lowmem_reserve[]: 0 0 0 0 0 [ 1394.005971] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1394.019725] Node 0 DMA32: 681*4kB (UME) 250*8kB (UME) 39*16kB (UME) 53*32kB (UME) 76*64kB (UM) 13*128kB (UM) 29*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 3*2048kB (UM) 156*4096kB (UM) = 676868kB [ 1394.037845] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1394.048684] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1394.066039] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1394.074949] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1394.083520] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1394.092462] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1394.101094] 25106 total pagecache pages [ 1394.105173] 0 pages in swap cache [ 1394.108623] Swap cache stats: add 0, delete 0, find 0/0 [ 1394.113976] Free swap = 0kB [ 1394.117057] Total swap = 0kB [ 1394.120063] 2097051 pages RAM 13:05:35 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) r4 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000340), 0x4) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000300)={0x0, 0xb8, 0x200, &(0x7f00000002c0)=0x9}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x0) syz_open_dev$vim2m(&(0x7f0000000280)='/dev/video#\x00', 0x1, 0x2) sendmsg$L2TP_CMD_SESSION_GET(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r1, 0x4, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xee9274d7d08ac8c2}, 0x80d0) 13:05:35 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1394.123147] 0 pages HighMem/MovableOnly [ 1394.127205] 363849 pages reserved [ 1394.130652] 0 pages cma reserved 13:05:35 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 0: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x7fff, 0x42ac, 0x2, {0x0, @pix_mp={0x7fffffff, 0x1, 0x3447504d, 0x1, 0x5, [{0x1ff, 0xfe2}, {0x1ff, 0x6}, {0x37, 0xa16}, {0x8000, 0x1ff}, {0x0, 0xbea2}, {0x9d8f, 0x2}, {0x2000, 0x7fff}, {0x9, 0x8}], 0x4, 0x9, 0x1, 0x1, 0x5}}, 0xfffffffc}) fanotify_init(0x1e, 0x0) 13:05:35 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 4: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:35 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) r4 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000340), 0x4) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000300)={0x0, 0xb8, 0x200, &(0x7f00000002c0)=0x9}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x0) syz_open_dev$vim2m(&(0x7f0000000280)='/dev/video#\x00', 0x1, 0x2) sendmsg$L2TP_CMD_SESSION_GET(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r1, 0x4, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xee9274d7d08ac8c2}, 0x80d0) 13:05:35 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 0: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) clock_gettime(0x0, &(0x7f00000002c0)) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) 13:05:35 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:35 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) r4 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000340), 0x4) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000300)={0x0, 0xb8, 0x200, &(0x7f00000002c0)=0x9}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x0) syz_open_dev$vim2m(&(0x7f0000000280)='/dev/video#\x00', 0x1, 0x2) 13:05:35 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1394.354006] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1394.395794] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1394.409455] CPU: 0 PID: 30198 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1394.417359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1394.426725] Call Trace: [ 1394.429307] dump_stack+0x1b2/0x281 [ 1394.432937] warn_alloc.cold+0x96/0x1cc [ 1394.436897] ? zone_watermark_ok_safe+0x220/0x220 [ 1394.441721] ? trace_hardirqs_on+0x10/0x10 [ 1394.445954] ? deref_stack_reg+0x124/0x1a0 [ 1394.450174] ? fs_reclaim_release+0xd0/0x110 [ 1394.454673] __vmalloc_node_range+0x10e/0x150 [ 1394.459154] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1394.464498] vmalloc_user+0x47/0xa0 [ 1394.468108] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1394.472433] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1394.477778] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1394.481907] __vb2_queue_alloc+0x47a/0xd90 [ 1394.486187] vb2_core_create_bufs+0x279/0x5a0 [ 1394.490691] ? __vb2_queue_free+0x7a0/0x7a0 [ 1394.495010] ? trace_hardirqs_on+0x10/0x10 [ 1394.499240] ? __lock_acquire+0x5fc/0x3f20 [ 1394.503460] vb2_create_bufs+0x2e1/0x5b0 [ 1394.507517] ? futex_wait_queue_me+0x3bb/0x590 [ 1394.512087] ? vb2_thread_start+0x310/0x310 [ 1394.516390] ? trace_hardirqs_on+0x10/0x10 [ 1394.520615] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1394.525194] v4l_create_bufs+0xa4/0x150 [ 1394.529155] __video_do_ioctl+0x65b/0x6a0 [ 1394.533305] ? video_ioctl2+0x30/0x30 [ 1394.537089] ? __might_fault+0x177/0x1b0 [ 1394.541130] ? video_ioctl2+0x30/0x30 [ 1394.544910] video_usercopy+0xfd/0xe70 [ 1394.548780] ? v4l_g_ctrl+0x390/0x390 [ 1394.552577] ? lock_acquire+0x170/0x3f0 [ 1394.556532] ? lock_downgrade+0x740/0x740 [ 1394.560669] ? trace_hardirqs_on+0x10/0x10 [ 1394.564894] ? futex_exit_release+0x220/0x220 [ 1394.569384] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1394.574575] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1394.579573] v4l2_ioctl+0x1bb/0x2f0 [ 1394.583181] ? v4l2_open+0x2f0/0x2f0 [ 1394.586875] do_vfs_ioctl+0x75a/0xff0 [ 1394.590659] ? ioctl_preallocate+0x1a0/0x1a0 [ 1394.595048] ? lock_downgrade+0x740/0x740 [ 1394.599188] ? __fget+0x225/0x360 [ 1394.602629] ? do_vfs_ioctl+0xff0/0xff0 [ 1394.606590] ? security_file_ioctl+0x83/0xb0 [ 1394.610984] SyS_ioctl+0x7f/0xb0 [ 1394.614333] ? do_vfs_ioctl+0xff0/0xff0 [ 1394.618290] do_syscall_64+0x1d5/0x640 [ 1394.622163] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1394.627333] RIP: 0033:0x466459 [ 1394.630502] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1394.638188] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 13:05:36 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) r4 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000340), 0x4) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000300)={0x0, 0xb8, 0x200, &(0x7f00000002c0)=0x9}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x0) 13:05:36 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) r4 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000340), 0x4) pipe(&(0x7f00000008c0)) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000300)={0x0, 0xb8, 0x200, &(0x7f00000002c0)=0x9}) 13:05:36 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:36 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1394.645443] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 1394.652703] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1394.659974] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1394.667245] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 13:05:36 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:36 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:36 executing program 0: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) clock_gettime(0x0, &(0x7f00000002c0)) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:36 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) 13:05:36 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:36 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) r3 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000340), 0x4) pipe(&(0x7f00000008c0)) 13:05:36 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1394.854764] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1394.868889] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1394.874221] CPU: 0 PID: 30238 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1394.882196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1394.891545] Call Trace: [ 1394.894161] dump_stack+0x1b2/0x281 [ 1394.897826] warn_alloc.cold+0x96/0x1cc [ 1394.901791] ? __lock_acquire+0x5fc/0x3f20 [ 1394.906017] ? zone_watermark_ok_safe+0x220/0x220 [ 1394.910854] ? trace_hardirqs_on+0x10/0x10 [ 1394.915078] ? deref_stack_reg+0x124/0x1a0 [ 1394.919304] ? fs_reclaim_release+0xd0/0x110 [ 1394.923731] __vmalloc_node_range+0x10e/0x150 [ 1394.928220] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1394.933580] vmalloc_user+0x47/0xa0 [ 1394.937210] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1394.941523] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1394.946879] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1394.951077] __vb2_queue_alloc+0x47a/0xd90 [ 1394.955304] vb2_core_create_bufs+0x279/0x5a0 [ 1394.959788] ? __vb2_queue_free+0x7a0/0x7a0 [ 1394.964175] ? trace_hardirqs_on+0x10/0x10 [ 1394.968400] ? __lock_acquire+0x5fc/0x3f20 [ 1394.972620] vb2_create_bufs+0x2e1/0x5b0 [ 1394.976675] ? ___preempt_schedule+0x16/0x18 [ 1394.981074] ? vb2_thread_start+0x310/0x310 [ 1394.985501] ? trace_hardirqs_on+0x10/0x10 [ 1394.989722] ? _raw_spin_unlock_irqrestore+0xaf/0xe0 [ 1394.994810] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1394.999432] v4l_create_bufs+0xa4/0x150 [ 1395.003389] __video_do_ioctl+0x65b/0x6a0 [ 1395.007520] ? video_ioctl2+0x30/0x30 [ 1395.011302] ? __might_fault+0x177/0x1b0 [ 1395.015350] ? video_ioctl2+0x30/0x30 [ 1395.019133] video_usercopy+0xfd/0xe70 [ 1395.023003] ? v4l_g_ctrl+0x390/0x390 [ 1395.026784] ? lock_acquire+0x170/0x3f0 [ 1395.030746] ? lock_downgrade+0x740/0x740 [ 1395.034924] ? trace_hardirqs_on+0x10/0x10 [ 1395.039142] ? futex_exit_release+0x220/0x220 [ 1395.043620] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1395.048716] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1395.053735] v4l2_ioctl+0x1bb/0x2f0 [ 1395.057455] ? v4l2_open+0x2f0/0x2f0 [ 1395.061160] do_vfs_ioctl+0x75a/0xff0 [ 1395.064944] ? ioctl_preallocate+0x1a0/0x1a0 [ 1395.069335] ? lock_downgrade+0x740/0x740 [ 1395.073474] ? __fget+0x225/0x360 [ 1395.076908] ? do_vfs_ioctl+0xff0/0xff0 [ 1395.080864] ? security_file_ioctl+0x83/0xb0 [ 1395.085255] SyS_ioctl+0x7f/0xb0 [ 1395.088603] ? do_vfs_ioctl+0xff0/0xff0 [ 1395.092734] do_syscall_64+0x1d5/0x640 [ 1395.096606] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1395.101776] RIP: 0033:0x466459 13:05:36 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) r3 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1395.104945] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1395.112633] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1395.119886] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1395.127171] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1395.134448] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1395.141702] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1395.164317] warn_alloc_show_mem: 1 callbacks suppressed [ 1395.164320] Mem-Info: [ 1395.172319] active_anon:222572 inactive_anon:6741 isolated_anon:0 [ 1395.172319] active_file:6838 inactive_file:43886 isolated_file:0 [ 1395.172319] unevictable:0 dirty:301 writeback:0 unstable:0 [ 1395.172319] slab_reclaimable:22033 slab_unreclaimable:128939 [ 1395.172319] mapped:61902 shmem:6935 pagetables:15967 bounce:0 [ 1395.172319] free:1183010 free_pcp:210 free_cma:0 13:05:36 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:36 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1395.206955] Node 0 active_anon:892424kB inactive_anon:26964kB active_file:27228kB inactive_file:175560kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:247616kB dirty:1204kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1395.235733] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 13:05:36 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x400010c0}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x14, r1, 0x4, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:36 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1395.261630] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1395.288449] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1395.293496] Node 0 DMA32 free:674036kB min:36200kB low:45248kB high:54296kB active_anon:890308kB inactive_anon:26964kB active_file:27228kB inactive_file:175568kB unevictable:0kB writepending:1212kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27264kB pagetables:63868kB bounce:0kB free_pcp:688kB local_pcp:188kB free_cma:0kB [ 1395.323902] lowmem_reserve[]: 0 0 0 0 0 [ 1395.327988] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1395.354034] lowmem_reserve[]: 0 0 0 0 0 [ 1395.358564] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1395.386742] lowmem_reserve[]: 0 0 0 0 0 [ 1395.390730] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1395.405020] Node 0 DMA32: 653*4kB (UME) 165*8kB (UME) 49*16kB (UME) 52*32kB (UME) 76*64kB (UM) 13*128kB (UM) 29*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 674156kB [ 1395.423394] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1395.434621] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1395.451988] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1395.461607] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1395.470712] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1395.480020] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1395.489065] 25117 total pagecache pages [ 1395.493041] 0 pages in swap cache [ 1395.497797] Swap cache stats: add 0, delete 0, find 0/0 [ 1395.503151] Free swap = 0kB [ 1395.507002] Total swap = 0kB [ 1395.510018] 2097051 pages RAM [ 1395.513105] 0 pages HighMem/MovableOnly [ 1395.517985] 363849 pages reserved [ 1395.521429] 0 pages cma reserved [ 1395.525893] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1395.538564] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1395.543846] CPU: 0 PID: 30243 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1395.551782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1395.561295] Call Trace: [ 1395.563873] dump_stack+0x1b2/0x281 [ 1395.567484] warn_alloc.cold+0x96/0x1cc [ 1395.571441] ? zone_watermark_ok_safe+0x220/0x220 [ 1395.576265] ? trace_hardirqs_on+0x10/0x10 [ 1395.580480] ? deref_stack_reg+0x124/0x1a0 [ 1395.584699] ? fs_reclaim_release+0xd0/0x110 [ 1395.589090] __vmalloc_node_range+0x10e/0x150 [ 1395.593572] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1395.598922] vmalloc_user+0x47/0xa0 [ 1395.602542] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1395.606843] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1395.612196] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1395.616334] __vb2_queue_alloc+0x47a/0xd90 [ 1395.620557] vb2_core_create_bufs+0x279/0x5a0 [ 1395.625032] ? __vb2_queue_free+0x7a0/0x7a0 [ 1395.629336] ? trace_hardirqs_on+0x10/0x10 [ 1395.633548] ? __lock_acquire+0x5fc/0x3f20 [ 1395.637766] vb2_create_bufs+0x2e1/0x5b0 [ 1395.641810] ? vb2_thread_start+0x310/0x310 [ 1395.646113] ? trace_hardirqs_on+0x10/0x10 [ 1395.650325] ? mark_held_locks+0xa6/0xf0 [ 1395.654386] ? trace_hardirqs_on+0x10/0x10 [ 1395.658605] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1395.663187] v4l_create_bufs+0xa4/0x150 [ 1395.667143] __video_do_ioctl+0x65b/0x6a0 [ 1395.671274] ? video_ioctl2+0x30/0x30 [ 1395.675062] ? __might_fault+0x177/0x1b0 [ 1395.679109] ? video_ioctl2+0x30/0x30 [ 1395.682888] video_usercopy+0xfd/0xe70 [ 1395.686757] ? v4l_g_ctrl+0x390/0x390 [ 1395.690537] ? lock_acquire+0x170/0x3f0 [ 1395.694496] ? trace_hardirqs_on+0x10/0x10 [ 1395.698729] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1395.703736] v4l2_ioctl+0x1bb/0x2f0 [ 1395.707351] ? v4l2_open+0x2f0/0x2f0 [ 1395.711061] do_vfs_ioctl+0x75a/0xff0 [ 1395.714876] ? ioctl_preallocate+0x1a0/0x1a0 [ 1395.719277] ? lock_downgrade+0x740/0x740 [ 1395.723420] ? __fget+0x225/0x360 [ 1395.726879] ? do_vfs_ioctl+0xff0/0xff0 [ 1395.730855] ? security_file_ioctl+0x83/0xb0 [ 1395.735244] SyS_ioctl+0x7f/0xb0 [ 1395.738592] ? do_vfs_ioctl+0xff0/0xff0 [ 1395.742555] do_syscall_64+0x1d5/0x640 [ 1395.746434] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1395.751602] RIP: 0033:0x466459 [ 1395.754772] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:05:37 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1395.762469] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1395.769732] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 1395.777074] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1395.784329] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1395.791582] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 13:05:37 executing program 0: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) clock_gettime(0x0, &(0x7f00000002c0)) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:37 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)) r1 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:37 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:37 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) 13:05:37 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:37 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1395.876709] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1395.901500] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1395.907496] CPU: 0 PID: 30263 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1395.915392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1395.924744] Call Trace: [ 1395.927337] dump_stack+0x1b2/0x281 [ 1395.930960] warn_alloc.cold+0x96/0x1cc [ 1395.934934] ? __lock_acquire+0x5fc/0x3f20 [ 1395.939180] ? zone_watermark_ok_safe+0x220/0x220 [ 1395.944024] ? cache_alloc_refill+0x1da/0x350 [ 1395.948515] ? lock_acquire+0x170/0x3f0 [ 1395.952483] __vmalloc_node_range+0x10e/0x150 [ 