ 1476.107459] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1476.144841] nbd: must specify at least one socket [ 1476.236890] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1476.303226] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1476.330671] CPU: 0 PID: 5416 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1476.338497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1476.347836] Call Trace: [ 1476.350411] dump_stack+0x1b2/0x281 [ 1476.354036] warn_alloc.cold+0x96/0x1cc [ 1476.357994] ? zone_watermark_ok_safe+0x220/0x220 [ 1476.362844] __alloc_pages_nodemask+0x2127/0x2720 [ 1476.367682] ? lock_acquire+0x170/0x3f0 [ 1476.371648] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1476.376479] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1476.381918] ? __mutex_unlock_slowpath+0x75/0x770 [ 1476.386747] alloc_pages_current+0x155/0x260 [ 1476.391142] ion_page_pool_alloc+0x118/0x1b0 [ 1476.395534] ion_system_heap_allocate+0x133/0x8c0 [ 1476.400470] ? ion_alloc+0x187/0x810 [ 1476.404169] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1476.409605] ? ion_system_contig_heap_create+0x130/0x130 [ 1476.415038] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1476.420039] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1476.424866] ion_alloc+0x204/0x810 [ 1476.428388] ? ion_dma_buf_release+0x40/0x40 [ 1476.432780] ? __might_fault+0x177/0x1b0 [ 1476.436821] ion_ioctl+0xea/0x1f0 [ 1476.440254] ? ion_query_heaps+0x360/0x360 [ 1476.444470] ? ion_query_heaps+0x360/0x360 [ 1476.448682] do_vfs_ioctl+0x75a/0xff0 [ 1476.452461] ? ioctl_preallocate+0x1a0/0x1a0 [ 1476.456846] ? lock_downgrade+0x740/0x740 [ 1476.460977] ? __fget+0x225/0x360 [ 1476.464409] ? do_vfs_ioctl+0xff0/0xff0 [ 1476.468364] ? security_file_ioctl+0x83/0xb0 [ 1476.472751] SyS_ioctl+0x7f/0xb0 [ 1476.476094] ? do_vfs_ioctl+0xff0/0xff0 [ 1476.480049] do_syscall_64+0x1d5/0x640 [ 1476.483923] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1476.489094] RIP: 0033:0x465f69 [ 1476.492266] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1476.499968] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1476.507227] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1476.514482] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1476.521732] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1476.528982] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1476.646077] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1476.683927] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1476.702165] CPU: 0 PID: 5465 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1476.710164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1476.719530] Call Trace: [ 1476.722124] dump_stack+0x1b2/0x281 [ 1476.725758] warn_alloc.cold+0x96/0x1cc [ 1476.729745] ? zone_watermark_ok_safe+0x220/0x220 [ 1476.734605] __alloc_pages_nodemask+0x2127/0x2720 [ 1476.739461] ? lock_acquire+0x170/0x3f0 [ 1476.743445] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1476.748298] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1476.753755] ? __mutex_unlock_slowpath+0x75/0x770 [ 1476.758613] alloc_pages_current+0x155/0x260 [ 1476.763037] ion_page_pool_alloc+0x118/0x1b0 [ 1476.767454] ion_system_heap_allocate+0x133/0x8c0 [ 1476.772305] ? ion_alloc+0x187/0x810 [ 1476.776020] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1476.781472] ? ion_system_contig_heap_create+0x130/0x130 [ 1476.786927] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1476.791950] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1476.796794] ion_alloc+0x204/0x810 [ 1476.800342] ? ion_dma_buf_release+0x40/0x40 [ 1476.804752] ? __might_fault+0x177/0x1b0 [ 1476.808823] ion_ioctl+0xea/0x1f0 [ 1476.812284] ? ion_query_heaps+0x360/0x360 [ 1476.816518] ? ion_query_heaps+0x360/0x360 [ 1476.820752] do_vfs_ioctl+0x75a/0xff0 [ 1476.824553] ? ioctl_preallocate+0x1a0/0x1a0 [ 1476.828958] ? lock_downgrade+0x740/0x740 [ 1476.833109] ? __fget+0x225/0x360 [ 1476.836565] ? do_vfs_ioctl+0xff0/0xff0 [ 1476.840544] ? security_file_ioctl+0x83/0xb0 [ 1476.844977] SyS_ioctl+0x7f/0xb0 [ 1476.848346] ? do_vfs_ioctl+0xff0/0xff0 [ 1476.852329] do_syscall_64+0x1d5/0x640 [ 1476.856239] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1476.861440] RIP: 0033:0x465f69 [ 1476.864630] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1476.872340] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1476.879614] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1476.886892] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1476.894172] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1476.901449] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1476.968845] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1476.992272] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1476.997415] CPU: 0 PID: 5408 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1477.005202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1477.014548] Call Trace: [ 1477.017143] dump_stack+0x1b2/0x281 [ 1477.020777] warn_alloc.cold+0x96/0x1cc [ 1477.024750] ? zone_watermark_ok_safe+0x220/0x220 [ 1477.029607] __alloc_pages_nodemask+0x2127/0x2720 [ 1477.034447] ? _raw_spin_unlock_irq+0x24/0x80 [ 1477.038942] ? lock_acquire+0x170/0x3f0 [ 1477.042919] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1477.047765] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1477.053215] ? __mutex_unlock_slowpath+0x75/0x770 [ 1477.058064] alloc_pages_current+0x155/0x260 [ 1477.062473] ion_page_pool_alloc+0x118/0x1b0 [ 1477.066877] ion_system_heap_allocate+0x133/0x8c0 [ 1477.071715] ? ion_alloc+0x187/0x810 [ 1477.075430] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1477.080874] ? ion_system_contig_heap_create+0x130/0x130 [ 1477.086322] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1477.091339] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1477.096182] ion_alloc+0x204/0x810 [ 1477.099725] ? ion_dma_buf_release+0x40/0x40 [ 1477.104131] ? __might_fault+0x177/0x1b0 [ 1477.108192] ion_ioctl+0xea/0x1f0 [ 1477.111645] ? ion_query_heaps+0x360/0x360 [ 1477.115878] ? ion_query_heaps+0x360/0x360 [ 1477.120106] do_vfs_ioctl+0x75a/0xff0 [ 1477.123901] ? ioctl_preallocate+0x1a0/0x1a0 [ 1477.128300] ? lock_downgrade+0x740/0x740 [ 1477.132447] ? __fget+0x225/0x360 [ 1477.135896] ? do_vfs_ioctl+0xff0/0xff0 [ 1477.139863] ? security_file_ioctl+0x83/0xb0 [ 1477.144264] SyS_ioctl+0x7f/0xb0 [ 1477.147622] ? do_vfs_ioctl+0xff0/0xff0 [ 1477.151593] do_syscall_64+0x1d5/0x640 [ 1477.155483] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1477.160749] RIP: 0033:0x465f69 [ 1477.163928] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1477.171632] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1477.178893] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1477.186153] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1477.193417] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1477.200677] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1477.237652] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1477.278702] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1477.306797] CPU: 1 PID: 5458 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1477.314621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1477.323965] Call Trace: [ 1477.326542] dump_stack+0x1b2/0x281 [ 1477.330150] warn_alloc.cold+0x96/0x1cc [ 1477.334106] ? zone_watermark_ok_safe+0x220/0x220 [ 1477.338939] __alloc_pages_nodemask+0x2127/0x2720 [ 1477.343759] ? io_schedule_timeout+0x140/0x140 [ 1477.348322] ? lock_acquire+0x170/0x3f0 [ 1477.352293] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1477.357118] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1477.362560] ? __mutex_unlock_slowpath+0x75/0x770 [ 1477.367398] alloc_pages_current+0x155/0x260 [ 1477.371814] ion_page_pool_alloc+0x118/0x1b0 [ 1477.376218] ion_system_heap_allocate+0x133/0x8c0 [ 1477.381060] ? ion_alloc+0x187/0x810 [ 1477.384757] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1477.390187] ? ion_system_contig_heap_create+0x130/0x130 [ 1477.395636] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1477.400655] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1477.405486] ion_alloc+0x204/0x810 [ 1477.409013] ? ion_dma_buf_release+0x40/0x40 [ 1477.413404] ? __might_fault+0x177/0x1b0 [ 1477.417447] ion_ioctl+0xea/0x1f0 [ 1477.420881] ? ion_query_heaps+0x360/0x360 [ 1477.425098] ? ion_query_heaps+0x360/0x360 [ 1477.429314] do_vfs_ioctl+0x75a/0xff0 [ 1477.433108] ? ioctl_preallocate+0x1a0/0x1a0 [ 1477.437498] ? lock_downgrade+0x740/0x740 [ 1477.441631] ? __fget+0x225/0x360 [ 1477.445084] ? do_vfs_ioctl+0xff0/0xff0 [ 1477.449036] ? security_file_ioctl+0x83/0xb0 [ 1477.453425] SyS_ioctl+0x7f/0xb0 [ 1477.456769] ? do_vfs_ioctl+0xff0/0xff0 [ 1477.460725] do_syscall_64+0x1d5/0x640 [ 1477.464600] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1477.469771] RIP: 0033:0x465f69 [ 1477.472946] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1477.480643] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1477.487892] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1477.495140] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1477.502387] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1477.509636] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1477.518375] Mem-Info: [ 1477.518394] active_anon:16463 inactive_anon:28336 isolated_anon:12 [ 1477.518394] active_file:249 inactive_file:1226 isolated_file:4 [ 1477.518394] unevictable:0 dirty:27 writeback:4 unstable:0 [ 1477.518394] slab_reclaimable:13448 slab_unreclaimable:121424 [ 1477.518394] mapped:53682 shmem:29456 pagetables:2522 bounce:0 [ 1477.518394] free:106299 free_pcp:663 free_cma:0 [ 1477.518410] Node 0 active_anon:61072kB inactive_anon:84292kB active_file:888kB inactive_file:4868kB unevictable:0kB isolated(anon):48kB isolated(file):0kB mapped:199996kB dirty:44kB writeback:4kB shmem:88656kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1477.518424] Node 1 active_anon:4780kB inactive_anon:29052kB active_file:108kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:14732kB dirty:64kB writeback:12kB shmem:29168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1477.518428] Node 0 DMA free:11104kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1477.518446] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1477.518465] Node 0 DMA32 free:353940kB min:36200kB low:45248kB high:54296kB active_anon:58848kB inactive_anon:84292kB active_file:620kB inactive_file:4516kB unevictable:0kB writepending:48kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8640kB pagetables:7440kB bounce:0kB free_pcp:1268kB local_pcp:532kB free_cma:0kB [ 1477.518483] lowmem_reserve[]: 0 0 0 0 0 [ 1477.785015] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1477.819719] lowmem_reserve[]: 0 0 0 0 0 [ 1477.841881] Node 1 Normal free:383216kB min:53696kB low:67120kB high:80544kB active_anon:4780kB inactive_anon:29052kB active_file:480kB inactive_file:364kB unevictable:0kB writepending:76kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1280kB pagetables:2648kB bounce:0kB free_pcp:1268kB local_pcp:648kB free_cma:0kB [ 1477.891890] lowmem_reserve[]: 0 0 0 0 0 [ 1477.919091] Node 0 DMA: 21*4kB (ME) 34*8kB (UME) 13*16kB (ME) 6*32kB (ME) 25*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 11188kB [ 1477.961847] Node 0 DMA32: 3*4kB (UM) 64*8kB (UME) 4017*16kB (UME) 3519*32kB (UME) 411*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 203708kB [ 1477.991886] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1478.005559] Node 1 Normal: 2443*4kB (UM) 1895*8kB (UME) 997*16kB (UME) 1133*32kB (UME) 1532*64kB (UME) 353*128kB (UME) 395*256kB (UME) 33*512kB (UME) 23*1024kB (U) 18*2048kB (U) 0*4096kB = 398804kB [ 1478.051847] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1478.060712] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1478.086502] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1478.128707] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1478.137406] 31236 total pagecache pages [ 1478.161851] 0 pages in swap cache [ 1478.165329] Swap cache stats: add 0, delete 0, find 0/0 [ 1478.170685] Free swap = 0kB [ 1478.189872] Total swap = 0kB [ 1478.192983] 2097051 pages RAM [ 1478.196082] 0 pages HighMem/MovableOnly [ 1478.200044] 363840 pages reserved [ 1478.211880] 0 pages cma reserved [ 1479.140328] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1479.211142] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1479.233689] CPU: 1 PID: 5418 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1479.241500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1479.250847] Call Trace: [ 1479.253441] dump_stack+0x1b2/0x281 [ 1479.257070] warn_alloc.cold+0x96/0x1cc [ 1479.261042] ? zone_watermark_ok_safe+0x220/0x220 [ 1479.265894] __alloc_pages_nodemask+0x2127/0x2720 [ 1479.270747] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1479.275592] ? migrate_swap_stop+0x880/0x880 [ 1479.279993] ? lock_acquire+0x170/0x3f0 [ 1479.283964] ? wake_up_q+0x82/0xd0 [ 1479.287496] ? __mutex_unlock_slowpath+0x261/0x770 [ 1479.292423] alloc_pages_current+0x155/0x260 [ 1479.296838] ion_page_pool_alloc+0x118/0x1b0 [ 1479.301247] ion_system_heap_allocate+0x133/0x8c0 [ 1479.306086] ? ion_alloc+0x187/0x810 [ 1479.309790] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1479.315235] ? ion_system_contig_heap_create+0x130/0x130 [ 1479.320680] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1479.325690] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1479.330528] ion_alloc+0x204/0x810 [ 1479.334066] ? ion_dma_buf_release+0x40/0x40 [ 1479.338469] ? __might_fault+0x177/0x1b0 [ 1479.342525] ion_ioctl+0xea/0x1f0 [ 1479.345974] ? ion_query_heaps+0x360/0x360 [ 1479.350205] ? ion_query_heaps+0x360/0x360 [ 1479.354441] do_vfs_ioctl+0x75a/0xff0 [ 1479.358242] ? ioctl_preallocate+0x1a0/0x1a0 [ 1479.362641] ? lock_downgrade+0x740/0x740 [ 1479.366787] ? __fget+0x225/0x360 [ 1479.369046] syz-executor.4 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null) [ 1479.370229] ? do_vfs_ioctl+0xff0/0xff0 [ 1479.370241] ? security_file_ioctl+0x83/0xb0 [ 1479.386023] , order=0, oom_score_adj=0 [ 1479.389168] SyS_ioctl+0x7f/0xb0 [ 1479.393991] syz-executor.4 cpuset= [ 1479.396463] ? do_vfs_ioctl+0xff0/0xff0 [ 1479.396465] / mems_allowed=0-1 [ 1479.400017] do_syscall_64+0x1d5/0x640 [ 1479.400035] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1479.416302] RIP: 0033:0x465f69 [ 1479.419482] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1479.427273] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1479.434533] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1479.441795] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1479.449058] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1479.456317] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1479.494396] CPU: 0 PID: 3001 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1479.502206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1479.511549] Call Trace: [ 1479.514136] dump_stack+0x1b2/0x281 [ 1479.517761] dump_header+0x178/0x82f [ 1479.521467] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1479.526560] ? ___ratelimit+0x2cd/0x530 [ 1479.530529] oom_kill_process.cold+0x10/0xb18 [ 1479.535026] out_of_memory+0xe3e/0x1190 [ 1479.538994] ? oom_killer_disable+0x1c0/0x1c0 [ 1479.543480] ? mutex_trylock+0x152/0x1a0 [ 1479.547534] __alloc_pages_nodemask+0x23e1/0x2720 [ 1479.552379] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1479.557228] alloc_pages_current+0x155/0x260 [ 1479.561629] filemap_fault+0xea3/0x1980 [ 1479.565603] ext4_filemap_fault+0x84/0xb0 [ 1479.569757] __do_fault+0xfa/0x380 [ 1479.573298] __handle_mm_fault+0x2497/0x4620 [ 1479.577708] ? vm_insert_page+0x7c0/0x7c0 [ 1479.581851] ? nanosleep_copyout+0x100/0x100 [ 1479.586270] handle_mm_fault+0x391/0x860 [ 1479.590328] __do_page_fault+0x549/0xad0 [ 1479.594385] ? spurious_fault+0x640/0x640 [ 1479.598524] ? do_page_fault+0x60/0x500 [ 1479.602487] ? page_fault+0x2f/0x50 [ 1479.603149] warn_alloc_show_mem: 3 callbacks suppressed [ 1479.603152] Mem-Info: [ 1479.606101] page_fault+0x45/0x50 [ 1479.611457] active_anon:16441 inactive_anon:28336 isolated_anon:0 [ 1479.611457] active_file:18 inactive_file:18 isolated_file:0 [ 1479.611457] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1479.611457] slab_reclaimable:13445 slab_unreclaimable:121642 [ 1479.611457] mapped:52637 shmem:29456 pagetables:2522 bounce:0 [ 1479.611457] free:25060 free_pcp:0 free_cma:0 [ 1479.613836] RIP: 168a0d:0x7 [ 1479.613840] RSP: 0053:00007ffe6751344c EFLAGS: 00000005 [ 1479.849293] Node 0 active_anon:61048kB inactive_anon:84296kB active_file:32kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:195948kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1479.952092] Mem-Info: [ 1479.952337] Node 1 active_anon:4716kB inactive_anon:29048kB active_file:32kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1479.954535] active_anon:16441 inactive_anon:28336 isolated_anon:0 [ 1479.954535] active_file:15 inactive_file:11 isolated_file:4 [ 1479.954535] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1479.954535] slab_reclaimable:13445 slab_unreclaimable:121642 [ 1479.954535] mapped:52623 shmem:29456 pagetables:2522 bounce:0 [ 1479.954535] free:25185 free_pcp:0 free_cma:0 [ 1479.982313] Node 0 DMA free:11052kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1480.018355] Node 0 active_anon:61048kB inactive_anon:84296kB active_file:28kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:195900kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1480.041820] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1480.075095] Node 0 DMA32 free:36096kB min:36200kB low:45248kB high:54296kB active_anon:58924kB inactive_anon:84296kB active_file:28kB inactive_file:24kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7440kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1480.090575] Node 1 active_anon:4716kB inactive_anon:29048kB active_file:32kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1480.108868] lowmem_reserve[]: 0 0 0 0 0 [ 1480.135005] Node 0 [ 1480.136003] Node 0 [ 1480.136020] DMA free:11052kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1480.138243] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1480.140453] lowmem_reserve[]: [ 1480.166257] lowmem_reserve[]: 0 0 0 0 0 [ 1480.166278] Node 1 Normal free:53220kB min:53696kB low:67120kB high:80544kB active_anon:4716kB inactive_anon:29048kB active_file:32kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2648kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1480.166299] lowmem_reserve[]: 0 0 [ 1480.217401] 0 [ 1480.229872] 0 0 0 [ 1480.234301] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 14*16kB (UME) 7*32kB (UME) 24*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 11052kB [ 1480.241693] 2717 2718 2718 2718 [ 1480.250235] Node 0 DMA32: 320*4kB (UME) 105*8kB (UME) 123*16kB (UME) 30*32kB (UME) 443*64kB (UM) 22*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36216kB [ 1480.260847] Node 0 DMA32 free:36196kB min:36200kB low:45248kB high:54296kB active_anon:58924kB inactive_anon:84296kB active_file:28kB inactive_file:24kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7440kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1480.268877] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1480.300549] lowmem_reserve[]: [ 1480.307723] Node 1 Normal: [ 1480.310812] 0 [ 1480.310819] 153*4kB (UM) 80*8kB (ME) 56*16kB (ME) 36*32kB (UME) 26*64kB (UME) 17*128kB (ME) 12*256kB (ME) 6*512kB (ME) 3*1024kB (UM) 18*2048kB (U) 0*4096kB = 53220kB [ 1480.330578] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1480.336322] 0 0 0 0 [ 1480.339445] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1480.341772] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1480.350331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1480.350338] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1480.383710] lowmem_reserve[]: 0 0 0 0 0 [ 1480.396587] 29486 total pagecache pages [ 1480.398828] Node 1 [ 1480.403457] 0 pages in swap cache [ 1480.405263] Normal free:53220kB min:53696kB low:67120kB high:80544kB active_anon:4716kB inactive_anon:29048kB active_file:32kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2648kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1480.405689] Swap cache stats: add 0, delete 0, find 0/0 [ 1480.409209] lowmem_reserve[]: [ 1480.437181] Free swap = 0kB [ 1480.437186] Total swap = 0kB [ 1480.437194] 2097051 pages RAM [ 1480.437197] 0 pages HighMem/MovableOnly [ 1480.437200] 363840 pages reserved [ 1480.437204] 0 pages cma reserved [ 1480.467477] 0 0 0 0 0 [ 1480.469995] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 14*16kB (UME) 7*32kB (UME) 24*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 11052kB [ 1480.485937] Node 0 DMA32: 320*4kB (UME) 105*8kB (UME) 123*16kB (UME) 30*32kB (UME) 443*64kB (UM) 22*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36216kB [ 1480.504853] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1480.515763] Node 1 Normal: 153*4kB (UM) 80*8kB (ME) 56*16kB (ME) 36*32kB (UME) 26*64kB (UME) 17*128kB (ME) 12*256kB (ME) 6*512kB (ME) 3*1024kB (UM) 18*2048kB (U) 0*4096kB = 53220kB [ 1480.532185] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1480.541023] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1480.549657] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1480.558569] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1480.567208] 29486 total pagecache pages [ 1480.571299] 0 pages in swap cache [ 1480.574832] Swap cache stats: add 0, delete 0, find 0/0 [ 1480.580185] Free swap = 0kB [ 1480.584882] Total swap = 0kB [ 1480.587898] 2097051 pages RAM [ 1480.590991] 0 pages HighMem/MovableOnly [ 1480.595020] 363840 pages reserved [ 1480.598461] 0 pages cma reserved [ 1480.601864] Out of memory (oom_kill_allocating_task): Kill process 3001 (syz-executor.4) score 0 or sacrifice child [ 1480.614115] Killed process 5458 (syz-executor.4) total-vm:93384kB, anon-rss:164kB, file-rss:34820kB, shmem-rss:0kB [ 1480.652851] oom_reaper: reaped process 5458 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1480.737107] oom_reaper: reaped process 5418 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1480.803942] systemd-journal invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1480.823982] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1480.839790] systemd-journal cpuset=/ mems_allowed=0-1 [ 1480.857879] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1480.863058] CPU: 1 PID: 5458 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1480.870844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1480.880184] Call Trace: [ 1480.882767] dump_stack+0x1b2/0x281 [ 1480.886390] warn_alloc.cold+0x96/0x1cc [ 1480.890361] ? zone_watermark_ok_safe+0x220/0x220 [ 1480.895201] ? usleep_range+0x130/0x130 [ 1480.899162] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1480.904252] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1480.909263] ? run_timer_softirq+0x5a0/0x5a0 [ 1480.913670] __alloc_pages_nodemask+0x2127/0x2720 [ 1480.918511] ? lock_acquire+0x170/0x3f0 [ 1480.922488] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1480.927320] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1480.931810] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1480.937264] alloc_pages_current+0x155/0x260 [ 1480.941672] ion_page_pool_alloc+0x118/0x1b0 [ 1480.946074] ion_system_heap_allocate+0x133/0x8c0 [ 1480.950903] ? ion_alloc+0x187/0x810 [ 1480.954605] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1480.960067] ? ion_system_contig_heap_create+0x130/0x130 [ 1480.965524] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1480.970528] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1480.975361] ion_alloc+0x204/0x810 [ 1480.978892] ? ion_dma_buf_release+0x40/0x40 [ 1480.983291] ? __might_fault+0x177/0x1b0 [ 1480.987352] ion_ioctl+0xea/0x1f0 [ 1480.990788] ? ion_query_heaps+0x360/0x360 [ 1480.995022] ? ion_query_heaps+0x360/0x360 [ 1480.999248] do_vfs_ioctl+0x75a/0xff0 [ 1481.003047] ? ioctl_preallocate+0x1a0/0x1a0 [ 1481.007441] ? lock_downgrade+0x740/0x740 [ 1481.011577] ? __fget+0x225/0x360 [ 1481.015017] ? do_vfs_ioctl+0xff0/0xff0 [ 1481.018978] ? security_file_ioctl+0x83/0xb0 [ 1481.023375] SyS_ioctl+0x7f/0xb0 [ 1481.026732] ? do_vfs_ioctl+0xff0/0xff0 [ 1481.030811] do_syscall_64+0x1d5/0x640 [ 1481.034693] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1481.039978] RIP: 0033:0x465f69 [ 1481.043154] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1481.050850] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1481.058103] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1481.065364] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1481.072623] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1481.079881] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1481.087162] CPU: 0 PID: 5259 Comm: systemd-journal Not tainted 4.14.224-syzkaller #0 [ 1481.093867] Mem-Info: [ 1481.095043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1481.097452] active_anon:16391 inactive_anon:28336 isolated_anon:0 [ 1481.097452] active_file:13 inactive_file:13 isolated_file:4 [ 1481.097452] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1481.097452] slab_reclaimable:13445 slab_unreclaimable:121412 [ 1481.097452] mapped:52623 shmem:29456 pagetables:2522 bounce:0 [ 1481.097452] free:13952 free_pcp:76 free_cma:0 [ 1481.106764] Call Trace: [ 1481.106783] dump_stack+0x1b2/0x281 [ 1481.106794] dump_header+0x178/0x82f [ 1481.106804] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1481.106825] ? ___ratelimit+0x2cd/0x530 [ 1481.140062] Node 0 active_anon:61048kB inactive_anon:84296kB active_file:20kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:195900kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1481.142596] oom_kill_process.cold+0x10/0xb18 [ 1481.142615] out_of_memory+0xe3e/0x1190 [ 1481.146223] Node 1 active_anon:4516kB inactive_anon:29048kB active_file:32kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1481.149908] ? oom_killer_disable+0x1c0/0x1c0 [ 1481.154995] Node 0 [ 1481.158942] ? mutex_trylock+0x152/0x1a0 [ 1481.186524] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1481.190976] __alloc_pages_nodemask+0x23e1/0x2720 [ 1481.194934] lowmem_reserve[]: [ 1481.222154] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1481.222177] alloc_pages_current+0x155/0x260 [ 1481.226634] 0 [ 1481.228852] filemap_fault+0xea3/0x1980 [ 1481.232901] 2717 [ 1481.258637] ext4_filemap_fault+0x84/0xb0 [ 1481.258649] __do_fault+0xfa/0x380 [ 1481.263475] 2718 [ 1481.266549] __handle_mm_fault+0x2497/0x4620 [ 1481.271360] 2718 [ 1481.275747] ? ep_poll+0x1ab/0xa50 [ 1481.275754] ? vm_insert_page+0x7c0/0x7c0 [ 1481.275774] handle_mm_fault+0x391/0x860 [ 1481.277570] 2718 [ 1481.281526] __do_page_fault+0x549/0xad0 [ 1481.287691] ? spurious_fault+0x640/0x640 [ 1481.291198] Node 0 [ 1481.293242] ? do_page_fault+0x60/0x500 [ 1481.293251] ? page_fault+0x2f/0x50 [ 1481.293259] page_fault+0x45/0x50 [ 1481.297650] DMA32 free:18164kB min:36200kB low:45248kB high:54296kB active_anon:58924kB inactive_anon:84296kB active_file:20kB inactive_file:32kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7440kB bounce:0kB free_pcp:184kB local_pcp:160kB free_cma:0kB [ 1481.299682] RIP: 0001:0xffffffffffffffff [ 1481.303208] lowmem_reserve[]: [ 1481.307316] RSP: e9f331e0:00007ffdc592ea10 EFLAGS: 7ffdc592e820 [ 1481.315686] Mem-Info: [ 1481.328209] 0 [ 1481.343615] active_anon:16391 inactive_anon:28336 isolated_anon:0 [ 1481.343615] active_file:13 inactive_file:13 isolated_file:4 [ 1481.343615] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1481.343615] slab_reclaimable:13445 slab_unreclaimable:121412 [ 1481.343615] mapped:52623 shmem:29456 pagetables:2522 bounce:0 [ 1481.343615] free:13927 free_pcp:67 free_cma:0 [ 1481.366821] 0 [ 1481.367649] Node 0 active_anon:61048kB inactive_anon:84296kB active_file:20kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:195900kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1481.370692] 0 0 [ 1481.376818] Node 1 active_anon:4516kB inactive_anon:29048kB active_file:32kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1481.379179] 0 [ 1481.380968] Node 0 [ 1481.444893] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1481.451316] Node 0 [ 1481.486612] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1481.508580] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1481.512020] Node 0 DMA32 free:18164kB min:36200kB low:45248kB high:54296kB active_anon:58924kB inactive_anon:84296kB active_file:20kB inactive_file:32kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7440kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1481.512040] lowmem_reserve[]: [ 1481.540560] lowmem_reserve[]: [ 1481.566081] 0 [ 1481.581631] 0 [ 1481.582168] 0 [ 1481.583453] 0 [ 1481.585265] 0 [ 1481.587043] 0 [ 1481.588821] 0 [ 1481.590602] 0 [ 1481.596686] 0 [ 1481.597558] 0 [ 1481.600267] Node 1 Normal free:26672kB min:53696kB low:67120kB high:80544kB active_anon:4516kB inactive_anon:29048kB active_file:32kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2648kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1481.602248] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1481.634231] lowmem_reserve[]: 0 0 0 0 0 [ 1481.664854] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1481.671618] lowmem_reserve[]: 0 0 0 0 0 [ 1481.684129] Node 0 DMA32: 248*4kB (UME) 113*8kB (UME) 124*16kB (UME) 24*32kB (ME) 169*64kB (UM) 22*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18280kB [ 1481.686566] Node 1 Normal free:26672kB min:53696kB low:67120kB high:80544kB active_anon:4516kB inactive_anon:29048kB active_file:32kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2648kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1481.704132] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1481.740622] lowmem_reserve[]: 0 0 0 0 0 [ 1481.743225] Node 1 Normal: 150*4kB (M) 82*8kB (ME) 60*16kB (ME) 36*32kB (UME) 28*64kB (UME) 17*128kB (ME) 12*256kB (ME) [ 1481.744682] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1481.755793] Node 0 DMA32: 243*4kB (ME) 104*8kB (ME) 122*16kB (UME) 24*32kB (ME) 169*64kB (UM) 22*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18156kB [ 1481.755849] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1481.755891] Node 1 Normal: [ 1481.775152] 6*512kB [ 1481.786400] 150*4kB [ 1481.801771] (ME) 3*1024kB (UM) 5*2048kB (U) 0*4096kB = 26792kB [ 1481.810273] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1481.811622] (M) 82*8kB (ME) 60*16kB (ME) 36*32kB (UME) 28*64kB (UME) 17*128kB (ME) 12*256kB (ME) 6*512kB (ME) 3*1024kB (UM) 5*2048kB (U) 0*4096kB = 26792kB [ 1481.823959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1481.838424] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1481.852673] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1481.861246] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1481.870172] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1481.883194] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1481.891859] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1481.900454] 29486 total pagecache pages [ 1481.904485] 29486 total pagecache pages [ 1481.908459] 0 pages in swap cache [ 1481.911992] Swap cache stats: add 0, delete 0, find 0/0 [ 1481.915002] 0 pages in swap cache [ 1481.917343] Free swap = 0kB [ 1481.917348] Total swap = 0kB [ 1481.920788] Swap cache stats: add 0, delete 0, find 0/0 [ 1481.924132] 2097051 pages RAM [ 1481.927387] Free swap = 0kB [ 1481.932285] 0 pages HighMem/MovableOnly [ 1481.932289] 363840 pages reserved [ 1481.932293] 0 pages cma reserved [ 1482.013418] Total swap = 0kB [ 1482.016496] 2097051 pages RAM [ 1482.019597] 0 pages HighMem/MovableOnly [ 1482.052275] 363840 pages reserved [ 1482.071631] 0 pages cma reserved [ 1482.086012] Out of memory (oom_kill_allocating_task): Kill process 5259 (systemd-journal) score 0 or sacrifice child [ 1482.120005] Killed process 5259 (systemd-journal) total-vm:46096kB, anon-rss:472kB, file-rss:0kB, shmem-rss:1568kB [ 1482.142964] oom_reaper: reaped process 5259 (systemd-journal), now anon-rss:0kB, file-rss:0kB, shmem-rss:1568kB [ 1482.330195] systemd[1]: systemd-journald.service: Failed with result 'signal'. [ 1482.353197] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 1482.396809] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 1482.421796] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 1482.428678] systemd[1]: Stopped Journal Service. [ 1482.467125] systemd[1]: Starting Journal Service... [ 1482.740569] oom_reaper: reaped process 5465 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1482.796400] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1482.818895] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1482.826061] in:imklog invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1482.842032] CPU: 0 PID: 5458 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1482.847190] in:imklog cpuset= [ 1482.849860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1482.849868] / [ 1482.852949] Call Trace: [ 1482.865884] mems_allowed=0-1 [ 1482.866559] dump_stack+0x1b2/0x281 [ 1482.873264] warn_alloc.cold+0x96/0x1cc [ 1482.877221] ? zone_watermark_ok_safe+0x220/0x220 [ 1482.882067] __alloc_pages_nodemask+0x2127/0x2720 [ 1482.886920] ? io_schedule_timeout+0x140/0x140 [ 1482.891492] ? lock_acquire+0x170/0x3f0 [ 1482.895452] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1482.900290] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1482.905721] ? __mutex_unlock_slowpath+0x75/0x770 [ 1482.910549] alloc_pages_current+0x155/0x260 [ 1482.914940] ion_page_pool_alloc+0x118/0x1b0 [ 1482.919332] ion_system_heap_allocate+0x133/0x8c0 [ 1482.924153] ? _raw_spin_unlock+0x29/0x40 [ 1482.928296] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1482.933209] ? ion_system_contig_heap_create+0x130/0x130 [ 1482.938639] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1482.943643] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1482.948467] ion_alloc+0x27a/0x810 [ 1482.951990] ? ion_dma_buf_release+0x40/0x40 [ 1482.956388] ? __might_fault+0x177/0x1b0 [ 1482.960437] ion_ioctl+0xea/0x1f0 [ 1482.963882] ? ion_query_heaps+0x360/0x360 [ 1482.968100] ? ion_query_heaps+0x360/0x360 [ 1482.972313] do_vfs_ioctl+0x75a/0xff0 [ 1482.976094] ? ioctl_preallocate+0x1a0/0x1a0 [ 1482.980494] ? lock_downgrade+0x740/0x740 [ 1482.984624] ? __fget+0x225/0x360 [ 1482.988056] ? do_vfs_ioctl+0xff0/0xff0 [ 1482.992009] ? security_file_ioctl+0x83/0xb0 [ 1482.996398] SyS_ioctl+0x7f/0xb0 [ 1482.999740] ? do_vfs_ioctl+0xff0/0xff0 [ 1483.003696] do_syscall_64+0x1d5/0x640 [ 1483.007568] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1483.012750] RIP: 0033:0x465f69 [ 1483.015919] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1483.023605] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1483.030854] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1483.038113] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1483.045361] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1483.052610] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1483.059871] CPU: 1 PID: 5183 Comm: in:imklog Not tainted 4.14.224-syzkaller #0 [ 1483.067231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1483.076583] Call Trace: [ 1483.079176] dump_stack+0x1b2/0x281 [ 1483.082801] dump_header+0x178/0x82f [ 1483.086508] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1483.086625] syz-executor.5: [ 1483.091596] ? ___ratelimit+0x2cd/0x530 [ 1483.091605] oom_kill_process.cold+0x10/0xb18 [ 1483.091621] out_of_memory+0xe3e/0x1190 [ 1483.091633] ? oom_killer_disable+0x1c0/0x1c0 [ 1483.091640] ? mutex_trylock+0x152/0x1a0 [ 1483.091655] __alloc_pages_nodemask+0x23e1/0x2720 [ 1483.095385] Mem-Info: [ 1483.098624] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1483.104961] syz-executor.3: [ 1483.107051] alloc_pages_current+0x155/0x260 [ 1483.113295] page allocation failure: order:0 [ 1483.115640] filemap_fault+0xea3/0x1980 [ 1483.120454] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1483.122850] ext4_filemap_fault+0x84/0xb0 [ 1483.122860] __do_fault+0xfa/0x380 [ 1483.122868] __handle_mm_fault+0x2497/0x4620 [ 1483.122878] ? vm_insert_page+0x7c0/0x7c0 [ 1483.122886] ? lock_downgrade+0x740/0x740 [ 1483.122907] handle_mm_fault+0x391/0x860 [ 1483.128924] page allocation failure: order:0 [ 1483.130729] __do_page_fault+0x549/0xad0 [ 1483.136925] active_anon:16393 inactive_anon:28335 isolated_anon:0 [ 1483.136925] active_file:37 inactive_file:4 isolated_file:0 [ 1483.136925] unevictable:0 dirty:5 writeback:12 unstable:0 [ 1483.136925] slab_reclaimable:13443 slab_unreclaimable:120633 [ 1483.136925] mapped:52251 shmem:29456 pagetables:2519 bounce:0 [ 1483.136925] free:13712 free_pcp:30 free_cma:0 [ 1483.139499] ? spurious_fault+0x640/0x640 [ 1483.144225] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1483.150521] ? do_page_fault+0x60/0x500 [ 1483.156468] Node 0 active_anon:60840kB inactive_anon:84292kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194356kB dirty:20kB writeback:48kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1483.158191] ? page_fault+0x2f/0x50 [ 1483.164442] (null) [ 1483.166701] page_fault+0x45/0x50 [ 1483.170831] syz-executor.5 cpuset= [ 1483.174868] RIP: fffff7e7:0x1f9f [ 1483.174872] RSP: 37d874a0:00007f1a37d874ac EFLAGS: 7f1a37d87da0 [ 1483.184395] (null) [ 1483.222292] Node 1 active_anon:4684kB inactive_anon:29048kB active_file:12kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1483.234895] syz-executor.3 cpuset= [ 1483.265917] Node 0 [ 1483.274485] / [ 1483.317609] / [ 1483.317640] Mem-Info: [ 1483.325163] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1483.331039] active_anon:16379 inactive_anon:28335 isolated_anon:0 [ 1483.331039] active_file:14 inactive_file:13 isolated_file:0 [ 1483.331039] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1483.331039] slab_reclaimable:13447 slab_unreclaimable:120613 [ 1483.331039] mapped:52225 shmem:29456 pagetables:2522 bounce:0 [ 1483.331039] free:13830 free_pcp:30 free_cma:0 [ 1483.356936] lowmem_reserve[]: [ 1483.391220] mems_allowed=0-1 [ 1483.393007] mems_allowed=0-1 [ 1483.394397] CPU: 0 PID: 5418 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1483.408282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1483.417614] Call Trace: [ 1483.420203] dump_stack+0x1b2/0x281 [ 1483.423813] warn_alloc.cold+0x96/0x1cc [ 1483.427769] ? zone_watermark_ok_safe+0x220/0x220 [ 1483.432604] ? usleep_range+0x130/0x130 [ 1483.436559] ? try_to_free_pages+0x23f/0x6e0 [ 1483.440949] ? _find_next_bit+0xdb/0x100 [ 1483.441483] Node 0 active_anon:60832kB inactive_anon:84292kB active_file:44kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194308kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1483.445006] ? run_timer_softirq+0x5a0/0x5a0 [ 1483.476959] __alloc_pages_nodemask+0x2127/0x2720 [ 1483.481789] ? lock_acquire+0x170/0x3f0 [ 1483.485749] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1483.490571] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1483.495051] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1483.500484] alloc_pages_current+0x155/0x260 [ 1483.504875] ion_page_pool_alloc+0x118/0x1b0 [ 1483.509275] ion_system_heap_allocate+0x133/0x8c0 [ 1483.511475] Node 1 active_anon:4684kB inactive_anon:29048kB active_file:12kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1483.514099] ? ion_alloc+0x187/0x810 [ 1483.544922] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1483.550353] ? ion_system_contig_heap_create+0x130/0x130 [ 1483.555786] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1483.560783] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1483.565645] ion_alloc+0x204/0x810 [ 1483.569181] ? ion_dma_buf_release+0x40/0x40 [ 1483.571491] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1483.573585] ? __might_fault+0x177/0x1b0 [ 1483.573597] ion_ioctl+0xea/0x1f0 [ 1483.607417] ? ion_query_heaps+0x360/0x360 [ 1483.611636] ? ion_query_heaps+0x360/0x360 [ 1483.615849] do_vfs_ioctl+0x75a/0xff0 [ 1483.619634] ? ioctl_preallocate+0x1a0/0x1a0 [ 1483.621454] lowmem_reserve[]: [ 1483.624024] ? lock_downgrade+0x740/0x740 [ 1483.624037] ? __fget+0x225/0x360 [ 1483.627128] 0 [ 1483.631255] ? do_vfs_ioctl+0xff0/0xff0 [ 1483.640431] ? security_file_ioctl+0x83/0xb0 [ 1483.644829] SyS_ioctl+0x7f/0xb0 [ 1483.648176] ? do_vfs_ioctl+0xff0/0xff0 [ 1483.651452] 2717 2718 [ 1483.652134] do_syscall_64+0x1d5/0x640 [ 1483.652151] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1483.654610] 2718 2718 [ 1483.658483] RIP: 0033:0x465f69 [ 1483.669282] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1483.676970] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1483.676977] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1483.691473] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1483.698721] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1483.701449] Node 0 [ 1483.705970] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1483.712067] 0 2717 2718 2718 2718 [ 1483.719002] Node 0 DMA32 free:17760kB min:36200kB low:45248kB high:54296kB active_anon:58708kB inactive_anon:84292kB active_file:44kB inactive_file:40kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7356kB bounce:0kB free_pcp:120kB local_pcp:116kB free_cma:0kB [ 1483.731488] CPU: 1 PID: 5465 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1483.753660] lowmem_reserve[]: [ 1483.755703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1483.755711] 0 [ 1483.758802] Call Trace: [ 1483.770084] 0 [ 1483.772513] dump_stack+0x1b2/0x281 [ 1483.772527] warn_alloc.cold+0x96/0x1cc [ 1483.772540] ? zone_watermark_ok_safe+0x220/0x220 [ 1483.772548] ? usleep_range+0x130/0x130 [ 1483.772558] ? try_to_free_pages+0x23f/0x6e0 [ 1483.777945] 0 [ 1483.781896] ? _find_next_bit+0xdb/0x100 [ 1483.781906] ? run_timer_softirq+0x5a0/0x5a0 [ 1483.781922] __alloc_pages_nodemask+0x2127/0x2720 [ 1483.781938] ? lock_acquire+0x170/0x3f0 [ 1483.781951] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1483.781964] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1483.788133] 0 [ 1483.790745] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1483.799301] 0 [ 1483.800966] ? alloc_pages_current+0xe3/0x260 [ 1483.810178] alloc_pages_current+0x155/0x260 [ 1483.819565] Node 0 [ 1483.823431] ion_page_pool_alloc+0x118/0x1b0 [ 1483.823441] ion_system_heap_allocate+0x133/0x8c0 [ 1483.823451] ? ion_alloc+0x187/0x810 [ 1483.823460] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1483.823471] ? ion_system_contig_heap_create+0x130/0x130 [ 1483.825281] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1483.830700] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1483.837879] lowmem_reserve[]: [ 1483.841345] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1483.843602] 0 [ 1483.847946] ion_alloc+0x204/0x810 [ 1483.858204] 0 [ 1483.861893] ? ion_dma_buf_release+0x40/0x40 [ 1483.861905] ? __might_fault+0x177/0x1b0 [ 1483.861917] ion_ioctl+0xea/0x1f0 [ 1483.861927] ? ion_query_heaps+0x360/0x360 [ 1483.867352] 0 [ 1483.892231] ? ion_query_heaps+0x360/0x360 [ 1483.892241] do_vfs_ioctl+0x75a/0xff0 [ 1483.892252] ? ioctl_preallocate+0x1a0/0x1a0 [ 1483.892260] ? lock_downgrade+0x740/0x740 [ 1483.892271] ? __fget+0x225/0x360 [ 1483.892279] ? do_vfs_ioctl+0xff0/0xff0 [ 1483.892287] ? security_file_ioctl+0x83/0xb0 [ 1483.892296] SyS_ioctl+0x7f/0xb0 [ 1483.892302] ? do_vfs_ioctl+0xff0/0xff0 [ 1483.892311] do_syscall_64+0x1d5/0x640 [ 1483.892325] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1483.892333] RIP: 0033:0x465f69 [ 1483.892337] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1483.892347] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1483.892352] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1483.892357] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1483.892363] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1483.892369] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1483.901483] DMA32 free:17760kB min:36200kB low:45248kB high:54296kB active_anon:58708kB inactive_anon:84292kB active_file:44kB inactive_file:40kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7356kB bounce:0kB free_pcp:120kB local_pcp:4kB free_cma:0kB [ 1483.911188] 0 [ 1483.921134] lowmem_reserve[]: [ 1483.921246] 0 [ 1483.924759] 0 [ 1483.942127] 0 [ 1483.945120] Node 1 [ 1483.947273] 0 [ 1483.950728] Normal free:26588kB min:53696kB low:67120kB high:80544kB active_anon:4684kB inactive_anon:29048kB active_file:12kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2732kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1483.961543] 0 [ 1483.967948] lowmem_reserve[]: [ 1483.970356] 0 [ 1483.975593] 0 0 0 0 0 [ 1483.975611] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB [ 1483.991960] (UME) [ 1484.000547] Node 0 [ 1484.001013] 23*64kB [ 1484.008315] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1484.008318] lowmem_reserve[]: 0 [ 1484.021012] (UME) [ 1484.030123] 0 [ 1484.056816] 13*128kB [ 1484.064656] 0 [ 1484.065549] (UM) [ 1484.098647] 0 [ 1484.105739] Mem-Info: [ 1484.109278] 0 [ 1484.113575] 4*256kB [ 1484.148266] active_anon:16379 inactive_anon:28335 isolated_anon:0 [ 1484.148266] active_file:22 inactive_file:5 isolated_file:0 [ 1484.148266] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1484.148266] slab_reclaimable:13446 slab_unreclaimable:120593 [ 1484.148266] mapped:52225 shmem:29456 pagetables:2522 bounce:0 [ 1484.148266] free:13832 free_pcp:29 free_cma:0 [ 1484.205542] Node 1 Normal free:76000kB min:53696kB low:67120kB high:80544kB active_anon:4684kB inactive_anon:29048kB active_file:12kB inactive_file:12kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2732kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1484.234825] (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1484.245308] lowmem_reserve[]: 0 0 0 0 0 [ 1484.268270] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1484.271458] Node 0 DMA32: 696*4kB (UME) 112*8kB (UME) 127*16kB (UME) 21*32kB (ME) 307*64kB (UME) 66*128kB (U) 14*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 38064kB [ 1484.305361] Node 0 [ 1484.336238] Node 0 active_anon:60832kB inactive_anon:84292kB active_file:64kB inactive_file:552kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194608kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1484.338935] DMA32: 15*4kB (ME) 63*8kB (E) 118*16kB (E) 19*32kB (E) 326*64kB (UME) 66*128kB (U) 14*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35956kB [ 1484.391456] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1484.399963] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1484.406390] Node 1 [ 1484.416978] Node 1 active_anon:4684kB inactive_anon:29048kB active_file:112kB inactive_file:120kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14692kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1484.446602] Node 1 Normal: 161*4kB (UM) 95*8kB (UME) 49*16kB (UME) 51*32kB (UME) 81*64kB (UME) 14*128kB (ME) 31*256kB (UME) 70*512kB (UME) 9*1024kB (U) 0*2048kB 0*4096kB = 63788kB [ 1484.473893] Normal: 475*4kB (UM) 101*8kB (UME) 53*16kB (UME) 52*32kB (UME) 156*64kB (UME) 14*128kB (ME) 31*256kB (UME) 70*512kB (UME) 9*1024kB (U) 0*2048kB 0*4096kB = 69988kB [ 1484.491506] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1484.501466] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1484.510297] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1484.519523] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1484.519683] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1484.545998] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1484.546003] 29834 total pagecache pages [ 1484.546013] 0 pages in swap cache [ 1484.546018] Swap cache stats: add 0, delete 0, find 0/0 [ 1484.546026] Free swap = 0kB [ 1484.546030] Total swap = 0kB [ 1484.546036] 2097051 pages RAM [ 1484.546039] 0 pages HighMem/MovableOnly [ 1484.546042] 363840 pages reserved [ 1484.546045] 0 pages cma reserved [ 1484.546062] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1484.546078] Node 0 DMA32 free:38096kB min:36200kB low:45248kB high:54296kB active_anon:58708kB inactive_anon:84292kB active_file:176kB inactive_file:400kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7356kB bounce:0kB free_pcp:1436kB local_pcp:720kB free_cma:0kB [ 1484.546097] lowmem_reserve[]: 0 0 0 0 0 [ 1484.546116] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1484.546134] lowmem_reserve[]: 0 0 0 0 0 [ 1484.546153] Node 1 Normal free:91128kB min:53696kB low:67120kB high:80544kB active_anon:4684kB inactive_anon:29048kB active_file:12kB inactive_file:1016kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2732kB bounce:0kB free_pcp:1444kB local_pcp:620kB free_cma:0kB [ 1484.546171] lowmem_reserve[]: 0 0 0 0 0 [ 1484.546188] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1484.546255] Node 0 DMA32: 338*4kB (UME) 100*8kB (UME) 129*16kB (UME) 25*32kB (UE) 340*64kB (UME) 66*128kB (U) 14*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 38808kB [ 1484.546318] Node 0 Normal: [ 1484.637253] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1484.697874] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1484.757362] Node 1 Normal: 490*4kB (UM) 87*8kB (UME) 31*16kB (UME) 33*32kB (UME) 82*64kB (UME) 14*128kB (ME) 13*256kB (UME) 70*512kB (UME) 9*1024kB (U) 0*2048kB 0*4096kB = 59632kB [ 1484.757817] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1484.794855] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1484.821809] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1484.845148] 29527 total pagecache pages [ 1484.849152] 0 pages in swap cache [ 1484.851499] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1484.861164] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1484.875268] Swap cache stats: add 0, delete 0, find 0/0 [ 1484.880643] Free swap = 0kB [ 1484.911452] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1484.916127] Total swap = 0kB [ 1484.920077] 29492 total pagecache pages [ 1484.935244] 0 pages in swap cache [ 1484.938720] Swap cache stats: add 0, delete 0, find 0/0 [ 1484.944111] Free swap = 0kB [ 1484.947116] Total swap = 0kB [ 1484.949199] 2097051 pages RAM [ 1484.950120] 2097051 pages RAM [ 1484.960788] 0 pages HighMem/MovableOnly [ 1484.964811] 363840 pages reserved [ 1484.968256] 0 pages cma reserved [ 1484.991590] 0 pages HighMem/MovableOnly [ 1484.995559] 363840 pages reserved [ 1484.998998] 0 pages cma reserved [ 1485.021442] Out of memory (oom_kill_allocating_task): Kill process 5183 (in:imklog) score 0 or sacrifice child [ 1485.061459] Killed process 5171 (rsyslogd) total-vm:254332kB, anon-rss:808kB, file-rss:0kB, shmem-rss:0kB [ 1485.072670] oom_reaper: reaped process 5171 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1485.129416] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL [ 1485.201788] systemd[1]: rsyslog.service: Unit entered failed state. [ 1485.222353] systemd[1]: rsyslog.service: Failed with result 'signal'. [ 1485.290563] systemd invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1485.309764] systemd cpuset=/ mems_allowed=0-1 [ 1485.314333] CPU: 1 PID: 1 Comm: systemd Not tainted 4.14.224-syzkaller #0 [ 1485.321242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1485.330584] Call Trace: [ 1485.333156] dump_stack+0x1b2/0x281 [ 1485.336775] dump_header+0x178/0x82f [ 1485.340471] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1485.345559] ? ___ratelimit+0x2cd/0x530 [ 1485.349510] oom_kill_process.cold+0x10/0xb18 [ 1485.353987] ? lock_downgrade+0x740/0x740 [ 1485.358115] out_of_memory+0x2dc/0x1190 [ 1485.362070] ? oom_killer_disable+0x1c0/0x1c0 [ 1485.366542] ? mutex_trylock+0x152/0x1a0 [ 1485.370582] __alloc_pages_nodemask+0x23e1/0x2720 [ 1485.375425] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1485.380278] alloc_pages_current+0x155/0x260 [ 1485.384676] filemap_fault+0xea3/0x1980 [ 1485.388650] ext4_filemap_fault+0x84/0xb0 [ 1485.392789] __do_fault+0xfa/0x380 [ 1485.396332] __handle_mm_fault+0x2497/0x4620 [ 1485.400740] ? vm_insert_page+0x7c0/0x7c0 [ 1485.404890] handle_mm_fault+0x391/0x860 [ 1485.408955] __do_page_fault+0x549/0xad0 [ 1485.413011] ? spurious_fault+0x640/0x640 [ 1485.417147] ? do_page_fault+0x60/0x500 [ 1485.421101] ? page_fault+0x2f/0x50 [ 1485.424707] page_fault+0x45/0x50 [ 1485.428138] RIP: 40cc2230:0x1c [ 1485.431307] RSP: 40cc2330:0000000000000000 EFLAGS: 7ffe40cc22b0 [ 1485.444107] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1485.467792] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1485.472977] CPU: 1 PID: 5418 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1485.480784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1485.490132] Call Trace: [ 1485.492712] dump_stack+0x1b2/0x281 [ 1485.496322] warn_alloc.cold+0x96/0x1cc [ 1485.500279] ? zone_watermark_ok_safe+0x220/0x220 [ 1485.505109] __alloc_pages_nodemask+0x2127/0x2720 [ 1485.509937] ? lock_acquire+0x170/0x3f0 [ 1485.513915] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1485.518752] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1485.524181] ? __mutex_unlock_slowpath+0x75/0x770 [ 1485.529003] alloc_pages_current+0x155/0x260 [ 1485.533394] ion_page_pool_alloc+0x118/0x1b0 [ 1485.537783] ion_system_heap_allocate+0x133/0x8c0 [ 1485.542608] ? _raw_spin_unlock+0x29/0x40 [ 1485.546736] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1485.551646] ? ion_system_contig_heap_create+0x130/0x130 [ 1485.557075] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1485.562079] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1485.566902] ion_alloc+0x27a/0x810 [ 1485.570443] ? ion_dma_buf_release+0x40/0x40 [ 1485.574852] ? __might_fault+0x177/0x1b0 [ 1485.578925] ion_ioctl+0xea/0x1f0 [ 1485.582362] ? ion_query_heaps+0x360/0x360 [ 1485.586578] ? ion_query_heaps+0x360/0x360 [ 1485.590794] do_vfs_ioctl+0x75a/0xff0 [ 1485.594594] ? ioctl_preallocate+0x1a0/0x1a0 [ 1485.598994] ? lock_downgrade+0x740/0x740 [ 