1395.956967] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1395.962310] vmalloc_user+0x47/0xa0 [ 1395.965920] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1395.970229] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1395.975576] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1395.979707] __vb2_queue_alloc+0x47a/0xd90 [ 1395.988710] vb2_core_create_bufs+0x279/0x5a0 [ 1395.993189] ? __vb2_queue_free+0x7a0/0x7a0 [ 1395.997505] ? trace_hardirqs_on+0x10/0x10 [ 1396.001743] ? __lock_acquire+0x5fc/0x3f20 [ 1396.005971] vb2_create_bufs+0x2e1/0x5b0 [ 1396.010172] ? ___preempt_schedule+0x16/0x18 [ 1396.014580] ? vb2_thread_start+0x310/0x310 [ 1396.018897] ? trace_hardirqs_on+0x10/0x10 [ 1396.023116] ? _raw_spin_unlock_irqrestore+0xaf/0xe0 [ 1396.028204] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1396.032781] v4l_create_bufs+0xa4/0x150 [ 1396.036745] __video_do_ioctl+0x65b/0x6a0 [ 1396.040882] ? video_ioctl2+0x30/0x30 [ 1396.044672] ? __might_fault+0x177/0x1b0 [ 1396.048728] ? video_ioctl2+0x30/0x30 [ 1396.052521] video_usercopy+0xfd/0xe70 [ 1396.056522] ? v4l_g_ctrl+0x390/0x390 [ 1396.060437] ? retint_kernel+0x2d/0x2d [ 1396.064315] ? trace_hardirqs_on+0x10/0x10 [ 1396.068540] ? futex_exit_release+0x220/0x220 [ 1396.073022] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1396.077772] v4l2_ioctl+0x1bb/0x2f0 [ 1396.081387] ? v4l2_open+0x2f0/0x2f0 [ 1396.085086] do_vfs_ioctl+0x75a/0xff0 [ 1396.088880] ? ioctl_preallocate+0x1a0/0x1a0 [ 1396.093289] ? lock_downgrade+0x740/0x740 [ 1396.097426] ? __fget+0x225/0x360 [ 1396.100862] ? do_vfs_ioctl+0xff0/0xff0 [ 1396.104826] ? security_file_ioctl+0x83/0xb0 [ 1396.109219] SyS_ioctl+0x7f/0xb0 [ 1396.112567] ? do_vfs_ioctl+0xff0/0xff0 [ 1396.116587] do_syscall_64+0x1d5/0x640 [ 1396.120474] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1396.125656] RIP: 0033:0x466459 [ 1396.128826] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1396.136517] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1396.143775] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1396.151049] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1396.158304] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1396.165557] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:05:37 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x240a80, 0x0) r1 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1396.184425] warn_alloc_show_mem: 1 callbacks suppressed [ 1396.184428] Mem-Info: [ 1396.195651] active_anon:222581 inactive_anon:6741 isolated_anon:0 [ 1396.195651] active_file:6838 inactive_file:43898 isolated_file:0 [ 1396.195651] unevictable:0 dirty:312 writeback:0 unstable:0 [ 1396.195651] slab_reclaimable:22031 slab_unreclaimable:129060 [ 1396.195651] mapped:61911 shmem:6935 pagetables:15956 bounce:0 [ 1396.195651] free:1182876 free_pcp:218 free_cma:0 13:05:37 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000001c0)={0x0, 0xff, 0x0, &(0x7f0000000180)=0x1}) r1 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:37 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) write$P9_RWRITE(r0, 0x0, 0x0) r1 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1396.230022] Node 0 active_anon:892440kB inactive_anon:26964kB active_file:27228kB inactive_file:175604kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:247652kB dirty:1260kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1396.259338] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 13:05:37 executing program 5: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) r0 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:37 executing program 5: r0 = socket$inet(0x2, 0xa, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1396.285783] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1396.312747] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1396.318424] Node 0 DMA32 free:674624kB min:36200kB low:45248kB high:54296kB active_anon:890320kB inactive_anon:26964kB active_file:27228kB inactive_file:175608kB unevictable:0kB writepending:1264kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27264kB pagetables:63972kB bounce:0kB free_pcp:700kB local_pcp:172kB free_cma:0kB [ 1396.349396] lowmem_reserve[]: 0 0 0 0 0 [ 1396.353556] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1396.380268] lowmem_reserve[]: 0 0 0 0 0 [ 1396.384812] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1396.412981] lowmem_reserve[]: 0 0 0 0 0 [ 1396.417420] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1396.431622] Node 0 DMA32: 637*4kB (UME) 247*8kB (UME) 25*16kB (UME) 42*32kB (UME) 77*64kB (UM) 13*128kB (UM) 29*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 674108kB [ 1396.449983] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1396.461124] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1396.478890] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1396.488288] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1396.497371] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1396.507480] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1396.516604] 25128 total pagecache pages [ 1396.520574] 0 pages in swap cache [ 1396.524004] Swap cache stats: add 0, delete 0, find 0/0 [ 1396.530345] Free swap = 0kB [ 1396.533360] Total swap = 0kB [ 1396.537164] 2097051 pages RAM [ 1396.540361] 0 pages HighMem/MovableOnly [ 1396.545210] 363849 pages reserved [ 1396.548665] 0 pages cma reserved [ 1396.552175] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1396.564320] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1396.569429] CPU: 0 PID: 30270 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1396.577296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.586645] Call Trace: [ 1396.589228] dump_stack+0x1b2/0x281 [ 1396.592848] warn_alloc.cold+0x96/0x1cc [ 1396.596896] ? zone_watermark_ok_safe+0x220/0x220 [ 1396.601721] ? trace_hardirqs_on+0x10/0x10 [ 1396.605940] ? deref_stack_reg+0x124/0x1a0 [ 1396.610159] ? fs_reclaim_release+0xd0/0x110 [ 1396.614552] __vmalloc_node_range+0x10e/0x150 [ 1396.619036] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1396.624389] vmalloc_user+0x47/0xa0 [ 1396.628032] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1396.632340] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1396.637696] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1396.641831] __vb2_queue_alloc+0x47a/0xd90 [ 1396.646077] vb2_core_create_bufs+0x279/0x5a0 [ 1396.650557] ? __vb2_queue_free+0x7a0/0x7a0 [ 1396.654865] ? trace_hardirqs_on+0x10/0x10 [ 1396.659087] ? __lock_acquire+0x5fc/0x3f20 [ 1396.663312] vb2_create_bufs+0x2e1/0x5b0 [ 1396.667382] ? vb2_thread_start+0x310/0x310 [ 1396.671685] ? trace_hardirqs_on+0x10/0x10 [ 1396.675928] ? mark_held_locks+0xa6/0xf0 [ 1396.679979] ? trace_hardirqs_on+0x10/0x10 [ 1396.684195] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1396.688763] v4l_create_bufs+0xa4/0x150 [ 1396.692725] __video_do_ioctl+0x65b/0x6a0 [ 1396.696864] ? video_ioctl2+0x30/0x30 [ 1396.700652] ? __might_fault+0x177/0x1b0 [ 1396.704702] ? video_ioctl2+0x30/0x30 [ 1396.708489] video_usercopy+0xfd/0xe70 [ 1396.712368] ? v4l_g_ctrl+0x390/0x390 [ 1396.716170] ? lock_acquire+0x170/0x3f0 [ 1396.720127] ? trace_hardirqs_on+0x10/0x10 [ 1396.724348] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1396.729345] v4l2_ioctl+0x1bb/0x2f0 [ 1396.732957] ? v4l2_open+0x2f0/0x2f0 [ 1396.736683] do_vfs_ioctl+0x75a/0xff0 [ 1396.740746] ? ioctl_preallocate+0x1a0/0x1a0 [ 1396.745137] ? lock_downgrade+0x740/0x740 [ 1396.749288] ? __fget+0x225/0x360 [ 1396.752725] ? do_vfs_ioctl+0xff0/0xff0 [ 1396.756691] ? security_file_ioctl+0x83/0xb0 [ 1396.761105] SyS_ioctl+0x7f/0xb0 [ 1396.764474] ? do_vfs_ioctl+0xff0/0xff0 [ 1396.768447] do_syscall_64+0x1d5/0x640 [ 1396.772369] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1396.777565] RIP: 0033:0x466459 [ 1396.780740] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:05:38 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1396.788436] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1396.795736] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 1396.802990] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1396.810305] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1396.817560] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 13:05:38 executing program 0: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) clock_gettime(0x0, &(0x7f00000002c0)) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:38 executing program 5: r0 = socket$inet(0x2, 0x0, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:38 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:38 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:38 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1396.885676] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 13:05:38 executing program 5: r0 = socket$inet(0x2, 0x0, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:38 executing program 5: r0 = socket$inet(0x2, 0x0, 0x101) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1396.931760] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1396.951244] CPU: 0 PID: 30287 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1396.959170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.968527] Call Trace: [ 1396.971124] dump_stack+0x1b2/0x281 [ 1396.974770] warn_alloc.cold+0x96/0x1cc 13:05:38 executing program 5: r0 = socket$inet(0x2, 0xa, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1396.978758] ? zone_watermark_ok_safe+0x220/0x220 [ 1396.983601] ? trace_hardirqs_on+0x10/0x10 [ 1396.987840] ? deref_stack_reg+0x124/0x1a0 [ 1396.992083] ? fs_reclaim_release+0xd0/0x110 [ 1396.996499] __vmalloc_node_range+0x10e/0x150 [ 1397.001002] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1397.006346] vmalloc_user+0x47/0xa0 [ 1397.009953] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1397.014254] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1397.019645] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1397.023777] __vb2_queue_alloc+0x47a/0xd90 [ 1397.028025] vb2_core_create_bufs+0x279/0x5a0 [ 1397.032504] ? __vb2_queue_free+0x7a0/0x7a0 [ 1397.036921] ? trace_hardirqs_on+0x10/0x10 [ 1397.041144] ? __lock_acquire+0x5fc/0x3f20 [ 1397.045365] vb2_create_bufs+0x2e1/0x5b0 [ 1397.049418] ? futex_wait_queue_me+0x3bb/0x590 [ 1397.053992] ? vb2_thread_start+0x310/0x310 [ 1397.058297] ? trace_hardirqs_on+0x10/0x10 [ 1397.062625] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1397.067191] v4l_create_bufs+0xa4/0x150 [ 1397.071158] __video_do_ioctl+0x65b/0x6a0 [ 1397.075297] ? video_ioctl2+0x30/0x30 [ 1397.079079] ? __might_fault+0x177/0x1b0 [ 1397.083121] ? video_ioctl2+0x30/0x30 [ 1397.086902] video_usercopy+0xfd/0xe70 [ 1397.090772] ? v4l_g_ctrl+0x390/0x390 [ 1397.094556] ? lock_acquire+0x170/0x3f0 [ 1397.098509] ? lock_downgrade+0x740/0x740 [ 1397.102637] ? trace_hardirqs_on+0x10/0x10 [ 1397.106853] ? futex_exit_release+0x220/0x220 [ 1397.111416] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1397.116500] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1397.121500] v4l2_ioctl+0x1bb/0x2f0 [ 1397.125105] ? v4l2_open+0x2f0/0x2f0 [ 1397.128802] do_vfs_ioctl+0x75a/0xff0 [ 1397.132584] ? ioctl_preallocate+0x1a0/0x1a0 [ 1397.136971] ? lock_downgrade+0x740/0x740 [ 1397.141102] ? __fget+0x225/0x360 [ 1397.144542] ? do_vfs_ioctl+0xff0/0xff0 [ 1397.148501] ? security_file_ioctl+0x83/0xb0 [ 1397.152891] SyS_ioctl+0x7f/0xb0 [ 1397.156248] ? do_vfs_ioctl+0xff0/0xff0 [ 1397.160214] do_syscall_64+0x1d5/0x640 [ 1397.164089] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1397.169264] RIP: 0033:0x466459 [ 1397.172432] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:05:38 executing program 0: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) clock_gettime(0x0, &(0x7f00000002c0)) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1397.180170] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1397.187420] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1397.194670] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1397.201920] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1397.209177] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 13:05:38 executing program 5: r0 = socket$inet(0x2, 0xa, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:38 executing program 0: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) clock_gettime(0x0, &(0x7f00000002c0)) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1397.245837] warn_alloc_show_mem: 1 callbacks suppressed [ 1397.245840] Mem-Info: [ 1397.253658] active_anon:222068 inactive_anon:6741 isolated_anon:0 [ 1397.253658] active_file:6838 inactive_file:43909 isolated_file:0 [ 1397.253658] unevictable:0 dirty:323 writeback:0 unstable:0 [ 1397.253658] slab_reclaimable:22019 slab_unreclaimable:128886 [ 1397.253658] mapped:61943 shmem:6935 pagetables:15978 bounce:0 [ 1397.253658] free:1183512 free_pcp:301 free_cma:0 [ 1397.309831] Node 0 active_anon:888208kB inactive_anon:26964kB active_file:27228kB inactive_file:175636kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:247672kB dirty:1292kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 753664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1397.338627] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1397.365449] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1397.392857] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1397.398234] Node 0 DMA32 free:675192kB min:36200kB low:45248kB high:54296kB active_anon:888184kB inactive_anon:26964kB active_file:27228kB inactive_file:175652kB unevictable:0kB writepending:1320kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27168kB pagetables:63764kB bounce:0kB free_pcp:1388kB local_pcp:692kB free_cma:0kB [ 1397.428980] lowmem_reserve[]: 0 0 0 0 0 [ 1397.432996] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1397.458577] lowmem_reserve[]: 0 0 0 0 0 [ 1397.462560] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1397.490317] lowmem_reserve[]: 0 0 0 0 0 [ 1397.494387] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1397.508072] Node 0 DMA32: 637*4kB (UME) 287*8kB (UME) 42*16kB (UME) 28*32kB (UME) 77*64kB (UM) 15*128kB (UM) 29*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 157*4096kB (UM) = 676556kB [ 1397.525926] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1397.537092] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1397.554954] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1397.563790] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1397.573076] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1397.582334] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1397.591318] 25140 total pagecache pages [ 1397.595762] 0 pages in swap cache [ 1397.599211] Swap cache stats: add 0, delete 0, find 0/0 [ 1397.605391] Free swap = 0kB [ 1397.608409] Total swap = 0kB [ 1397.611433] 2097051 pages RAM [ 1397.616486] 0 pages HighMem/MovableOnly [ 1397.620457] 363849 pages reserved [ 1397.623888] 0 pages cma reserved [ 1397.628215] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1397.640772] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1397.646142] CPU: 0 PID: 30294 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1397.654015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.663355] Call Trace: [ 1397.665961] dump_stack+0x1b2/0x281 [ 1397.669584] warn_alloc.cold+0x96/0x1cc [ 1397.673546] ? __lock_acquire+0x5fc/0x3f20 [ 1397.677763] ? zone_watermark_ok_safe+0x220/0x220 [ 1397.682585] ? trace_hardirqs_on+0x10/0x10 [ 1397.686826] ? deref_stack_reg+0x124/0x1a0 [ 1397.691044] ? fs_reclaim_release+0xd0/0x110 [ 1397.695438] __vmalloc_node_range+0x10e/0x150 [ 1397.699921] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1397.705264] vmalloc_user+0x47/0xa0 [ 1397.708880] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1397.713188] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1397.718542] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1397.722693] __vb2_queue_alloc+0x47a/0xd90 [ 1397.726926] vb2_core_create_bufs+0x279/0x5a0 [ 1397.731413] ? __vb2_queue_free+0x7a0/0x7a0 [ 1397.735727] ? trace_hardirqs_on+0x10/0x10 [ 1397.739953] ? __lock_acquire+0x5fc/0x3f20 [ 1397.744173] vb2_create_bufs+0x2e1/0x5b0 [ 1397.748227] ? vb2_thread_start+0x310/0x310 [ 1397.752557] ? trace_hardirqs_on+0x10/0x10 [ 1397.756774] ? mark_held_locks+0xa6/0xf0 [ 1397.760814] ? trace_hardirqs_on+0x10/0x10 [ 1397.765039] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1397.769616] v4l_create_bufs+0xa4/0x150 [ 1397.773591] __video_do_ioctl+0x65b/0x6a0 [ 1397.777723] ? video_ioctl2+0x30/0x30 [ 1397.781505] ? __might_fault+0x177/0x1b0 [ 1397.785546] ? video_ioctl2+0x30/0x30 [ 1397.789329] video_usercopy+0xfd/0xe70 [ 1397.793200] ? v4l_g_ctrl+0x390/0x390 [ 1397.796980] ? lock_acquire+0x170/0x3f0 [ 1397.800938] ? trace_hardirqs_on+0x10/0x10 [ 1397.805185] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1397.810278] v4l2_ioctl+0x1bb/0x2f0 [ 1397.813886] ? v4l2_open+0x2f0/0x2f0 [ 1397.817582] do_vfs_ioctl+0x75a/0xff0 [ 1397.821365] ? ioctl_preallocate+0x1a0/0x1a0 [ 1397.825754] ? lock_downgrade+0x740/0x740 [ 1397.829882] ? __fget+0x225/0x360 [ 1397.833314] ? do_vfs_ioctl+0xff0/0xff0 [ 1397.837293] ? security_file_ioctl+0x83/0xb0 [ 1397.841685] SyS_ioctl+0x7f/0xb0 [ 1397.845032] ? do_vfs_ioctl+0xff0/0xff0 [ 1397.848990] do_syscall_64+0x1d5/0x640 [ 1397.852883] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1397.858054] RIP: 0033:0x466459 [ 1397.861223] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1397.869000] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1397.876251] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1397.883512] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1397.890771] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1397.898026] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:05:39 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:39 executing program 0: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:39 executing program 5: socket$inet(0x2, 0xa, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000340), 0x4) 13:05:39 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:39 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1397.943128] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1397.958097] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1397.963289] CPU: 0 PID: 30323 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1397.971254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.980604] Call Trace: [ 1397.983201] dump_stack+0x1b2/0x281 [ 1397.986839] warn_alloc.cold+0x96/0x1cc 13:05:39 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1397.990850] ? zone_watermark_ok_safe+0x220/0x220 [ 1397.995695] ? trace_hardirqs_on+0x10/0x10 [ 1397.999933] ? deref_stack_reg+0x124/0x1a0 [ 1398.004168] ? fs_reclaim_release+0xd0/0x110 [ 1398.008580] __vmalloc_node_range+0x10e/0x150 [ 1398.013082] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1398.018446] vmalloc_user+0x47/0xa0 [ 1398.022195] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1398.026526] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1398.031885] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1398.036020] __vb2_queue_alloc+0x47a/0xd90 [ 1398.040245] vb2_core_create_bufs+0x279/0x5a0 [ 1398.044854] ? __vb2_queue_free+0x7a0/0x7a0 [ 1398.049164] ? trace_hardirqs_on+0x10/0x10 [ 1398.053388] ? __lock_acquire+0x5fc/0x3f20 [ 1398.057614] vb2_create_bufs+0x2e1/0x5b0 [ 1398.061669] ? futex_wait_queue_me+0x3bb/0x590 [ 1398.066239] ? vb2_thread_start+0x310/0x310 [ 1398.070654] ? trace_hardirqs_on+0x10/0x10 [ 1398.074874] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1398.079439] v4l_create_bufs+0xa4/0x150 [ 1398.083405] __video_do_ioctl+0x65b/0x6a0 [ 1398.087553] ? video_ioctl2+0x30/0x30 [ 1398.091346] ? __might_fault+0x177/0x1b0 [ 1398.095395] ? video_ioctl2+0x30/0x30 [ 1398.099182] video_usercopy+0xfd/0xe70 [ 1398.103066] ? v4l_g_ctrl+0x390/0x390 [ 1398.106860] ? lock_acquire+0x170/0x3f0 [ 1398.110829] ? lock_downgrade+0x740/0x740 [ 1398.114970] ? trace_hardirqs_on+0x10/0x10 [ 1398.119196] ? futex_exit_release+0x220/0x220 [ 1398.123678] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1398.128766] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1398.133852] v4l2_ioctl+0x1bb/0x2f0 [ 1398.137466] ? v4l2_open+0x2f0/0x2f0 [ 1398.141164] do_vfs_ioctl+0x75a/0xff0 [ 1398.144952] ? ioctl_preallocate+0x1a0/0x1a0 [ 1398.149401] ? lock_downgrade+0x740/0x740 [ 1398.153540] ? __fget+0x225/0x360 [ 1398.156993] ? do_vfs_ioctl+0xff0/0xff0 [ 1398.160960] ? security_file_ioctl+0x83/0xb0 [ 1398.165354] SyS_ioctl+0x7f/0xb0 [ 1398.168708] ? do_vfs_ioctl+0xff0/0xff0 [ 1398.172670] do_syscall_64+0x1d5/0x640 [ 1398.176546] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1398.181726] RIP: 0033:0x466459 [ 1398.184924] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1398.192664] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1398.199918] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 1398.207171] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1398.214430] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1398.221698] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 13:05:39 executing program 5: socket$inet(0x2, 0xa, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1398.250871] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1398.265037] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1398.270472] CPU: 0 PID: 30327 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1398.278382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.287730] Call Trace: [ 1398.290314] dump_stack+0x1b2/0x281 [ 1398.293960] warn_alloc.cold+0x96/0x1cc [ 1398.297921] ? zone_watermark_ok_safe+0x220/0x220 [ 1398.302789] ? trace_hardirqs_on+0x10/0x10 [ 1398.307009] ? fs_reclaim_release+0xd0/0x110 [ 1398.311536] __vmalloc_node_range+0x10e/0x150 [ 1398.316017] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1398.321381] vmalloc_user+0x47/0xa0 [ 1398.324989] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1398.329301] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1398.334642] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1398.338772] __vb2_queue_alloc+0x47a/0xd90 [ 1398.342992] vb2_core_create_bufs+0x279/0x5a0 [ 1398.347486] ? __vb2_queue_free+0x7a0/0x7a0 [ 1398.351877] ? trace_hardirqs_on+0x10/0x10 [ 1398.356093] ? __lock_acquire+0x5fc/0x3f20 [ 1398.360311] vb2_create_bufs+0x2e1/0x5b0 [ 1398.364353] ? vb2_thread_start+0x310/0x310 [ 1398.368653] ? trace_hardirqs_on+0x10/0x10 [ 1398.372869] ? mark_held_locks+0xa6/0xf0 [ 1398.376910] ? trace_hardirqs_on+0x10/0x10 [ 1398.381134] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1398.385711] v4l_create_bufs+0xa4/0x150 [ 1398.389684] __video_do_ioctl+0x65b/0x6a0 [ 1398.393814] ? video_ioctl2+0x30/0x30 [ 1398.397596] ? __might_fault+0x177/0x1b0 [ 1398.401638] ? video_ioctl2+0x30/0x30 [ 1398.405417] video_usercopy+0xfd/0xe70 [ 1398.409398] ? v4l_g_ctrl+0x390/0x390 [ 1398.413178] ? lock_acquire+0x170/0x3f0 [ 1398.417132] ? trace_hardirqs_on+0x10/0x10 [ 1398.421349] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1398.426343] v4l2_ioctl+0x1bb/0x2f0 [ 1398.429948] ? v4l2_open+0x2f0/0x2f0 [ 1398.433642] do_vfs_ioctl+0x75a/0xff0 [ 1398.437442] ? ioctl_preallocate+0x1a0/0x1a0 [ 1398.441835] ? lock_downgrade+0x740/0x740 [ 1398.445973] ? __fget+0x225/0x360 [ 1398.449421] ? do_vfs_ioctl+0xff0/0xff0 [ 1398.453380] ? security_file_ioctl+0x83/0xb0 [ 1398.457768] SyS_ioctl+0x7f/0xb0 [ 1398.461114] ? do_vfs_ioctl+0xff0/0xff0 [ 1398.465079] do_syscall_64+0x1d5/0x640 [ 1398.469062] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1398.474236] RIP: 0033:0x466459 [ 1398.477405] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1398.485142] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1398.492478] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 13:05:40 executing program 5: socket$inet(0x2, 0xa, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000340), 0x4) [ 1398.499783] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1398.507032] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1398.514282] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1398.523124] warn_alloc_show_mem: 2 callbacks suppressed [ 1398.523128] Mem-Info: [ 1398.531388] active_anon:223122 inactive_anon:6741 isolated_anon:0 [ 1398.531388] active_file:6838 inactive_file:43923 isolated_file:0 [ 1398.531388] unevictable:0 dirty:346 writeback:0 unstable:0 [ 1398.531388] slab_reclaimable:21992 slab_unreclaimable:129237 [ 1398.531388] mapped:61952 shmem:6935 pagetables:15983 bounce:0 [ 1398.531388] free:1182173 free_pcp:262 free_cma:0 [ 1398.567310] Node 0 active_anon:890364kB inactive_anon:26964kB active_file:27228kB inactive_file:175692kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:247808kB dirty:484kB writeback:400kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 757760kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 13:05:40 executing program 5: r0 = socket$inet(0x2, 0xa, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, 0x0, 0x0) 13:05:40 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1398.597103] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1398.623357] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1398.650383] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1398.655748] Node 0 DMA32 free:672244kB min:36200kB low:45248kB high:54296kB active_anon:890352kB inactive_anon:26964kB active_file:27236kB inactive_file:175704kB unevictable:0kB writepending:400kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27264kB pagetables:63828kB bounce:0kB free_pcp:860kB local_pcp:688kB free_cma:0kB [ 1398.686035] lowmem_reserve[]: 0 0 0 0 0 [ 1398.690048] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1398.715724] lowmem_reserve[]: 0 0 0 0 0 [ 1398.719733] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1398.747551] lowmem_reserve[]: 0 0 0 0 0 [ 1398.751545] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1398.765241] Node 0 DMA32: 621*4kB (UME) 88*8kB (UME) 19*16kB (UME) 10*32kB (UME) 73*64kB (UM) 15*128kB (UM) 29*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 156*4096kB (UM) = 669604kB [ 1398.783095] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1398.793885] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1398.811220] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1398.820110] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1398.828746] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1398.837637] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1398.846283] 25154 total pagecache pages [ 1398.850259] 0 pages in swap cache 13:05:40 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1398.853709] Swap cache stats: add 0, delete 0, find 0/0 [ 1398.859210] Free swap = 0kB [ 1398.862218] Total swap = 0kB [ 1398.865305] 2097051 pages RAM [ 1398.868398] 0 pages HighMem/MovableOnly [ 1398.872454] 363849 pages reserved [ 1398.875974] 0 pages cma reserved [ 1398.879602] syz-executor.5: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1398.890720] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1398.903264] CPU: 1 PID: 30347 Comm: syz-executor.5 Not tainted 4.14.231-syzkaller #0 [ 1398.911168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.920526] Call Trace: [ 1398.923152] dump_stack+0x1b2/0x281 [ 1398.926769] warn_alloc.cold+0x96/0x1cc [ 1398.930725] ? zone_watermark_ok_safe+0x220/0x220 [ 1398.935652] ? trace_hardirqs_on+0x10/0x10 [ 1398.939889] ? deref_stack_reg+0x124/0x1a0 [ 1398.944110] ? fs_reclaim_release+0xd0/0x110 [ 1398.948519] __vmalloc_node_range+0x10e/0x150 [ 1398.953004] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1398.958360] vmalloc_user+0x47/0xa0 [ 1398.961972] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1398.966329] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1398.971684] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1398.975872] __vb2_queue_alloc+0x47a/0xd90 [ 1398.980151] vb2_core_create_bufs+0x279/0x5a0 [ 1398.984631] ? __vb2_queue_free+0x7a0/0x7a0 [ 1398.988946] ? trace_hardirqs_on+0x10/0x10 [ 1398.993164] ? __lock_acquire+0x5fc/0x3f20 [ 1398.997384] vb2_create_bufs+0x2e1/0x5b0 [ 1399.001446] ? vb2_thread_start+0x310/0x310 [ 1399.005762] ? trace_hardirqs_on+0x10/0x10 [ 1399.009977] ? mark_held_locks+0xa6/0xf0 [ 1399.014025] ? trace_hardirqs_on+0x10/0x10 [ 1399.018247] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1399.022812] v4l_create_bufs+0xa4/0x150 [ 1399.026896] __video_do_ioctl+0x65b/0x6a0 [ 1399.031207] ? video_ioctl2+0x30/0x30 [ 1399.034995] ? __might_fault+0x177/0x1b0 [ 1399.039036] ? video_ioctl2+0x30/0x30 [ 1399.042881] video_usercopy+0xfd/0xe70 [ 1399.046752] ? v4l_g_ctrl+0x390/0x390 [ 1399.050533] ? lock_acquire+0x170/0x3f0 [ 1399.054489] ? trace_hardirqs_on+0x10/0x10 [ 1399.058769] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1399.063812] v4l2_ioctl+0x1bb/0x2f0 [ 1399.067419] ? v4l2_open+0x2f0/0x2f0 [ 1399.071111] do_vfs_ioctl+0x75a/0xff0 [ 1399.074900] ? ioctl_preallocate+0x1a0/0x1a0 [ 1399.079421] ? lock_downgrade+0x740/0x740 [ 1399.083547] ? __fget+0x225/0x360 [ 1399.086979] ? do_vfs_ioctl+0xff0/0xff0 [ 1399.090931] ? security_file_ioctl+0x83/0xb0 [ 1399.095319] SyS_ioctl+0x7f/0xb0 [ 1399.098662] ? do_vfs_ioctl+0xff0/0xff0 [ 1399.102623] do_syscall_64+0x1d5/0x640 [ 1399.106492] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1399.111677] RIP: 0033:0x466459 [ 1399.114845] RSP: 002b:00007f8e665f1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1399.122727] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1399.129975] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1399.137238] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1399.144502] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1399.151750] R13: 00007ffc8baee27f R14: 00007f8e665f1300 R15: 0000000000022000 13:05:40 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:40 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:40 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:40 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1399.181579] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1399.249254] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1399.256565] CPU: 0 PID: 30349 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1399.264466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1399.273955] Call Trace: [ 1399.276537] dump_stack+0x1b2/0x281 [ 1399.280146] warn_alloc.cold+0x96/0x1cc [ 1399.284188] ? __save_stack_trace+0x63/0x160 [ 1399.288575] ? zone_watermark_ok_safe+0x220/0x220 [ 1399.293397] ? trace_hardirqs_on+0x10/0x10 [ 1399.297611] ? is_bpf_text_address+0x91/0x150 [ 1399.302099] ? deref_stack_reg+0x124/0x1a0 [ 1399.306315] ? fs_reclaim_release+0xd0/0x110 [ 1399.310711] __vmalloc_node_range+0x10e/0x150 [ 1399.315192] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1399.320536] vmalloc_user+0x47/0xa0 [ 1399.324144] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1399.328456] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1399.333799] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1399.337927] __vb2_queue_alloc+0x47a/0xd90 [ 1399.342155] vb2_core_create_bufs+0x279/0x5a0 [ 1399.346631] ? __vb2_queue_free+0x7a0/0x7a0 [ 1399.350932] ? trace_hardirqs_on+0x10/0x10 [ 1399.355146] ? __lock_acquire+0x5fc/0x3f20 [ 1399.359365] vb2_create_bufs+0x2e1/0x5b0 [ 1399.363416] ? vb2_thread_start+0x310/0x310 [ 1399.367732] ? trace_hardirqs_on+0x10/0x10 [ 1399.371955] ? trace_hardirqs_on+0x10/0x10 [ 1399.376176] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1399.380743] v4l_create_bufs+0xa4/0x150 [ 1399.384699] __video_do_ioctl+0x65b/0x6a0 [ 1399.388829] ? video_ioctl2+0x30/0x30 [ 1399.392610] ? __might_fault+0x177/0x1b0 [ 1399.396701] ? video_ioctl2+0x30/0x30 [ 1399.400479] video_usercopy+0xfd/0xe70 [ 1399.404353] ? v4l_g_ctrl+0x390/0x390 [ 1399.408150] ? lock_acquire+0x170/0x3f0 [ 1399.412103] ? trace_hardirqs_on+0x10/0x10 [ 1399.416319] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1399.421314] v4l2_ioctl+0x1bb/0x2f0 [ 1399.424918] ? v4l2_open+0x2f0/0x2f0 [ 1399.428620] do_vfs_ioctl+0x75a/0xff0 [ 1399.432401] ? ioctl_preallocate+0x1a0/0x1a0 [ 1399.436790] ? lock_downgrade+0x740/0x740 [ 1399.440917] ? __fget+0x225/0x360 [ 1399.444367] ? do_vfs_ioctl+0xff0/0xff0 [ 1399.448322] ? security_file_ioctl+0x83/0xb0 [ 1399.452716] SyS_ioctl+0x7f/0xb0 [ 1399.456089] ? do_vfs_ioctl+0xff0/0xff0 [ 1399.460157] do_syscall_64+0x1d5/0x640 [ 1399.464063] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1399.469232] RIP: 0033:0x466459 [ 1399.472511] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1399.480199] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1399.487448] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1399.494698] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1399.501946] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1399.509213] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 [ 1399.522864] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1399.534389] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1399.539594] CPU: 0 PID: 30353 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1399.547585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1399.556938] Call Trace: [ 1399.559526] dump_stack+0x1b2/0x281 [ 1399.563141] warn_alloc.cold+0x96/0x1cc [ 1399.567111] ? zone_watermark_ok_safe+0x220/0x220 [ 1399.571945] ? trace_hardirqs_on+0x10/0x10 [ 1399.576167] ? deref_stack_reg+0x124/0x1a0 [ 1399.580393] ? fs_reclaim_release+0xd0/0x110 [ 1399.584794] __vmalloc_node_range+0x10e/0x150 [ 1399.589276] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1399.594620] vmalloc_user+0x47/0xa0 [ 1399.598230] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1399.602533] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1399.607902] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1399.612049] __vb2_queue_alloc+0x47a/0xd90 [ 1399.616298] vb2_core_create_bufs+0x279/0x5a0 [ 1399.620793] ? __vb2_queue_free+0x7a0/0x7a0 [ 1399.625101] ? trace_hardirqs_on+0x10/0x10 [ 1399.629318] ? __lock_acquire+0x5fc/0x3f20 [ 1399.633548] vb2_create_bufs+0x2e1/0x5b0 [ 1399.637605] ? vb2_thread_start+0x310/0x310 [ 1399.641910] ? trace_hardirqs_on+0x10/0x10 [ 1399.646125] ? mark_held_locks+0xa6/0xf0 [ 1399.650173] ? trace_hardirqs_on+0x10/0x10 [ 1399.654757] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1399.659447] v4l_create_bufs+0xa4/0x150 [ 1399.663406] __video_do_ioctl+0x65b/0x6a0 [ 1399.667539] ? video_ioctl2+0x30/0x30 [ 1399.671322] ? __might_fault+0x177/0x1b0 [ 1399.675365] ? video_ioctl2+0x30/0x30 [ 1399.679149] video_usercopy+0xfd/0xe70 [ 1399.683115] ? v4l_g_ctrl+0x390/0x390 [ 1399.687026] ? lock_acquire+0x170/0x3f0 [ 1399.690984] ? trace_hardirqs_on+0x10/0x10 [ 1399.695211] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1399.700217] v4l2_ioctl+0x1bb/0x2f0 [ 1399.703824] ? v4l2_open+0x2f0/0x2f0 [ 1399.707528] do_vfs_ioctl+0x75a/0xff0 [ 1399.711320] ? ioctl_preallocate+0x1a0/0x1a0 [ 1399.715710] ? lock_downgrade+0x740/0x740 [ 1399.719841] ? __fget+0x225/0x360 [ 1399.723275] ? do_vfs_ioctl+0xff0/0xff0 [ 1399.727237] ? security_file_ioctl+0x83/0xb0 [ 