1485.603124] ? __fget+0x225/0x360 [ 1485.606556] ? do_vfs_ioctl+0xff0/0xff0 [ 1485.610520] ? security_file_ioctl+0x83/0xb0 [ 1485.614907] SyS_ioctl+0x7f/0xb0 [ 1485.618250] ? do_vfs_ioctl+0xff0/0xff0 [ 1485.622206] do_syscall_64+0x1d5/0x640 [ 1485.626077] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1485.631247] RIP: 0033:0x465f69 [ 1485.634414] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1485.642112] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1485.649363] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1485.656611] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1485.663861] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1485.671108] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1485.683939] warn_alloc_show_mem: 1 callbacks suppressed [ 1485.683942] Mem-Info: [ 1485.693730] active_anon:16155 inactive_anon:28335 isolated_anon:0 [ 1485.693730] active_file:42 inactive_file:7 isolated_file:25 [ 1485.693730] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1485.693730] slab_reclaimable:13454 slab_unreclaimable:120490 [ 1485.693730] mapped:52250 shmem:29456 pagetables:2522 bounce:0 [ 1485.693730] free:13919 free_pcp:0 free_cma:0 [ 1485.717923] Mem-Info: [ 1485.729346] active_anon:16155 inactive_anon:28335 isolated_anon:0 [ 1485.729346] active_file:42 inactive_file:7 isolated_file:25 [ 1485.729346] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1485.729346] slab_reclaimable:13454 slab_unreclaimable:120490 [ 1485.729346] mapped:52250 shmem:29456 pagetables:2522 bounce:0 [ 1485.729346] free:13919 free_pcp:0 free_cma:0 [ 1485.730255] Node 0 active_anon:59932kB inactive_anon:84292kB active_file:56kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194308kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1485.762628] Node 0 active_anon:59932kB inactive_anon:84292kB active_file:56kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194308kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1485.793798] Node 1 active_anon:4688kB inactive_anon:29048kB active_file:112kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):100kB mapped:14692kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1485.843457] Node 1 active_anon:4688kB inactive_anon:29048kB active_file:112kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):100kB mapped:14692kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1485.855226] Node 0 [ 1485.877368] Node 0 [ 1485.878584] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1485.879618] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1485.881903] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1485.881925] Node 0 DMA32 free:17908kB min:36200kB low:45248kB high:54296kB active_anon:57808kB inactive_anon:84292kB active_file:56kB inactive_file:56kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8576kB pagetables:7356kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1485.881947] lowmem_reserve[]: [ 1485.907799] lowmem_reserve[]: [ 1485.937237] 0 [ 1485.938807] 0 [ 1485.972787] 0 0 0 0 [ 1485.979503] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1485.987561] 2717 2718 2718 2718 [ 1486.008992] lowmem_reserve[]: [ 1486.009432] Node 0 [ 1486.009435] 0 0 [ 1486.012574] DMA32 free:18016kB min:36200kB low:45248kB high:54296kB active_anon:57792kB inactive_anon:84292kB active_file:16kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8576kB pagetables:7276kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1486.014766] 0 0 [ 1486.016723] lowmem_reserve[]: [ 1486.049257] 0 [ 1486.054216] Node 1 Normal free:27148kB min:53696kB low:67120kB high:80544kB active_anon:4704kB inactive_anon:29048kB active_file:44kB inactive_file:48kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2744kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1486.065204] 0 [ 1486.086915] lowmem_reserve[]: 0 0 0 0 0 [ 1486.092889] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1486.093834] syz-executor.3: [ 1486.114782] Node 0 DMA32: 420*4kB (UME) 269*8kB (UME) 132*16kB (UME) 30*32kB (UME) 16*64kB (ME) 51*128kB (U) 14*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18040kB [ 1486.121348] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1486.147050] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1486.160137] 0 [ 1486.170370] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1486.177875] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1486.179444] CPU: 0 PID: 5458 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1486.179451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1486.194495] Node 1 [ 1486.197081] Call Trace: [ 1486.206463] (null) [ 1486.208673] dump_stack+0x1b2/0x281 [ 1486.211232] syz-executor.3 cpuset= [ 1486.213365] warn_alloc.cold+0x96/0x1cc [ 1486.213377] ? zone_watermark_ok_safe+0x220/0x220 [ 1486.213387] ? usleep_range+0x130/0x130 [ 1486.216991] Normal: [ 1486.220506] ? _find_next_bit+0xdb/0x100 [ 1486.224476] / [ 1486.229277] ? run_timer_softirq+0x5a0/0x5a0 [ 1486.233242] 165*4kB [ 1486.235536] __alloc_pages_nodemask+0x2127/0x2720 [ 1486.239564] (UME) [ 1486.241269] ? lock_acquire+0x170/0x3f0 [ 1486.245668] mems_allowed=0-1 [ 1486.247981] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1486.261289] 91*8kB [ 1486.261954] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1486.266767] (UM) [ 1486.268992] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1486.280944] alloc_pages_current+0x155/0x260 [ 1486.281285] 40*16kB (UME) [ 1486.285336] ion_page_pool_alloc+0x118/0x1b0 [ 1486.285342] 35*32kB [ 1486.288166] ion_system_heap_allocate+0x133/0x8c0 [ 1486.299682] ? _raw_spin_unlock+0x29/0x40 [ 1486.303898] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1486.308806] ? ion_system_contig_heap_create+0x130/0x130 [ 1486.311285] (ME) [ 1486.314235] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1486.314246] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1486.316315] 15*64kB [ 1486.321295] ion_alloc+0x27a/0x810 [ 1486.321308] ? ion_dma_buf_release+0x40/0x40 [ 1486.321320] ? __might_fault+0x177/0x1b0 [ 1486.340357] ion_ioctl+0xea/0x1f0 [ 1486.341283] (ME) 12*128kB [ 1486.343795] ? ion_query_heaps+0x360/0x360 [ 1486.343808] ? ion_query_heaps+0x360/0x360 [ 1486.346639] (ME) [ 1486.350852] do_vfs_ioctl+0x75a/0xff0 [ 1486.360870] ? ioctl_preallocate+0x1a0/0x1a0 [ 1486.362467] 12*256kB [ 1486.365259] ? lock_downgrade+0x740/0x740 [ 1486.365264] (UME) [ 1486.367656] ? __fget+0x225/0x360 [ 1486.377342] ? do_vfs_ioctl+0xff0/0xff0 [ 1486.381282] 35*512kB (UME) [ 1486.381302] ? security_file_ioctl+0x83/0xb0 [ 1486.381312] SyS_ioctl+0x7f/0xb0 [ 1486.384354] 0*1024kB [ 1486.388751] ? do_vfs_ioctl+0xff0/0xff0 [ 1486.398457] do_syscall_64+0x1d5/0x640 [ 1486.401285] 0*2048kB 0*4096kB = 26636kB [ 1486.402358] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1486.402367] RIP: 0033:0x465f69 [ 1486.406321] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1486.411481] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1486.411496] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1486.411504] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1486.431283] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1486.438424] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1486.461280] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1486.461489] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1486.470297] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1486.477541] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1486.479645] 0 0 0 [ 1486.497683] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1486.500200] CPU: 1 PID: 5465 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1486.525132] lowmem_reserve[]: [ 1486.530979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1486.530988] 0 [ 1486.534072] Call Trace: [ 1486.534095] dump_stack+0x1b2/0x281 [ 1486.534108] warn_alloc.cold+0x96/0x1cc [ 1486.534120] ? zone_watermark_ok_safe+0x220/0x220 [ 1486.534141] __alloc_pages_nodemask+0x2127/0x2720 [ 1486.545420] 0 [ 1486.547868] ? check_preemption_disabled+0x35/0x240 [ 1486.551506] 0 [ 1486.555425] ? lock_acquire+0x170/0x3f0 [ 1486.560251] 0 0 [ 1486.565086] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1486.565104] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1486.565115] ? __mutex_unlock_slowpath+0x75/0x770 [ 1486.565128] alloc_pages_current+0x155/0x260 [ 1486.565142] ion_page_pool_alloc+0x118/0x1b0 [ 1486.565152] ion_system_heap_allocate+0x133/0x8c0 [ 1486.571956] ? _raw_spin_unlock+0x29/0x40 [ 1486.571966] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1486.571975] ? ion_system_contig_heap_create+0x130/0x130 [ 1486.571986] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1486.571997] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1486.573788] Node 1 [ 1486.577760] ion_alloc+0x27a/0x810 [ 1486.579711] Normal free:26636kB min:53696kB low:67120kB high:80544kB active_anon:4704kB inactive_anon:29048kB active_file:44kB inactive_file:48kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2744kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1486.584531] ? ion_dma_buf_release+0x40/0x40 [ 1486.584543] ? __might_fault+0x177/0x1b0 [ 1486.584552] ion_ioctl+0xea/0x1f0 [ 1486.584560] ? ion_query_heaps+0x360/0x360 [ 1486.584572] ? ion_query_heaps+0x360/0x360 [ 1486.584580] do_vfs_ioctl+0x75a/0xff0 [ 1486.584591] ? ioctl_preallocate+0x1a0/0x1a0 [ 1486.584598] ? lock_downgrade+0x740/0x740 [ 1486.584610] ? __fget+0x225/0x360 [ 1486.584620] ? do_vfs_ioctl+0xff0/0xff0 [ 1486.591469] lowmem_reserve[]: [ 1486.594874] ? security_file_ioctl+0x83/0xb0 [ 1486.599252] 0 [ 1486.603643] SyS_ioctl+0x7f/0xb0 [ 1486.603651] ? do_vfs_ioctl+0xff0/0xff0 [ 1486.603661] do_syscall_64+0x1d5/0x640 [ 1486.603678] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1486.603685] RIP: 0033:0x465f69 [ 1486.603690] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1486.603699] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1486.603703] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1486.603710] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1486.609335] 0 [ 1486.612653] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1486.612658] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1486.626673] 29487 total pagecache pages [ 1486.629201] 0 [ 1486.641807] 0 pages in swap cache [ 1486.667567] 0 [ 1486.671181] Swap cache stats: add 0, delete 0, find 0/0 [ 1486.675252] 0 [ 1486.675260] Node 0 DMA: 21*4kB (ME) 19*8kB (ME) 13*16kB (ME) 7*32kB (UME) 23*64kB (UME) 13*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 1*2048kB (M) 0*4096kB = 10972kB [ 1486.675331] Node 0 DMA32: 420*4kB (UME) 269*8kB (UME) [ 1486.691029] Free swap = 0kB [ 1486.691283] 132*16kB [ 1486.697265] Total swap = 0kB [ 1486.699587] (UME) [ 1486.703037] 2097051 pages RAM [ 1486.703041] 0 pages HighMem/MovableOnly [ 1486.703044] 363840 pages reserved [ 1486.703047] 0 pages cma reserved [ 1486.704973] Mem-Info: [ 1486.708639] 30*32kB [ 1486.710124] active_anon:16155 inactive_anon:28335 isolated_anon:0 [ 1486.710124] active_file:15 inactive_file:16 isolated_file:0 [ 1486.710124] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1486.710124] slab_reclaimable:13455 slab_unreclaimable:120478 [ 1486.710124] mapped:52225 shmem:29456 pagetables:2505 bounce:0 [ 1486.710124] free:13906 free_pcp:0 free_cma:0 [ 1486.714534] (UME) 16*64kB (ME) 51*128kB (U) 14*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18040kB [ 1486.714572] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1486.714616] Node 1 Normal: 165*4kB (UME) 91*8kB (UM) [ 1486.728933] Node 0 active_anon:59916kB inactive_anon:84292kB active_file:16kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194308kB dirty:0kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1486.734598] 40*16kB [ 1486.736109] syz-executor.5: [ 1486.743822] (UME) 35*32kB (ME) 15*64kB (ME) 12*128kB (ME) 12*256kB (UME) 35*512kB (UME) 0*1024kB 0*2048kB 0*4096kB [ 1486.760124] Node 1 active_anon:4704kB inactive_anon:29048kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:29164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1486.767486] = 26636kB [ 1486.778326] page allocation failure: order:0 [ 1486.783911] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1486.793275] Node 0 [ 1486.798533] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1486.800324] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:2124kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1486.817796] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1486.833625] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1486.861685] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1486.889854] lowmem_reserve[]: [ 1486.991673] 29745 total pagecache pages [ 1487.010217] (null) [ 1487.071101] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1487.079321] CPU: 1 PID: 5418 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1487.087131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1487.096484] Call Trace: [ 1487.099101] dump_stack+0x1b2/0x281 [ 1487.102727] warn_alloc.cold+0x96/0x1cc [ 1487.106702] ? zone_watermark_ok_safe+0x220/0x220 [ 1487.111542] ? usleep_range+0x130/0x130 [ 1487.115512] ? try_to_free_pages+0x23f/0x6e0 [ 1487.119916] ? _find_next_bit+0xdb/0x100 [ 1487.123975] ? run_timer_softirq+0x5a0/0x5a0 [ 1487.128381] __alloc_pages_nodemask+0x2127/0x2720 [ 1487.133225] ? lock_acquire+0x170/0x3f0 [ 1487.137198] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1487.141273] 0 pages in swap cache [ 1487.142033] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1487.145462] Swap cache stats: add 0, delete 0, find 0/0 [ 1487.145468] Free swap = 0kB [ 1487.149948] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1487.163726] alloc_pages_current+0x155/0x260 [ 1487.168137] ion_page_pool_alloc+0x118/0x1b0 [ 1487.172546] ion_system_heap_allocate+0x133/0x8c0 [ 1487.177385] ? _raw_spin_unlock+0x29/0x40 [ 1487.181527] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1487.186454] ? ion_system_contig_heap_create+0x130/0x130 [ 1487.191328] Total swap = 0kB [ 1487.191891] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1487.191903] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1487.194903] 2097051 pages RAM [ 1487.199903] ion_alloc+0x27a/0x810 [ 1487.211342] ? ion_dma_buf_release+0x40/0x40 [ 1487.215746] ? __might_fault+0x177/0x1b0 [ 1487.219802] ion_ioctl+0xea/0x1f0 [ 1487.223248] ? ion_query_heaps+0x360/0x360 [ 1487.227481] ? ion_query_heaps+0x360/0x360 [ 1487.231710] do_vfs_ioctl+0x75a/0xff0 [ 1487.235509] ? ioctl_preallocate+0x1a0/0x1a0 [ 1487.238698] 0 pages HighMem/MovableOnly [ 1487.239921] ? lock_downgrade+0x740/0x740 [ 1487.239934] ? __fget+0x225/0x360 [ 1487.243925] 363840 pages reserved [ 1487.248030] ? do_vfs_ioctl+0xff0/0xff0 [ 1487.253416] 0 pages cma reserved [ 1487.254916] ? security_file_ioctl+0x83/0xb0 [ 1487.258862] Out of memory: Kill process 4962 (syz-executor.0) score 1005 or sacrifice child [ 1487.262206] SyS_ioctl+0x7f/0xb0 [ 1487.262214] ? do_vfs_ioctl+0xff0/0xff0 [ 1487.262224] do_syscall_64+0x1d5/0x640 [ 1487.262240] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1487.262248] RIP: 0033:0x465f69 [ 1487.266659] Killed process 4962 (syz-executor.0) total-vm:93252kB, anon-rss:2196kB, file-rss:34628kB, shmem-rss:0kB [ 1487.275092] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1487.275102] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1487.275107] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1487.275113] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1487.275117] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1487.275123] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1487.359563] 0 2717 2718 2718 2718 [ 1487.363173] Node 0 DMA32 free:35724kB min:36200kB low:45248kB high:54296kB active_anon:57792kB inactive_anon:84292kB active_file:16kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8576kB pagetables:7276kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1487.473427] lowmem_reserve[]: 0 0 0 0 0 [ 1487.477457] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1487.526598] lowmem_reserve[]: 0 0 0 0 0 [ 1487.531074] Node 1 Normal free:137848kB min:53696kB low:67120kB high:80544kB active_anon:4704kB inactive_anon:29048kB active_file:64kB inactive_file:664kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1152kB pagetables:2744kB bounce:0kB free_pcp:76kB local_pcp:8kB free_cma:0kB [ 1487.583831] oom_reaper: reaped process 4962 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1487.613626] lowmem_reserve[]: 0 0 0 0 0 [ 1487.636812] Node 0 DMA: 12*4kB (UE) 6*8kB (ME) 2*16kB (ME) 2*32kB (ME) 8*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 2*2048kB (M) 0*4096kB = 11072kB [ 1487.670559] Node 0 DMA32: 191*4kB (UM) 118*8kB (UME) 126*16kB (UME) 27*32kB (UME) 52*64kB (UME) 216*128kB (U) 14*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 39148kB [ 1487.686279] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1487.697355] Node 1 Normal: 2*4kB (UM) 1*8kB (E) 1*16kB (E) 1*32kB (E) 3*64kB (UME) 1*128kB (U) 1*256kB (E) 2*512kB (ME) 129*1024kB (U) 48*2048kB (U) 0*4096kB = 232064kB [ 1487.713527] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1487.722434] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1487.731016] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1487.747143] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1487.765335] systemd[1]: rsyslog.service: Service hold-off time over, scheduling restart. [ 1487.771289] 32203 total pagecache pages [ 1487.777559] 0 pages in swap cache [ 1487.785537] systemd-journald[5474]: File /run/log/journal/64dd78f1a75445a997c532444ad0f085/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 1487.791272] Swap cache stats: add 0, delete 0, find 0/0 [ 1487.816620] systemd[1]: Stopped System Logging Service. [ 1487.822117] Free swap = 0kB [ 1487.825140] Total swap = 0kB [ 1487.828154] 2097051 pages RAM [ 1487.841269] 0 pages HighMem/MovableOnly [ 1487.845296] 363840 pages reserved [ 1487.848735] 0 pages cma reserved [ 1487.865606] systemd[1]: Starting System Logging Service... [ 1488.048284] oom_reaper: reaped process 5408 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1488.082363] ion_system_heap invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=0 [ 1488.094557] ion_system_heap cpuset=/ mems_allowed=0-1 [ 1488.099759] CPU: 1 PID: 4244 Comm: ion_system_heap Not tainted 4.14.224-syzkaller #0 [ 1488.107702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1488.117035] Call Trace: [ 1488.119608] dump_stack+0x1b2/0x281 [ 1488.123231] dump_header+0x178/0x82f [ 1488.126949] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1488.132041] ? ___ratelimit+0x2cd/0x530 [ 1488.135998] oom_kill_process.cold+0x10/0xb18 [ 1488.140627] ? lock_downgrade+0x740/0x740 [ 1488.144761] out_of_memory+0x2dc/0x1190 [ 1488.148716] ? oom_killer_disable+0x1c0/0x1c0 [ 1488.153189] ? mutex_trylock+0x152/0x1a0 [ 1488.157238] __alloc_pages_nodemask+0x23e1/0x2720 [ 1488.162076] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1488.166910] ? ion_heap_sglist_zero+0x165/0x220 [ 1488.171561] ? cache_grow_begin+0x41/0x630 [ 1488.175773] cache_grow_begin+0x91/0x630 [ 1488.179810] ? cache_grow_begin+0x91/0x630 [ 1488.184028] fallback_alloc+0x207/0x2c0 [ 1488.187990] kmem_cache_alloc_node_trace+0xed/0x400 [ 1488.192989] __get_vm_area_node+0xed/0x340 [ 1488.197201] vmap+0xd5/0x290 [ 1488.200199] ? ion_heap_clear_pages+0x23/0x70 [ 1488.204676] ? vunmap+0x50/0x50 [ 1488.207941] ? __vunmap+0x21c/0x300 [ 1488.211571] ion_heap_clear_pages+0x23/0x70 [ 1488.215887] ion_heap_sglist_zero+0x165/0x220 [ 1488.220417] ? ion_heap_clear_pages+0x70/0x70 [ 1488.224928] ? pagerange_is_ram_callback+0x100/0x100 [ 1488.230023] ? ion_heap_deferred_free+0x222/0x470 [ 1488.234877] ion_system_heap_free+0x1d0/0x240 [ 1488.239391] ion_buffer_destroy+0x132/0x190 [ 1488.243706] ion_heap_deferred_free+0x22a/0x470 [ 1488.248366] ? __schedule+0x857/0x1de0 [ 1488.252249] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1488.257163] ? wait_woken+0x230/0x230 [ 1488.260956] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1488.266049] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 1488.270704] kthread+0x30d/0x420 [ 1488.274055] ? kthread_create_on_node+0xd0/0xd0 [ 1488.278707] ret_from_fork+0x24/0x30 [ 1488.281211] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1488.284457] Mem-Info: [ 1488.298004] active_anon:15658 inactive_anon:30368 isolated_anon:0 [ 1488.298004] active_file:11 inactive_file:11 isolated_file:4 [ 1488.298004] unevictable:0 dirty:19 writeback:0 unstable:0 [ 1488.298004] slab_reclaimable:13494 slab_unreclaimable:120513 [ 1488.298004] mapped:52545 shmem:31504 pagetables:2450 bounce:0 [ 1488.298004] free:13893 free_pcp:0 free_cma:0 [ 1488.315837] syz-executor.1 cpuset= [ 1488.332652] Node 0 active_anon:57832kB inactive_anon:84232kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194312kB dirty:4kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1488.334825] / [ 1488.336199] Node 1 active_anon:4800kB inactive_anon:37240kB active_file:52kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:15868kB dirty:72kB writeback:0kB shmem:37356kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1488.367031] mems_allowed=0-1 [ 1488.392734] Node 0 DMA free:10960kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1488.392753] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1488.392770] Node 0 DMA32 free:17912kB min:36200kB low:45248kB high:54296kB active_anon:57752kB inactive_anon:84232kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8544kB pagetables:7176kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1488.392786] lowmem_reserve[]: 0 0 0 0 0 [ 1488.392800] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1488.392814] lowmem_reserve[]: 0 0 0 0 0 [ 1488.392831] Node 1 Normal free:26700kB min:53696kB low:67120kB high:80544kB active_anon:4900kB inactive_anon:37240kB active_file:352kB inactive_file:48kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1088kB pagetables:2620kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1488.392848] lowmem_reserve[]: 0 0 0 0 0 [ 1488.392865] Node 0 DMA: 22*4kB (UME) 21*8kB (UME) 12*16kB (ME) 6*32kB (ME) 9*64kB (UME) 4*128kB (M) 4*256kB (UME) 2*512kB (UE) [ 1488.399471] CPU: 0 PID: 5408 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1488.422252] 3*1024kB [ 1488.427195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1488.455554] (UE) [ 1488.459488] Call Trace: [ 1488.484980] 2*2048kB [ 1488.488928] dump_stack+0x1b2/0x281 [ 1488.517535] (M) [ 1488.521482] warn_alloc.cold+0x96/0x1cc [ 1488.521495] ? zone_watermark_ok_safe+0x220/0x220 [ 1488.533093] 0*4096kB [ 1488.540868] ? usleep_range+0x130/0x130 [ 1488.543268] = 10944kB [ 1488.552585] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1488.552597] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1488.552606] ? run_timer_softirq+0x5a0/0x5a0 [ 1488.554642] Node 0 [ 1488.557229] __alloc_pages_nodemask+0x2127/0x2720 [ 1488.559610] DMA32: [ 1488.563236] ? lock_acquire+0x170/0x3f0 [ 1488.563253] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1488.563263] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1488.563278] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1488.565239] 242*4kB [ 1488.569211] ? alloc_pages_current+0x16/0x260 [ 1488.574065] (UME) [ 1488.576416] alloc_pages_current+0x155/0x260 [ 1488.580360] 122*8kB [ 1488.582760] ion_page_pool_alloc+0x118/0x1b0 [ 1488.582771] ion_system_heap_allocate+0x133/0x8c0 [ 1488.587844] (ME) [ 1488.592844] ? ion_alloc+0x187/0x810 [ 1488.592854] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1488.592865] ? ion_system_contig_heap_create+0x130/0x130 [ 1488.597255] 125*16kB [ 1488.599483] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1488.599494] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1488.604322] (ME) [ 1488.606529] ion_alloc+0x204/0x810 [ 1488.610470] 21*32kB [ 1488.615295] ? ion_dma_buf_release+0x40/0x40 [ 1488.615307] ? __might_fault+0x177/0x1b0 [ 1488.619782] (ME) [ 1488.625215] ion_ioctl+0xea/0x1f0 [ 1488.625225] ? ion_query_heaps+0x360/0x360 [ 1488.625238] ? ion_query_heaps+0x360/0x360 [ 1488.627540] 17*64kB [ 1488.632014] do_vfs_ioctl+0x75a/0xff0 [ 1488.632025] ? ioctl_preallocate+0x1a0/0x1a0 [ 1488.632034] ? lock_downgrade+0x740/0x740 [ 1488.634153] (ME) [ 1488.638556] ? __fget+0x225/0x360 [ 1488.640863] 69*128kB [ 1488.645249] ? do_vfs_ioctl+0xff0/0xff0 [ 1488.645259] ? security_file_ioctl+0x83/0xb0 [ 1488.645269] SyS_ioctl+0x7f/0xb0 [ 1488.650080] (U) [ 1488.652123] ? do_vfs_ioctl+0xff0/0xff0 [ 1488.652134] do_syscall_64+0x1d5/0x640 [ 1488.652151] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1488.655830] 14*256kB [ 1488.661258] RIP: 0033:0x465f69 [ 1488.661263] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1488.661275] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1488.666695] (UM) [ 1488.669087] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1488.674089] 0*512kB [ 1488.678911] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1488.680964] 0*1024kB [ 1488.684476] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1488.684482] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1488.702542] warn_alloc_show_mem: 2 callbacks suppressed [ 1488.702545] Mem-Info: [ 1488.709930] 0*2048kB [ 1488.711870] active_anon:15658 inactive_anon:30368 isolated_anon:0 [ 1488.711870] active_file:11 inactive_file:11 isolated_file:4 [ 1488.711870] unevictable:0 dirty:19 writeback:0 unstable:0 [ 1488.711870] slab_reclaimable:13494 slab_unreclaimable:120513 [ 1488.711870] mapped:52545 shmem:31504 pagetables:2450 bounce:0 [ 1488.711870] free:13893 free_pcp:0 free_cma:0 [ 1488.711886] Node 0 active_anon:57832kB inactive_anon:84232kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194312kB dirty:4kB writeback:0kB shmem:88660kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1488.715659] 0*4096kB [ 1488.720055] Node 1 active_anon:4800kB inactive_anon:37240kB active_file:52kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:15868kB dirty:72kB writeback:0kB shmem:37356kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1488.741173] = 18120kB [ 1488.743831] Node 0 [ 1488.745759] Node 0 [ 1488.749722] DMA free:10960kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1488.758085] Normal: [ 1488.758775] lowmem_reserve[]: [ 1488.761215] 0*4kB 0*8kB [ 1488.764390] 0 [ 1488.775435] 0*16kB [ 1488.779369] 2717 [ 1488.781435] 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB [ 1488.788705] 2718 [ 1488.791002] 0*2048kB [ 1488.798290] 2718 2718 [ 1488.798300] Node 0 DMA32 free:17912kB min:36200kB low:45248kB high:54296kB active_anon:57752kB inactive_anon:84232kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8544kB pagetables:7176kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1488.798319] lowmem_reserve[]: 0 0 0 0 0 [ 1488.804039] 0*4096kB [ 1488.809509] Node 0 [ 1488.831026] = 0kB [ 1488.858770] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1488.858773] lowmem_reserve[]: 0 0 0 0 0 [ 1488.858794] Node 1 Normal free:26700kB