1399.731627] SyS_ioctl+0x7f/0xb0 [ 1399.735000] ? do_vfs_ioctl+0xff0/0xff0 [ 1399.739077] do_syscall_64+0x1d5/0x640 [ 1399.742960] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1399.748134] RIP: 0033:0x466459 [ 1399.751320] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1399.759008] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1399.766259] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1399.773510] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1399.780962] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1399.788217] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1399.796503] warn_alloc_show_mem: 2 callbacks suppressed [ 1399.796506] Mem-Info: [ 1399.804338] active_anon:223092 inactive_anon:6741 isolated_anon:0 [ 1399.804338] active_file:6840 inactive_file:43929 isolated_file:0 [ 1399.804338] unevictable:0 dirty:107 writeback:0 unstable:0 [ 1399.804338] slab_reclaimable:21977 slab_unreclaimable:129288 [ 1399.804338] mapped:61961 shmem:6935 pagetables:15988 bounce:0 [ 1399.804338] free:1182178 free_pcp:198 free_cma:0 [ 1399.838962] Node 0 active_anon:892368kB inactive_anon:26964kB active_file:27236kB inactive_file:175716kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:247872kB dirty:440kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1399.867622] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1399.893512] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1399.919725] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1399.925388] Node 0 DMA32 free:670840kB min:36200kB low:45248kB high:54296kB active_anon:892368kB inactive_anon:26964kB active_file:27236kB inactive_file:175716kB unevictable:0kB writepending:448kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27296kB pagetables:63952kB bounce:0kB free_pcp:772kB local_pcp:68kB free_cma:0kB [ 1399.955913] lowmem_reserve[]: 0 0 0 0 0 [ 1399.960033] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1399.985650] lowmem_reserve[]: 0 0 0 0 0 [ 1399.989643] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1400.017593] lowmem_reserve[]: 0 0 0 0 0 [ 1400.021587] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1400.035621] Node 0 DMA32: 682*4kB (UME) 182*8kB (UME) 14*16kB (UME) 10*32kB (UME) 72*64kB (UM) 15*128kB (UM) 29*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 156*4096kB (UM) = 670456kB [ 1400.053089] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1400.064529] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1400.081991] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1400.090927] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1400.099572] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1400.108504] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1400.117149] 25169 total pagecache pages [ 1400.121118] 0 pages in swap cache [ 1400.124629] Swap cache stats: add 0, delete 0, find 0/0 [ 1400.130071] Free swap = 0kB [ 1400.133076] Total swap = 0kB [ 1400.136151] 2097051 pages RAM [ 1400.139331] 0 pages HighMem/MovableOnly [ 1400.143281] 363849 pages reserved [ 1400.146792] 0 pages cma reserved 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 0: r0 = syz_open_dev$vim2m(0x0, 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 0: r0 = syz_open_dev$vim2m(0x0, 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:41 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 0: r0 = syz_open_dev$vim2m(0x0, 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:41 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:41 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:42 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1400.580850] warn_alloc: 13 callbacks suppressed [ 1400.580854] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1400.608159] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1400.616191] CPU: 0 PID: 30436 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1400.624085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1400.633434] Call Trace: [ 1400.636017] dump_stack+0x1b2/0x281 [ 1400.639626] warn_alloc.cold+0x96/0x1cc [ 1400.643581] ? zone_watermark_ok_safe+0x220/0x220 [ 1400.648405] ? trace_hardirqs_on+0x10/0x10 [ 1400.652627] ? deref_stack_reg+0x124/0x1a0 [ 1400.656848] ? fs_reclaim_release+0xd0/0x110 [ 1400.661248] __vmalloc_node_range+0x10e/0x150 [ 1400.665738] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1400.671083] vmalloc_user+0x47/0xa0 [ 1400.674696] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1400.679003] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1400.684351] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1400.688576] __vb2_queue_alloc+0x47a/0xd90 [ 1400.692819] vb2_core_create_bufs+0x279/0x5a0 [ 1400.697305] ? __vb2_queue_free+0x7a0/0x7a0 [ 1400.701639] ? trace_hardirqs_on+0x10/0x10 [ 1400.705865] ? __lock_acquire+0x5fc/0x3f20 [ 1400.710093] vb2_create_bufs+0x2e1/0x5b0 [ 1400.714136] ? futex_wait_queue_me+0x3bb/0x590 [ 1400.718699] ? vb2_thread_start+0x310/0x310 [ 1400.723002] ? trace_hardirqs_on+0x10/0x10 [ 1400.727221] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1400.731790] v4l_create_bufs+0xa4/0x150 [ 1400.735758] __video_do_ioctl+0x65b/0x6a0 [ 1400.739926] ? video_ioctl2+0x30/0x30 [ 1400.743709] ? __might_fault+0x177/0x1b0 [ 1400.747753] ? video_ioctl2+0x30/0x30 [ 1400.751536] video_usercopy+0xfd/0xe70 [ 1400.755427] ? v4l_g_ctrl+0x390/0x390 [ 1400.759206] ? lock_acquire+0x170/0x3f0 [ 1400.763680] ? lock_downgrade+0x740/0x740 [ 1400.767818] ? trace_hardirqs_on+0x10/0x10 [ 1400.772071] ? futex_exit_release+0x220/0x220 [ 1400.776551] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1400.781655] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1400.786733] v4l2_ioctl+0x1bb/0x2f0 [ 1400.790347] ? v4l2_open+0x2f0/0x2f0 [ 1400.794042] do_vfs_ioctl+0x75a/0xff0 [ 1400.797833] ? ioctl_preallocate+0x1a0/0x1a0 [ 1400.802237] ? lock_downgrade+0x740/0x740 [ 1400.806395] ? __fget+0x225/0x360 [ 1400.809836] ? do_vfs_ioctl+0xff0/0xff0 [ 1400.813817] ? security_file_ioctl+0x83/0xb0 [ 1400.818210] SyS_ioctl+0x7f/0xb0 [ 1400.821555] ? do_vfs_ioctl+0xff0/0xff0 [ 1400.825520] do_syscall_64+0x1d5/0x640 [ 1400.829400] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1400.834568] RIP: 0033:0x466459 [ 1400.837740] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1400.845439] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1400.852702] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1400.859973] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1400.867329] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1400.874581] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:05:42 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1400.885226] Mem-Info: [ 1400.887680] active_anon:222597 inactive_anon:6741 isolated_anon:0 [ 1400.887680] active_file:6840 inactive_file:43944 isolated_file:0 [ 1400.887680] unevictable:0 dirty:130 writeback:0 unstable:0 [ 1400.887680] slab_reclaimable:21963 slab_unreclaimable:129588 [ 1400.887680] mapped:61981 shmem:6935 pagetables:15967 bounce:0 [ 1400.887680] free:1182338 free_pcp:262 free_cma:0 [ 1400.930977] Node 0 active_anon:892400kB inactive_anon:26964kB active_file:27236kB inactive_file:175776kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:247944kB dirty:532kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 13:05:42 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1400.960279] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1400.986989] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.019607] lowmem_reserve[]: 0 2717 2718 2718 2718 13:05:42 executing program 0: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1401.028191] Node 0 DMA32 free:670696kB min:36200kB low:45248kB high:54296kB active_anon:892404kB inactive_anon:26964kB active_file:27236kB inactive_file:175792kB unevictable:0kB writepending:548kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27296kB pagetables:63952kB bounce:0kB free_pcp:852kB local_pcp:324kB free_cma:0kB [ 1401.059600] lowmem_reserve[]: 0 0 0 0 0 [ 1401.063612] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.090029] lowmem_reserve[]: 0 0 0 0 0 [ 1401.094762] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.123028] lowmem_reserve[]: 0 0 0 0 0 [ 1401.127590] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1401.141771] Node 0 DMA32: 608*4kB (UE) 275*8kB (UME) 11*16kB (UME) 10*32kB (UME) 61*64kB (UM) 15*128kB (UM) 29*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 156*4096kB (UM) = 670152kB [ 1401.159963] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1401.171206] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1401.189547] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1401.198953] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1401.208125] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1401.217489] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1401.226667] 25176 total pagecache pages [ 1401.230666] 0 pages in swap cache [ 1401.234937] Swap cache stats: add 0, delete 0, find 0/0 [ 1401.240302] Free swap = 0kB [ 1401.243305] Total swap = 0kB [ 1401.247273] 2097051 pages RAM [ 1401.250498] 0 pages HighMem/MovableOnly [ 1401.255152] 363849 pages reserved [ 1401.258614] 0 pages cma reserved [ 1401.262112] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1401.275568] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1401.280765] CPU: 1 PID: 30442 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1401.288708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1401.298053] Call Trace: [ 1401.300639] dump_stack+0x1b2/0x281 [ 1401.304359] warn_alloc.cold+0x96/0x1cc [ 1401.308327] ? zone_watermark_ok_safe+0x220/0x220 [ 1401.313152] ? trace_hardirqs_on+0x10/0x10 [ 1401.317378] ? deref_stack_reg+0x124/0x1a0 [ 1401.321605] ? fs_reclaim_release+0xd0/0x110 [ 1401.326012] __vmalloc_node_range+0x10e/0x150 [ 1401.330518] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1401.335877] vmalloc_user+0x47/0xa0 [ 1401.339504] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1401.343819] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1401.349173] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1401.353381] __vb2_queue_alloc+0x47a/0xd90 [ 1401.357669] vb2_core_create_bufs+0x279/0x5a0 [ 1401.362259] ? __vb2_queue_free+0x7a0/0x7a0 [ 1401.366569] ? trace_hardirqs_on+0x10/0x10 [ 1401.370796] ? __lock_acquire+0x5fc/0x3f20 [ 1401.375044] vb2_create_bufs+0x2e1/0x5b0 [ 1401.379113] ? vb2_thread_start+0x310/0x310 [ 1401.383422] ? trace_hardirqs_on+0x10/0x10 [ 1401.387646] ? mark_held_locks+0xa6/0xf0 [ 1401.391825] ? trace_hardirqs_on+0x10/0x10 [ 1401.396055] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1401.400629] v4l_create_bufs+0xa4/0x150 [ 1401.404699] __video_do_ioctl+0x65b/0x6a0 [ 1401.408886] ? video_ioctl2+0x30/0x30 [ 1401.412680] ? __might_fault+0x177/0x1b0 [ 1401.416823] ? video_ioctl2+0x30/0x30 [ 1401.420614] video_usercopy+0xfd/0xe70 [ 1401.424503] ? v4l_g_ctrl+0x390/0x390 [ 1401.428300] ? lock_acquire+0x170/0x3f0 [ 1401.432260] ? trace_hardirqs_on+0x10/0x10 [ 1401.444051] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1401.449133] v4l2_ioctl+0x1bb/0x2f0 [ 1401.452797] ? v4l2_open+0x2f0/0x2f0 [ 1401.456503] do_vfs_ioctl+0x75a/0xff0 [ 1401.460371] ? ioctl_preallocate+0x1a0/0x1a0 [ 1401.464765] ? lock_downgrade+0x740/0x740 [ 1401.468899] ? __fget+0x225/0x360 [ 1401.472336] ? do_vfs_ioctl+0xff0/0xff0 [ 1401.476302] ? security_file_ioctl+0x83/0xb0 [ 1401.480712] SyS_ioctl+0x7f/0xb0 [ 1401.484078] ? do_vfs_ioctl+0xff0/0xff0 [ 1401.488046] do_syscall_64+0x1d5/0x640 [ 1401.491930] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1401.497115] RIP: 0033:0x466459 [ 1401.500294] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1401.508110] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1401.515369] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1401.522633] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1401.529886] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 13:05:43 executing program 0: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:43 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1401.537280] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 13:05:43 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:43 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:43 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:43 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1401.636973] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1401.670410] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1401.676507] CPU: 0 PID: 30464 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1401.684501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1401.693840] Call Trace: [ 1401.696518] dump_stack+0x1b2/0x281 [ 1401.700130] warn_alloc.cold+0x96/0x1cc [ 1401.704087] ? zone_watermark_ok_safe+0x220/0x220 [ 1401.709036] ? trace_hardirqs_on+0x10/0x10 [ 1401.713254] ? deref_stack_reg+0x124/0x1a0 [ 1401.717478] ? fs_reclaim_release+0xd0/0x110 [ 1401.721869] __vmalloc_node_range+0x10e/0x150 [ 1401.726373] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1401.731716] vmalloc_user+0x47/0xa0 [ 1401.735328] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1401.739629] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1401.744979] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1401.749107] __vb2_queue_alloc+0x47a/0xd90 [ 1401.753348] vb2_core_create_bufs+0x279/0x5a0 [ 1401.757829] ? __vb2_queue_free+0x7a0/0x7a0 [ 1401.762142] ? trace_hardirqs_on+0x10/0x10 [ 1401.766377] ? __lock_acquire+0x5fc/0x3f20 [ 1401.770605] vb2_create_bufs+0x2e1/0x5b0 [ 1401.774662] ? futex_wait_queue_me+0x3bb/0x590 [ 1401.779239] ? vb2_thread_start+0x310/0x310 [ 1401.783558] ? trace_hardirqs_on+0x10/0x10 [ 1401.787794] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1401.792368] v4l_create_bufs+0xa4/0x150 [ 1401.796326] __video_do_ioctl+0x65b/0x6a0 [ 1401.800467] ? video_ioctl2+0x30/0x30 [ 1401.804256] ? __might_fault+0x177/0x1b0 [ 1401.808302] ? video_ioctl2+0x30/0x30 [ 1401.812096] video_usercopy+0xfd/0xe70 [ 1401.815984] ? v4l_g_ctrl+0x390/0x390 [ 1401.819774] ? lock_acquire+0x170/0x3f0 [ 1401.823742] ? lock_downgrade+0x740/0x740 [ 1401.827878] ? trace_hardirqs_on+0x10/0x10 [ 1401.832093] ? futex_exit_release+0x220/0x220 [ 1401.836626] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1401.841824] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1401.846823] v4l2_ioctl+0x1bb/0x2f0 [ 1401.850485] ? v4l2_open+0x2f0/0x2f0 [ 1401.854181] do_vfs_ioctl+0x75a/0xff0 [ 1401.857963] ? ioctl_preallocate+0x1a0/0x1a0 [ 1401.862372] ? lock_downgrade+0x740/0x740 [ 1401.866507] ? __fget+0x225/0x360 [ 1401.869985] ? do_vfs_ioctl+0xff0/0xff0 [ 1401.873989] ? security_file_ioctl+0x83/0xb0 [ 1401.878380] SyS_ioctl+0x7f/0xb0 [ 1401.881727] ? do_vfs_ioctl+0xff0/0xff0 [ 1401.885705] do_syscall_64+0x1d5/0x640 [ 1401.889671] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1401.894915] RIP: 0033:0x466459 [ 1401.898095] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1401.905804] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1401.913078] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1401.920329] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1401.927579] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1401.934837] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1401.944775] warn_alloc_show_mem: 1 callbacks suppressed [ 1401.944778] Mem-Info: [ 1401.952847] active_anon:223104 inactive_anon:6741 isolated_anon:0 [ 1401.952847] active_file:6840 inactive_file:43954 isolated_file:0 [ 1401.952847] unevictable:0 dirty:143 writeback:0 unstable:0 [ 1401.952847] slab_reclaimable:21908 slab_unreclaimable:129723 [ 1401.952847] mapped:61991 shmem:6935 pagetables:15993 bounce:0 [ 1401.952847] free:1181741 free_pcp:236 free_cma:0 [ 1401.987487] Node 0 active_anon:892416kB inactive_anon:26964kB active_file:27236kB inactive_file:175816kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:247984kB dirty:588kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1402.016605] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1402.042811] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1402.069255] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1402.074972] Node 0 DMA32 free:669492kB min:36200kB low:45248kB high:54296kB active_anon:892416kB inactive_anon:26964kB active_file:27236kB inactive_file:175816kB unevictable:0kB writepending:592kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27296kB pagetables:63972kB bounce:0kB free_pcp:912kB local_pcp:280kB free_cma:0kB [ 1402.105513] lowmem_reserve[]: 0 0 0 0 0 [ 1402.109516] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1402.135374] lowmem_reserve[]: 0 0 0 0 0 [ 1402.139386] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1402.167234] lowmem_reserve[]: 0 0 0 0 0 [ 1402.171223] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1402.184869] Node 0 DMA32: 705*4kB (UME) 124*8kB (UME) 13*16kB (UME) 23*32kB (UME) 52*64kB (UM) 15*128kB (UM) 29*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 156*4096kB (UM) = 669204kB [ 1402.202306] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1402.213625] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1402.231015] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1402.239904] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1402.248563] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1402.257465] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1402.266115] 25188 total pagecache pages [ 1402.270106] 0 pages in swap cache [ 1402.273541] Swap cache stats: add 0, delete 0, find 0/0 [ 1402.278964] Free swap = 0kB [ 1402.281975] Total swap = 0kB [ 1402.285060] 2097051 pages RAM 13:05:43 executing program 0: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x6, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:43 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:43 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:43 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1402.288155] 0 pages HighMem/MovableOnly [ 1402.292121] 363849 pages reserved [ 1402.295630] 0 pages cma reserved 13:05:43 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r6, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000001c0)={0x20, 0x3ff, 0x3, {0x1, @vbi={0xf2a, 0x1f, 0xfffffff9, 0x39565559, [0x3, 0x2], [0x3b, 0xd7a], 0x1}}, 0x6}) ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f00000000c0)={r3, r4}, 0xc) 13:05:43 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1402.366350] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1402.384635] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1402.398823] CPU: 0 PID: 30481 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1402.406727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 13:05:43 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r6, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000001c0)={0x20, 0x3ff, 0x3, {0x1, @vbi={0xf2a, 0x1f, 0xfffffff9, 0x39565559, [0x3, 0x2], [0x3b, 0xd7a], 0x1}}, 0x6}) ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f00000000c0)={r3, r4}, 0xc) [ 1402.416191] Call Trace: [ 1402.418819] dump_stack+0x1b2/0x281 [ 1402.422434] warn_alloc.cold+0x96/0x1cc [ 1402.426405] ? zone_watermark_ok_safe+0x220/0x220 [ 1402.431248] ? trace_hardirqs_on+0x10/0x10 [ 1402.435484] ? deref_stack_reg+0x124/0x1a0 [ 1402.439727] ? fs_reclaim_release+0xd0/0x110 [ 1402.444144] __vmalloc_node_range+0x10e/0x150 [ 1402.448643] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1402.454000] vmalloc_user+0x47/0xa0 [ 1402.457628] ? vb2_vmalloc_alloc+0xa6/0x2d0 13:05:43 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r6, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000001c0)={0x20, 0x3ff, 0x3, {0x1, @vbi={0xf2a, 0x1f, 0xfffffff9, 0x39565559, [0x3, 0x2], [0x3b, 0xd7a], 0x1}}, 0x6}) ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f00000000c0)={r3, r4}, 0xc) 13:05:43 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000001c0)={0x20, 0x3ff, 0x3, {0x1, @vbi={0xf2a, 0x1f, 0xfffffff9, 0x39565559, [0x3, 0x2], [0x3b, 0xd7a], 0x1}}, 0x6}) ioctl$SNAPSHOT_UNFREEZE(r4, 0x3302) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) [ 1402.461950] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1402.467314] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1402.471470] __vb2_queue_alloc+0x47a/0xd90 [ 1402.475718] vb2_core_create_bufs+0x279/0x5a0 [ 1402.480219] ? __vb2_queue_free+0x7a0/0x7a0 [ 1402.484546] ? trace_hardirqs_on+0x10/0x10 [ 1402.488787] ? __lock_acquire+0x5fc/0x3f20 [ 1402.493034] vb2_create_bufs+0x2e1/0x5b0 [ 1402.497103] ? futex_wait_queue_me+0x3bb/0x590 [ 1402.501688] ? vb2_thread_start+0x310/0x310 [ 1402.506017] ? trace_hardirqs_on+0x10/0x10 [ 1402.510258] vb2_ioctl_create_bufs+0x1f7/0x330 13:05:43 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000001c0)={0x20, 0x3ff, 0x3, {0x1, @vbi={0xf2a, 0x1f, 0xfffffff9, 0x39565559, [0x3, 0x2], [0x3b, 0xd7a], 0x1}}, 0x6}) ioctl$SNAPSHOT_UNFREEZE(r3, 0x3302) 13:05:44 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000001c0)={0x20, 0x3ff, 0x3, {0x1, @vbi={0xf2a, 0x1f, 0xfffffff9, 0x39565559, [0x3, 0x2], [0x3b, 0xd7a], 0x1}}, 0x6}) 13:05:44 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) [ 1402.514848] v4l_create_bufs+0xa4/0x150 [ 1402.518827] __video_do_ioctl+0x65b/0x6a0 [ 1402.522978] ? video_ioctl2+0x30/0x30 [ 1402.526781] ? __might_fault+0x177/0x1b0 [ 1402.530848] ? video_ioctl2+0x30/0x30 [ 1402.534647] video_usercopy+0xfd/0xe70 [ 1402.538539] ? v4l_g_ctrl+0x390/0x390 [ 1402.542424] ? lock_acquire+0x170/0x3f0 [ 1402.546402] ? lock_downgrade+0x740/0x740 [ 1402.550552] ? trace_hardirqs_on+0x10/0x10 [ 1402.554789] ? futex_exit_release+0x220/0x220 [ 1402.559294] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1402.564397] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1402.569413] v4l2_ioctl+0x1bb/0x2f0 [ 1402.573040] ? v4l2_open+0x2f0/0x2f0 [ 1402.576752] do_vfs_ioctl+0x75a/0xff0 [ 1402.580557] ? ioctl_preallocate+0x1a0/0x1a0 [ 1402.584963] ? lock_downgrade+0x740/0x740 [ 1402.589112] ? __fget+0x225/0x360 [ 1402.592686] ? do_vfs_ioctl+0xff0/0xff0 [ 1402.596737] ? security_file_ioctl+0x83/0xb0 [ 1402.601131] SyS_ioctl+0x7f/0xb0 [ 1402.604480] ? do_vfs_ioctl+0xff0/0xff0 [ 1402.608443] do_syscall_64+0x1d5/0x640 [ 1402.612329] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1402.617508] RIP: 0033:0x466459 [ 1402.620676] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1402.628366] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1402.635617] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1402.642888] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1402.650142] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1402.657393] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:05:44 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) [ 1402.676910] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1402.698765] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1402.720767] CPU: 0 PID: 30484 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1402.728677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1402.738088] Call Trace: [ 1402.740666] dump_stack+0x1b2/0x281 [ 1402.744329] warn_alloc.cold+0x96/0x1cc [ 1402.748332] ? zone_watermark_ok_safe+0x220/0x220 [ 1402.753151] ? trace_hardirqs_on+0x10/0x10 [ 1402.757388] ? deref_stack_reg+0x124/0x1a0 [ 1402.761607] ? fs_reclaim_release+0xd0/0x110 [ 1402.766839] __vmalloc_node_range+0x10e/0x150 [ 1402.771317] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1402.776708] vmalloc_user+0x47/0xa0 [ 1402.780355] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1402.784663] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1402.790018] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1402.794155] __vb2_queue_alloc+0x47a/0xd90 [ 1402.798376] vb2_core_create_bufs+0x279/0x5a0 [ 1402.802851] ? __vb2_queue_free+0x7a0/0x7a0 [ 1402.807158] ? trace_hardirqs_on+0x10/0x10 [ 1402.811372] ? __lock_acquire+0x5fc/0x3f20 [ 1402.815587] vb2_create_bufs+0x2e1/0x5b0 [ 1402.819628] ? vb2_thread_start+0x310/0x310 [ 1402.823927] ? trace_hardirqs_on+0x10/0x10 [ 1402.828147] ? mark_held_locks+0xa6/0xf0 [ 1402.832193] ? trace_hardirqs_on+0x10/0x10 [ 1402.836410] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1402.840976] v4l_create_bufs+0xa4/0x150 [ 1402.844929] __video_do_ioctl+0x65b/0x6a0 [ 1402.849057] ? video_ioctl2+0x30/0x30 [ 1402.852838] ? __might_fault+0x177/0x1b0 [ 1402.856875] ? video_ioctl2+0x30/0x30 [ 1402.860650] video_usercopy+0xfd/0xe70 [ 1402.864517] ? v4l_g_ctrl+0x390/0x390 [ 1402.868296] ? lock_acquire+0x170/0x3f0 [ 1402.872249] ? trace_hardirqs_on+0x10/0x10 [ 1402.876464] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1402.881460] v4l2_ioctl+0x1bb/0x2f0 [ 1402.885061] ? v4l2_open+0x2f0/0x2f0 [ 1402.888767] do_vfs_ioctl+0x75a/0xff0 [ 1402.892572] ? ioctl_preallocate+0x1a0/0x1a0 [ 1402.896957] ? lock_downgrade+0x740/0x740 [ 1402.901089] ? __fget+0x225/0x360 [ 1402.904518] ? do_vfs_ioctl+0xff0/0xff0 [ 1402.908474] ? security_file_ioctl+0x83/0xb0 [ 1402.912859] SyS_ioctl+0x7f/0xb0 [ 1402.916199] ? do_vfs_ioctl+0xff0/0xff0 [ 1402.920160] do_syscall_64+0x1d5/0x640 [ 1402.924030] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1402.929197] RIP: 0033:0x466459 [ 1402.932362] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1402.940048] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1402.947356] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1402.954666] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1402.961979] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1402.969231] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1402.982819] warn_alloc_show_mem: 1 callbacks suppressed [ 1402.982822] Mem-Info: [ 1402.991121] active_anon:222047 inactive_anon:6741 isolated_anon:0 [ 1402.991121] active_file:6840 inactive_file:43965 isolated_file:0 [ 1402.991121] unevictable:0 dirty:158 writeback:0 unstable:0 [ 1402.991121] slab_reclaimable:21888 slab_unreclaimable:129980 [ 1402.991121] mapped:62004 shmem:6935 pagetables:15941 bounce:0 [ 1402.991121] free:1182535 free_pcp:374 free_cma:0 [ 1403.026237] Node 0 active_anon:888188kB inactive_anon:26964kB active_file:27236kB inactive_file:175860kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248028kB dirty:632kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 755712kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1403.054969] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1403.080955] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.107681] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1403.112735] Node 0 DMA32 free:673312kB min:36200kB low:45248kB high:54296kB active_anon:888188kB inactive_anon:26964kB active_file:27236kB inactive_file:175860kB unevictable:0kB writepending:636kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27168kB pagetables:63764kB bounce:0kB free_pcp:1480kB local_pcp:708kB free_cma:0kB [ 1403.143000] lowmem_reserve[]: 0 0 0 0 0 [ 1403.147098] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.173109] lowmem_reserve[]: 0 0 0 0 0 [ 1403.177582] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1403.205878] lowmem_reserve[]: 0 0 0 0 0 [ 1403.209851] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1403.224405] Node 0 DMA32: 762*4kB (UME) 104*8kB (UME) 14*16kB (UME) 20*32kB (UME) 46*64kB (UM) 14*128kB (UM) 30*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 3*2048kB (UM) 156*4096kB (UM) = 673032kB [ 1403.242289] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1403.253813] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1403.271177] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1403.280738] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1403.290410] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1403.299781] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1403.308798] 25197 total pagecache pages [ 1403.312763] 0 pages in swap cache [ 1403.317025] Swap cache stats: add 0, delete 0, find 0/0 [ 1403.322399] Free swap = 0kB [ 1403.326283] Total swap = 0kB [ 1403.329298] 2097051 pages RAM 13:05:44 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:44 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) pipe(&(0x7f00000008c0)) 13:05:44 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:44 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:44 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:44 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) [ 1403.332396] 0 pages HighMem/MovableOnly [ 1403.337219] 363849 pages reserved [ 1403.340661] 0 pages cma reserved [ 1403.396624] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1403.415842] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1403.431104] CPU: 0 PID: 30515 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1403.439011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.448361] Call Trace: [ 1403.450950] dump_stack+0x1b2/0x281 [ 1403.454578] warn_alloc.cold+0x96/0x1cc [ 1403.458558] ? zone_watermark_ok_safe+0x220/0x220 [ 1403.463402] ? trace_hardirqs_on+0x10/0x10 [ 1403.467637] ? deref_stack_reg+0x124/0x1a0 [ 1403.471872] ? fs_reclaim_release+0xd0/0x110 [ 1403.476296] __vmalloc_node_range+0x10e/0x150 [ 1403.480779] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1403.486144] vmalloc_user+0x47/0xa0 [ 1403.489778] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1403.494078] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1403.499425] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1403.503588] __vb2_queue_alloc+0x47a/0xd90 [ 1403.507817] vb2_core_create_bufs+0x279/0x5a0 [ 1403.512298] ? __vb2_queue_free+0x7a0/0x7a0 [ 1403.516608] ? trace_hardirqs_on+0x10/0x10 [ 1403.520823] ? __lock_acquire+0x5fc/0x3f20 [ 1403.525041] vb2_create_bufs+0x2e1/0x5b0 [ 1403.529100] ? futex_wait_queue_me+0x3bb/0x590 [ 1403.533668] ? vb2_thread_start+0x310/0x310 [ 1403.537977] ? trace_hardirqs_on+0x10/0x10 [ 1403.542368] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1403.546929] v4l_create_bufs+0xa4/0x150 [ 1403.550895] __video_do_ioctl+0x65b/0x6a0 [ 1403.555130] ? video_ioctl2+0x30/0x30 [ 1403.558963] ? __might_fault+0x177/0x1b0 [ 1403.563035] ? video_ioctl2+0x30/0x30 [ 1403.566823] video_usercopy+0xfd/0xe70 [ 1403.570766] ? v4l_g_ctrl+0x390/0x390 [ 1403.574556] ? lock_acquire+0x170/0x3f0 [ 1403.578515] ? lock_downgrade+0x740/0x740 [ 1403.582642] ? trace_hardirqs_on+0x10/0x10 [ 1403.586899] ? futex_exit_release+0x220/0x220 [ 1403.591380] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1403.596504] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1403.601508] v4l2_ioctl+0x1bb/0x2f0 [ 1403.605263] ? v4l2_open+0x2f0/0x2f0 [ 1403.609100] do_vfs_ioctl+0x75a/0xff0 [ 1403.612912] ? ioctl_preallocate+0x1a0/0x1a0 [ 1403.617311] ? lock_downgrade+0x740/0x740 [ 1403.621442] ? __fget+0x225/0x360 [ 1403.624875] ? do_vfs_ioctl+0xff0/0xff0 [ 1403.628829] ? security_file_ioctl+0x83/0xb0 [ 1403.633223] SyS_ioctl+0x7f/0xb0 [ 1403.636570] ? do_vfs_ioctl+0xff0/0xff0 [ 1403.640583] do_syscall_64+0x1d5/0x640 13:05:45 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x30102, 0x0) [ 1403.644457] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1403.649631] RIP: 0033:0x466459 [ 1403.652860] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1403.660556] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1403.667803] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1403.675058] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1403.682322] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1403.689573] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:05:45 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) 13:05:45 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:45 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1403.725217] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1403.750741] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1403.771713] CPU: 0 PID: 30529 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1403.779626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.788977] Call Trace: [ 1403.791572] dump_stack+0x1b2/0x281 [ 1403.795206] warn_alloc.cold+0x96/0x1cc [ 1403.799181] ? zone_watermark_ok_safe+0x220/0x220 [ 1403.804017] ? trace_hardirqs_on+0x10/0x10 [ 1403.808358] ? deref_stack_reg+0x124/0x1a0 [ 1403.812573] ? fs_reclaim_release+0xd0/0x110 [ 1403.816961] __vmalloc_node_range+0x10e/0x150 [ 1403.821488] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1403.826835] vmalloc_user+0x47/0xa0 [ 1403.830439] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1403.834737] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1403.840080] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1403.844207] __vb2_queue_alloc+0x47a/0xd90 [ 1403.848425] vb2_core_create_bufs+0x279/0x5a0 [ 1403.852901] ? __vb2_queue_free+0x7a0/0x7a0 [ 1403.857207] ? trace_hardirqs_on+0x10/0x10 [ 1403.861431] ? __lock_acquire+0x5fc/0x3f20 [ 1403.866608] vb2_create_bufs+0x2e1/0x5b0 [ 1403.870649] ? vb2_thread_start+0x310/0x310 [ 1403.874948] ? trace_hardirqs_on+0x10/0x10 [ 1403.879159] ? trace_hardirqs_on+0x10/0x10 [ 1403.883373] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1403.887976] v4l_create_bufs+0xa4/0x150 [ 1403.891945] __video_do_ioctl+0x65b/0x6a0 [ 1403.896081] ? video_ioctl2+0x30/0x30 [ 1403.899860] ? __might_fault+0x177/0x1b0 [ 1403.903911] ? video_ioctl2+0x30/0x30 [ 1403.907694] video_usercopy+0xfd/0xe70 [ 1403.911567] ? v4l_g_ctrl+0x390/0x390 [ 1403.915366] ? lock_acquire+0x170/0x3f0 [ 1403.919319] ? trace_hardirqs_on+0x10/0x10 [ 1403.923533] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1403.928526] v4l2_ioctl+0x1bb/0x2f0 [ 1403.932141] ? v4l2_open+0x2f0/0x2f0 [ 1403.935838] do_vfs_ioctl+0x75a/0xff0 [ 1403.939620] ? ioctl_preallocate+0x1a0/0x1a0 [ 1403.944007] ? lock_downgrade+0x740/0x740 [ 1403.948173] ? __fget+0x225/0x360 [ 1403.951618] ? do_vfs_ioctl+0xff0/0xff0 [ 1403.955665] ? security_file_ioctl+0x83/0xb0 [ 1403.960057] SyS_ioctl+0x7f/0xb0 [ 1403.963404] ? do_vfs_ioctl+0xff0/0xff0 [ 1403.967366] do_syscall_64+0x1d5/0x640 [ 1403.971243] entry_SYSCALL_64_after_hwframe+0x46/0xbb 13:05:45 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) pipe(&(0x7f00000008c0)) [ 1403.976411] RIP: 0033:0x466459 [ 1403.979671] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1403.987368] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1403.994617] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1404.001866] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1404.009119] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1404.016369] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:05:45 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) [ 1404.041425] warn_alloc_show_mem: 1 callbacks suppressed [ 1404.041429] Mem-Info: [ 1404.049436] active_anon:223111 inactive_anon:6741 isolated_anon:0 [ 1404.049436] active_file:6840 inactive_file:43977 isolated_file:0 [ 1404.049436] unevictable:0 dirty:170 writeback:0 unstable:0 [ 1404.049436] slab_reclaimable:21889 slab_unreclaimable:129635 [ 1404.049436] mapped:62022 shmem:6935 pagetables:15985 bounce:0 [ 1404.049436] free:1181893 free_pcp:221 free_cma:0 [ 1404.090636] Node 0 active_anon:890328kB