min:53696kB low:67120kB high:80544kB active_anon:4900kB inactive_anon:37240kB active_file:352kB inactive_file:48kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1088kB pagetables:2620kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1488.858815] lowmem_reserve[]: 0 0 0 0 0 [ 1488.858835] Node 0 DMA: 22*4kB (UME) 21*8kB (UME) 12*16kB (ME) 6*32kB (ME) [ 1488.890841] Node 1 [ 1488.916122] 9*64kB [ 1488.938388] Normal: [ 1488.953615] (UME) [ 1488.971671] 191*4kB [ 1488.974883] syz-executor.3: [ 1488.975540] (UM) [ 1489.006538] 4*128kB [ 1489.016885] 107*8kB [ 1489.041803] page allocation failure: order:0 [ 1489.051446] (M) [ 1489.074560] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1489.085006] 51*16kB [ 1489.103039] (null) [ 1489.108584] (M) [ 1489.109191] syz-executor.3 cpuset= [ 1489.111194] 4*256kB (UME) 2*512kB (UE) 3*1024kB (UE) 2*2048kB (M) 0*4096kB = 10944kB [ 1489.136995] / mems_allowed=0-1 [ 1489.139929] Node 0 DMA32: [ 1489.140201] CPU: 0 PID: 5465 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1489.140209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1489.143061] 241*4kB [ 1489.150812] Call Trace: [ 1489.160173] (ME) [ 1489.162458] dump_stack+0x1b2/0x281 [ 1489.162471] warn_alloc.cold+0x96/0x1cc [ 1489.165037] 124*8kB [ 1489.167083] ? zone_watermark_ok_safe+0x220/0x220 [ 1489.170677] (UME) [ 1489.174630] ? usleep_range+0x130/0x130 [ 1489.174639] ? try_to_free_pages+0x23f/0x6e0 [ 1489.174650] ? _find_next_bit+0xdb/0x100 [ 1489.176954] 125*16kB [ 1489.181777] ? run_timer_softirq+0x5a0/0x5a0 [ 1489.181794] __alloc_pages_nodemask+0x2127/0x2720 [ 1489.183922] (ME) [ 1489.187893] ? lock_acquire+0x170/0x3f0 [ 1489.192283] 21*32kB [ 1489.196329] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1489.198706] (ME) [ 1489.203103] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1489.203122] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1489.207934] 17*64kB [ 1489.209998] alloc_pages_current+0x155/0x260 [ 1489.213954] (ME) [ 1489.216246] ion_page_pool_alloc+0x118/0x1b0 [ 1489.221060] 69*128kB [ 1489.223104] ion_system_heap_allocate+0x133/0x8c0 [ 1489.223115] ? _raw_spin_unlock+0x29/0x40 [ 1489.223125] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1489.227590] (U) [ 1489.233020] ? ion_system_contig_heap_create+0x130/0x130 [ 1489.233030] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1489.233038] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1489.233049] ion_alloc+0x27a/0x810 [ 1489.235346] 14*256kB [ 1489.239735] ? ion_dma_buf_release+0x40/0x40 [ 1489.241782] (UM) [ 1489.246157] ? __might_fault+0x177/0x1b0 [ 1489.248556] 0*512kB [ 1489.253381] ion_ioctl+0xea/0x1f0 [ 1489.253390] ? ion_query_heaps+0x360/0x360 [ 1489.253403] ? ion_query_heaps+0x360/0x360 [ 1489.257522] 0*1024kB [ 1489.262441] do_vfs_ioctl+0x75a/0xff0 [ 1489.262453] ? ioctl_preallocate+0x1a0/0x1a0 [ 1489.262463] ? lock_downgrade+0x740/0x740 [ 1489.264411] 0*2048kB [ 1489.269843] ? __fget+0x225/0x360 [ 1489.274845] 0*4096kB [ 1489.279656] ? do_vfs_ioctl+0xff0/0xff0 [ 1489.283180] = 18132kB [ 1489.285557] ? security_file_ioctl+0x83/0xb0 [ 1489.289935] Node 0 [ 1489.291976] SyS_ioctl+0x7f/0xb0 [ 1489.291984] ? do_vfs_ioctl+0xff0/0xff0 [ 1489.291995] do_syscall_64+0x1d5/0x640 [ 1489.296027] Normal: [ 1489.298336] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1489.301774] 0*4kB [ 1489.305973] RIP: 0033:0x465f69 [ 1489.310177] 0*8kB [ 1489.312562] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1489.312572] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1489.312578] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1489.312584] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1489.316359] 0*16kB [ 1489.320752] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1489.324892] 0*32kB [ 1489.327263] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1489.330686] 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1489.444194] Node 1 Normal: 1151*4kB (UM) 167*8kB (UM) 97*16kB (UM) 100*32kB (UME) 194*64kB (UME) 53*128kB (UME) 122*256kB (UME) 30*512kB (UE) 9*1024kB (U) 12*2048kB (U) 0*4096kB = 110276kB [ 1489.466030] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1489.475409] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1489.488600] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1489.498040] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1489.511724] 31976 total pagecache pages [ 1489.516231] 0 pages in swap cache [ 1489.520073] Swap cache stats: add 0, delete 0, find 0/0 [ 1489.529666] Free swap = 0kB [ 1489.533824] Total swap = 0kB [ 1489.537304] 2097051 pages RAM [ 1489.545048] 0 pages HighMem/MovableOnly [ 1489.556756] 363840 pages reserved [ 1489.560750] 0 pages cma reserved [ 1489.687226] (UM) 53*32kB (UME) 32*64kB (ME) 23*128kB (ME) 8*256kB (ME) 2*512kB (UE) 0*1024kB 7*2048kB (U) 0*4096kB = 26532kB [ 1489.771166] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1490.001306] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1490.010454] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1490.020722] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1490.051149] 33509 total pagecache pages [ 1490.068152] 0 pages in swap cache [ 1490.075377] Swap cache stats: add 0, delete 0, find 0/0 [ 1490.086237] Free swap = 0kB [ 1490.111829] systemd[1]: Started System Logging Service. [ 1490.544256] systemd[1]: Started Journal Service. [ 1490.550471] Total swap = 0kB [ 1491.173131] 2097051 pages RAM [ 1491.176263] 0 pages HighMem/MovableOnly [ 1491.180229] 363840 pages reserved [ 1491.187775] 0 pages cma reserved [ 1491.191861] Out of memory: Kill process 5415 (syz-executor.2) score 1004 or sacrifice child 18:06:25 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) 18:06:26 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:06:26 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:26 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:26 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:26 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) [ 1491.337193] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1491.350496] nbd: must specify at least one socket [ 1491.361856] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1491.374691] nbd: must specify at least one socket [ 1491.427411] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1491.475290] nbd: must specify at least one socket 18:06:26 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:26 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) [ 1491.589771] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1491.648019] nbd: must specify at least one socket 18:06:26 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) 18:06:26 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1491.890368] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1491.912827] nbd: must specify at least one socket 18:06:27 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1492.371267] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1492.414165] nbd: must specify at least one socket 18:06:27 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r9 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r6, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r10 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8}, {0x8, 0x1, r12}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1492.664260] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1492.687372] nbd: must specify at least one socket [ 1493.100954] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1493.121827] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1493.127445] CPU: 0 PID: 5488 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1493.135245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1493.144612] Call Trace: [ 1493.147202] dump_stack+0x1b2/0x281 [ 1493.150832] warn_alloc.cold+0x96/0x1cc [ 1493.154806] ? zone_watermark_ok_safe+0x220/0x220 [ 1493.159661] __alloc_pages_nodemask+0x2127/0x2720 [ 1493.164506] ? lock_acquire+0x170/0x3f0 [ 1493.168482] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1493.173325] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1493.177880] syz-executor.5: [ 1493.178773] ? __mutex_unlock_slowpath+0x75/0x770 [ 1493.178790] alloc_pages_current+0x155/0x260 [ 1493.178808] ion_page_pool_alloc+0x118/0x1b0 [ 1493.182260] syz-executor.2: [ 1493.186636] ion_system_heap_allocate+0x133/0x8c0 [ 1493.196356] page allocation failure: order:4 [ 1493.198416] ? ion_alloc+0x187/0x810 [ 1493.198428] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1493.198439] ? ion_system_contig_heap_create+0x130/0x130 [ 1493.198449] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1493.198460] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1493.198470] ion_alloc+0x204/0x810 [ 1493.210088] page allocation failure: order:4 [ 1493.211419] ? ion_dma_buf_release+0x40/0x40 [ 1493.211432] ? __might_fault+0x177/0x1b0 [ 1493.211444] ion_ioctl+0xea/0x1f0 [ 1493.211455] ? ion_query_heaps+0x360/0x360 [ 1493.211468] ? ion_query_heaps+0x360/0x360 [ 1493.211478] do_vfs_ioctl+0x75a/0xff0 [ 1493.211491] ? ioctl_preallocate+0x1a0/0x1a0 [ 1493.220911] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1493.222359] ? lock_downgrade+0x740/0x740 [ 1493.222375] ? __fget+0x225/0x360 [ 1493.222385] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.222394] ? security_file_ioctl+0x83/0xb0 [ 1493.222404] SyS_ioctl+0x7f/0xb0 [ 1493.227502] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1493.232229] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.232242] do_syscall_64+0x1d5/0x640 [ 1493.232260] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1493.232267] RIP: 0033:0x465f69 [ 1493.232272] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1493.232282] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1493.232286] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1493.232293] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1493.235892] (null) [ 1493.240194] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1493.240199] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1493.241035] syz-executor.3: [ 1493.244842] syz-executor.4: [ 1493.248671] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1493.248687] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1493.248708] CPU: 0 PID: 5515 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1493.264781] page allocation failure: order:4 [ 1493.268739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1493.268743] Call Trace: [ 1493.268760] dump_stack+0x1b2/0x281 [ 1493.268774] warn_alloc.cold+0x96/0x1cc [ 1493.275979] (null) [ 1493.279984] ? zone_watermark_ok_safe+0x220/0x220 [ 1493.280007] __alloc_pages_nodemask+0x2127/0x2720 [ 1493.280023] ? lock_acquire+0x170/0x3f0 [ 1493.289030] syz-executor.2 cpuset= [ 1493.291823] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1493.291840] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1493.291852] ? __mutex_unlock_slowpath+0x75/0x770 [ 1493.291862] ? retint_kernel+0x2d/0x2d [ 1493.297465] syz-executor.5 cpuset= [ 1493.302299] alloc_pages_current+0x155/0x260 [ 1493.302316] ion_page_pool_alloc+0x118/0x1b0 [ 1493.302326] ion_system_heap_allocate+0x133/0x8c0 [ 1493.302337] ? ion_alloc+0x187/0x810 [ 1493.307451] / [ 1493.310166] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1493.318333] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1493.318512] ? ion_system_contig_heap_create+0x130/0x130 [ 1493.326316] / [ 1493.333466] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1493.340846] mems_allowed=0-1 [ 1493.347990] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1493.348005] ion_alloc+0x204/0x810 [ 1493.348021] ? ion_dma_buf_release+0x40/0x40 [ 1493.350209] (null) [ 1493.357418] ? __might_fault+0x177/0x1b0 [ 1493.357431] ion_ioctl+0xea/0x1f0 [ 1493.357441] ? ion_query_heaps+0x360/0x360 [ 1493.357455] ? ion_query_heaps+0x360/0x360 [ 1493.357464] do_vfs_ioctl+0x75a/0xff0 [ 1493.357476] ? ioctl_preallocate+0x1a0/0x1a0 [ 1493.374200] mems_allowed=0-1 [ 1493.381114] ? lock_downgrade+0x740/0x740 [ 1493.381132] ? __fget+0x225/0x360 [ 1493.381141] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.381151] ? security_file_ioctl+0x83/0xb0 [ 1493.381161] SyS_ioctl+0x7f/0xb0 [ 1493.394844] syz-executor.4 cpuset= [ 1493.398410] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.398424] do_syscall_64+0x1d5/0x640 [ 1493.398440] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1493.436111] / [ 1493.437090] RIP: 0033:0x465f69 [ 1493.453999] mems_allowed=0-1 [ 1493.456005] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1493.456015] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1493.456021] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1493.456026] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1493.456032] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1493.456037] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1493.477121] warn_alloc_show_mem: 1 callbacks suppressed [ 1493.477124] Mem-Info: [ 1493.483594] CPU: 1 PID: 5489 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1493.484563] active_anon:16198 inactive_anon:30368 isolated_anon:0 [ 1493.484563] active_file:2001 inactive_file:2513 isolated_file:0 [ 1493.484563] unevictable:0 dirty:213 writeback:0 unstable:0 [ 1493.484563] slab_reclaimable:13596 slab_unreclaimable:125940 [ 1493.484563] mapped:55426 shmem:31504 pagetables:2675 bounce:0 [ 1493.484563] free:171112 free_pcp:203 free_cma:0 [ 1493.491307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1493.491311] Call Trace: [ 1493.491327] dump_stack+0x1b2/0x281 [ 1493.491341] warn_alloc.cold+0x96/0x1cc [ 1493.491352] ? zone_watermark_ok_safe+0x220/0x220 [ 1493.491374] __alloc_pages_nodemask+0x2127/0x2720 [ 1493.491389] ? lock_acquire+0x170/0x3f0 [ 1493.491403] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1493.491420] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1493.491430] ? __mutex_unlock_slowpath+0x75/0x770 [ 1493.491442] alloc_pages_current+0x155/0x260 [ 1493.491458] ion_page_pool_alloc+0x118/0x1b0 [ 1493.497446] Node 0 active_anon:60064kB inactive_anon:84236kB active_file:4904kB inactive_file:9132kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:202032kB dirty:808kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1493.498599] ion_system_heap_allocate+0x133/0x8c0 [ 1493.498611] ? ion_alloc+0x187/0x810 [ 1493.498619] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1493.498631] ? ion_system_contig_heap_create+0x130/0x130 [ 1493.504241] Node 1 active_anon:4728kB inactive_anon:37236kB active_file:3100kB inactive_file:920kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:19672kB dirty:44kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1493.506748] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1493.506761] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1493.506776] ion_alloc+0x204/0x810 [ 1493.511906] Node 0 [ 1493.515130] ? ion_dma_buf_release+0x40/0x40 [ 1493.515145] ? __might_fault+0x177/0x1b0 [ 1493.519624] DMA free:11092kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1493.521688] ion_ioctl+0xea/0x1f0 [ 1493.521698] ? ion_query_heaps+0x360/0x360 [ 1493.521709] ? ion_query_heaps+0x360/0x360 [ 1493.521719] do_vfs_ioctl+0x75a/0xff0 [ 1493.521729] ? ioctl_preallocate+0x1a0/0x1a0 [ 1493.521737] ? lock_downgrade+0x740/0x740 [ 1493.521748] ? __fget+0x225/0x360 [ 1493.521757] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.526094] lowmem_reserve[]: [ 1493.529236] ? security_file_ioctl+0x83/0xb0 [ 1493.529248] SyS_ioctl+0x7f/0xb0 [ 1493.529257] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.533852] 0 [ 1493.537691] do_syscall_64+0x1d5/0x640 [ 1493.537707] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1493.537716] RIP: 0033:0x465f69 [ 1493.541758] 2717 [ 1493.545886] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1493.545899] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1493.545904] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1493.545912] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1493.549039] 2718 [ 1493.553121] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1493.553126] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1493.562698] CPU: 1 PID: 5524 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1493.565527] 2718 [ 1493.568330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1493.568333] Call Trace: [ 1493.568350] dump_stack+0x1b2/0x281 [ 1493.568367] warn_alloc.cold+0x96/0x1cc [ 1493.572221] 2718 [ 1493.575850] ? zone_watermark_ok_safe+0x220/0x220 [ 1493.575876] __alloc_pages_nodemask+0x2127/0x2720 [ 1493.584926] ? __schedule+0x893/0x1de0 [ 1493.584941] ? lock_acquire+0x170/0x3f0 [ 1493.584955] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1493.584970] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1493.584982] ? __mutex_unlock_slowpath+0x75/0x770 [ 1493.584995] alloc_pages_current+0x155/0x260 [ 1493.585008] ion_page_pool_alloc+0x118/0x1b0 [ 1493.585018] ion_system_heap_allocate+0x133/0x8c0 [ 1493.585030] ? ion_alloc+0x187/0x810 [ 1493.587997] Node 0 [ 1493.589902] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1493.589913] ? ion_system_contig_heap_create+0x130/0x130 [ 1493.589926] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1493.598617] DMA32 free:598836kB min:36200kB low:45248kB high:54296kB active_anon:59984kB inactive_anon:84236kB active_file:4508kB inactive_file:9096kB unevictable:0kB writepending:808kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:9024kB pagetables:8460kB bounce:0kB free_pcp:164kB local_pcp:68kB free_cma:0kB [ 1493.600721] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1493.600737] ion_alloc+0x204/0x810 [ 1493.617918] lowmem_reserve[]: [ 1493.622510] ? ion_dma_buf_release+0x40/0x40 [ 1493.622522] ? __might_fault+0x177/0x1b0 [ 1493.622534] ion_ioctl+0xea/0x1f0 [ 1493.622542] ? ion_query_heaps+0x360/0x360 [ 1493.622554] ? ion_query_heaps+0x360/0x360 [ 1493.634323] 0 [ 1493.637101] do_vfs_ioctl+0x75a/0xff0 [ 1493.637114] ? ioctl_preallocate+0x1a0/0x1a0 [ 1493.644913] 0 [ 1493.652687] ? lock_downgrade+0x740/0x740 [ 1493.652703] ? __fget+0x225/0x360 [ 1493.652712] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.652722] ? security_file_ioctl+0x83/0xb0 [ 1493.652732] SyS_ioctl+0x7f/0xb0 [ 1493.652741] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.652751] do_syscall_64+0x1d5/0x640 [ 1493.652767] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1493.652775] RIP: 0033:0x465f69 [ 1493.652779] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1493.652789] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1493.652793] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1493.652797] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1493.652802] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1493.652819] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1493.692984] 0 [ 1493.700626] CPU: 1 PID: 5493 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1493.702756] 0 [ 1493.706376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1493.706381] Call Trace: [ 1493.706398] dump_stack+0x1b2/0x281 [ 1493.706412] warn_alloc.cold+0x96/0x1cc [ 1493.711327] 0 [ 1493.716076] ? zone_watermark_ok_safe+0x220/0x220 [ 1493.716099] __alloc_pages_nodemask+0x2127/0x2720 [ 1493.724867] ? __schedule+0x893/0x1de0 [ 1493.724882] ? lock_acquire+0x170/0x3f0 [ 1493.724896] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1493.724910] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1493.724922] ? __mutex_unlock_slowpath+0x75/0x770 [ 1493.724936] alloc_pages_current+0x155/0x260 [ 1493.724949] ion_page_pool_alloc+0x118/0x1b0 [ 1493.724959] ion_system_heap_allocate+0x133/0x8c0 [ 1493.724969] ? ion_alloc+0x187/0x810 [ 1493.732324] Node 0 [ 1493.735234] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1493.735247] ? ion_system_contig_heap_create+0x130/0x130 [ 1493.735257] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1493.735269] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1493.739776] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1493.744083] ion_alloc+0x204/0x810 [ 1493.744098] ? ion_dma_buf_release+0x40/0x40 [ 1493.744109] ? __might_fault+0x177/0x1b0 [ 1493.744121] ion_ioctl+0xea/0x1f0 [ 1493.744130] ? ion_query_heaps+0x360/0x360 [ 1493.744143] ? ion_query_heaps+0x360/0x360 [ 1493.744151] do_vfs_ioctl+0x75a/0xff0 [ 1493.744162] ? ioctl_preallocate+0x1a0/0x1a0 [ 1493.744170] ? lock_downgrade+0x740/0x740 [ 1493.744183] ? __fget+0x225/0x360 [ 1493.772772] lowmem_reserve[]: [ 1493.777012] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.777024] ? security_file_ioctl+0x83/0xb0 [ 1493.777035] SyS_ioctl+0x7f/0xb0 [ 1493.780779] 0 [ 1493.786156] ? do_vfs_ioctl+0xff0/0xff0 [ 1493.786166] do_syscall_64+0x1d5/0x640 [ 1493.786182] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1493.786190] RIP: 0033:0x465f69 [ 1493.786195] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1493.786208] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1493.786214] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1493.786218] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1493.786222] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1493.786228] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1494.486358] 0 0 0 0 [ 1494.489230] Node 1 Normal free:79004kB min:53696kB low:67120kB high:80544kB active_anon:4728kB inactive_anon:37236kB active_file:280kB inactive_file:72kB unevictable:0kB writepending:40kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:992kB pagetables:2240kB bounce:0kB free_pcp:648kB local_pcp:0kB free_cma:0kB [ 1494.519423] lowmem_reserve[]: 0 0 0 0 0 [ 1494.524752] Node 0 DMA: 23*4kB (UME) 60*8kB (UME) 54*16kB (UME) 42*32kB (UME) 10*64kB (UME) 4*128kB (M) 4*256kB (UME) 2*512kB (UE) 1*1024kB (E) 2*2048kB (M) 0*4096kB = 11100kB [ 1494.541904] Node 0 DMA32: 4*4kB (UME) 5*8kB (ME) 4094*16kB (UE) 5067*32kB (UME) 22*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 229112kB [ 1494.582317] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1494.598686] Node 1 Normal: 2423*4kB (UM) 1964*8kB (UM) 1024*16kB (UM) 1163*32kB (UM) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 79196kB [ 1494.654777] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1494.674374] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1494.696569] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1494.724917] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1494.734362] 35806 total pagecache pages [ 1494.755873] 0 pages in swap cache [ 1494.770835] Swap cache stats: add 0, delete 0, find 0/0 [ 1494.790822] Free swap = 0kB [ 1494.794907] Total swap = 0kB [ 1494.798015] 2097051 pages RAM [ 1494.802501] 0 pages HighMem/MovableOnly [ 1494.815761] 363840 pages reserved [ 1494.825650] 0 pages cma reserved [ 1495.340392] oom_reaper: reaped process 5524 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1495.465019] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1495.480992] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1495.485782] CPU: 1 PID: 7961 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1495.493225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1495.502573] Call Trace: [ 1495.505160] dump_stack+0x1b2/0x281 [ 1495.508790] dump_header+0x178/0x82f [ 1495.512497] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1495.517591] ? ___ratelimit+0x2cd/0x530 [ 1495.521561] oom_kill_process.cold+0x10/0xb18 [ 1495.526059] out_of_memory+0xe3e/0x1190 [ 1495.530029] ? oom_killer_disable+0x1c0/0x1c0 [ 1495.534519] ? mutex_trylock+0x152/0x1a0 [ 1495.538576] __alloc_pages_nodemask+0x23e1/0x2720 [ 1495.543425] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1495.548277] alloc_pages_current+0x155/0x260 [ 1495.552683] filemap_fault+0xea3/0x1980 [ 1495.556667] ext4_filemap_fault+0x84/0xb0 [ 1495.560805] __do_fault+0xfa/0x380 [ 1495.564324] __handle_mm_fault+0x2497/0x4620 [ 1495.568825] ? vm_insert_page+0x7c0/0x7c0 [ 1495.572970] ? free_object+0xe4/0x240 [ 1495.576782] handle_mm_fault+0x391/0x860 [ 1495.578399] syz-executor.5: [ 1495.580839] __do_page_fault+0x549/0xad0 [ 1495.580850] ? spurious_fault+0x640/0x640 [ 1495.580857] ? do_page_fault+0x60/0x500 [ 1495.580866] ? page_fault+0x2f/0x50 [ 1495.580873] page_fault+0x45/0x50 [ 1495.580880] RIP: 0000:0x93f060 [ 1495.580887] RSP: 2e000:000000c00003dfa0 EFLAGS: 0043b6a0 [ 1495.583895] page allocation failure: order:0 [ 1495.595997] Mem-Info: [ 1495.618539] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1495.625994] active_anon:16190 inactive_anon:30368 isolated_anon:0 [ 1495.625994] active_file:10 inactive_file:21 isolated_file:0 [ 1495.625994] unevictable:0 dirty:7 writeback:0 unstable:0 [ 1495.625994] slab_reclaimable:13577 slab_unreclaimable:126290 [ 1495.625994] mapped:52716 shmem:31504 pagetables:2675 bounce:0 [ 1495.625994] free:13946 free_pcp:60 free_cma:0 [ 1495.633597] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1495.671405] Node 0 active_anon:60032kB inactive_anon:84236kB active_file:48kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194340kB dirty:24kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1495.673539] CPU: 0 PID: 5524 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1495.701838] Node 1 active_anon:4728kB inactive_anon:37236kB active_file:0kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16524kB dirty:4kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1495.708946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1495.736026] Node 0 [ 1495.745328] Call Trace: [ 1495.745349] dump_stack+0x1b2/0x281 [ 1495.745362] warn_alloc.cold+0x96/0x1cc [ 1495.747585] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1495.750146] ? zone_watermark_ok_safe+0x220/0x220 [ 1495.753759] lowmem_reserve[]: [ 1495.757702] ? usleep_range+0x130/0x130 [ 1495.783286] 0 [ 1495.788093] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1495.791184] 2717 [ 1495.795139] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1495.796914] 2718 [ 1495.802018] ? run_timer_softirq+0x5a0/0x5a0 [ 1495.802039] __alloc_pages_nodemask+0x2127/0x2720 [ 1495.804071] 2718 [ 1495.809085] ? lock_acquire+0x170/0x3f0 [ 1495.811135] 2718 [ 1495.815518] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1495.822368] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1495.822383] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1495.822402] alloc_pages_current+0x155/0x260 [ 1495.826338] Node 0 [ 1495.828387] ion_page_pool_alloc+0x118/0x1b0 [ 1495.833226] DMA32 free:17980kB min:36200kB low:45248kB high:54296kB active_anon:59952kB inactive_anon:84236kB active_file:84kB inactive_file:32kB unevictable:0kB writepending:8kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:9024kB pagetables:8460kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1495.837678] ion_system_heap_allocate+0x133/0x8c0 [ 1495.843109] lowmem_reserve[]: [ 1495.847486] ? ion_alloc+0x187/0x810 [ 1495.849692] 0 [ 1495.854081] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1495.854091] ? ion_system_contig_heap_create+0x130/0x130 [ 1495.854103] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1495.882194] 