inactive_anon:26964kB active_file:27236kB inactive_file:175920kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248096kB dirty:680kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 753664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 13:05:45 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) 13:05:45 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)) [ 1404.119320] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1404.145853] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1404.172604] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1404.177956] Node 0 DMA32 free:672324kB min:36200kB low:45248kB high:54296kB active_anon:890328kB inactive_anon:26964kB active_file:27236kB inactive_file:175924kB unevictable:0kB writepending:684kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27296kB pagetables:63996kB bounce:0kB free_pcp:536kB local_pcp:28kB free_cma:0kB [ 1404.208412] lowmem_reserve[]: 0 0 0 0 0 [ 1404.212414] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1404.238160] lowmem_reserve[]: 0 0 0 0 0 [ 1404.242149] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1404.269830] lowmem_reserve[]: 0 0 0 0 0 [ 1404.273904] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1404.287611] Node 0 DMA32: 829*4kB (UME) 250*8kB (UME) 19*16kB (UME) 14*32kB (UME) 41*64kB (UM) 14*128kB (UM) 30*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 671988kB [ 1404.305655] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1404.316963] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1404.334736] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1404.344107] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1404.352692] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1404.362254] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1404.371408] 25209 total pagecache pages [ 1404.375909] 0 pages in swap cache [ 1404.379359] Swap cache stats: add 0, delete 0, find 0/0 [ 1404.385348] Free swap = 0kB [ 1404.388372] Total swap = 0kB [ 1404.391372] 2097051 pages RAM [ 1404.395481] 0 pages HighMem/MovableOnly [ 1404.399449] 363849 pages reserved [ 1404.402876] 0 pages cma reserved [ 1404.407358] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1404.418865] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1404.424547] CPU: 0 PID: 30538 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1404.432423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1404.441801] Call Trace: [ 1404.444391] dump_stack+0x1b2/0x281 [ 1404.448010] warn_alloc.cold+0x96/0x1cc [ 1404.451967] ? __lock_acquire+0x5fc/0x3f20 [ 1404.456189] ? zone_watermark_ok_safe+0x220/0x220 [ 1404.461017] ? trace_hardirqs_on+0x10/0x10 [ 1404.465235] ? deref_stack_reg+0x124/0x1a0 [ 1404.469454] ? fs_reclaim_release+0xd0/0x110 [ 1404.473846] __vmalloc_node_range+0x10e/0x150 [ 1404.478326] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1404.483763] vmalloc_user+0x47/0xa0 [ 1404.487371] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1404.491675] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1404.497020] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1404.501149] __vb2_queue_alloc+0x47a/0xd90 [ 1404.505380] vb2_core_create_bufs+0x279/0x5a0 [ 1404.509873] ? __vb2_queue_free+0x7a0/0x7a0 [ 1404.514183] ? trace_hardirqs_on+0x10/0x10 [ 1404.518397] ? __lock_acquire+0x5fc/0x3f20 [ 1404.522613] vb2_create_bufs+0x2e1/0x5b0 [ 1404.526660] ? vb2_thread_start+0x310/0x310 [ 1404.530962] ? trace_hardirqs_on+0x10/0x10 [ 1404.535190] ? mark_held_locks+0xa6/0xf0 [ 1404.539230] ? trace_hardirqs_on+0x10/0x10 [ 1404.543454] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1404.548051] v4l_create_bufs+0xa4/0x150 [ 1404.552007] __video_do_ioctl+0x65b/0x6a0 [ 1404.556138] ? video_ioctl2+0x30/0x30 [ 1404.559918] ? __might_fault+0x177/0x1b0 [ 1404.563956] ? video_ioctl2+0x30/0x30 [ 1404.567754] video_usercopy+0xfd/0xe70 [ 1404.571624] ? v4l_g_ctrl+0x390/0x390 [ 1404.575403] ? lock_acquire+0x170/0x3f0 [ 1404.579359] ? trace_hardirqs_on+0x10/0x10 [ 1404.583587] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1404.588613] v4l2_ioctl+0x1bb/0x2f0 [ 1404.592218] ? v4l2_open+0x2f0/0x2f0 [ 1404.595921] do_vfs_ioctl+0x75a/0xff0 [ 1404.599714] ? ioctl_preallocate+0x1a0/0x1a0 [ 1404.604114] ? lock_downgrade+0x740/0x740 [ 1404.608268] ? __fget+0x225/0x360 [ 1404.611734] ? do_vfs_ioctl+0xff0/0xff0 [ 1404.615693] ? security_file_ioctl+0x83/0xb0 [ 1404.620084] SyS_ioctl+0x7f/0xb0 [ 1404.623431] ? do_vfs_ioctl+0xff0/0xff0 [ 1404.627386] do_syscall_64+0x1d5/0x640 [ 1404.631268] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1404.636443] RIP: 0033:0x466459 [ 1404.639634] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1404.647425] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1404.654682] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1404.661942] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1404.669198] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1404.676455] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1404.700071] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1404.711194] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1404.717174] CPU: 1 PID: 30543 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1404.725068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1404.734402] Call Trace: [ 1404.736974] dump_stack+0x1b2/0x281 [ 1404.740682] warn_alloc.cold+0x96/0x1cc [ 1404.744649] ? zone_watermark_ok_safe+0x220/0x220 [ 1404.749475] ? trace_hardirqs_on+0x10/0x10 [ 1404.753740] ? deref_stack_reg+0x124/0x1a0 [ 1404.757957] ? fs_reclaim_release+0xd0/0x110 [ 1404.762346] __vmalloc_node_range+0x10e/0x150 [ 1404.766823] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1404.772284] vmalloc_user+0x47/0xa0 [ 1404.775888] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1404.780200] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1404.785554] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1404.789685] __vb2_queue_alloc+0x47a/0xd90 [ 1404.793904] vb2_core_create_bufs+0x279/0x5a0 [ 1404.798421] ? __vb2_queue_free+0x7a0/0x7a0 [ 1404.802722] ? trace_hardirqs_on+0x10/0x10 [ 1404.806937] ? __lock_acquire+0x5fc/0x3f20 [ 1404.811150] vb2_create_bufs+0x2e1/0x5b0 [ 1404.815194] ? vb2_thread_start+0x310/0x310 [ 1404.819491] ? trace_hardirqs_on+0x10/0x10 [ 1404.823710] ? mark_held_locks+0xa6/0xf0 [ 1404.827809] ? trace_hardirqs_on+0x10/0x10 [ 1404.832023] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1404.836632] v4l_create_bufs+0xa4/0x150 [ 1404.840582] __video_do_ioctl+0x65b/0x6a0 [ 1404.844709] ? video_ioctl2+0x30/0x30 [ 1404.848484] ? __might_fault+0x177/0x1b0 [ 1404.852521] ? video_ioctl2+0x30/0x30 [ 1404.856309] video_usercopy+0xfd/0xe70 [ 1404.860175] ? v4l_g_ctrl+0x390/0x390 [ 1404.863964] ? lock_acquire+0x170/0x3f0 [ 1404.867925] ? trace_hardirqs_on+0x10/0x10 [ 1404.872137] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1404.877132] v4l2_ioctl+0x1bb/0x2f0 [ 1404.880745] ? v4l2_open+0x2f0/0x2f0 [ 1404.884449] do_vfs_ioctl+0x75a/0xff0 [ 1404.888225] ? ioctl_preallocate+0x1a0/0x1a0 [ 1404.892607] ? lock_downgrade+0x740/0x740 [ 1404.896747] ? __fget+0x225/0x360 [ 1404.900174] ? do_vfs_ioctl+0xff0/0xff0 [ 1404.904125] ? security_file_ioctl+0x83/0xb0 [ 1404.908509] SyS_ioctl+0x7f/0xb0 [ 1404.911860] ? do_vfs_ioctl+0xff0/0xff0 [ 1404.915817] do_syscall_64+0x1d5/0x640 [ 1404.919683] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1404.924848] RIP: 0033:0x466459 [ 1404.928013] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1404.935695] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1404.942938] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1404.950239] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1404.957495] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1404.964746] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 13:05:46 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:46 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) 13:05:46 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:46 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}}) 13:05:46 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:46 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:46 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) [ 1405.047220] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1405.080516] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1405.096317] CPU: 1 PID: 30556 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1405.104265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.113616] Call Trace: [ 1405.116208] dump_stack+0x1b2/0x281 [ 1405.119840] warn_alloc.cold+0x96/0x1cc [ 1405.123821] ? zone_watermark_ok_safe+0x220/0x220 [ 1405.128663] ? trace_hardirqs_on+0x10/0x10 [ 1405.132928] ? deref_stack_reg+0x124/0x1a0 [ 1405.137167] ? fs_reclaim_release+0xd0/0x110 [ 1405.141581] __vmalloc_node_range+0x10e/0x150 13:05:46 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) 13:05:46 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) 13:05:46 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) [ 1405.146091] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1405.151461] vmalloc_user+0x47/0xa0 [ 1405.155093] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1405.159413] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1405.164777] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1405.168928] __vb2_queue_alloc+0x47a/0xd90 [ 1405.173186] vb2_core_create_bufs+0x279/0x5a0 [ 1405.177683] ? __vb2_queue_free+0x7a0/0x7a0 [ 1405.182014] ? trace_hardirqs_on+0x10/0x10 [ 1405.186247] ? __lock_acquire+0x5fc/0x3f20 [ 1405.190485] vb2_create_bufs+0x2e1/0x5b0 13:05:46 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) 13:05:46 executing program 5: fanotify_init(0x0, 0x800) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) [ 1405.194548] ? futex_wait_queue_me+0x3bb/0x590 [ 1405.199135] ? vb2_thread_start+0x310/0x310 [ 1405.203451] ? trace_hardirqs_on+0x10/0x10 [ 1405.207685] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1405.212269] v4l_create_bufs+0xa4/0x150 [ 1405.216251] __video_do_ioctl+0x65b/0x6a0 [ 1405.220412] ? video_ioctl2+0x30/0x30 [ 1405.224211] ? __might_fault+0x177/0x1b0 [ 1405.228270] ? video_ioctl2+0x30/0x30 [ 1405.232069] video_usercopy+0xfd/0xe70 [ 1405.235956] ? v4l_g_ctrl+0x390/0x390 [ 1405.239756] ? lock_acquire+0x170/0x3f0 [ 1405.243727] ? lock_downgrade+0x740/0x740 [ 1405.247876] ? trace_hardirqs_on+0x10/0x10 [ 1405.252146] ? futex_exit_release+0x220/0x220 [ 1405.256631] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1405.261726] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1405.266739] v4l2_ioctl+0x1bb/0x2f0 [ 1405.270345] ? v4l2_open+0x2f0/0x2f0 [ 1405.274045] do_vfs_ioctl+0x75a/0xff0 [ 1405.277847] ? ioctl_preallocate+0x1a0/0x1a0 [ 1405.282237] ? lock_downgrade+0x740/0x740 [ 1405.286368] ? __fget+0x225/0x360 [ 1405.289817] ? do_vfs_ioctl+0xff0/0xff0 [ 1405.293778] ? security_file_ioctl+0x83/0xb0 [ 1405.298184] SyS_ioctl+0x7f/0xb0 [ 1405.301549] ? do_vfs_ioctl+0xff0/0xff0 [ 1405.305518] do_syscall_64+0x1d5/0x640 [ 1405.309387] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1405.314554] RIP: 0033:0x466459 [ 1405.317721] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1405.325422] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1405.332683] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1405.339948] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1405.347214] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1405.354465] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1405.362504] warn_alloc_show_mem: 2 callbacks suppressed [ 1405.362507] Mem-Info: [ 1405.371106] active_anon:222560 inactive_anon:6741 isolated_anon:0 [ 1405.371106] active_file:6840 inactive_file:43991 isolated_file:0 [ 1405.371106] unevictable:0 dirty:185 writeback:0 unstable:0 [ 1405.371106] slab_reclaimable:21887 slab_unreclaimable:129996 [ 1405.371106] mapped:62038 shmem:6935 pagetables:15960 bounce:0 [ 1405.371106] free:1181823 free_pcp:201 free_cma:0 [ 1405.405486] Node 0 active_anon:890240kB inactive_anon:26964kB active_file:27236kB inactive_file:175964kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248172kB dirty:752kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1405.434147] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1405.459993] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1405.486314] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1405.491346] Node 0 DMA32 free:670316kB min:36200kB low:45248kB high:54296kB active_anon:890240kB inactive_anon:26964kB active_file:27236kB inactive_file:175964kB unevictable:0kB writepending:756kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27232kB pagetables:63840kB bounce:0kB free_pcp:780kB local_pcp:128kB free_cma:0kB [ 1405.521470] lowmem_reserve[]: 0 0 0 0 0 [ 1405.525530] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1405.551110] lowmem_reserve[]: 0 0 0 0 0 [ 1405.555177] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1405.582855] lowmem_reserve[]: 0 0 0 0 0 [ 1405.586904] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1405.600607] Node 0 DMA32: 879*4kB (UME) 303*8kB (UME) 7*16kB (ME) 3*32kB (UE) 33*64kB (UM) 13*128kB (UM) 30*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 671428kB [ 1405.617759] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1405.628522] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1405.647187] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1405.656235] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1405.664884] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1405.673774] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1405.682347] 25224 total pagecache pages [ 1405.686377] 0 pages in swap cache [ 1405.689827] Swap cache stats: add 0, delete 0, find 0/0 [ 1405.695247] Free swap = 0kB [ 1405.698260] Total swap = 0kB [ 1405.701267] 2097051 pages RAM [ 1405.704424] 0 pages HighMem/MovableOnly [ 1405.708382] 363849 pages reserved [ 1405.711813] 0 pages cma reserved [ 1405.715476] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1405.726855] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1405.732097] CPU: 1 PID: 30558 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1405.739970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.749318] Call Trace: [ 1405.751897] dump_stack+0x1b2/0x281 [ 1405.755513] warn_alloc.cold+0x96/0x1cc [ 1405.759472] ? zone_watermark_ok_safe+0x220/0x220 [ 1405.764302] ? trace_hardirqs_on+0x10/0x10 [ 1405.768636] ? deref_stack_reg+0x124/0x1a0 [ 1405.772859] ? fs_reclaim_release+0xd0/0x110 [ 1405.777253] __vmalloc_node_range+0x10e/0x150 [ 1405.781734] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1405.787085] vmalloc_user+0x47/0xa0 [ 1405.790707] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1405.795017] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1405.800367] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1405.804510] __vb2_queue_alloc+0x47a/0xd90 [ 1405.808741] vb2_core_create_bufs+0x279/0x5a0 [ 1405.813222] ? __vb2_queue_free+0x7a0/0x7a0 [ 1405.817527] ? trace_hardirqs_on+0x10/0x10 [ 1405.821817] ? __lock_acquire+0x5fc/0x3f20 [ 1405.826057] vb2_create_bufs+0x2e1/0x5b0 [ 1405.830114] ? vb2_thread_start+0x310/0x310 [ 1405.834424] ? trace_hardirqs_on+0x10/0x10 [ 1405.838648] ? mark_held_locks+0xa6/0xf0 [ 1405.842689] ? trace_hardirqs_on+0x10/0x10 [ 1405.846908] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1405.851473] v4l_create_bufs+0xa4/0x150 [ 1405.855432] __video_do_ioctl+0x65b/0x6a0 [ 1405.859567] ? video_ioctl2+0x30/0x30 [ 1405.863351] ? __might_fault+0x177/0x1b0 [ 1405.867394] ? video_ioctl2+0x30/0x30 [ 1405.871185] video_usercopy+0xfd/0xe70 [ 1405.875198] ? v4l_g_ctrl+0x390/0x390 [ 1405.878995] ? lock_acquire+0x170/0x3f0 [ 1405.882968] ? trace_hardirqs_on+0x10/0x10 [ 1405.887304] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1405.892315] v4l2_ioctl+0x1bb/0x2f0 [ 1405.895935] ? v4l2_open+0x2f0/0x2f0 [ 1405.899633] do_vfs_ioctl+0x75a/0xff0 [ 1405.903424] ? ioctl_preallocate+0x1a0/0x1a0 [ 1405.907825] ? lock_downgrade+0x740/0x740 [ 1405.911962] ? __fget+0x225/0x360 [ 1405.915403] ? do_vfs_ioctl+0xff0/0xff0 [ 1405.919369] ? security_file_ioctl+0x83/0xb0 [ 1405.923772] SyS_ioctl+0x7f/0xb0 [ 1405.927131] ? do_vfs_ioctl+0xff0/0xff0 [ 1405.931092] do_syscall_64+0x1d5/0x640 [ 1405.934969] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1405.940297] RIP: 0033:0x466459 [ 1405.943472] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:05:47 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:05:47 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) 13:05:47 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:47 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}}) 13:05:47 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) [ 1405.951173] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1405.958428] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1405.965689] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1405.972950] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1405.980202] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:05:47 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) [ 1406.052774] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1406.070634] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1406.076766] CPU: 1 PID: 30590 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1406.084663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.094020] Call Trace: [ 1406.096618] dump_stack+0x1b2/0x281 [ 1406.100254] warn_alloc.cold+0x96/0x1cc [ 1406.104233] ? zone_watermark_ok_safe+0x220/0x220 [ 1406.109078] ? trace_hardirqs_on+0x10/0x10 [ 1406.113318] ? deref_stack_reg+0x124/0x1a0 [ 1406.117676] ? fs_reclaim_release+0xd0/0x110 [ 1406.122094] __vmalloc_node_range+0x10e/0x150 [ 1406.126596] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1406.131965] vmalloc_user+0x47/0xa0 [ 1406.135595] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1406.140009] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1406.145374] vb2_vmalloc_alloc+0xa6/0x2d0 13:05:47 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) [ 1406.149535] __vb2_queue_alloc+0x47a/0xd90 [ 1406.153784] vb2_core_create_bufs+0x279/0x5a0 [ 1406.158282] ? __vb2_queue_free+0x7a0/0x7a0 [ 1406.162698] ? trace_hardirqs_on+0x10/0x10 [ 1406.166935] ? __lock_acquire+0x5fc/0x3f20 [ 1406.171178] vb2_create_bufs+0x2e1/0x5b0 [ 1406.175245] ? futex_wait_queue_me+0x3bb/0x590 [ 1406.179832] ? vb2_thread_start+0x310/0x310 [ 1406.184157] ? trace_hardirqs_on+0x10/0x10 [ 1406.188398] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1406.192986] v4l_create_bufs+0xa4/0x150 [ 1406.196966] __video_do_ioctl+0x65b/0x6a0 13:05:47 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) 13:05:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, 0x0, &(0x7f0000000180)) [ 1406.201117] ? video_ioctl2+0x30/0x30 [ 1406.204924] ? __might_fault+0x177/0x1b0 [ 1406.208998] ? video_ioctl2+0x30/0x30 [ 1406.212797] video_usercopy+0xfd/0xe70 [ 1406.216685] ? v4l_g_ctrl+0x390/0x390 [ 1406.220484] ? lock_acquire+0x170/0x3f0 [ 1406.224458] ? lock_downgrade+0x740/0x740 [ 1406.228604] ? trace_hardirqs_on+0x10/0x10 [ 1406.232842] ? futex_exit_release+0x220/0x220 [ 1406.237436] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1406.242542] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1406.247567] v4l2_ioctl+0x1bb/0x2f0 13:05:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, 0x0, &(0x7f0000000180)) 13:05:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, 0x0, &(0x7f0000000180)) [ 1406.251190] ? v4l2_open+0x2f0/0x2f0 [ 1406.254901] do_vfs_ioctl+0x75a/0xff0 [ 1406.258707] ? ioctl_preallocate+0x1a0/0x1a0 [ 1406.263116] ? lock_downgrade+0x740/0x740 [ 1406.267269] ? __fget+0x225/0x360 [ 1406.270728] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.274705] ? security_file_ioctl+0x83/0xb0 [ 1406.279115] SyS_ioctl+0x7f/0xb0 [ 1406.282480] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.286454] do_syscall_64+0x1d5/0x640 [ 1406.290353] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1406.295552] RIP: 0033:0x466459 [ 1406.298740] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.306446] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1406.313714] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1406.320980] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1406.328286] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1406.335543] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1406.349052] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1406.361960] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1406.369024] CPU: 1 PID: 30589 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1406.377026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.386576] Call Trace: [ 1406.389163] dump_stack+0x1b2/0x281 [ 1406.392777] warn_alloc.cold+0x96/0x1cc [ 1406.396747] ? zone_watermark_ok_safe+0x220/0x220 [ 1406.401582] ? trace_hardirqs_on+0x10/0x10 [ 1406.405807] ? deref_stack_reg+0x124/0x1a0 [ 1406.410036] ? fs_reclaim_release+0xd0/0x110 [ 1406.414439] __vmalloc_node_range+0x10e/0x150 [ 1406.418927] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1406.424278] vmalloc_user+0x47/0xa0 [ 1406.427898] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1406.432200] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1406.437549] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1406.441688] __vb2_queue_alloc+0x47a/0xd90 [ 1406.445918] vb2_core_create_bufs+0x279/0x5a0 [ 1406.450397] ? __vb2_queue_free+0x7a0/0x7a0 [ 1406.454711] ? trace_hardirqs_on+0x10/0x10 [ 1406.458937] ? __lock_acquire+0x5fc/0x3f20 [ 1406.463155] vb2_create_bufs+0x2e1/0x5b0 [ 1406.467207] ? vb2_thread_start+0x310/0x310 [ 1406.471521] ? trace_hardirqs_on+0x10/0x10 [ 1406.475744] ? mark_held_locks+0xa6/0xf0 [ 1406.479785] ? trace_hardirqs_on+0x10/0x10 [ 1406.484009] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1406.488584] v4l_create_bufs+0xa4/0x150 [ 1406.492542] __video_do_ioctl+0x65b/0x6a0 [ 1406.496676] ? video_ioctl2+0x30/0x30 [ 1406.500458] ? __might_fault+0x177/0x1b0 [ 1406.504512] ? video_ioctl2+0x30/0x30 [ 1406.508303] video_usercopy+0xfd/0xe70 [ 1406.512181] ? v4l_g_ctrl+0x390/0x390 [ 1406.515998] ? lock_acquire+0x170/0x3f0 [ 1406.519985] ? trace_hardirqs_on+0x10/0x10 [ 1406.524213] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1406.529223] v4l2_ioctl+0x1bb/0x2f0 [ 1406.532838] ? v4l2_open+0x2f0/0x2f0 [ 1406.536540] do_vfs_ioctl+0x75a/0xff0 [ 1406.540324] ? ioctl_preallocate+0x1a0/0x1a0 [ 1406.544719] ? lock_downgrade+0x740/0x740 [ 1406.548859] ? __fget+0x225/0x360 [ 1406.552294] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.556252] ? security_file_ioctl+0x83/0xb0 [ 1406.560644] SyS_ioctl+0x7f/0xb0 [ 1406.564003] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.567970] do_syscall_64+0x1d5/0x640 [ 1406.571843] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1406.577014] RIP: 0033:0x466459 [ 1406.580185] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.588427] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1406.595681] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1406.602936] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1406.610189] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1406.617441] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1406.625589] warn_alloc_show_mem: 2 callbacks suppressed [ 1406.625592] Mem-Info: [ 1406.633452] active_anon:222587 inactive_anon:6741 isolated_anon:0 [ 1406.633452] active_file:6840 inactive_file:43992 isolated_file:0 [ 1406.633452] unevictable:0 dirty:192 writeback:0 unstable:0 [ 1406.633452] slab_reclaimable:21887 slab_unreclaimable:130009 [ 1406.633452] mapped:62071 shmem:6935 pagetables:15967 bounce:0 [ 1406.633452] free:1181922 free_pcp:360 free_cma:0 [ 1406.668105] Node 0 active_anon:890348kB inactive_anon:26964kB active_file:27236kB inactive_file:175968kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248284kB dirty:768kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 757760kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1406.696750] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1406.722712] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.749002] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1406.754101] Node 0 DMA32 free:669832kB min:36200kB low:45248kB high:54296kB active_anon:890348kB inactive_anon:26964kB active_file:27236kB inactive_file:175968kB unevictable:0kB writepending:768kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27232kB pagetables:63868kB bounce:0kB free_pcp:1420kB local_pcp:708kB free_cma:0kB [ 1406.784419] lowmem_reserve[]: 0 0 0 0 0 [ 1406.788424] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.814004] lowmem_reserve[]: 0 0 0 0 0 [ 1406.818086] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.845895] lowmem_reserve[]: 0 0 0 0 0 [ 1406.849884] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1406.863509] Node 0 DMA32: 848*4kB (UME) 192*8kB (UME) 12*16kB (UME) 4*32kB (ME) 17*64kB (U) 13*128kB (UM) 30*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 669504kB [ 1406.880741] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1406.891502] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1406.909066] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1406.917948] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1406.926586] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1406.935475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1406.944116] 25224 total pagecache pages [ 1406.948182] 0 pages in swap cache [ 1406.951615] Swap cache stats: add 0, delete 0, find 0/0 [ 1406.957006] Free swap = 0kB [ 1406.960015] Total swap = 0kB [ 1406.963013] 2097051 pages RAM [ 1406.966163] 0 pages HighMem/MovableOnly [ 1406.970169] 363849 pages reserved [ 1406.973665] 0 pages cma reserved [ 1406.977143] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1406.988580] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1406.994181] CPU: 1 PID: 30604 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1407.002136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1407.011479] Call Trace: [ 1407.014069] dump_stack+0x1b2/0x281 [ 1407.017693] warn_alloc.cold+0x96/0x1cc [ 1407.021713] ? zone_watermark_ok_safe+0x220/0x220 [ 1407.026539] ? trace_hardirqs_on+0x10/0x10 [ 1407.030766] ? deref_stack_reg+0x124/0x1a0 [ 1407.035004] ? fs_reclaim_release+0xd0/0x110 [ 1407.039405] __vmalloc_node_range+0x10e/0x150 [ 1407.043897] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1407.049340] vmalloc_user+0x47/0xa0 [ 1407.053011] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1407.057408] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1407.062757] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1407.066900] __vb2_queue_alloc+0x47a/0xd90 [ 1407.071140] vb2_core_create_bufs+0x279/0x5a0 [ 1407.075629] ? __vb2_queue_free+0x7a0/0x7a0 [ 1407.079950] ? trace_hardirqs_on+0x10/0x10 [ 1407.084176] ? __lock_acquire+0x5fc/0x3f20 [ 1407.088460] vb2_create_bufs+0x2e1/0x5b0 [ 1407.092552] ? vb2_thread_start+0x310/0x310 [ 1407.096875] ? trace_hardirqs_on+0x10/0x10 [ 1407.101093] ? mark_held_locks+0xa6/0xf0 [ 1407.105137] ? trace_hardirqs_on+0x10/0x10 [ 1407.109359] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1407.113941] v4l_create_bufs+0xa4/0x150 [ 1407.117912] __video_do_ioctl+0x65b/0x6a0 [ 1407.122061] ? video_ioctl2+0x30/0x30 [ 1407.125921] ? __might_fault+0x177/0x1b0 [ 1407.129965] ? video_ioctl2+0x30/0x30 [ 1407.133752] video_usercopy+0xfd/0xe70 [ 1407.137631] ? v4l_g_ctrl+0x390/0x390 [ 1407.141414] ? lock_acquire+0x170/0x3f0 [ 1407.145386] ? trace_hardirqs_on+0x10/0x10 [ 1407.149610] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1407.154632] v4l2_ioctl+0x1bb/0x2f0 [ 1407.158254] ? v4l2_open+0x2f0/0x2f0 [ 1407.161958] do_vfs_ioctl+0x75a/0xff0 [ 1407.165754] ? ioctl_preallocate+0x1a0/0x1a0 [ 1407.170262] ? lock_downgrade+0x740/0x740 [ 1407.174440] ? __fget+0x225/0x360 [ 1407.177887] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.181854] ? security_file_ioctl+0x83/0xb0 [ 1407.187277] SyS_ioctl+0x7f/0xb0 [ 1407.190625] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.194591] do_syscall_64+0x1d5/0x640 [ 1407.198477] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1407.203653] RIP: 0033:0x466459 13:05:48 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) [ 1407.206832] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1407.214528] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1407.221791] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1407.229055] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1407.236324] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1407.243589] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 13:05:48 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000140), 0x0) 13:05:48 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}}) 13:05:48 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:05:48 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1407.329953] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 13:05:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000140), 0x0) 13:05:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000140), 0x0) [ 1407.375651] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1407.381268] CPU: 0 PID: 30621 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1407.389160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1407.398512] Call Trace: [ 1407.401107] dump_stack+0x1b2/0x281 [ 1407.404748] warn_alloc.cold+0x96/0x1cc [ 1407.408725] ? zone_watermark_ok_safe+0x220/0x220 [ 1407.413561] ? trace_hardirqs_on+0x10/0x10 [ 1407.417841] ? deref_stack_reg+0x124/0x1a0 [ 1407.422066] ? fs_reclaim_release+0xd0/0x110 [ 1407.426464] __vmalloc_node_range+0x10e/0x150 [ 1407.430947] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1407.436300] vmalloc_user+0x47/0xa0 [ 1407.439919] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1407.444223] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1407.449576] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1407.453715] __vb2_queue_alloc+0x47a/0xd90 [ 1407.458008] vb2_core_create_bufs+0x279/0x5a0 [ 1407.462485] ? __vb2_queue_free+0x7a0/0x7a0 [ 1407.466838] ? trace_hardirqs_on+0x10/0x10 [ 1407.471054] ? __lock_acquire+0x5fc/0x3f20 [ 1407.475273] vb2_create_bufs+0x2e1/0x5b0 [ 1407.479374] ? futex_wait_queue_me+0x3bb/0x590 [ 1407.483950] ? vb2_thread_start+0x310/0x310 [ 1407.488262] ? trace_hardirqs_on+0x10/0x10 [ 1407.492477] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1407.497041] v4l_create_bufs+0xa4/0x150 [ 1407.500999] __video_do_ioctl+0x65b/0x6a0 [ 1407.505142] ? video_ioctl2+0x30/0x30 [ 1407.508945] ? __might_fault+0x177/0x1b0 [ 1407.512986] ? video_ioctl2+0x30/0x30 [ 1407.516774] video_usercopy+0xfd/0xe70 [ 1407.520647] ? v4l_g_ctrl+0x390/0x390 [ 1407.524428] ? lock_acquire+0x170/0x3f0 [ 1407.528384] ? lock_downgrade+0x740/0x740 [ 1407.532514] ? trace_hardirqs_on+0x10/0x10 [ 1407.536732] ? futex_exit_release+0x220/0x220 [ 1407.541210] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1407.546297] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1407.551293] v4l2_ioctl+0x1bb/0x2f0 [ 1407.554900] ? v4l2_open+0x2f0/0x2f0 [ 1407.558599] do_vfs_ioctl+0x75a/0xff0 [ 1407.562498] ? ioctl_preallocate+0x1a0/0x1a0 [ 1407.566898] ? lock_downgrade+0x740/0x740 [ 1407.571041] ? __fget+0x225/0x360 [ 1407.574478] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.578449] ? security_file_ioctl+0x83/0xb0 [ 1407.582943] SyS_ioctl+0x7f/0xb0 [ 1407.586291] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.590246] do_syscall_64+0x1d5/0x640 [ 1407.594116] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1407.599285] RIP: 0033:0x466459 [ 1407.602451] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1407.610136] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1407.617384] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 13:05:49 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) [ 1407.624638] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1407.631897] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1407.639155] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1407.649238] warn_alloc_show_mem: 1 callbacks suppressed [ 1407.649241] Mem-Info: [ 1407.657649] active_anon:222582 inactive_anon:6741 isolated_anon:0 [ 1407.657649] active_file:6840 inactive_file:44002 isolated_file:0 [ 1407.657649] unevictable:0 dirty:210 writeback:0 unstable:0 13:05:49 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) [ 1407.657649] slab_reclaimable:21862 slab_unreclaimable:130252 [ 1407.657649] mapped:62070 shmem:6935 pagetables:15961 bounce:0 [ 1407.657649] free:1181661 free_pcp:267 free_cma:0 [ 1407.692512] Node 0 active_anon:890340kB inactive_anon:26964kB active_file:27236kB inactive_file:176008kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248280kB dirty:840kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 755712kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 13:05:49 executing program 5: fanotify_init(0x0, 0x800) fanotify_init(0x0, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x5, 0x3, 0x4, 0x10000, 0x1000, {0x77359400}, {0x4, 0x0, 0x29, 0x1, 0x71, 0x2, "10df0a6f"}, 0x9, 0x6, @offset=0x10000, 0xfffffff9, 0x0, r2}) 13:05:49 executing program 5: fanotify_init(0x1e, 0x0) fanotify_init(0x10, 0x80000) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) clock_gettime(0x4, &(0x7f0000000080)) [ 1407.721687] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1407.747975] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1407.775213] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1407.780496] Node 0 DMA32 free:669420kB min:36200kB low:45248kB high:54296kB active_anon:890340kB inactive_anon:26964kB active_file:27236kB inactive_file:176008kB unevictable:0kB writepending:852kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27264kB pagetables:63992kB bounce:0kB free_pcp:996kB local_pcp:496kB free_cma:0kB [ 1407.811003] lowmem_reserve[]: 0 0 0 0 0 [ 1407.815377] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1407.841498] lowmem_reserve[]: 0 0 0 0 0 [ 1407.846064] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1407.874490] lowmem_reserve[]: 0 0 0 0 0 [ 1407.878494] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1407.892779] Node 0 DMA32: 802*4kB (UME) 227*8kB (UME) 12*16kB (UME) 8*32kB (UME) 11*64kB (UM) 13*128kB (UM) 30*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 669344kB [ 1407.910941] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1407.922021] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1407.939548] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1407.948856] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1407.957732] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1407.966732] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1407.975460] 25249 total pagecache pages [ 1407.979459] 0 pages in swap cache [ 1407.982987] Swap cache stats: add 0, delete 0, find 0/0 [ 1407.988402] Free swap = 0kB [ 1407.991408] Total swap = 0kB [ 1407.994475] 2097051 pages RAM [ 1407.997566] 0 