0 [ 1495.887016] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1495.890088] 0 [ 1495.893783] ion_alloc+0x204/0x810 [ 1495.893797] ? ion_dma_buf_release+0x40/0x40 [ 1495.893809] ? __might_fault+0x177/0x1b0 [ 1495.895580] 0 [ 1495.901010] ion_ioctl+0xea/0x1f0 [ 1495.901019] ? ion_query_heaps+0x360/0x360 [ 1495.901032] ? ion_query_heaps+0x360/0x360 [ 1495.906463] 0 [ 1495.911460] do_vfs_ioctl+0x75a/0xff0 [ 1495.911471] ? ioctl_preallocate+0x1a0/0x1a0 [ 1495.911480] ? lock_downgrade+0x740/0x740 [ 1495.918077] ? __fget+0x225/0x360 [ 1495.919849] Node 0 [ 1495.923368] ? do_vfs_ioctl+0xff0/0xff0 [ 1495.923378] ? security_file_ioctl+0x83/0xb0 [ 1495.923388] SyS_ioctl+0x7f/0xb0 [ 1495.927777] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1495.931808] ? do_vfs_ioctl+0xff0/0xff0 [ 1495.931819] do_syscall_64+0x1d5/0x640 [ 1495.931835] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1495.933603] lowmem_reserve[]: [ 1495.937037] RIP: 0033:0x465f69 [ 1495.941258] 0 [ 1495.945455] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 [ 1495.947230] 0 [ 1495.951003] ORIG_RAX: 0000000000000010 [ 1495.951009] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1495.951014] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1495.951019] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1495.951026] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1495.955406] 0 [ 1495.959528] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1495.967008] warn_alloc_show_mem: 4 callbacks suppressed [ 1495.967012] Mem-Info: [ 1495.980832] 0 [ 1496.009229] active_anon:16191 inactive_anon:30368 isolated_anon:0 [ 1496.009229] active_file:14 inactive_file:14 isolated_file:0 [ 1496.009229] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1496.009229] slab_reclaimable:13577 slab_unreclaimable:126212 [ 1496.009229] mapped:52709 shmem:31504 pagetables:2675 bounce:0 [ 1496.009229] free:14048 free_pcp:118 free_cma:0 [ 1496.019471] 0 [ 1496.028519] Node 0 active_anon:60036kB inactive_anon:84236kB active_file:48kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194312kB dirty:0kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1496.034692] Node 1 active_anon:4728kB inactive_anon:37236kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16524kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1496.052358] Node 1 [ 1496.063375] Node 0 [ 1496.074157] Normal free:26936kB min:53696kB low:67120kB high:80544kB active_anon:4728kB inactive_anon:37236kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:992kB pagetables:2240kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1496.084485] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1496.127003] lowmem_reserve[]: [ 1496.151628] lowmem_reserve[]: [ 1496.183022] 0 [ 1496.217109] 0 [ 1496.236082] 0 0 0 0 [ 1496.245870] 2717 2718 2718 2718 [ 1496.249083] Node 0 [ 1496.249261] Node 0 [ 1496.249263] DMA: 21*4kB [ 1496.253298] DMA32 free:18284kB min:36200kB low:45248kB high:54296kB active_anon:59956kB inactive_anon:84236kB active_file:48kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:9024kB pagetables:8460kB bounce:0kB free_pcp:352kB local_pcp:120kB free_cma:0kB [ 1496.257478] (ME) 43*8kB (UME) 53*16kB (UME) 41*32kB (UME) 11*64kB (UME) 4*128kB (M) 4*256kB (UME) 2*512kB (UE) 1*1024kB (E) 2*2048kB (M) 0*4096kB = 10972kB [ 1496.296512] lowmem_reserve[]: 0 0 0 0 0 [ 1496.319394] Node 0 [ 1496.319662] Node 0 [ 1496.319665] DMA32: 213*4kB [ 1496.324177] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1496.324183] lowmem_reserve[]: [ 1496.328261] (ME) 62*8kB (UME) 133*16kB (UME) 25*32kB (ME) 220*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18356kB [ 1496.365240] 0 [ 1496.379251] Node 0 [ 1496.380421] 0 [ 1496.382990] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1496.387082] 0 [ 1496.403907] Node 1 Normal: 150*4kB (M) 82*8kB (UM) 25*16kB (M) 780*32kB (UM) 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26936kB [ 1496.407658] 0 [ 1496.427791] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1496.432084] 0 [ 1496.438452] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1496.440217] Node 1 [ 1496.448790] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1496.448795] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1496.448799] 31532 total pagecache pages [ 1496.448809] 0 pages in swap cache [ 1496.448814] Swap cache stats: add 0, delete 0, find 0/0 [ 1496.448817] Free swap = 0kB [ 1496.448820] Total swap = 0kB [ 1496.448826] 2097051 pages RAM [ 1496.448829] 0 pages HighMem/MovableOnly [ 1496.448833] 363840 pages reserved [ 1496.448836] 0 pages cma reserved [ 1496.448842] Out of memory (oom_kill_allocating_task): Kill process 7961 (syz-fuzzer) score 0 or sacrifice child [ 1496.448903] Killed process 4464 (syz-executor.1) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 1496.456712] Normal free:26936kB min:53696kB low:67120kB high:80544kB active_anon:4728kB inactive_anon:37236kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:992kB pagetables:2240kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 1496.483712] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask= [ 1496.496236] lowmem_reserve[]: [ 1496.528393] (null) [ 1496.566039] 0 0 0 0 0 [ 1496.568701] , order=0, oom_score_adj=0 [ 1496.574733] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1496.579500] CPU: 1 PID: 7962 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1496.579813] Node 0 [ 1496.586931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1496.586935] Call Trace: [ 1496.586953] dump_stack+0x1b2/0x281 [ 1496.586965] dump_header+0x178/0x82f [ 1496.586976] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1496.586984] ? ___ratelimit+0x2cd/0x530 [ 1496.586993] oom_kill_process.cold+0x10/0xb18 [ 1496.587010] out_of_memory+0xe3e/0x1190 [ 1496.587021] ? oom_killer_disable+0x1c0/0x1c0 [ 1496.587028] ? mutex_trylock+0x152/0x1a0 [ 1496.587038] __alloc_pages_nodemask+0x23e1/0x2720 [ 1496.587055] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1496.603673] DMA: [ 1496.604803] alloc_pages_current+0x155/0x260 [ 1496.608476] 21*4kB [ 1496.613562] filemap_fault+0xea3/0x1980 [ 1496.613579] ext4_filemap_fault+0x84/0xb0 [ 1496.613594] __do_fault+0xfa/0x380 [ 1496.613604] __handle_mm_fault+0x2497/0x4620 [ 1496.613614] ? vm_insert_page+0x7c0/0x7c0 [ 1496.613625] ? setup_sigcontext+0x820/0x820 [ 1496.613643] handle_mm_fault+0x391/0x860 [ 1496.613655] __do_page_fault+0x549/0xad0 [ 1496.613666] ? spurious_fault+0x640/0x640 [ 1496.613677] ? do_page_fault+0x60/0x500 [ 1496.631964] (ME) [ 1496.635011] ? page_fault+0x2f/0x50 [ 1496.639821] 43*8kB [ 1496.644662] page_fault+0x45/0x50 [ 1496.644671] RIP: 0000:0x93ee68 [ 1496.644675] RSP: 98dab0:000000c000047888 EFLAGS: 000000fb [ 1496.650475] Mem-Info: [ 1496.665460] (UME) [ 1496.688430] active_anon:16191 inactive_anon:30368 isolated_anon:0 [ 1496.688430] active_file:39 inactive_file:0 isolated_file:0 [ 1496.688430] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1496.688430] slab_reclaimable:13577 slab_unreclaimable:126212 [ 1496.688430] mapped:52709 shmem:31504 pagetables:2675 bounce:0 [ 1496.688430] free:14074 free_pcp:201 free_cma:0 [ 1496.705301] 53*16kB [ 1496.711569] Node 0 active_anon:60036kB inactive_anon:84236kB active_file:148kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:194312kB dirty:0kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1496.720485] (UME) [ 1496.758021] Node 1 active_anon:4728kB inactive_anon:37236kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16524kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1496.797027] 41*32kB [ 1496.818655] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1496.827251] (UME) [ 1496.853469] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1496.864184] Node 0 DMA32 free:18388kB min:36200kB low:45248kB high:54296kB active_anon:59956kB inactive_anon:84236kB active_file:148kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8992kB pagetables:8460kB bounce:0kB free_pcp:684kB local_pcp:436kB free_cma:0kB [ 1496.864905] 11*64kB [ 1496.903276] lowmem_reserve[]: 0 0 0 0 0 [ 1496.905893] (UME) [ 1496.909624] Node 0 [ 1496.909631] 4*128kB [ 1496.917498] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1496.919928] (M) [ 1496.955637] lowmem_reserve[]: [ 1496.957226] 4*256kB [ 1496.957649] 0 [ 1496.964718] (UME) 2*512kB (UE) 1*1024kB (E) 2*2048kB (M) 0*4096kB = 10972kB [ 1496.967466] 0 0 0 0 [ 1496.986013] Node 0 DMA32: 213*4kB (ME) 62*8kB (UME) 133*16kB (UME) 26*32kB (UME) 220*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18388kB [ 1496.986224] Node 1 Normal free:26936kB min:53696kB low:67120kB high:80544kB active_anon:4728kB inactive_anon:37236kB active_file:0kB inactive_file:16kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:992kB pagetables:2240kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1497.013213] Node 0 [ 1497.049274] lowmem_reserve[]: [ 1497.051594] Normal: [ 1497.052705] 0 [ 1497.054697] 0*4kB [ 1497.056997] 0 [ 1497.058775] 0*8kB [ 1497.069584] 0 0 0 [ 1497.075224] 0*16kB 0*32kB [ 1497.077343] Node 0 DMA: [ 1497.080187] 0*64kB [ 1497.080194] 21*4kB [ 1497.088775] 0*128kB [ 1497.093900] (ME) 43*8kB (UME) 53*16kB (UME) 41*32kB (UME) 11*64kB (UME) 4*128kB (M) 4*256kB (UME) 2*512kB (UE) 1*1024kB (E) 2*2048kB (M) 0*4096kB = 10972kB [ 1497.097002] 0*256kB [ 1497.120572] Node 0 [ 1497.122831] 0*512kB [ 1497.122942] DMA32: [ 1497.125139] 0*1024kB [ 1497.127441] 213*4kB [ 1497.129653] 0*2048kB [ 1497.132057] (ME) 70*8kB (UME) 133*16kB (UME) 26*32kB (UME) 220*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18452kB [ 1497.132105] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB [ 1497.145339] 0*4096kB [ 1497.158053] 0*128kB [ 1497.158856] = 0kB [ 1497.160470] 0*256kB [ 1497.175337] Node 1 [ 1497.175358] 0*512kB [ 1497.177692] Normal: [ 1497.179912] 0*1024kB [ 1497.188403] 150*4kB [ 1497.188656] 0*2048kB [ 1497.196661] (M) [ 1497.198740] 0*4096kB [ 1497.199068] 82*8kB [ 1497.205288] = 0kB [ 1497.209217] (UM) [ 1497.209568] Node 1 [ 1497.209571] 25*16kB (M) [ 1497.217276] Normal: [ 1497.219657] 780*32kB [ 1497.219941] 150*4kB [ 1497.228344] (UM) [ 1497.228788] (M) [ 1497.234611] 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26936kB [ 1497.239855] 82*8kB (UM) 25*16kB (M) 780*32kB (UM) 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26936kB [ 1497.254256] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1497.266835] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1497.277844] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1497.286466] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1497.288025] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1497.304474] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1497.314908] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1497.317456] 31532 total pagecache pages [ 1497.338172] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1497.338505] 0 pages in swap cache [ 1497.350140] 31532 total pagecache pages [ 1497.350276] Swap cache stats: add 0, delete 0, find 0/0 [ 1497.365378] 0 pages in swap cache [ 1497.368508] Free swap = 0kB [ 1497.368838] Swap cache stats: add 0, delete 0, find 0/0 [ 1497.371878] Total swap = 0kB [ 1497.371885] 2097051 pages RAM [ 1497.371889] 0 pages HighMem/MovableOnly [ 1497.371892] 363840 pages reserved [ 1497.371895] 0 pages cma reserved [ 1497.399283] Free swap = 0kB [ 1497.403426] Total swap = 0kB [ 1497.407324] 2097051 pages RAM [ 1497.415056] 0 pages HighMem/MovableOnly [ 1497.419868] 363840 pages reserved [ 1497.423923] 0 pages cma reserved [ 1497.427625] Out of memory (oom_kill_allocating_task): Kill process 7962 (syz-fuzzer) score 0 or sacrifice child [ 1497.442968] Killed process 4123 (syz-executor.3) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 1497.489568] oom_reaper: reaped process 4123 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1498.447347] oom_reaper: reaped process 5515 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1498.467408] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1498.502070] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1498.508644] CPU: 1 PID: 5524 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1498.516443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1498.525790] Call Trace: [ 1498.528380] dump_stack+0x1b2/0x281 [ 1498.532006] warn_alloc.cold+0x96/0x1cc [ 1498.535977] ? zone_watermark_ok_safe+0x220/0x220 [ 1498.540829] __alloc_pages_nodemask+0x2127/0x2720 [ 1498.545665] ? lock_acquire+0x170/0x3f0 [ 1498.549636] ? lock_acquire+0x170/0x3f0 [ 1498.553623] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1498.558466] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1498.562312] syz-executor.3: [ 1498.563908] ? __mutex_unlock_slowpath+0x75/0x770 [ 1498.563915] page allocation failure: order:0 [ 1498.566941] ? check_preemption_disabled+0x35/0x240 [ 1498.581274] alloc_pages_current+0x155/0x260 [ 1498.584022] oom_reaper: reaped process 5488 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1498.586583] ion_page_pool_alloc+0x118/0x1b0 [ 1498.600839] ion_system_heap_allocate+0x133/0x8c0 [ 1498.605683] ? _raw_spin_unlock+0x29/0x40 [ 1498.606292] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1498.609819] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1498.609825] (null) [ 1498.616900] ? ion_system_contig_heap_create+0x130/0x130 [ 1498.616911] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1498.616920] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1498.616930] ion_alloc+0x27a/0x810 [ 1498.616944] ? ion_dma_buf_release+0x40/0x40 [ 1498.616956] ? __might_fault+0x177/0x1b0 [ 1498.616968] ion_ioctl+0xea/0x1f0 [ 1498.616976] ? ion_query_heaps+0x360/0x360 [ 1498.616988] ? ion_query_heaps+0x360/0x360 [ 1498.617004] do_vfs_ioctl+0x75a/0xff0 [ 1498.630889] syz-executor.3 cpuset= [ 1498.634478] ? ioctl_preallocate+0x1a0/0x1a0 [ 1498.639289] / [ 1498.642812] ? lock_downgrade+0x740/0x740 [ 1498.649075] systemd-journal invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask= [ 1498.651240] ? __fget+0x225/0x360 [ 1498.651250] ? do_vfs_ioctl+0xff0/0xff0 [ 1498.651260] ? security_file_ioctl+0x83/0xb0 [ 1498.651270] SyS_ioctl+0x7f/0xb0 [ 1498.651278] ? do_vfs_ioctl+0xff0/0xff0 [ 1498.651291] do_syscall_64+0x1d5/0x640 [ 1498.661667] (null) [ 1498.663157] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1498.666923] , order=0, oom_score_adj=0 [ 1498.670438] RIP: 0033:0x465f69 [ 1498.680135] mems_allowed=0-1 [ 1498.680650] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1498.680660] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1498.680664] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1498.680669] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1498.680673] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1498.680678] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1498.701238] Mem-Info: [ 1498.709986] systemd-journal cpuset= [ 1498.710022] active_anon:15845 inactive_anon:30368 isolated_anon:0 [ 1498.710022] active_file:22 inactive_file:29 isolated_file:0 [ 1498.710022] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1498.710022] slab_reclaimable:13519 slab_unreclaimable:126826 [ 1498.710022] mapped:35359 shmem:31504 pagetables:2358 bounce:0 [ 1498.710022] free:13854 free_pcp:40 free_cma:0 [ 1498.713949] / mems_allowed=0-1 [ 1498.713965] CPU: 0 PID: 5474 Comm: systemd-journal Not tainted 4.14.224-syzkaller #0 [ 1498.713970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1498.713973] Call Trace: [ 1498.713989] dump_stack+0x1b2/0x281 [ 1498.717337] syz-executor.1: [ 1498.721308] dump_header+0x178/0x82f [ 1498.721318] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1498.721327] ? ___ratelimit+0x2cd/0x530 [ 1498.721336] oom_kill_process.cold+0x10/0xb18 [ 1498.725287] page allocation failure: order:0 [ 1498.728567] out_of_memory+0xe3e/0x1190 [ 1498.732482] Node 0 active_anon:59104kB inactive_anon:84236kB active_file:68kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:124744kB dirty:0kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1498.739358] ? oom_killer_disable+0x1c0/0x1c0 [ 1498.746634] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1498.753850] ? mutex_trylock+0x152/0x1a0 [ 1498.753861] __alloc_pages_nodemask+0x23e1/0x2720 [ 1498.753881] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1498.761151] Node 1 active_anon:4276kB inactive_anon:37236kB active_file:20kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16692kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1498.768388] alloc_pages_current+0x155/0x260 [ 1498.775647] (null) [ 1498.778021] filemap_fault+0xea3/0x1980 [ 1498.781640] syz-executor.1 cpuset= [ 1498.814849] ext4_filemap_fault+0x84/0xb0 [ 1498.814862] __do_fault+0xfa/0x380 [ 1498.818042] Node 0 [ 1498.825910] __handle_mm_fault+0x2497/0x4620 [ 1498.825920] ? ep_poll+0x1ab/0xa50 [ 1498.825930] ? vm_insert_page+0x7c0/0x7c0 [ 1498.835463] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1498.838010] handle_mm_fault+0x391/0x860 [ 1498.841613] lowmem_reserve[]: [ 1498.844599] __do_page_fault+0x549/0xad0 [ 1498.848280] 0 [ 1498.853363] ? spurious_fault+0x640/0x640 [ 1498.853371] ? do_page_fault+0x60/0x500 [ 1498.853382] ? page_fault+0x2f/0x50 [ 1498.857340] / [ 1498.861803] page_fault+0x45/0x50 [ 1498.866205] 2717 [ 1498.870140] RIP: 0001:0xffffffffffffffff [ 1498.897719] mems_allowed=0-1 [ 1498.902165] RSP: 344121e0:00007fffdd4bb300 EFLAGS: 7fffdd4bb110 [ 1498.914263] CPU: 0 PID: 5515 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1498.939848] 2718 [ 1498.950275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1498.950279] Call Trace: [ 1498.950299] dump_stack+0x1b2/0x281 [ 1498.950312] warn_alloc.cold+0x96/0x1cc [ 1498.970496] 2718 [ 1498.971933] ? zone_watermark_ok_safe+0x220/0x220 [ 1498.974142] 2718 [ 1498.978530] ? usleep_range+0x130/0x130 [ 1499.011739] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1499.011751] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1499.011761] ? run_timer_softirq+0x5a0/0x5a0 [ 1499.040492] Node 0 [ 1499.041477] __alloc_pages_nodemask+0x2127/0x2720 [ 1499.043520] DMA32 free:18076kB min:36200kB low:45248kB high:54296kB active_anon:59064kB inactive_anon:84236kB active_file:48kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8768kB pagetables:7548kB bounce:0kB free_pcp:140kB local_pcp:0kB free_cma:0kB [ 1499.047555] ? lock_acquire+0x170/0x3f0 [ 1499.060490] lowmem_reserve[]: [ 1499.064433] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1499.066464] 0 [ 1499.075798] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1499.075817] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1499.100487] 0 [ 1499.103830] alloc_pages_current+0x155/0x260 [ 1499.108808] 0 [ 1499.113200] ion_page_pool_alloc+0x118/0x1b0 [ 1499.113212] ion_system_heap_allocate+0x133/0x8c0 [ 1499.130482] 0 [ 1499.148318] ? ion_alloc+0x187/0x810 [ 1499.148328] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1499.148339] ? ion_system_contig_heap_create+0x130/0x130 [ 1499.170482] 0 [ 1499.171862] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1499.178017] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1499.179804] Node 0 [ 1499.184194] ion_alloc+0x204/0x810 [ 1499.184210] ? ion_dma_buf_release+0x40/0x40 [ 1499.210492] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1499.212104] ? __might_fault+0x177/0x1b0 [ 1499.216930] lowmem_reserve[]: [ 1499.219152] ion_ioctl+0xea/0x1f0 [ 1499.240476] 0 [ 1499.251913] ? ion_query_heaps+0x360/0x360 [ 1499.251926] ? ion_query_heaps+0x360/0x360 [ 1499.270475] 0 0 [ 1499.272666] do_vfs_ioctl+0x75a/0xff0 [ 1499.272678] ? ioctl_preallocate+0x1a0/0x1a0 [ 1499.274624] 0 [ 1499.278406] ? lock_downgrade+0x740/0x740 [ 1499.288700] ? __fget+0x225/0x360 [ 1499.292149] ? do_vfs_ioctl+0xff0/0xff0 [ 1499.294894] 0 [ 1499.296117] ? security_file_ioctl+0x83/0xb0 [ 1499.296123] Node 1 [ 1499.297906] SyS_ioctl+0x7f/0xb0 [ 1499.307864] ? do_vfs_ioctl+0xff0/0xff0 [ 1499.310492] Normal free:26476kB min:53696kB low:67120kB high:80544kB active_anon:4276kB inactive_anon:37236kB active_file:24kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:896kB pagetables:1884kB bounce:0kB free_pcp:20kB local_pcp:0kB free_cma:0kB [ 1499.311822] do_syscall_64+0x1d5/0x640 [ 1499.343512] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1499.348683] RIP: 0033:0x465f69 [ 1499.351855] RSP: 002b:00007fc584945188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1499.359543] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1499.366793] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1499.370472] lowmem_reserve[]: [ 1499.374042] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1499.374049] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1499.377147] 0 [ 1499.384406] R13: 00007fff692e4b6f R14: 00007fc584945300 R15: 0000000000022000 [ 1499.389422] Mem-Info: [ 1499.403872] CPU: 1 PID: 5488 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1499.407037] active_anon:15815 inactive_anon:30368 isolated_anon:0 [ 1499.407037] active_file:13 inactive_file:12 isolated_file:0 [ 1499.407037] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1499.407037] slab_reclaimable:13496 slab_unreclaimable:126870 [ 1499.407037] mapped:35331 shmem:31504 pagetables:2358 bounce:0 [ 1499.407037] free:13841 free_pcp:54 free_cma:0 [ 1499.411666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1499.411670] Call Trace: [ 1499.411688] dump_stack+0x1b2/0x281 [ 1499.411701] warn_alloc.cold+0x96/0x1cc [ 1499.411712] ? zone_watermark_ok_safe+0x220/0x220 [ 1499.411721] ? usleep_range+0x130/0x130 [ 1499.411729] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1499.411739] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1499.411748] ? run_timer_softirq+0x5a0/0x5a0 [ 1499.411763] __alloc_pages_nodemask+0x2127/0x2720 [ 1499.411779] ? lock_acquire+0x170/0x3f0 [ 1499.411804] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1499.448740] Node 0 active_anon:59004kB inactive_anon:84236kB active_file:44kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:124680kB dirty:0kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1499.454375] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1499.454390] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1499.454408] alloc_pages_current+0x155/0x260 [ 1499.454420] ion_page_pool_alloc+0x118/0x1b0 [ 1499.456991] Node 1 active_anon:4256kB inactive_anon:37236kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16644kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1499.460591] ion_system_heap_allocate+0x133/0x8c0 [ 1499.460601] ? ion_alloc+0x187/0x810 [ 1499.460610] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1499.460619] ? ion_system_contig_heap_create+0x130/0x130 [ 1499.460629] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1499.460640] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1499.460650] ion_alloc+0x204/0x810 [ 1499.460662] ? ion_dma_buf_release+0x40/0x40 [ 1499.460674] ? __might_fault+0x177/0x1b0 [ 1499.468324] Node 0 [ 1499.469464] ion_ioctl+0xea/0x1f0 [ 1499.473464] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1499.478496] ? ion_query_heaps+0x360/0x360 [ 1499.487112] lowmem_reserve[]: [ 1499.487894] ? ion_query_heaps+0x360/0x360 [ 1499.492739] 0 [ 1499.496661] do_vfs_ioctl+0x75a/0xff0 [ 1499.505089] 2717 [ 1499.529058] ? ioctl_preallocate+0x1a0/0x1a0 [ 1499.529068] ? lock_downgrade+0x740/0x740 [ 1499.529080] ? __fget+0x225/0x360 [ 1499.529088] ? do_vfs_ioctl+0xff0/0xff0 [ 1499.529098] ? security_file_ioctl+0x83/0xb0 [ 1499.529108] SyS_ioctl+0x7f/0xb0 [ 1499.529116] ? do_vfs_ioctl+0xff0/0xff0 [ 1499.529126] do_syscall_64+0x1d5/0x640 [ 1499.529142] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1499.529151] RIP: 0033:0x465f69 [ 1499.537246] 2718 [ 1499.539076] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1499.543509] 2718 [ 1499.547852] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1499.547859] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1499.578631] 2718 [ 1499.579664] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1499.588813] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1499.597908] Node 0 [ 1499.599253] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1499.604117] DMA32 free:18080kB min:36200kB low:45248kB high:54296kB active_anon:58924kB inactive_anon:84236kB active_file:44kB inactive_file:40kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8768kB pagetables:7548kB bounce:0kB free_pcp:196kB local_pcp:196kB free_cma:0kB [ 1499.617187] 0 [ 1499.621914] lowmem_reserve[]: 0 0 0 0 0 [ 1499.621936] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1499.621953] lowmem_reserve[]: 0 0 0 0 0 [ 1499.621973] Node 1 Normal free:26320kB min:53696kB low:67120kB high:80544kB active_anon:4256kB inactive_anon:37236kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:896kB pagetables:1884kB bounce:0kB free_pcp:20kB local_pcp:20kB free_cma:0kB [ 1499.621991] lowmem_reserve[]: 0 [ 1499.652288] 0 [ 1499.665521] 0 [ 1499.666967] 0 [ 1499.674929] 0 [ 1499.677309] 0 [ 1499.678958] 0 [ 1499.682949] Node 0 DMA: 23*4kB (UME) 41*8kB [ 1499.694660] 0 [ 1499.696556] (UME) [ 1499.703900] 53*16kB (UME) [ 1499.717761] Node 0 [ 1499.720771] 41*32kB [ 1499.727962] DMA: [ 1499.736954] (UME) [ 1499.749976] 23*4kB [ 1499.752128] 27*64kB [ 1499.752439] (UME) [ 1499.759928] (UME) [ 1499.795445] Mem-Info: [ 1499.825206] 10*128kB [ 1499.859238] 41*8kB [ 1499.881659] (UM) 7*256kB (UME) 3*512kB (UE) 2*1024kB (UE) 0*2048kB 0*4096kB = 10964kB [ 1499.926344] Node 0 DMA32: 176*4kB (UME) 54*8kB (ME) 129*16kB (ME) 26*32kB (ME) 14*64kB (ME) 0*128kB 38*256kB (UM) 0*512kB 21*1024kB (U) 0*2048kB 0*4096kB = 36160kB [ 1499.941740] (UME) 53*16kB (UME) 41*32kB (UME) 27*64kB (UME) 10*128kB (UM) 7*256kB (UME) 3*512kB (UE) 2*1024kB (UE) 0*2048kB 0*4096kB = 10964kB [ 1499.980476] Node 0 DMA32: 176*4kB (UME) 59*8kB (UME) 129*16kB (ME) 26*32kB (ME) 14*64kB (ME) 0*128kB 38*256kB (UM) 0*512kB 22*1024kB (U) 0*2048kB 0*4096kB = 37224kB [ 1500.000750] active_anon:15815 inactive_anon:30368 isolated_anon:0 [ 1500.000750] active_file:12 inactive_file:598 isolated_file:0 [ 1500.000750] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1500.000750] slab_reclaimable:13496 slab_unreclaimable:126870 [ 1500.000750] mapped:35721 shmem:31504 pagetables:2358 bounce:0 [ 1500.000750] free:81463 free_pcp:159 free_cma:0 [ 1500.003799] Node 0 [ 1500.040751] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1500.090490] Node 1 Normal: 2*4kB (UE) 1*8kB (U) 4*16kB (UE) 4*32kB (UME) 511*64kB (UME) 19*128kB (U) 25*256kB (U) 24*512kB (U) 191*1024kB (U) 45*2048kB (U) 0*4096kB = 341776kB [ 1500.113960] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1500.130742] Node 0 active_anon:59004kB inactive_anon:84236kB active_file:40kB inactive_file:148kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:124684kB dirty:0kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1500.160775] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1500.163772] Node 1 [ 1500.169629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1500.169635] Normal: [ 1500.190467] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1500.210737] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1500.219333] 32157 total pagecache pages [ 1500.223677] Node 1 active_anon:4256kB inactive_anon:37236kB active_file:8kB inactive_file:2244kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:18200kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1500.230968] 2*4kB [ 1500.260486] 0 pages in swap cache [ 1500.266138] Swap cache stats: add 0, delete 0, find 0/0 [ 1500.280484] Free swap = 0kB [ 1500.283519] Total swap = 0kB [ 1500.286529] 2097051 pages RAM [ 1500.289626] 0 pages HighMem/MovableOnly [ 1500.300484] Node 0 DMA free:11156kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1500.320454] (UE) 1*8kB (U) 4*16kB (UE) 4*32kB (UME) 2373*64kB (UME) 175*128kB (U) 123*256kB (U) 66*512kB (U) 145*1024kB (U) 45*2048kB (U) 0*4096kB = 480400kB [ 1500.350474] 363840 pages reserved [ 1500.353948] 0 pages cma reserved [ 1500.357311] Out of memory (oom_kill_allocating_task): Kill process 5474 (systemd-journal) score 0 or sacrifice child [ 1500.380483] Killed process 5474 (systemd-journal) total-vm:46096kB, anon-rss:472kB, file-rss:0kB, shmem-rss:1940kB [ 1500.400719] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1500.404043] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1500.405783] Node 0 [ 1500.421110] oom_reaper: reaped process 5474 (systemd-journal), now anon-rss:0kB, file-rss:0kB, shmem-rss:1940kB [ 1500.433964] DMA32 free:45240kB min:36200kB low:45248kB high:54296kB active_anon:58924kB inactive_anon:84236kB active_file:40kB inactive_file:148kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8768kB pagetables:7548kB bounce:0kB free_pcp:392kB local_pcp:240kB free_cma:0kB [ 1500.450435] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1500.517712] lowmem_reserve[]: 0 0 0 0 0 [ 1500.530504] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1500.537940] Node 0 [ 1500.539367] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1500.539372] 32600 total pagecache pages [ 1500.539383] 0 pages in swap cache [ 1500.539388] Swap cache stats: add 0, delete 0, find 0/0 [ 1500.539392] Free swap = 0kB [ 1500.539395] Total swap = 0kB [ 1500.539401] 2097051 pages RAM [ 1500.539405] 0 pages HighMem/MovableOnly [ 1500.539408] 363840 pages reserved [ 1500.539410] 0 pages cma reserved [ 1500.577390] systemd[1]: systemd-journald.service: Failed with result 'signal'. [ 1500.618772] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1500.650659] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 1500.690865] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 1500.697626] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 1500.764178] lowmem_reserve[]: 0 0 0 0 0 [ 1500.768207] Node 1 Normal free:44796kB min:53696kB low:67120kB high:80544kB active_anon:3856kB inactive_anon:37236kB active_file:1504kB inactive_file:1080kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:928kB pagetables:1884kB bounce:0kB free_pcp:760kB local_pcp:88kB free_cma:0kB [ 1500.806271] oom_reaper: reaped process 5489 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1500.831394] syz-executor.2 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 1500.836011] lowmem_reserve[]: 0 0 0 0 0 [ 1500.846728] syz-executor.1: [ 1500.848904] Node 0 [ 1500.848913] page allocation failure: order:4 [ 1500.852027] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1500.852047] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1500.852067] CPU: 1 PID: 5524 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1500.852074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1500.867051] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1500.870446] Call Trace: [ 1500.870466] dump_stack+0x1b2/0x281 [ 1500.870480] warn_alloc.cold+0x96/0x1cc [ 1500.870491] ? zone_watermark_ok_safe+0x220/0x220 [ 1500.870503] ? usleep_range+0x130/0x130 [ 1500.876708] (null) [ 1500.883356] ? try_to_free_pages+0x23f/0x6e0 [ 1500.883365] ? _find_next_bit+0xdb/0x100 [ 1500.883376] ? run_timer_softirq+0x5a0/0x5a0 [ 1500.883393] __alloc_pages_nodemask+0x2127/0x2720 [ 1500.883410] ? lock_acquire+0x170/0x3f0 [ 1500.883423] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1500.883434] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1500.883449] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1500.898655] syz-executor.2 cpuset= [ 1500.899881] alloc_pages_current+0x155/0x260 [ 1500.902478] / [ 1500.906054] ion_page_pool_alloc+0x118/0x1b0 [ 1500.909996] mems_allowed=0-1 [ 1500.914819] ion_system_heap_allocate+0x133/0x8c0 [ 1500.914831] ? _raw_spin_unlock+0x29/0x40 [ 1500.914840] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1500.914849] ? ion_system_contig_heap_create+0x130/0x130 [ 1500.914860] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1500.914870] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1500.914881] ion_alloc+0x27a/0x810 [ 1500.914895] ? ion_dma_buf_release+0x40/0x40 [ 1500.925884] syz-executor.1 cpuset= [ 1500.929404] ? __might_fault+0x177/0x1b0 [ 1500.975967] / [ 1500.979190] ion_ioctl+0xea/0x1f0 [ 1501.007177] mems_allowed=0-1 [ 1501.011397] ? ion_query_heaps+0x360/0x360 [ 1501.011410] ? ion_query_heaps+0x360/0x360 [ 1501.011420] do_vfs_ioctl+0x75a/0xff0 [ 1501.011432] ? ioctl_preallocate+0x1a0/0x1a0 [ 1501.011441] ? lock_downgrade+0x740/0x740 [ 1501.011453] ? __fget+0x225/0x360 [ 1501.051368] ? do_vfs_ioctl+0xff0/0xff0 [ 1501.055334] ? security_file_ioctl+0x83/0xb0 [ 1501.059722] SyS_ioctl+0x7f/0xb0 [ 1501.063073] ? do_vfs_ioctl+0xff0/0xff0 [ 1501.067045] do_syscall_64+0x1d5/0x640 [ 1501.070932] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1501.076140] RIP: 0033:0x465f69 [ 1501.079308] RSP: 002b:00007fe89767f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1501.087002] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1501.094258] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1501.101513] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1501.108770] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1501.116020] R13: 00007fff5941b3bf R14: 00007fe89767f300 R15: 0000000000022000 [ 1501.130680] DMA: 23*4kB (UME) 20*8kB (ME) 52*16kB (UME) 41*32kB (UME) 24*64kB (UME) 7*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 10972kB [ 1501.144104] CPU: 0 PID: 5488 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1501.149309] Node 0 [ 1501.153474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1501.153478] Call Trace: [ 1501.153498] dump_stack+0x1b2/0x281 [ 1501.153511] warn_alloc.cold+0x96/0x1cc [ 1501.155721] DMA32: [ 1501.165073] ? zone_watermark_ok_safe+0x220/0x220 [ 1501.165097] __alloc_pages_nodemask+0x2127/0x2720 [ 1501.167653] 288*4kB [ 1501.171261] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1501.171274] ? lock_acquire+0x170/0x3f0 [ 1501.175219] (UME) [ 1501.177441] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1501.182269] 80*8kB [ 1501.187098] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1501.189388] (UME) [ 1501.194400] ? __mutex_unlock_slowpath+0x75/0x770 [ 1501.194418] alloc_pages_current+0x155/0x260 [ 1501.198372] 129*16kB [ 1501.200506] ion_page_pool_alloc+0x118/0x1b0 [ 1501.200519] ion_system_heap_allocate+0x133/0x8c0 [ 1501.205330] (UME) [ 1501.207550] ? _raw_spin_unlock+0x29/0x40 [ 1501.212986] 26*32kB [ 1501.215107] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1501.219915] (UME) [ 1501.224303] ? ion_system_contig_heap_create+0x130/0x130 [ 1501.224313] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1501.224321] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1501.224332] ion_alloc+0x27a/0x810 [ 1501.226716] 34*64kB [ 1501.231110] ? ion_dma_buf_release+0x40/0x40 [ 1501.231123] ? __might_fault+0x177/0x1b0 [ 1501.235937] (UME) [ 1501.238070] ion_ioctl+0xea/0x1f0 [ 1501.242210] 8*128kB [ 1501.244506] ? ion_query_heaps+0x360/0x360 [ 1501.249492] (U) [ 1501.251634] ? ion_query_heaps+0x360/0x360 [ 1501.251645] do_vfs_ioctl+0x75a/0xff0 [ 1501.257070] 39*256kB [ 1501.262075] ? ioctl_preallocate+0x1a0/0x1a0 [ 1501.262086] ? lock_downgrade+0x740/0x740 [ 1501.266900] (UM) [ 1501.270426] ? __fget+0x225/0x360 [ 1501.270439] ? do_vfs_ioctl+0xff0/0xff0 [ 1501.270451] ? security_file_ioctl+0x83/0xb0 [ 1501.272747] 0*512kB [ 1501.277136] SyS_ioctl+0x7f/0xb0 [ 1501.281192] 0*1024kB [ 1501.283318] ? do_vfs_ioctl+0xff0/0xff0 [ 1501.286759] 0*2048kB [ 1501.289064] do_syscall_64+0x1d5/0x640 [ 1501.293284] 0*4096kB [ 1501.295233] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1501.299434] = 17872kB [ 1501.303210] RIP: 0033:0x465f69 [ 1501.303215] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1501.303224] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1501.303232] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1501.305617] Node 0 [ 1501.309997] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1501.310004] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1501.314141] Normal: [ 1501.316164] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1501.324659] CPU: 0 PID: 5489 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1501.333018] 0*4kB [ 1501.334384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1501.336772] 0*8kB [ 1501.340722] Call Trace: [ 1501.340739] dump_stack+0x1b2/0x281 [ 1501.340755] dump_header+0x178/0x82f [ 1501.347080] 0*16kB [ 1501.349403] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1501.354592] 0*32kB [ 1501.356960] ? ___ratelimit+0x2cd/0x530 [ 1501.360121] 0*64kB [ 1501.367809] oom_kill_process.cold+0x10/0xb18 [ 1501.367830] out_of_memory+0xe3e/0x1190 [ 1501.375089] 0*128kB [ 1501.382346] ? oom_killer_disable+0x1c0/0x1c0 [ 1501.382356] ? mutex_trylock+0x152/0x1a0 [ 1501.384581] 0*256kB [ 1501.391858] __alloc_pages_nodemask+0x23e1/0x2720 [ 1501.391876] ? lock_acquire+0x170/0x3f0 [ 1501.391890] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1501.399157] 0*512kB [ 1501.401461] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1501.401476] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1501.401495] alloc_pages_current+0x155/0x260 [ 1501.408735] 0*1024kB [ 1501.416524] ion_page_pool_alloc+0x118/0x1b0 [ 1501.416534] ion_system_heap_allocate+0x133/0x8c0 [ 1501.416544] ? ion_alloc+0x187/0x810 [ 1501.418687] warn_alloc_show_mem: 1 callbacks suppressed [ 1501.418690] Mem-Info: [ 1501.428007] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1501.428018] ? ion_system_contig_heap_create+0x130/0x130 [ 1501.428030] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1501.430155] 0*2048kB [ 1501.432715] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1501.432727] ion_alloc+0x204/0x810 [ 1501.432741] ? ion_dma_buf_release+0x40/0x40 [ 1501.436335] 0*4096kB [ 1501.440041] ? __might_fault+0x177/0x1b0 [ 1501.442283] active_anon:15700 inactive_anon:30367 isolated_anon:0 [ 1501.442283] active_file:15 inactive_file:16 isolated_file:0 [ 1501.442283] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1501.442283] slab_reclaimable:13464 slab_unreclaimable:126280 [ 1501.442283] mapped:34817 shmem:31504 pagetables:2343 bounce:0 [ 1501.442283] free:13877 free_pcp:0 free_cma:0 [ 1501.447350] ion_ioctl+0xea/0x1f0 [ 1501.449567] Node 0 active_anon:58944kB inactive_anon:84236kB active_file:0kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:124676kB dirty:0kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1501.453511] ? ion_query_heaps+0x360/0x360 [ 1501.453523] ? ion_query_heaps+0x360/0x360 [ 1501.453532] do_vfs_ioctl+0x75a/0xff0 [ 1501.455747] = 0kB [ 1501.460225] ? ioctl_preallocate+0x1a0/0x1a0 [ 1501.464205] Node 1 active_anon:3856kB inactive_anon:37232kB active_file:64kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1501.466490] ? lock_downgrade+0x740/0x740 [ 1501.470973] Node 1 [ 1501.475012] ? __fget+0x225/0x360 [ 1501.477329] Normal: [ 1501.482151] ? do_vfs_ioctl+0xff0/0xff0 [ 1501.482161] ? security_file_ioctl+0x83/0xb0 [ 1501.482171] SyS_ioctl+0x7f/0xb0 [ 1501.486122] Node 0 [ 1501.490938] ? do_vfs_ioctl+0xff0/0xff0 [ 1501.490949] do_syscall_64+0x1d5/0x640 [ 1501.490966] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1501.493268] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1501.497746] RIP: 0033:0x465f69 [ 1501.503203] 162*4kB [ 1501.507561] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1501.509966] (M) [ 1501.514351] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1501.514356] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1501.514362] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1501.514366] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1501.514374] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1501.519213] lowmem_reserve[]: [ 1501.532320] Mem-Info: [ 1501.544302] 84*8kB [ 1501.555003] syz-executor.1: [ 1501.560446] 0 [ 1501.563899] active_anon:15700 inactive_anon:30367 isolated_anon:0 [ 1501.563899] active_file:15 inactive_file:16 isolated_file:0 [ 1501.563899] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1501.563899] slab_reclaimable:13464 slab_unreclaimable:126280 [ 1501.563899] mapped:34817 shmem:31504 pagetables:2343 bounce:0 [ 1501.563899] free:13877 free_pcp:0 free_cma:0 [ 1501.566059] 2717 [ 1501.570126] Node 0 active_anon:58944kB inactive_anon:84236kB active_file:0kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:124676kB dirty:0kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1501.610436] (UM) [ 1501.640577] page allocation failure: order:0 [ 1501.650069] 58*16kB [ 1501.658197] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1501.691107] 2718 [ 1501.695822] (null) [ 1501.696296] 2718 [ 1501.700713] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1501.700736] CPU: 0 PID: 5488 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1501.700742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1501.700745] Call Trace: [ 1501.700765] dump_stack+0x1b2/0x281 [ 1501.700784] warn_alloc.cold+0x96/0x1cc [ 1501.700797] ? zone_watermark_ok_safe+0x220/0x220 [ 1501.714591] 2718 [ 1501.719358] ? usleep_range+0x130/0x130 [ 1501.745071] (M) [ 1501.748205] ? try_to_free_pages+0x23f/0x6e0 [ 1501.750514] 27*32kB [ 1501.758187] ? _find_next_bit+0xdb/0x100 [ 1501.760134] (M) [ 1501.767386] ? run_timer_softirq+0x5a0/0x5a0 [ 1501.767406] __alloc_pages_nodemask+0x2127/0x2720 [ 1501.781915] ? lock_acquire+0x170/0x3f0 [ 1501.781930] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1501.789175] 18*64kB [ 1501.796425] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1501.796440] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1501.796459] alloc_pages_current+0x155/0x260 [ 1501.799532] Node 0 [ 1501.801924] ion_page_pool_alloc+0x118/0x1b0 [ 1501.801936] ion_system_heap_allocate+0x133/0x8c0 [ 1501.804157] DMA32 free:17872kB min:36200kB low:45248kB high:54296kB active_anon:58864kB inactive_anon:84236kB active_file:0kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8736kB pagetables:7568kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1501.807143] ? _raw_spin_unlock+0x29/0x40 [ 1501.808929] lowmem_reserve[]: [ 1501.842049] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1501.842058] ? ion_system_contig_heap_create+0x130/0x130 [ 1501.842067] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1501.842078] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1501.844119] (UM) [ 1501.871591] ion_alloc+0x27a/0x810 [ 1501.871604] ? ion_dma_buf_release+0x40/0x40 [ 1501.871616] ? __might_fault+0x177/0x1b0 [ 1501.873652] 7*128kB [ 1501.878041] ion_ioctl+0xea/0x1f0 [ 1501.880354] (M) [ 1501.887419] ? ion_query_heaps+0x360/0x360 [ 1501.889454] 2*256kB [ 1501.891588] ? ion_query_heaps+0x360/0x360 [ 1501.891597] do_vfs_ioctl+0x75a/0xff0 [ 1501.891608] ? ioctl_preallocate+0x1a0/0x1a0 [ 1501.893646] 0 [ 1501.898723] ? lock_downgrade+0x740/0x740 [ 1501.906499] 0 [ 1501.915824] ? __fget+0x225/0x360 [ 1501.915836] ? do_vfs_ioctl+0xff0/0xff0 [ 1501.918405] (UM) [ 1501.922009] ? security_file_ioctl+0x83/0xb0 [ 1501.922018] SyS_ioctl+0x7f/0xb0 [ 1501.922027] ? do_vfs_ioctl+0xff0/0xff0 [ 1501.925985] 41*512kB [ 1501.930819] do_syscall_64+0x1d5/0x640 [ 1501.930839] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1501.932886] 0 [ 1501.936834] RIP: 0033:0x465f69 [ 1501.938780] 0 [ 1501.943175] RSP: 002b:00007ffaba381188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1501.943185] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1501.943191] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1501.943195] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1501.943202] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1501.945508] (UM) [ 1501.949537] R13: 00007fffa91fc9ef R14: 00007ffaba381300 R15: 0000000000022000 [ 1501.955034] Node 1 active_anon:3856kB inactive_anon:37232kB active_file:56kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:14592kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1501.969450] 0*1024kB [ 1501.970237] Node 0 [ 1501.973712] 0 [ 1501.980828] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1501.991896] 0*2048kB [ 1501.995414] lowmem_reserve[]: [ 1501.998421] 0*4096kB [ 1502.029883] 0 [ 1502.047710] 2717 [ 1502.049047] Node 0 [ 1502.053898] 2718 2718 2718 [ 1502.053911] Node 0 DMA32 free:17976kB min:36200kB low:45248kB high:54296kB active_anon:58864kB inactive_anon:84236kB active_file:4kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8736kB pagetables:7568kB bounce:0kB free_pcp:368kB local_pcp:352kB free_cma:0kB [ 1502.053933] lowmem_reserve[]: 0 0 0 0 0 [ 1502.053951] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1502.053970] lowmem_reserve[]: 0 0 0 0 0 [ 1502.053991] Node 1 [ 1502.066501] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1502.071655] Normal free:26664kB min:53696kB low:67120kB high:80544kB active_anon:3856kB inactive_anon:37232kB active_file:56kB inactive_file:56kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:928kB pagetables:1804kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1502.080261] lowmem_reserve[]: [ 1502.082413] lowmem_reserve[]: 0 0 0 0 0 [ 1502.082436] Node 0 DMA: 22*4kB (UME) 19*8kB (ME) 53*16kB (UME) [ 1502.091132] 0 [ 1502.098436] 41*32kB [ 1502.110105] 0 [ 1502.115586] (UME) [ 1502.118790] = 26664kB [ 1502.119906] 24*64kB [ 1502.131007] 0 [ 1502.138835] (UME) [ 1502.150869] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1502.160633] 7*128kB [ 1502.175239] 0 [ 1502.182077] (UM) [ 1502.195189] 0 [ 1502.222257] 4*256kB [ 1502.232697] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1502.255117] (UME) [ 1502.265608] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1502.305116] 2*512kB [ 1502.355002] (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 10976kB [ 1502.461494] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1502.461500] 32386 total pagecache pages [ 1502.461511] 0 pages in swap cache [ 1502.461516] Swap cache stats: add 0, delete 0, find 0/0 [ 1502.461520] Free swap = 0kB [ 1502.461523] Total swap = 0kB [ 1502.461529] 2097051 pages RAM [ 1502.461532] 0 pages HighMem/MovableOnly [ 1502.461535] 363840 pages reserved [ 1502.461537] 0 pages cma reserved [ 1502.475010] Node 1 [ 1502.478785] Node 0 [ 1502.483441] systemd[1]: Stopped Journal Service. [ 1502.511218] systemd[1]: Starting Journal Service... [ 1502.514290] DMA32: 288*4kB (UME) 104*8kB (UME) 130*16kB (UME) 26*32kB (UME) 34*64kB (UME) 8*128kB (U) 39*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18080kB [ 1502.521574] Normal free:366128kB min:53696kB low:67120kB high:80544kB active_anon:4056kB inactive_anon:37232kB active_file:56kB inactive_file:4756kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:928kB pagetables:1952kB bounce:0kB free_pcp:264kB local_pcp:224kB free_cma:0kB [ 1502.534830] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1502.575918] Node 1 Normal: 2*4kB (UM) 0*8kB 2*16kB (UM) 1*32kB (U) 0*64kB 0*128kB 1*256kB (M) 39*512kB (U) 111*1024kB (U) 71*2048kB (U) 21*4096kB (U) = 365384kB [ 1502.590685] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1502.599915] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1502.608624] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1502.618411] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1502.627660] 32941 total pagecache pages [ 1502.632289] 0 pages in swap cache [ 1502.635882] Swap cache stats: add 0, delete 0, find 0/0 [ 1502.641344] lowmem_reserve[]: 0 0 0 0 0 [ 1502.645630] Free swap = 0kB [ 1502.648704] Node 0 DMA: 22*4kB (UME) 19*8kB (ME) 53*16kB (UME) 41*32kB (UME) 24*64kB (UME) 7*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 10976kB [ 1502.664757] Total swap = 0kB [ 1502.667835] 2097051 pages RAM [ 1502.671024] 0 pages HighMem/MovableOnly [ 1502.675279] 363840 pages reserved [ 1502.678792] Node 0 DMA32: 288*4kB (UME) 104*8kB (UME) 130*16kB (UME) 26*32kB (UME) 34*64kB (UME) 8*128kB (U) 39*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18080kB [ 1502.695186] 0 pages cma reserved [ 1502.698773] Out of memory (oom_kill_allocating_task): Kill process 5489 (syz-executor.2) score 0 or sacrifice child [ 1502.709445] Killed process 5489 (syz-executor.2) total-vm:93384kB, anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1502.719696] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1502.732181] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1502.744182] Node 1 Normal: 1*4kB (U) 1*8kB (M) 0*16kB 0*32kB 1648*64kB (UM) 1*128kB (M) 0*256kB 40*512kB (UM) 121*1024kB (U) 114*2048kB (UM) 30*4096kB (U) = 606348kB [ 1502.759747] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1502.764966] CPU: 0 PID: 5489 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1502.772756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1502.782118] Call Trace: [ 1502.784733] dump_stack+0x1b2/0x281 [ 1502.788367] warn_alloc.cold+0x96/0x1cc [ 1502.792349] ? lock_downgrade+0x740/0x740 [ 1502.796480] ? zone_watermark_ok_safe+0x220/0x220 [ 1502.801303] ? wake_up_q+0x82/0xd0 [ 1502.804827] ? wait_for_completion_io+0x10/0x10 [ 1502.809477] __alloc_pages_nodemask+0x2127/0x2720 [ 1502.814316] ? lock_acquire+0x170/0x3f0 [ 1502.818279] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1502.823113] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1502.827591] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1502.833038] alloc_pages_current+0x155/0x260 [ 1502.837428] ion_page_pool_alloc+0x118/0x1b0 [ 1502.841827] ion_system_heap_allocate+0x133/0x8c0 [ 1502.846649] ? ion_alloc+0x187/0x810 [ 1502.850351] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1502.855780] ? ion_system_contig_heap_create+0x130/0x130 [ 1502.861210] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1502.866205] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1502.871028] ion_alloc+0x204/0x810 [ 1502.874552] ? ion_dma_buf_release+0x40/0x40 [ 1502.878940] ? __might_fault+0x177/0x1b0 [ 1502.882985] ion_ioctl+0xea/0x1f0 [ 1502.886415] ? ion_query_heaps+0x360/0x360 [ 1502.890630] ? ion_query_heaps+0x360/0x360 [ 1502.894842] do_vfs_ioctl+0x75a/0xff0 [ 1502.898625] ? ioctl_preallocate+0x1a0/0x1a0 [ 1502.903011] ? lock_downgrade+0x740/0x740 [ 1502.907142] ? __fget+0x225/0x360 [ 1502.910574] ? do_vfs_ioctl+0xff0/0xff0 [ 1502.914538] ? security_file_ioctl+0x83/0xb0 [ 1502.918925] SyS_ioctl+0x7f/0xb0 [ 1502.922272] ? do_vfs_ioctl+0xff0/0xff0 [ 1502.926227] do_syscall_64+0x1d5/0x640 [ 1502.930100] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1502.935269] RIP: 0033:0x465f69 [ 1502.938437] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1502.946124] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1502.953373] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1502.960633] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1502.967895] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1502.975143] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1502.983047] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1502.992092] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1503.000735] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1503.009835] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1503.018551] 33270 total pagecache pages [ 1503.022714] 0 pages in swap cache [ 1503.026166] Swap cache stats: add 0, delete 0, find 0/0 [ 1503.031597] Free swap = 0kB [ 1503.034769] Total swap = 0kB [ 1503.037801] 2097051 pages RAM [ 1503.040962] 0 pages HighMem/MovableOnly [ 1503.045072] 363840 pages reserved [ 1503.048519] 0 pages cma reserved [ 1503.077145] warn_alloc_show_mem: 2 callbacks suppressed [ 1503.077149] Mem-Info: [ 1503.085785] active_anon:15746 inactive_anon:30367 isolated_anon:0 [ 1503.085785] active_file:16 inactive_file:1772 isolated_file:0 [ 1503.085785] unevictable:0 dirty:32 writeback:0 unstable:0 [ 1503.085785] slab_reclaimable:13429 slab_unreclaimable:126287 [ 1503.085785] mapped:36089 shmem:31504 pagetables:2303 bounce:0 [ 1503.085785] free:147988 free_pcp:206 free_cma:0 [ 1503.122963] Node 0 active_anon:58896kB inactive_anon:84236kB active_file:4kB inactive_file:308kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:124676kB dirty:0kB writeback:0kB shmem:88664kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1503.158572] Node 1 active_anon:4088kB inactive_anon:37232kB active_file:60kB inactive_file:7080kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:19780kB dirty:128kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1503.196663] Node 0 DMA free:11040kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1503.224367] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1503.230409] Node 0 DMA32 free:58144kB min:36200kB low:45248kB high:54296kB active_anon:58716kB inactive_anon:84236kB active_file:104kB inactive_file:1808kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8704kB pagetables:7140kB bounce:0kB free_pcp:640kB local_pcp:600kB free_cma:0kB [ 1503.263561] lowmem_reserve[]: 0 0 0 0 0 [ 1503.269129] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1503.296181] lowmem_reserve[]: 0 0 0 0 0 [ 1503.301138] Node 1 Normal free:560476kB min:53696kB low:67120kB high:80544kB active_anon:3988kB inactive_anon:37232kB active_file:360kB inactive_file:6980kB unevictable:0kB writepending:128kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:928kB pagetables:1776kB bounce:0kB free_pcp:488kB local_pcp:364kB free_cma:0kB [ 1503.335949] lowmem_reserve[]: 0 0 0 0 0 [ 1503.341198] Node 0 DMA: 22*4kB (UME) 19*8kB (ME) 53*16kB (UME) 41*32kB (UME) 26*64kB (UME) 7*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 11104kB [ 1503.358063] Node 0 DMA32: 2760*4kB (UME) 4951*8kB (UE) 2965*16kB (UME) 519*32kB (UME) 651*64kB (UME) 195*128kB (U) 37*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 190792kB [ 1503.381372] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1503.392722] Node 1 Normal: 1469*4kB (U) 743*8kB (UM) 61*16kB (U) 2*32kB (UM) 3855*64kB (UM) 912*128kB (UM) 482*256kB (UM) 140*512kB (U) 2*1024kB (U) 0*2048kB 0*4096kB = 573436kB [ 1503.408898] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1503.422641] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1503.431301] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1503.440139] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1503.448818] 34417 total pagecache pages [ 1503.453103] 0 pages in swap cache [ 1503.456553] Swap cache stats: add 0, delete 0, find 0/0 [ 1503.462197] Free swap = 0kB [ 1503.465217] Total swap = 0kB [ 1503.468228] 2097051 pages RAM [ 1503.471437] 0 pages HighMem/MovableOnly [ 1503.475557] 363840 pages reserved [ 1503.479003] 0 pages cma reserved [ 1503.858913] systemd-journald[5553]: File /run/log/journal/64dd78f1a75445a997c532444ad0f085/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 1503.994824] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1504.006712] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1504.020240] CPU: 1 PID: 5489 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1504.028061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1504.037414] Call Trace: [ 1504.040004] dump_stack+0x1b2/0x281 [ 1504.043635] warn_alloc.cold+0x96/0x1cc [ 1504.047614] ? zone_watermark_ok_safe+0x220/0x220 [ 1504.052472] __alloc_pages_nodemask+0x2127/0x2720 [ 1504.057322] ? lock_acquire+0x170/0x3f0 [ 1504.061299] ? lock_acquire+0x170/0x3f0 [ 1504.065317] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1504.070166] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1504.075616] ? __mutex_unlock_slowpath+0x75/0x770 [ 1504.080457] ? alloc_pages_current+0x84/0x260 [ 1504.084987] alloc_pages_current+0x155/0x260 [ 1504.089518] ion_page_pool_alloc+0x118/0x1b0 [ 1504.093929] ion_system_heap_allocate+0x133/0x8c0 [ 1504.098776] ? _raw_spin_unlock+0x29/0x40 [ 1504.102921] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1504.107845] ? ion_system_contig_heap_create+0x130/0x130 [ 1504.113301] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1504.118319] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1504.123160] ion_alloc+0x27a/0x810 [ 1504.126703] ? ion_dma_buf_release+0x40/0x40 [ 1504.131110] ? __might_fault+0x177/0x1b0 [ 1504.135168] ion_ioctl+0xea/0x1f0 [ 1504.138617] ? ion_query_heaps+0x360/0x360 [ 1504.142852] ? ion_query_heaps+0x360/0x360 [ 1504.147085] do_vfs_ioctl+0x75a/0xff0 [ 1504.150882] ? ioctl_preallocate+0x1a0/0x1a0 [ 1504.155281] ? lock_downgrade+0x740/0x740 [ 1504.159430] ? __fget+0x225/0x360 [ 1504.162877] ? do_vfs_ioctl+0xff0/0xff0 [ 1504.166848] ? security_file_ioctl+0x83/0xb0 [ 1504.171249] SyS_ioctl+0x7f/0xb0 [ 1504.174609] ? do_vfs_ioctl+0xff0/0xff0 [ 1504.178582] do_syscall_64+0x1d5/0x640 [ 1504.182472] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1504.187660] RIP: 0033:0x465f69 [ 1504.190841] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1504.198544] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1504.205807] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1504.213072] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1504.220335] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1504.227597] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1504.240246] Mem-Info: [ 1504.242679] active_anon:15810 inactive_anon:32396 isolated_anon:0 [ 1504.242679] active_file:294 inactive_file:3024 isolated_file:0 [ 1504.242679] unevictable:0 dirty:47 writeback:0 unstable:0 [ 1504.242679] slab_reclaimable:13404 slab_unreclaimable:128647 [ 1504.242679] mapped:37242 shmem:33552 pagetables:2279 bounce:0 [ 1504.242679] free:146843 free_pcp:682 free_cma:0 [ 1504.282633] Node 0 active_anon:59192kB inactive_anon:92412kB active_file:720kB inactive_file:5128kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:128796kB dirty:48kB writeback:0kB shmem:96856kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1504.314397] Node 1 active_anon:4048kB inactive_anon:37172kB active_file:456kB inactive_file:6968kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20172kB dirty:140kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1504.346011] Node 0 DMA free:11020kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1504.390209] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1504.395305] Node 0 DMA32 free:553700kB min:36200kB low:45248kB high:54296kB active_anon:59112kB inactive_anon:92412kB active_file:720kB inactive_file:5128kB unevictable:0kB writepending:48kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8704kB pagetables:7324kB bounce:0kB free_pcp:1348kB local_pcp:712kB free_cma:0kB [ 1504.460183] lowmem_reserve[]: 0 0 0 0 0 [ 1504.464238] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1504.495197] systemd[1]: Started Journal Service. [ 1504.514681] lowmem_reserve[]: 0 0 0 0 0 [ 1504.519339] Node 1 Normal free:227684kB min:53696kB low:67120kB high:80544kB active_anon:4048kB inactive_anon:37172kB active_file:456kB inactive_file:6968kB unevictable:0kB writepending:140kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:928kB pagetables:1792kB bounce:0kB free_pcp:1316kB local_pcp:624kB free_cma:0kB [ 1504.552341] lowmem_reserve[]: 0 0 0 0 0 [ 1504.557038] Node 0 DMA: 47*4kB (UME) 42*8kB (UME) 54*16kB (UME) 41*32kB (UME) 22*64kB (UME) 7*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 11148kB [ 1504.573677] Node 0 DMA32: 8127*4kB (UE) 13390*8kB (UME) 14338*16kB (UME) 6878*32kB (UME) 1059*64kB (U) 28*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 660492kB [ 1504.589796] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1504.600754] Node 1 Normal: 4468*4kB (UME) 2738*8kB (UME) 1962*16kB (UME) 2331*32kB (UM) 1000*64kB (U) 128*128kB (U) 1*256kB (U) 17*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 235104kB [ 1504.627444] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1504.636543] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1504.646601] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1504.656391] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1504.665837] 37019 total pagecache pages [ 1504.676630] 0 pages in swap cache [ 1504.680100] Swap cache stats: add 0, delete 0, find 0/0 [ 1504.686658] Free swap = 0kB [ 1504.689683] Total swap = 0kB [ 1504.693557] 2097051 pages RAM [ 1504.696667] 0 pages HighMem/MovableOnly [ 1504.711527] 363840 pages reserved [ 1504.717509] 0 pages cma reserved 18:06:39 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:06:39 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r5, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r7 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r8 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r5, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_PID={0x8, 0x1c, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r9 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8, 0x1, r10}, {0x8}, {0x8, 0x1, r11}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) [ 1505.119453] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1505.138521] nbd: must specify at least one socket 18:06:40 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x5, 0x0, [{0x6, 0x5, 0xf98d}, {0x8, 0x1, 0x7, 0xfffff801, 0x7fffffff}, {0x80000019, 0x8, 0x8, 0xf9b, 0x5}, {0x80000008, 0x4, 0x0, 0x5, 0x3ff}, {0x80000000, 0x6, 0xf92e, 0x1, 0xac}]}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) 18:06:40 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x6, 0x6}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00', r1) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fddbdf2501000000240007", @ANYRES32, @ANYBLOB="08000100e993c25b8ca611f61422964a970e8264504d4c2afef3f10a91072010a939a17e6f26d981353587e6c4b6", @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0c00020003000000000000000c0002000400000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000600)='NLBL_CALIPSO\x00', r4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180)='nl802154\x00', 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r5, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc800}, 0x4c821) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x20200, 0x0) r7 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid\x00') r8 = fork() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r5, 0xc, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_PID={0x8, 0x1c, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x84) r9 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xee7d, 0x470000) socketpair(0x2, 0x2, 0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x11, 0x100006, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x94, r3, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7a}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8, 0x1, r10}, {0x8}, {0x8, 0x1, r11}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000005}, 0x1) 18:06:40 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80000000, 0xf}) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00', 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x2, 0x2, 0x6, 0xfffffffa, 'syz0\x00', 0x80000001}) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, 0x0) [ 1505.353767] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1505.369637] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1505.370852] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1505.381288] nbd: must specify at least one socket [ 1505.406925] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1505.414007] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1505.430928] device bridge_slave_1 left promiscuous mode [ 1505.444426] bridge0: port 2(bridge_slave_1) entered disabled state [ 1505.481048] device bridge_slave_0 left promiscuous mode [ 1505.486612] bridge0: port 1(bridge_slave_0) entered disabled state [ 1505.526599] device veth1_macvtap left promiscuous mode [ 1505.538746] device veth0_macvtap left promiscuous mode [ 1505.550715] device veth1_vlan left promiscuous mode [ 1505.555993] device veth0_vlan left promiscuous mode [ 1505.773885] device hsr_slave_1 left promiscuous mode [ 1505.807226] device hsr_slave_0 left promiscuous mode [ 1505.856038] team0 (unregistering): Port device team_slave_1 removed [ 1505.887224] team0 (unregistering): Port device team_slave_0 removed [ 1505.913140] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1505.945167] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1506.021870] bond0 (unregistering): Released all slaves [ 1506.667536] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1506.686597] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1506.692535] CPU: 1 PID: 5586 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1506.700339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1506.709681] Call Trace: [ 1506.712276] dump_stack+0x1b2/0x281 [ 1506.715910] warn_alloc.cold+0x96/0x1cc [ 1506.719886] ? zone_watermark_ok_safe+0x220/0x220 [ 1506.724747] __alloc_pages_nodemask+0x2127/0x2720 [ 1506.729582] ? io_schedule_timeout+0x140/0x140 [ 1506.734170] ? lock_acquire+0x170/0x3f0 [ 1506.738148] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1506.742997] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1506.748449] ? __mutex_unlock_slowpath+0x75/0x770 [ 1506.753295] alloc_pages_current+0x155/0x260 [ 1506.757704] ion_page_pool_alloc+0x118/0x1b0 [ 1506.762115] ion_system_heap_allocate+0x133/0x8c0 [ 1506.766950] ? ion_alloc+0x187/0x810 [ 1506.770655] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1506.776103] ? ion_system_contig_heap_create+0x130/0x130 [ 1506.781550] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1506.786558] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1506.791408] ion_alloc+0x204/0x810 [ 1506.794949] ? ion_dma_buf_release+0x40/0x40 [ 1506.799354] ? __might_fault+0x177/0x1b0 [ 1506.803414] ion_ioctl+0xea/0x1f0 [ 1506.806859] ? ion_query_heaps+0x360/0x360 [ 1506.811090] ? ion_query_heaps+0x360/0x360 [ 1506.815319] do_vfs_ioctl+0x75a/0xff0 [ 1506.819118] ? ioctl_preallocate+0x1a0/0x1a0 [ 1506.823520] ? lock_downgrade+0x740/0x740 [ 1506.827664] ? __fget+0x225/0x360 [ 1506.831108] ? do_vfs_ioctl+0xff0/0xff0 [ 1506.835077] ? security_file_ioctl+0x83/0xb0 [ 1506.839484] SyS_ioctl+0x7f/0xb0 [ 1506.842842] ? do_vfs_ioctl+0xff0/0xff0 [ 1506.846808] do_syscall_64+0x1d5/0x640 [ 1506.850694] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1506.855877] RIP: 0033:0x465f69 [ 1506.859144] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1506.866849] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1506.874113] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1506.881376] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1506.888639] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1506.895904] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1506.905090] Mem-Info: [ 1506.908035] active_anon:15438 inactive_anon:32396 isolated_anon:0 [ 1506.908035] active_file:1413 inactive_file:3065 isolated_file:0 [ 1506.908035] unevictable:0 dirty:6 writeback:0 unstable:0 [ 1506.908035] slab_reclaimable:13236 slab_unreclaimable:126441 [ 1506.908035] mapped:56188 shmem:33545 pagetables:2351 bounce:0 [ 1506.908035] free:96575 free_pcp:208 free_cma:0 [ 1506.942898] Node 0 active_anon:58524kB inactive_anon:92412kB active_file:5624kB inactive_file:12452kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:143560kB dirty:0kB writeback:4kB shmem:96828kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1506.971700] Node 1 active_anon:3320kB inactive_anon:37172kB active_file:0kB inactive_file:140kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:81392kB dirty:8kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1506.999458] Node 0 DMA free:11256kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1507.026818] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1507.051166] Node 0 DMA32 free:168724kB min:36200kB low:45248kB high:54296kB active_anon:58504kB inactive_anon:92412kB active_file:5656kB inactive_file:13464kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7640kB bounce:0kB free_pcp:188kB local_pcp:108kB free_cma:0kB [ 1507.093318] lowmem_reserve[]: 0 0 0 0 0 [ 1507.097391] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1507.124353] lowmem_reserve[]: 0 0 0 0 0 [ 1507.132067] Node 1 Normal free:229596kB min:53696kB low:67120kB high:80544kB active_anon:3336kB inactive_anon:37172kB active_file:16kB inactive_file:188kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1024kB pagetables:2116kB bounce:0kB free_pcp:644kB local_pcp:0kB free_cma:0kB [ 1507.192673] lowmem_reserve[]: 0 0 0 0 0 [ 1507.201674] Node 0 DMA: 20*4kB (ME) 29*8kB (UME) 54*16kB (UME) 41*32kB (UME) 25*64kB (UME) 8*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 11256kB [ 1507.234898] Node 0 DMA32: 107*4kB (E) 2197*8kB (UME) 8195*16kB (UME) 1201*32kB (UME) 27*64kB (UME) 105*128kB (UME) 57*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 217828kB [ 1507.272572] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1507.295354] Node 1 Normal: 1693*4kB (UME) 1315*8kB (UME) 193*16kB (UME) 94*32kB (UME) 166*64kB (UME) 42*128kB (UM) 157*256kB (UM) 235*512kB (U) 27*1024kB (U) 1*2048kB (U) 0*4096kB = 229596kB [ 1507.331331] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1507.348935] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1507.370042] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1507.378901] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1507.421373] 38398 total pagecache pages [ 1507.425407] 0 pages in swap cache [ 1507.441145] Swap cache stats: add 0, delete 0, find 0/0 [ 1507.449844] Free swap = 0kB [ 1507.456334] Total swap = 0kB [ 1507.462681] 2097051 pages RAM [ 1507.469093] 0 pages HighMem/MovableOnly [ 1507.477614] 363840 pages reserved [ 1507.484491] 0 pages cma reserved [ 1507.979544] oom_reaper: reaped process 5493 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1508.012612] kworker/u4:3 invoked oom-killer: gfp_mask=0x14142c0(GFP_KERNEL|__GFP_NOWARN|__GFP_COMP|__GFP_NOMEMALLOC), nodemask=(null), order=1, oom_score_adj=0 [ 1508.055873] kworker/u4:3 cpuset=/ mems_allowed=0-1 [ 1508.063035] CPU: 0 PID: 25149 Comm: kworker/u4:3 Not tainted 4.14.224-syzkaller #0 [ 1508.070761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1508.080129] Workqueue: netns cleanup_net [ 1508.084184] Call Trace: [ 1508.086768] dump_stack+0x1b2/0x281 [ 1508.090397] dump_header+0x178/0x82f [ 1508.094103] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1508.099218] ? ___ratelimit+0x2cd/0x530 [ 1508.103177] oom_kill_process.cold+0x10/0xb18 [ 1508.107651] ? lock_downgrade+0x740/0x740 [ 1508.111781] out_of_memory+0x2dc/0x1190 [ 1508.115739] ? oom_killer_disable+0x1c0/0x1c0 [ 1508.120209] ? mutex_trylock+0x152/0x1a0 [ 1508.124248] __alloc_pages_nodemask+0x23e1/0x2720 [ 1508.129077] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1508.133899] ? cleanup_net+0x3b3/0x840 [ 1508.137763] ? process_one_work+0x793/0x14a0 [ 1508.142160] ? trace_hardirqs_on+0x10/0x10 [ 1508.146419] ? mark_held_locks+0xa6/0xf0 [ 1508.150460] ? cache_grow_begin+0x41/0x630 [ 1508.154672] cache_grow_begin+0x91/0x630 [ 1508.158711] ? cache_grow_begin+0x91/0x630 [ 1508.162922] fallback_alloc+0x207/0x2c0 [ 1508.166890] kmem_cache_alloc_node_trace+0xed/0x400 [ 1508.171892] __kmalloc_node_track_caller+0x38/0x70 [ 1508.176801] __alloc_skb+0x96/0x510 [ 1508.180407] rtmsg_ifinfo_build_skb+0x65/0x130 [ 1508.184967] rtmsg_ifinfo+0x68/0x100 [ 1508.188661] dev_close_many+0x2bf/0x5f0 [ 1508.192623] ? ip6_tnl_exit_net+0x62/0x530 [ 1508.196850] ? __dev_close_many+0x270/0x270 [ 1508.201168] ? dev_attr_show+0xc0/0xc0 [ 1508.205033] ? kfree_const+0x33/0x40 [ 1508.208725] rollback_registered_many+0x399/0xba0 [ 1508.213632] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1508.219063] ? netdev_state_change+0xf0/0xf0 [ 1508.223448] ? ip6_tnl_exit_net+0x144/0x530 [ 1508.227747] ? lock_acquire+0x170/0x3f0 [ 1508.231699] unregister_netdevice_many.part.0+0x18/0x2e0 [ 1508.237126] unregister_netdevice_many+0x36/0x50 [ 1508.241859] ip6_tnl_exit_net+0x39c/0x530 [ 1508.245981] ? lock_downgrade+0x740/0x740 [ 1508.250107] ? ip6_tnl_dellink+0x250/0x250 [ 1508.254332] ? ip6_tnl_dellink+0x250/0x250 [ 1508.258546] ops_exit_list+0xa5/0x150 [ 1508.262325] cleanup_net+0x3b3/0x840 [ 1508.266016] ? net_drop_ns+0x70/0x70 [ 1508.269703] ? lock_acquire+0x170/0x3f0 [ 1508.273659] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1508.279085] process_one_work+0x793/0x14a0 [ 1508.283301] ? work_busy+0x320/0x320 [ 1508.286991] ? worker_thread+0x158/0xff0 [ 1508.291029] ? _raw_spin_unlock_irq+0x24/0x80 [ 1508.295501] worker_thread+0x5cc/0xff0 [ 1508.299369] ? rescuer_thread+0xc80/0xc80 [ 1508.303493] kthread+0x30d/0x420 [ 1508.306838] ? kthread_create_on_node+0xd0/0xd0 [ 1508.311484] ret_from_fork+0x24/0x30 [ 1508.326558] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1508.350198] Mem-Info: [ 1508.352645] active_anon:15531 inactive_anon:32396 isolated_anon:0 [ 1508.352645] active_file:29 inactive_file:19 isolated_file:0 [ 1508.352645] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1508.352645] slab_reclaimable:13228 slab_unreclaimable:125326 [ 1508.352645] mapped:52636 shmem:33545 pagetables:2439 bounce:0 [ 1508.352645] free:13897 free_pcp:62 free_cma:0 [ 1508.389241] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1508.393943] Node 0 active_anon:58804kB inactive_anon:92412kB active_file:108kB inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:129208kB dirty:0kB writeback:0kB shmem:96828kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1508.417793] CPU: 1 PID: 5493 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1508.428834] Node 1 active_anon:3320kB inactive_anon:37172kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:81336kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1508.429812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1508.456806] Node 0 [ 1508.466114] Call Trace: [ 1508.466137] dump_stack+0x1b2/0x281 [ 1508.466152] warn_alloc.cold+0x96/0x1cc [ 1508.468383] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1508.470941] ? zone_watermark_ok_safe+0x220/0x220 [ 1508.470950] ? usleep_range+0x130/0x130 [ 1508.470959] ? try_to_free_pages+0x23f/0x6e0 [ 1508.474580] lowmem_reserve[]: [ 1508.478538] ? _find_next_bit+0xdb/0x100 [ 1508.504116] 0 [ 1508.508923] ? run_timer_softirq+0x5a0/0x5a0 [ 1508.512880] 2717 [ 1508.517261] __alloc_pages_nodemask+0x2127/0x2720 [ 1508.520345] 2718 [ 1508.524381] ? lock_acquire+0x170/0x3f0 [ 1508.526150] 2718 [ 1508.530543] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1508.530551] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1508.530566] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1508.532596] 2718 [ 1508.537422] ? alloc_pages_current+0x15d/0x260 [ 1508.543418] alloc_pages_current+0x155/0x260 [ 1508.543431] ion_page_pool_alloc+0x118/0x1b0 [ 1508.543442] ion_system_heap_allocate+0x133/0x8c0 [ 1508.545490] Node 0 [ 1508.550314] ? ion_alloc+0x187/0x810 [ 1508.550323] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1508.550334] ? ion_system_contig_heap_create+0x130/0x130 [ 1508.554809] DMA32 free:17840kB min:36200kB low:45248kB high:54296kB active_anon:58724kB inactive_anon:92412kB active_file:108kB inactive_file:72kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7640kB bounce:0kB free_pcp:124kB local_pcp:120kB free_cma:0kB [ 1508.560241] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1508.560254] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1508.560266] ion_alloc+0x204/0x810 [ 1508.560280] ? ion_dma_buf_release+0x40/0x40 [ 1508.562319] lowmem_reserve[]: [ 1508.566890] ? __might_fault+0x177/0x1b0 [ 1508.571302] 0 [ 1508.575673] ion_ioctl+0xea/0x1f0 [ 1508.580490] 0 [ 1508.582695] ? ion_query_heaps+0x360/0x360 [ 1508.586389] 0 [ 1508.591822] ? ion_query_heaps+0x360/0x360 [ 1508.591832] do_vfs_ioctl+0x75a/0xff0 [ 1508.591844] ? ioctl_preallocate+0x1a0/0x1a0 [ 1508.597264] 0 [ 1508.625609] ? lock_downgrade+0x740/0x740 [ 1508.625622] ? __fget+0x225/0x360 [ 1508.625630] ? do_vfs_ioctl+0xff0/0xff0 [ 1508.625641] ? security_file_ioctl+0x83/0xb0 [ 1508.630654] 0 [ 1508.635728] SyS_ioctl+0x7f/0xb0 [ 1508.643623] ? do_vfs_ioctl+0xff0/0xff0 [ 1508.643634] do_syscall_64+0x1d5/0x640 [ 1508.643657] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1508.646724] Node 0 [ 1508.650761] RIP: 0033:0x465f69 [ 1508.650766] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1508.650775] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1508.650782] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1508.652568] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1508.655986] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1508.655993] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1508.657766] lowmem_reserve[]: [ 1508.661973] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1508.674614] Mem-Info: [ 1508.713506] 0 [ 1508.725408] active_anon:15531 inactive_anon:32396 isolated_anon:0 [ 1508.725408] active_file:29 inactive_file:19 isolated_file:0 [ 1508.725408] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1508.725408] slab_reclaimable:13228 slab_unreclaimable:125326 [ 1508.725408] mapped:52636 shmem:33545 pagetables:2439 bounce:0 [ 1508.725408] free:13897 free_pcp:62 free_cma:0 [ 1508.738589] 0 [ 1508.746982] Node 0 active_anon:58804kB inactive_anon:92412kB active_file:108kB inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:129208kB dirty:0kB writeback:0kB shmem:96828kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1508.784745] 0 [ 1508.796986] Node 1 active_anon:3320kB inactive_anon:37172kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:81336kB dirty:0kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1508.847347] 0 [ 1508.876909] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1508.907309] 0 [ 1508.936243] Node 1 Normal free:26808kB min:53696kB low:67120kB high:80544kB active_anon:3316kB inactive_anon:37172kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1024kB pagetables:2116kB bounce:0kB free_pcp:124kB local_pcp:120kB free_cma:0kB [ 1508.945934] lowmem_reserve[]: [ 1508.977111] lowmem_reserve[]: 0 0 0 0 0 [ 1508.988304] Node 0 DMA: 21*4kB (UME) 21*8kB (UME) 39*16kB (UME) 41*32kB (UME) 25*64kB (UME) 8*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 10956kB [ 1509.006447] 0 2717 2718 2718 2718 [ 1509.015544] Node 0 DMA32: 338*4kB (ME) 155*8kB (ME) 138*16kB (UME) 35*32kB (UME) 10*64kB (ME) 3*128kB (UME) 41*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 17952kB [ 1509.027053] Node 0 [ 1509.046086] Node 0 [ 1509.046747] DMA32 free:17952kB min:36200kB low:45248kB high:54296kB active_anon:58720kB inactive_anon:92412kB active_file:112kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7640kB bounce:0kB free_pcp:124kB local_pcp:4kB free_cma:0kB [ 1509.048334] Normal: [ 1509.057251] lowmem_reserve[]: 0 0 0 0 0 [ 1509.095217] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1509.099877] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1509.129589] lowmem_reserve[]: 0 0 0 0 0 [ 1509.134190] Node 1 Normal free:26808kB min:53696kB low:67120kB high:80544kB active_anon:3316kB inactive_anon:37172kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1024kB pagetables:2116kB bounce:0kB free_pcp:124kB local_pcp:4kB free_cma:0kB [ 1509.148101] Node 1 Normal: 168*4kB (ME) 91*8kB (UME) 74*16kB (ME) 31*32kB (ME) 19*64kB (ME) 2*128kB (UM) 3*256kB (UM) 1*512kB (U) 18*1024kB (U) 1*2048kB (U) 0*4096kB = 26808kB [ 1509.171215] lowmem_reserve[]: 0 0 0 0 0 [ 1509.192705] Node 0 DMA: 21*4kB (UME) 21*8kB (UME) 39*16kB (UME) 41*32kB (UME) 25*64kB (UME) 8*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 10956kB [ 1509.201637] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1509.216823] Node 0 DMA32: 338*4kB (ME) 155*8kB (ME) 138*16kB (UME) 35*32kB (UME) 10*64kB (ME) 3*128kB (UME) 41*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 17952kB [ 1509.235465] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1509.241383] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1509.256596] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1509.265593] Node 1 Normal: 168*4kB (ME) 91*8kB (UME) 74*16kB (ME) 31*32kB (ME) 19*64kB (ME) 2*128kB (UM) 3*256kB (UM) 1*512kB (U) 18*1024kB (U) 1*2048kB (U) 0*4096kB = 26808kB [ 1509.279888] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1509.291881] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1509.307421] 33568 total pagecache pages [ 1509.311902] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1509.321619] 0 pages in swap cache [ 1509.325073] Swap cache stats: add 0, delete 0, find 0/0 [ 1509.327390] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1509.348031] Free swap = 0kB [ 1509.349493] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1509.359100] Total swap = 0kB [ 1509.359651] 33568 total pagecache pages [ 1509.378102] 0 pages in swap cache [ 1509.380633] 2097051 pages RAM [ 1509.383260] Swap cache stats: add 0, delete 0, find 0/0 [ 1509.384648] 0 pages HighMem/MovableOnly [ 1509.401973] Free swap = 0kB [ 1509.404999] Total swap = 0kB [ 1509.408006] 2097051 pages RAM [ 1509.411752] 363840 pages reserved [ 1509.415203] 0 pages cma reserved [ 1509.418558] Out of memory: Kill process 5585 (syz-executor.2) score 1004 or sacrifice child [ 1509.419592] 0 pages HighMem/MovableOnly [ 1509.443131] 363840 pages reserved [ 1509.446592] 0 pages cma reserved [ 1509.448611] Killed process 5586 (syz-executor.2) total-vm:93384kB, anon-rss:160kB, file-rss:34820kB, shmem-rss:0kB [ 1509.480315] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1509.540135] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1509.545362] CPU: 1 PID: 5586 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1509.553158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1509.562514] Call Trace: [ 1509.565117] dump_stack+0x1b2/0x281 [ 1509.568754] warn_alloc.cold+0x96/0x1cc [ 1509.572732] ? zone_watermark_ok_safe+0x220/0x220 [ 1509.577590] ? usleep_range+0x130/0x130 [ 1509.581568] ? try_to_free_pages+0x23f/0x6e0 [ 1509.585971] ? _find_next_bit+0xdb/0x100 [ 1509.590041] ? run_timer_softirq+0x5a0/0x5a0 [ 1509.594459] __alloc_pages_nodemask+0x2127/0x2720 [ 1509.599312] ? lock_acquire+0x170/0x3f0 [ 1509.603291] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1509.608133] ? ion_page_pool_alloc+0x9e/0x1b0 [ 1509.612634] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1509.618093] alloc_pages_current+0x155/0x260 [ 1509.622508] ion_page_pool_alloc+0x118/0x1b0 [ 1509.626920] ion_system_heap_allocate+0x133/0x8c0 [ 1509.631763] ? ion_alloc+0x187/0x810 [ 1509.635475] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1509.640927] ? ion_system_contig_heap_create+0x130/0x130 [ 1509.646387] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1509.651409] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1509.656266] ion_alloc+0x204/0x810 [ 1509.659814] ? ion_dma_buf_release+0x40/0x40 [ 1509.664221] ? __might_fault+0x177/0x1b0 [ 1509.668285] ion_ioctl+0xea/0x1f0 [ 1509.671720] ? ion_query_heaps+0x360/0x360 [ 1509.675936] ? ion_query_heaps+0x360/0x360 [ 1509.680152] do_vfs_ioctl+0x75a/0xff0 [ 1509.683935] ? ioctl_preallocate+0x1a0/0x1a0 [ 1509.688335] ? lock_downgrade+0x740/0x740 [ 1509.692465] ? __fget+0x225/0x360 [ 1509.695899] ? do_vfs_ioctl+0xff0/0xff0 [ 1509.699868] ? security_file_ioctl+0x83/0xb0 [ 1509.704258] SyS_ioctl+0x7f/0xb0 [ 1509.707602] ? do_vfs_ioctl+0xff0/0xff0 [ 1509.711558] do_syscall_64+0x1d5/0x640 [ 1509.715434] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1509.721037] RIP: 0033:0x465f69 [ 1509.724208] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1509.731893] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1509.739141] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1509.746389] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1509.753637] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1509.760885] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1509.792313] oom_reaper: reaped process 5586 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1509.897808] Mem-Info: [ 1509.910341] active_anon:15654 inactive_anon:32396 isolated_anon:0 [ 1509.910341] active_file:281 inactive_file:1922 isolated_file:0 [ 1509.910341] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1509.910341] slab_reclaimable:13203 slab_unreclaimable:125893 [ 1509.910341] mapped:54236 shmem:33545 pagetables:2550 bounce:0 [ 1509.910341] free:135629 free_pcp:352 free_cma:0 [ 1509.950641] Node 0 active_anon:58744kB inactive_anon:92428kB active_file:740kB inactive_file:3624kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:131880kB dirty:12kB writeback:0kB shmem:96860kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1509.996181] Node 1 active_anon:3344kB inactive_anon:37172kB active_file:1832kB inactive_file:3312kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:85580kB dirty:76kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1510.027029] Node 0 DMA free:11212kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1510.056447] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1510.061607] Node 0 DMA32 free:237988kB min:36200kB low:45248kB high:54296kB active_anon:58664kB inactive_anon:92428kB active_file:740kB inactive_file:4124kB unevictable:0kB writepending:12kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8672kB pagetables:7640kB bounce:0kB free_pcp:1036kB local_pcp:416kB free_cma:0kB [ 1510.094191] lowmem_reserve[]: 0 0 0 0 0 [ 1510.098201] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1510.160001] lowmem_reserve[]: 0 0 0 0 0 [ 1510.164116] Node 1 Normal free:405260kB min:53696kB low:67120kB high:80544kB active_anon:3344kB inactive_anon:37172kB active_file:1832kB inactive_file:3312kB unevictable:0kB writepending:76kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1024kB pagetables:2116kB bounce:0kB free_pcp:908kB local_pcp:252kB free_cma:0kB [ 1510.203871] lowmem_reserve[]: 0 0 0 0 0 [ 1510.207892] Node 0 DMA: 21*4kB (UME) 21*8kB (UME) 39*16kB (UME) 41*32kB (UME) 27*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 11212kB [ 1510.224435] Node 0 DMA32: 5077*4kB (UE) 5464*8kB (UE) 7273*16kB (UE) 2541*32kB (UME) 824*64kB (UE) 29*128kB (UME) 37*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 327620kB [ 1510.240571] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1510.251842] Node 1 Normal: 2081*4kB (UME) 1447*8kB (UME) 1438*16kB (UME) 369*32kB (UME) 3416*64kB (UE) 482*128kB (UM) 135*256kB (U) 28*512kB (UM) 64*1024kB (UM) 3*2048kB (U) 0*4096kB = 455612kB [ 1510.273646] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1510.282591] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1510.292339] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1510.301745] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1510.311535] 36085 total pagecache pages [ 1510.316811] 0 pages in swap cache [ 1510.323004] Swap cache stats: add 0, delete 0, find 0/0 [ 1510.330452] Free swap = 0kB [ 1510.333471] Total swap = 0kB [ 1510.336480] 2097051 pages RAM [ 1510.339569] 0 pages HighMem/MovableOnly [ 1510.349862] Bluetooth: hci4 command 0x0406 tx timeout [ 1510.361817] 363840 pages reserved [ 1510.366766] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1510.374455] 0 pages cma reserved [ 1510.380480] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1510.411845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1510.418587] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1510.451539] device bridge_slave_1 left promiscuous mode [ 1510.457101] bridge0: port 2(bridge_slave_1) entered disabled state [ 1510.480693] device bridge_slave_0 left promiscuous mode [ 1510.486250] bridge0: port 1(bridge_slave_0) entered disabled state [ 1510.532958] device veth1_macvtap left promiscuous mode [ 1510.538303] device veth0_macvtap left promiscuous mode [ 1510.570219] device veth1_vlan left promiscuous mode [ 1510.575329] device veth0_vlan left promiscuous mode [ 1510.812948] device hsr_slave_1 left promiscuous mode [ 1510.849816] device hsr_slave_0 left promiscuous mode [ 1510.880348] team0 (unregistering): Port device team_slave_1 removed [ 1510.892444] team0 (unregistering): Port device team_slave_0 removed [ 1510.929848] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1510.941199] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1511.005033] bond0 (unregistering): Released all slaves [ 1511.549814] Bluetooth: hci5 command 0x0409 tx timeout [ 1511.560341] Bluetooth: hci2 command 0x0409 tx timeout [ 1511.778547] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1511.791950] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1511.794753] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1511.809148] CPU: 1 PID: 5493 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1511.816939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1511.819725] syz-executor.2 cpuset= [ 1511.826282] Call Trace: [ 1511.826288] / [ 1511.829815] dump_stack+0x1b2/0x281 [ 1511.837703] warn_alloc.cold+0x96/0x1cc [ 1511.841671] ? zone_watermark_ok_safe+0x220/0x220 [ 1511.846521] __alloc_pages_nodemask+0x2127/0x2720 [ 1511.849702] mems_allowed=0-1 [ 1511.851352] ? lock_acquire+0x170/0x3f0 [ 1511.858404] ? lock_acquire+0x170/0x3f0 [ 1511.862379] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1511.867229] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1511.872710] ? __mutex_unlock_slowpath+0x75/0x770 [ 1511.877541] ? retint_kernel+0x2d/0x2d [ 1511.881418] alloc_pages_current+0x155/0x260 [ 1511.885829] ion_page_pool_alloc+0x118/0x1b0 [ 1511.890222] ion_system_heap_allocate+0x133/0x8c0 [ 1511.895046] ? _raw_spin_unlock+0x29/0x40 [ 1511.899176] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1511.904089] ? ion_system_contig_heap_create+0x130/0x130 [ 1511.909549] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1511.914562] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1511.919412] ion_alloc+0x27a/0x810 [ 1511.922945] ? ion_dma_buf_release+0x40/0x40 [ 1511.927347] ? __might_fault+0x177/0x1b0 [ 1511.931393] ion_ioctl+0xea/0x1f0 [ 1511.934828] ? ion_query_heaps+0x360/0x360 [ 1511.939046] ? ion_query_heaps+0x360/0x360 [ 1511.943265] do_vfs_ioctl+0x75a/0xff0 [ 1511.947061] ? ioctl_preallocate+0x1a0/0x1a0 [ 1511.951481] ? lock_downgrade+0x740/0x740 [ 1511.955624] ? __fget+0x225/0x360 [ 1511.959059] ? do_vfs_ioctl+0xff0/0xff0 [ 1511.963023] ? security_file_ioctl+0x83/0xb0 [ 1511.967423] SyS_ioctl+0x7f/0xb0 [ 1511.970772] ? do_vfs_ioctl+0xff0/0xff0 [ 1511.974727] do_syscall_64+0x1d5/0x640 [ 1511.978635] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1511.983808] RIP: 0033:0x465f69 [ 1511.986986] RSP: 002b:00007f4607427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1511.994680] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1512.001935] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1512.009192] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1512.016445] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1512.023698] R13: 00007ffe6751318f R14: 00007f4607427300 R15: 0000000000022000 [ 1512.030968] CPU: 0 PID: 5586 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1512.038767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1512.042245] Mem-Info: [ 1512.048113] Call Trace: [ 1512.048130] dump_stack+0x1b2/0x281 [ 1512.048144] warn_alloc.cold+0x96/0x1cc [ 1512.052917] active_anon:15525 inactive_anon:32401 isolated_anon:0 [ 1512.052917] active_file:1181 inactive_file:1198 isolated_file:0 [ 1512.052917] unevictable:0 dirty:28 writeback:0 unstable:0 [ 1512.052917] slab_reclaimable:13152 slab_unreclaimable:123976 [ 1512.052917] mapped:54665 shmem:33553 pagetables:2439 bounce:0 [ 1512.052917] free:267496 free_pcp:114 free_cma:0 [ 1512.053125] ? zone_watermark_ok_safe+0x220/0x220 [ 1512.056766] Node 0 active_anon:58756kB inactive_anon:92432kB active_file:2160kB inactive_file:2544kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:132964kB dirty:36kB writeback:0kB shmem:96860kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1512.060687] __alloc_pages_nodemask+0x2127/0x2720 [ 1512.060696] ? __schedule+0x893/0x1de0 [ 1512.060711] ? lock_acquire+0x170/0x3f0 [ 1512.060734] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1512.096946] Node 1 active_anon:3344kB inactive_anon:37172kB active_file:2564kB inactive_file:2248kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:85696kB dirty:76kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1512.099392] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1512.099405] ? __mutex_unlock_slowpath+0x75/0x770 [ 1512.129651] Node 0 [ 1512.132140] alloc_pages_current+0x155/0x260 [ 1512.132156] ion_page_pool_alloc+0x118/0x1b0 [ 1512.136066] DMA free:11012kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1512.140005] ion_system_heap_allocate+0x133/0x8c0 [ 1512.140016] ? _raw_spin_unlock+0x29/0x40 [ 1512.140025] ? _ion_heap_freelist_drain+0x6e/0x410 [ 1512.140039] ? ion_system_contig_heap_create+0x130/0x130 [ 1512.140051] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1512.140062] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1512.140073] ion_alloc+0x27a/0x810 [ 1512.140086] ? ion_dma_buf_release+0x40/0x40 [ 1512.147155] lowmem_reserve[]: [ 1512.172388] ? __might_fault+0x177/0x1b0 [ 1512.172401] ion_ioctl+0xea/0x1f0 [ 1512.172411] ? ion_query_heaps+0x360/0x360 [ 1512.172423] ? ion_query_heaps+0x360/0x360 [ 1512.172433] do_vfs_ioctl+0x75a/0xff0 [ 1512.172445] ? ioctl_preallocate+0x1a0/0x1a0 [ 1512.172454] ? lock_downgrade+0x740/0x740 [ 1512.172467] ? __fget+0x225/0x360 [ 1512.172475] ? do_vfs_ioctl+0xff0/0xff0 [ 1512.172484] ? security_file_ioctl+0x83/0xb0 [ 1512.172493] SyS_ioctl+0x7f/0xb0 [ 1512.172499] ? do_vfs_ioctl+0xff0/0xff0 [ 1512.172509] do_syscall_64+0x1d5/0x640 [ 1512.172528] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1512.191461] 0 [ 1512.193781] RIP: 0033:0x465f69 [ 1512.193786] RSP: 002b:00007f3f503fb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1512.193798] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1512.268442] 2717 [ 1512.271292] RDX: 0000000020000200 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1512.271297] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1512.271301] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1512.271306] R13: 00007ffca5cbd2ff R14: 00007f3f503fb300 R15: 0000000000022000 [ 1512.368038] 2718 2718 2718 [ 1512.371766] Node 0 DMA32 free:792176kB min:36200kB low:45248kB high:54296kB active_anon:58692kB inactive_anon:92432kB active_file:2188kB inactive_file:2548kB unevictable:0kB writepending:40kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8640kB pagetables:7640kB bounce:0kB free_pcp:432kB local_pcp:208kB free_cma:0kB [ 1512.402087] lowmem_reserve[]: 0 0 0 0 0 [ 1512.406174] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1512.433867] lowmem_reserve[]: 0 0 0 0 0 [ 1512.437919] Node 1 Normal free:178608kB min:53696kB low:67120kB high:80544kB active_anon:3344kB inactive_anon:37172kB active_file:2656kB inactive_file:2244kB unevictable:0kB writepending:76kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1024kB pagetables:2116kB bounce:0kB free_pcp:128kB local_pcp:0kB free_cma:0kB [ 1512.468651] lowmem_reserve[]: 0 0 0 0 0 [ 1512.477669] Node 0 DMA: 52*4kB (UME) 56*8kB (UME) 54*16kB (UME) 41*32kB (UME) 14*64kB (UME) 9*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 11024kB [ 1512.511158] Node 0 DMA32: 136*4kB (UE) 5993*8kB (UME) 19903*16kB (UME) 10439*32kB (UME) 24*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 702520kB [ 1512.535341] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1512.570228] Node 1 Normal: 3464*4kB (UM) 3582*8kB (UM) 3170*16kB (UM) 2666*32kB (UM) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 178608kB [ 1512.597232] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1512.620211] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1512.628818] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1512.669857] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1512.678444] 35963 total pagecache pages [ 1512.689718] 0 pages in swap cache [ 1512.693198] Swap cache stats: add 0, delete 0, find 0/0 [ 1512.698554] Free swap = 0kB [ 1512.709708] Total swap = 0kB [ 1512.712748] 2097051 pages RAM [ 1512.715843] 0 pages HighMem/MovableOnly [ 1512.739906] 363840 pages reserved [ 1512.743383] 0 pages cma reserved [ 1512.797088] IPVS: ftp: loaded support on port[0] = 21 [ 1512.862586] IPVS: ftp: loaded support on port[0] = 21 [ 1513.054117] chnl_net:caif_netlink_parms(): no params data found [ 1513.201532] chnl_net:caif_netlink_parms(): no params data found [ 1513.216075] syz-executor.1: page allocation failure: order:5, mode:0x1084020(GFP_ATOMIC|__GFP_COMP), nodemask=(null) [ 1513.226791] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1513.232188] CPU: 0 PID: 5595 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1513.239975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1513.249324] Call Trace: [ 1513.251916] dump_stack+0x1b2/0x281 [ 1513.255543] warn_alloc.cold+0x96/0x1cc [ 1513.259517] ? zone_watermark_ok_safe+0x220/0x220 [ 1513.264381] ? wake_all_kswapds+0x175/0x360 [ 1513.268705] __alloc_pages_nodemask+0x2127/0x2720 [ 1513.273551] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1513.278564] ? __alloc_pages_nodemask+0x1a6e/0x2720 [ 1513.283586] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1513.288425] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1513.293281] ? cache_alloc_refill+0x2fa/0x350 [ 1513.297774] ? ____cache_alloc_node+0x156/0x1d0 [ 1513.302443] cache_grow_begin+0x91/0x630 [ 1513.306501] ? cache_grow_begin+0x91/0x630 [ 1513.310761] fallback_alloc+0x207/0x2c0 [ 1513.314734] __kmalloc+0x213/0x400 [ 1513.318275] ? batadv_hash_new+0xaa/0x270 [ 1513.322423] batadv_hash_new+0xaa/0x270 [ 1513.326391] ? queue_delayed_work_on+0xfc/0x1d0 [ 1513.331059] batadv_tt_init+0x260/0x390 [ 1513.335034] batadv_mesh_init+0x478/0x630 [ 1513.339183] batadv_softif_init_late+0xa26/0xc90 [ 1513.344112] ? batadv_get_strings+0x40/0x40 [ 1513.348424] ? dev_valid_name+0x1a0/0x1a0 [ 1513.352570] ? batadv_get_strings+0x40/0x40 [ 1513.356889] register_netdevice+0x291/0xe40 [ 1513.361213] ? netdev_change_features+0xa0/0xa0 [ 1513.365879] ? rtnl_create_link+0x129/0x890 [ 1513.370195] rtnl_newlink+0x14dc/0x1830 [ 1513.374164] ? rtnl_newlink+0x43d/0x1830 [ 1513.378220] ? __lock_acquire+0x5fc/0x3f20 [ 1513.382465] ? trace_hardirqs_on+0x10/0x10 [ 1513.386698] ? rtnl_dellink+0x6a0/0x6a0 [ 1513.390669] ? trace_hardirqs_on+0x10/0x10 [ 1513.394908] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 1513.400804] ? deref_stack_reg+0x124/0x1a0 [ 1513.405078] ? lock_acquire+0x170/0x3f0 [ 1513.409049] ? lock_downgrade+0x740/0x740 [ 1513.413199] ? rtnl_dellink+0x6a0/0x6a0 [ 1513.417175] rtnetlink_rcv_msg+0x3be/0xb10 [ 1513.421412] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 1513.425908] ? __netlink_lookup+0x345/0x5d0 [ 1513.430236] netlink_rcv_skb+0x125/0x390 [ 1513.434300] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 1513.438797] ? netlink_ack+0x9a0/0x9a0 [ 1513.442691] netlink_unicast+0x437/0x610 [ 1513.446758] ? netlink_sendskb+0xd0/0xd0 [ 1513.450815] ? __check_object_size+0x179/0x230 [ 1513.455400] netlink_sendmsg+0x62e/0xb80 [ 1513.459462] ? nlmsg_notify+0x170/0x170 [ 1513.463433] ? security_socket_sendmsg+0x83/0xb0 [ 1513.468182] ? nlmsg_notify+0x170/0x170 [ 1513.472154] sock_sendmsg+0xb5/0x100 [ 1513.475866] SyS_sendto+0x1c7/0x2c0 [ 1513.479487] ? SyS_getpeername+0x220/0x220 [ 1513.483727] ? sock_poll+0x220/0x220 [ 1513.487443] ? SyS_socket+0x12f/0x1b0 [ 1513.491244] ? move_addr_to_kernel+0x60/0x60 [ 1513.495655] ? do_syscall_64+0x4c/0x640 [ 1513.499629] ? SyS_getpeername+0x220/0x220 [ 1513.503863] do_syscall_64+0x1d5/0x640 [ 1513.507758] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1513.512951] RIP: 0033:0x4193fc [ 1513.516133] RSP: 002b:00007ffd68c2a820 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1513.523841] RAX: ffffffffffffffda RBX: 00000000014a4320 RCX: 00000000004193fc [ 1513.531109] RDX: 000000000000003c RSI: 00000000014a4370 RDI: 0000000000000003 [ 1513.538401] RBP: 0000000000000000 R08: 00007ffd68c2a874 R09: 000000000000000c [ 1513.545674] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1513.552945] R13: 00000000014a4370 R14: 0000000000000003 R15: 0000000000000000 [ 1513.560344] warn_alloc_show_mem: 1 callbacks suppressed [ 1513.560347] Mem-Info: [ 1513.568118] active_anon:15529 inactive_anon:32401 isolated_anon:0 [ 1513.568118] active_file:1286 inactive_file:1473 isolated_file:0 [ 1513.568118] unevictable:0 dirty:31 writeback:0 unstable:0 [ 1513.568118] slab_reclaimable:13148 slab_unreclaimable:123726 [ 1513.568118] mapped:54825 shmem:33553 pagetables:2402 bounce:0 [ 1513.568118] free:200528 free_pcp:147 free_cma:0 [ 1513.601973] Node 0 active_anon:58772kB inactive_anon:92432kB active_file:2488kB inactive_file:3648kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:133604kB dirty:48kB writeback:0kB shmem:96860kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1513.629681] Bluetooth: hci5 command 0x041b tx timeout [ 1513.629910] Node 1 active_anon:3344kB inactive_anon:37172kB active_file:2656kB inactive_file:2244kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:85696kB dirty:76kB writeback:0kB shmem:37352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1513.662569] Node 0 DMA free:11096kB min:204kB low:252kB high:300kB active_anon:80kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1513.688779] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1513.693811] Node 0 DMA32 free:76220kB min:36200kB low:45248kB high:54296kB active_anon:58692kB inactive_anon:92432kB active_file:2488kB inactive_file:3648kB unevictable:0kB writepending:48kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:8704kB pagetables:7492kB bounce:0kB free_pcp:608kB local_pcp:156kB free_cma:0kB [ 1513.723146] lowmem_reserve[]: 0 0 0 0 0 [ 1513.727139] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1513.752651] lowmem_reserve[]: 0 0 0 0 0 [ 1513.756641] Node 1 Normal free:910332kB min:53696kB low:67120kB high:80544kB active_anon:3344kB inactive_anon:37172kB active_file:2656kB inactive_file:2244kB unevictable:0kB writepending:76kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:1024kB pagetables:2116kB bounce:0kB free_pcp:248kB local_pcp:128kB free_cma:0kB [ 1513.786062] lowmem_reserve[]: 0 0 0 0 0 [ 1513.790060] Node 0 DMA: 52*4kB (UME) 55*8kB (UME) 53*16kB (UME) 40*32kB (UME) 17*64kB (UME) 10*128kB (UM) 4*256kB (UME) 2*512kB (UE) 4*1024kB (UE) 0*2048kB 0*4096kB = 11288kB [ 1513.805848] Node 0 DMA32: 137*4kB (UME) 34*8kB (ME) 118*16kB (E) 20*32kB (UE) 1569*64kB (UME) 384*128kB (UE) 33*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 161364kB [ 1513.821005] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1513.831717] Node 1 Normal: 55*4kB (M) 1518*8kB (UM) 3170*16kB (UM) 2666*32kB (UM) 5830*64kB (U) 1966*128kB (U) 638*256kB (U) 61*512kB (U) 92*1024kB (U) 8*2048kB (U) 0*4096kB = 1078316kB [ 1513.848456] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1513.857298] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1513.865876] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1513.874725] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1513.883300] 36372 total pagecache pages [ 1513.887279] 0 pages in swap cache [ 1513.890728] Swap cache stats: add 0, delete 0, find 0/0 [ 1513.896083] Free swap = 0kB [ 1513.899089] Total swap = 0kB [ 1513.902273] 2097051 pages RAM [ 1513.905371] 0 pages HighMem/MovableOnly [ 1513.909333] 363840 pages reserved [ 1513.912773] 0 pages cma reserved [ 1513.925754] Bluetooth: hci2 command 0x041b tx timeout [ 1513.932890] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: (null) [ 1513.943132] ------------[ cut here ]------------ [ 1513.947899] WARNING: CPU: 0 PID: 5595 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 1513.956905] Kernel panic - not syncing: panic_on_warn set ... [ 1513.956905] [ 1513.964272] CPU: 0 PID: 5595 Comm: syz-executor.1 Not tainted 4.14.224-syzkaller #0 [ 1513.972064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1513.981416] Call Trace: [ 1513.984006] dump_stack+0x1b2/0x281 [ 1513.987630] panic+0x1f9/0x42d [ 1513.990820] ? add_taint.cold+0x16/0x16 [ 1513.994796] ? debug_print_object.cold+0xa7/0xdb [ 1513.999553] ? debug_print_object.cold+0xa7/0xdb [ 1514.004475] __warn.cold+0x20/0x44 [ 1514.008012] ? ist_end_non_atomic+0x10/0x10 [ 1514.012330] ? debug_print_object.cold+0xa7/0xdb [ 1514.017084] report_bug+0x208/0x250 [ 1514.020710] do_error_trap+0x195/0x2d0 [ 1514.024591] ? math_error+0x2d0/0x2d0 [ 1514.028389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1514.033239] invalid_op+0x1b/0x40 [ 1514.036693] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 1514.042043] RSP: 0018:ffff8881d9227248 EFLAGS: 00010086 [ 1514.047397] RAX: 0000000000000061 RBX: 0000000000000005 RCX: 0000000000000000 [ 1514.054665] RDX: 0000000000000000 RSI: ffffffff87ccd680 RDI: ffffed103b244e3f [ 1514.061929] RBP: ffffffff878b6e40 R08: 0000000000000061 R09: 0000000000000001 [ 1514.069194] R10: 0000000000000000 R11: ffff888054f02480 R12: 0000000000000000 [ 1514.076466] R13: 0000000000000000 R14: ffff888077806c30 R15: 1ffff1103b244e52 [ 1514.083751] ? debug_print_object.cold+0xa7/0xdb [ 1514.088508] debug_object_assert_init+0x1d3/0x2d0 [ 1514.093352] ? debug_object_active_state+0x330/0x330 [ 1514.098449] ? rtnl_newlink+0x14dc/0x1830 [ 1514.102593] ? rtnetlink_rcv_msg+0x3be/0xb10 [ 1514.106997] ? netlink_rcv_skb+0x125/0x390 [ 1514.111233] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1514.116767] del_timer+0x5d/0xe0 [ 1514.120132] ? process_timeout+0x20/0x20 [ 1514.124200] try_to_grab_pending+0x243/0x610 [ 1514.128609] __cancel_work_timer+0x90/0x460 [ 1514.132929] ? work_on_cpu_safe+0x70/0x70 [ 1514.137071] ? batadv_tvlv_handler_get+0x1db/0x2b0 [ 1514.142001] batadv_nc_mesh_free+0x41/0x120 [ 1514.146320] batadv_mesh_free+0x70/0x150 [ 1514.150374] batadv_mesh_init+0x561/0x630 [ 1514.154534] batadv_softif_init_late+0xa26/0xc90 [ 1514.159292] ? batadv_get_strings+0x40/0x40 [ 1514.163610] ? dev_valid_name+0x1a0/0x1a0 [ 1514.167754] ? batadv_get_strings+0x40/0x40 [ 1514.172072] register_netdevice+0x291/0xe40 [ 1514.176390] ? netdev_change_features+0xa0/0xa0 [ 1514.181057] ? rtnl_create_link+0x129/0x890 [ 1514.185372] rtnl_newlink+0x14dc/0x1830 [ 1514.189340] ? rtnl_newlink+0x43d/0x1830 [ 1514.193400] ? __lock_acquire+0x5fc/0x3f20 [ 1514.197635] ? trace_hardirqs_on+0x10/0x10 [ 1514.201861] ? rtnl_dellink+0x6a0/0x6a0 [ 1514.205830] ? trace_hardirqs_on+0x10/0x10 [ 1514.210056] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 1514.215936] ? deref_stack_reg+0x124/0x1a0 [ 1514.220205] ? lock_acquire+0x170/0x3f0 [ 1514.224176] ? lock_downgrade+0x740/0x740 [ 1514.228323] ? rtnl_dellink+0x6a0/0x6a0 [ 1514.232289] rtnetlink_rcv_msg+0x3be/0xb10 [ 1514.236521] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 1514.241015] ? __netlink_lookup+0x345/0x5d0 [ 1514.245337] netlink_rcv_skb+0x125/0x390 [ 1514.249393] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 1514.253973] ? netlink_ack+0x9a0/0x9a0 [ 1514.257863] netlink_unicast+0x437/0x610 [ 1514.261923] ? netlink_sendskb+0xd0/0xd0 [ 1514.265980] ? __check_object_size+0x179/0x230 [ 1514.270558] netlink_sendmsg+0x62e/0xb80 [ 1514.274616] ? nlmsg_notify+0x170/0x170 [ 1514.278590] ? security_socket_sendmsg+0x83/0xb0 [ 1514.283340] ? nlmsg_notify+0x170/0x170 [ 1514.287309] sock_sendmsg+0xb5/0x100 [ 1514.291052] SyS_sendto+0x1c7/0x2c0 [ 1514.294677] ? SyS_getpeername+0x220/0x220 [ 1514.298912] ? sock_poll+0x220/0x220 [ 1514.302635] ? SyS_socket+0x12f/0x1b0 [ 1514.306432] ? move_addr_to_kernel+0x60/0x60 [ 1514.310832] ? do_syscall_64+0x4c/0x640 [ 1514.314799] ? SyS_getpeername+0x220/0x220 [ 1514.319029] do_syscall_64+0x1d5/0x640 [ 1514.322923] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1514.328106] RIP: 0033:0x4193fc [ 1514.331287] RSP: 002b:00007ffd68c2a820 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1514.338990] RAX: ffffffffffffffda RBX: 00000000014a4320 RCX: 00000000004193fc [ 1514.346296] RDX: 000000000000003c RSI: 00000000014a4370 RDI: 0000000000000003 [ 1514.353565] RBP: 0000000000000000 R08: 00007ffd68c2a874 R09: 000000000000000c [ 1514.360836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1514.368103] R13: 00000000014a4370 R14: 0000000000000003 R15: 0000000000000000 [ 1514.376578] Kernel Offset: disabled [ 1514.380208] Rebooting in 86400 seconds..