pages HighMem/MovableOnly [ 1408.001622] 363849 pages reserved [ 1408.005124] 0 pages cma reserved [ 1408.008660] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1408.019978] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1408.025210] CPU: 0 PID: 30628 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1408.033201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1408.042549] Call Trace: [ 1408.045138] dump_stack+0x1b2/0x281 [ 1408.048761] warn_alloc.cold+0x96/0x1cc [ 1408.052722] ? zone_watermark_ok_safe+0x220/0x220 [ 1408.057556] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1408.062872] ? fs_reclaim_release+0xd0/0x110 [ 1408.067269] __vmalloc_node_range+0x10e/0x150 [ 1408.071750] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1408.077104] vmalloc_user+0x47/0xa0 [ 1408.080721] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1408.085027] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1408.090372] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1408.094524] __vb2_queue_alloc+0x47a/0xd90 [ 1408.098762] vb2_core_create_bufs+0x279/0x5a0 [ 1408.103249] ? __vb2_queue_free+0x7a0/0x7a0 [ 1408.107568] ? trace_hardirqs_on+0x10/0x10 [ 1408.111804] ? __lock_acquire+0x5fc/0x3f20 [ 1408.116026] vb2_create_bufs+0x2e1/0x5b0 [ 1408.120082] ? vb2_thread_start+0x310/0x310 [ 1408.124401] ? trace_hardirqs_on+0x10/0x10 [ 1408.128624] ? mark_held_locks+0xa6/0xf0 [ 1408.132688] ? trace_hardirqs_on+0x10/0x10 [ 1408.136916] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1408.141485] v4l_create_bufs+0xa4/0x150 [ 1408.145450] __video_do_ioctl+0x65b/0x6a0 [ 1408.149590] ? video_ioctl2+0x30/0x30 [ 1408.153380] ? __might_fault+0x177/0x1b0 [ 1408.157432] ? video_ioctl2+0x30/0x30 [ 1408.161223] video_usercopy+0xfd/0xe70 [ 1408.165104] ? v4l_g_ctrl+0x390/0x390 [ 1408.168887] ? lock_acquire+0x170/0x3f0 [ 1408.172848] ? trace_hardirqs_on+0x10/0x10 [ 1408.177068] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1408.182069] v4l2_ioctl+0x1bb/0x2f0 [ 1408.185692] ? v4l2_open+0x2f0/0x2f0 [ 1408.189402] do_vfs_ioctl+0x75a/0xff0 [ 1408.193188] ? ioctl_preallocate+0x1a0/0x1a0 [ 1408.197576] ? lock_downgrade+0x740/0x740 [ 1408.201727] ? __fget+0x225/0x360 [ 1408.205166] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.209133] ? security_file_ioctl+0x83/0xb0 [ 1408.213536] SyS_ioctl+0x7f/0xb0 [ 1408.216980] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.220936] do_syscall_64+0x1d5/0x640 [ 1408.224808] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1408.229989] RIP: 0033:0x466459 [ 1408.233181] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1408.240890] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1408.248162] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1408.255420] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1408.262771] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1408.270025] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:05:49 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:49 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:05:49 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x100, 0x0) read$snapshot(r0, &(0x7f0000000080)=""/232, 0xe8) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$vim2m_VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, &(0x7f0000000200)=0x2) ioctl$vim2m_VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000180)) 13:05:49 executing program 5: fanotify_init(0x1e, 0x0) fanotify_init(0x10, 0x80000) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) clock_gettime(0x4, &(0x7f0000000080)) 13:05:49 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:49 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}, 0x3}) [ 1408.333596] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1408.367204] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1408.372361] CPU: 0 PID: 30649 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 13:05:49 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000080)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:05:49 executing program 5: fanotify_init(0x1e, 0x0) fanotify_init(0x10, 0x80000) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) clock_gettime(0x4, &(0x7f0000000080)) 13:05:49 executing program 5: fanotify_init(0x1e, 0x0) fanotify_init(0x10, 0x80000) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) [ 1408.380243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1408.389599] Call Trace: [ 1408.392195] dump_stack+0x1b2/0x281 [ 1408.395833] warn_alloc.cold+0x96/0x1cc [ 1408.399813] ? zone_watermark_ok_safe+0x220/0x220 [ 1408.404658] ? trace_hardirqs_on+0x10/0x10 [ 1408.408900] ? deref_stack_reg+0x124/0x1a0 [ 1408.413145] ? fs_reclaim_release+0xd0/0x110 [ 1408.417560] __vmalloc_node_range+0x10e/0x150 [ 1408.422068] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1408.427434] vmalloc_user+0x47/0xa0 13:05:49 executing program 4 (fault-call:1 fault-nth:0): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:49 executing program 5: fanotify_init(0x1e, 0x0) fanotify_init(0x10, 0x80000) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) [ 1408.431065] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1408.435388] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1408.440754] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1408.444908] __vb2_queue_alloc+0x47a/0xd90 [ 1408.449153] vb2_core_create_bufs+0x279/0x5a0 [ 1408.453652] ? __vb2_queue_free+0x7a0/0x7a0 [ 1408.457980] ? trace_hardirqs_on+0x10/0x10 [ 1408.462215] ? __lock_acquire+0x5fc/0x3f20 [ 1408.466453] vb2_create_bufs+0x2e1/0x5b0 [ 1408.470520] ? futex_wait_queue_me+0x3bb/0x590 [ 1408.475111] ? vb2_thread_start+0x310/0x310 [ 1408.479439] ? trace_hardirqs_on+0x10/0x10 13:05:49 executing program 5: fanotify_init(0x1e, 0x0) fanotify_init(0x10, 0x80000) [ 1408.483681] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1408.488265] v4l_create_bufs+0xa4/0x150 [ 1408.492244] __video_do_ioctl+0x65b/0x6a0 [ 1408.496401] ? video_ioctl2+0x30/0x30 [ 1408.500205] ? __might_fault+0x177/0x1b0 [ 1408.504268] ? video_ioctl2+0x30/0x30 [ 1408.508070] video_usercopy+0xfd/0xe70 [ 1408.511962] ? v4l_g_ctrl+0x390/0x390 [ 1408.515759] ? lock_acquire+0x170/0x3f0 [ 1408.519733] ? lock_downgrade+0x740/0x740 [ 1408.523888] ? trace_hardirqs_on+0x10/0x10 [ 1408.528126] ? futex_exit_release+0x220/0x220 [ 1408.532626] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1408.537737] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1408.542761] v4l2_ioctl+0x1bb/0x2f0 [ 1408.546393] ? v4l2_open+0x2f0/0x2f0 [ 1408.550111] do_vfs_ioctl+0x75a/0xff0 [ 1408.553917] ? ioctl_preallocate+0x1a0/0x1a0 [ 1408.558327] ? lock_downgrade+0x740/0x740 [ 1408.562478] ? __fget+0x225/0x360 [ 1408.566017] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.569984] ? security_file_ioctl+0x83/0xb0 [ 1408.574376] SyS_ioctl+0x7f/0xb0 [ 1408.577749] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.581706] do_syscall_64+0x1d5/0x640 [ 1408.585579] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1408.590751] RIP: 0033:0x466459 [ 1408.593925] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1408.601624] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1408.608885] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1408.616142] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1408.623402] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1408.630652] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1408.638901] FAULT_INJECTION: forcing a failure. [ 1408.638901] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.652521] CPU: 0 PID: 30667 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1408.660416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1408.669773] Call Trace: [ 1408.672368] dump_stack+0x1b2/0x281 [ 1408.675995] should_fail.cold+0x10a/0x149 [ 1408.680132] should_failslab+0xd6/0x130 [ 1408.684181] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1408.689281] __kmalloc_node+0x38/0x70 [ 1408.693076] kvmalloc_node+0x46/0xd0 [ 1408.696860] ? video_ioctl2+0x30/0x30 [ 1408.700646] video_usercopy+0x330/0xe70 [ 1408.704615] ? v4l_g_ctrl+0x390/0x390 [ 1408.708404] ? proc_fail_nth_write+0x7b/0x180 [ 1408.712882] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1408.717848] ? trace_hardirqs_on+0x10/0x10 [ 1408.722088] ? fsnotify+0x974/0x11b0 [ 1408.725798] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1408.730717] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1408.735716] v4l2_ioctl+0x1bb/0x2f0 [ 1408.739323] ? v4l2_open+0x2f0/0x2f0 [ 1408.743030] do_vfs_ioctl+0x75a/0xff0 [ 1408.746822] ? ioctl_preallocate+0x1a0/0x1a0 [ 1408.751214] ? lock_downgrade+0x740/0x740 [ 1408.755347] ? __fget+0x225/0x360 [ 1408.758937] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.762900] ? security_file_ioctl+0x83/0xb0 [ 1408.767307] SyS_ioctl+0x7f/0xb0 [ 1408.770674] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.774642] do_syscall_64+0x1d5/0x640 [ 1408.778632] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1408.783818] RIP: 0033:0x466459 [ 1408.786998] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1408.794688] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1408.801941] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1408.809202] RBP: 00007f491b2441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1408.816475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1408.823730] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 [ 1408.832088] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1408.846156] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1408.851620] CPU: 1 PID: 30652 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1408.859496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1408.868891] Call Trace: [ 1408.871463] dump_stack+0x1b2/0x281 [ 1408.875072] warn_alloc.cold+0x96/0x1cc [ 1408.879024] ? zone_watermark_ok_safe+0x220/0x220 [ 1408.883852] ? trace_hardirqs_on+0x10/0x10 [ 1408.888075] ? deref_stack_reg+0x124/0x1a0 [ 1408.892290] ? fs_reclaim_release+0xd0/0x110 [ 1408.896680] __vmalloc_node_range+0x10e/0x150 [ 1408.901156] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1408.906519] vmalloc_user+0x47/0xa0 [ 1408.910135] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1408.914434] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1408.919822] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1408.923961] __vb2_queue_alloc+0x47a/0xd90 [ 1408.928187] vb2_core_create_bufs+0x279/0x5a0 [ 1408.932660] ? __vb2_queue_free+0x7a0/0x7a0 [ 1408.936961] ? trace_hardirqs_on+0x10/0x10 [ 1408.941223] ? __lock_acquire+0x5fc/0x3f20 [ 1408.945460] vb2_create_bufs+0x2e1/0x5b0 [ 1408.949521] ? vb2_thread_start+0x310/0x310 [ 1408.953837] ? trace_hardirqs_on+0x10/0x10 [ 1408.958064] ? mark_held_locks+0xa6/0xf0 [ 1408.962104] ? trace_hardirqs_on+0x10/0x10 [ 1408.966332] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1408.970908] v4l_create_bufs+0xa4/0x150 [ 1408.974862] __video_do_ioctl+0x65b/0x6a0 [ 1408.979006] ? video_ioctl2+0x30/0x30 [ 1408.982786] ? __might_fault+0x177/0x1b0 [ 1408.986832] ? video_ioctl2+0x30/0x30 [ 1408.990612] video_usercopy+0xfd/0xe70 [ 1408.994484] ? v4l_g_ctrl+0x390/0x390 [ 1408.998264] ? lock_acquire+0x170/0x3f0 [ 1409.002214] ? trace_hardirqs_on+0x10/0x10 [ 1409.006439] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1409.011532] v4l2_ioctl+0x1bb/0x2f0 [ 1409.015142] ? v4l2_open+0x2f0/0x2f0 [ 1409.018921] do_vfs_ioctl+0x75a/0xff0 [ 1409.022804] ? ioctl_preallocate+0x1a0/0x1a0 [ 1409.027194] ? lock_downgrade+0x740/0x740 [ 1409.031324] ? __fget+0x225/0x360 [ 1409.034756] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.038710] ? security_file_ioctl+0x83/0xb0 [ 1409.043112] SyS_ioctl+0x7f/0xb0 [ 1409.046466] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.050429] do_syscall_64+0x1d5/0x640 [ 1409.054300] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1409.059465] RIP: 0033:0x466459 [ 1409.062634] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1409.070322] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1409.077570] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1409.084827] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1409.092104] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1409.099369] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1409.110634] warn_alloc_show_mem: 2 callbacks suppressed [ 1409.110638] Mem-Info: [ 1409.118827] active_anon:222583 inactive_anon:6741 isolated_anon:0 [ 1409.118827] active_file:6840 inactive_file:44028 isolated_file:0 [ 1409.118827] unevictable:0 dirty:238 writeback:0 unstable:0 [ 1409.118827] slab_reclaimable:21861 slab_unreclaimable:130295 [ 1409.118827] mapped:62095 shmem:6935 pagetables:15967 bounce:0 [ 1409.118827] free:1181707 free_pcp:309 free_cma:0 [ 1409.154582] Node 0 active_anon:890332kB inactive_anon:26964kB active_file:27236kB inactive_file:176112kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248396kB dirty:956kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 757760kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1409.184150] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1409.210439] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1409.237000] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1409.242074] Node 0 DMA32 free:669320kB min:36200kB low:45248kB high:54296kB active_anon:890332kB inactive_anon:26964kB active_file:27236kB inactive_file:176112kB unevictable:0kB writepending:968kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27200kB pagetables:63868kB bounce:0kB free_pcp:1156kB local_pcp:624kB free_cma:0kB [ 1409.272355] lowmem_reserve[]: 0 0 0 0 0 [ 1409.276404] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1409.302077] lowmem_reserve[]: 0 0 0 0 0 [ 1409.306221] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1409.334494] lowmem_reserve[]: 0 0 0 0 0 [ 1409.338500] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1409.352805] Node 0 DMA32: 876*4kB (UME) 185*8kB (UME) 9*16kB (UME) 7*32kB (UME) 7*64kB (UM) 13*128kB (UM) 30*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 668968kB [ 1409.370521] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1409.381741] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1409.399542] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1409.408842] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1409.417849] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1409.427093] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 13:05:50 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:50 executing program 5: fanotify_init(0x10, 0x80000) 13:05:50 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:50 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x1, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:50 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) [ 1409.436143] 25266 total pagecache pages [ 1409.440118] 0 pages in swap cache [ 1409.444236] Swap cache stats: add 0, delete 0, find 0/0 [ 1409.449602] Free swap = 0kB [ 1409.452602] Total swap = 0kB [ 1409.456729] 2097051 pages RAM [ 1409.459833] 0 pages HighMem/MovableOnly [ 1409.464527] 363849 pages reserved [ 1409.467969] 0 pages cma reserved 13:05:51 executing program 5: fanotify_init(0x0, 0x80000) [ 1409.530422] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1409.546615] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1409.551925] CPU: 0 PID: 30682 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1409.559890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1409.569244] Call Trace: [ 1409.571839] dump_stack+0x1b2/0x281 [ 1409.575477] warn_alloc.cold+0x96/0x1cc 13:05:51 executing program 5: fanotify_init(0x0, 0x80000) 13:05:51 executing program 4 (fault-call:1 fault-nth:1): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:51 executing program 5: fanotify_init(0x0, 0x80000) [ 1409.579456] ? zone_watermark_ok_safe+0x220/0x220 [ 1409.584303] ? trace_hardirqs_on+0x10/0x10 [ 1409.588542] ? deref_stack_reg+0x124/0x1a0 [ 1409.592783] ? fs_reclaim_release+0xd0/0x110 [ 1409.597200] __vmalloc_node_range+0x10e/0x150 [ 1409.601704] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1409.607070] vmalloc_user+0x47/0xa0 [ 1409.610698] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1409.615019] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1409.620386] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1409.624535] __vb2_queue_alloc+0x47a/0xd90 13:05:51 executing program 5: fanotify_init(0x10, 0x0) [ 1409.628787] vb2_core_create_bufs+0x279/0x5a0 [ 1409.633293] ? __vb2_queue_free+0x7a0/0x7a0 [ 1409.637620] ? trace_hardirqs_on+0x10/0x10 [ 1409.641857] ? __lock_acquire+0x5fc/0x3f20 [ 1409.646095] vb2_create_bufs+0x2e1/0x5b0 [ 1409.650162] ? futex_wait_queue_me+0x3bb/0x590 [ 1409.654747] ? vb2_thread_start+0x310/0x310 [ 1409.659072] ? trace_hardirqs_on+0x10/0x10 [ 1409.663314] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1409.667899] v4l_create_bufs+0xa4/0x150 [ 1409.671876] __video_do_ioctl+0x65b/0x6a0 [ 1409.676027] ? video_ioctl2+0x30/0x30 [ 1409.679828] ? __might_fault+0x177/0x1b0 [ 1409.683890] ? video_ioctl2+0x30/0x30 [ 1409.687690] video_usercopy+0xfd/0xe70 [ 1409.691580] ? v4l_g_ctrl+0x390/0x390 [ 1409.695386] ? lock_acquire+0x170/0x3f0 [ 1409.699371] ? lock_downgrade+0x740/0x740 [ 1409.703518] ? trace_hardirqs_on+0x10/0x10 [ 1409.707745] ? futex_exit_release+0x220/0x220 [ 1409.712224] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1409.717311] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1409.722309] v4l2_ioctl+0x1bb/0x2f0 [ 1409.725927] ? v4l2_open+0x2f0/0x2f0 [ 1409.729624] do_vfs_ioctl+0x75a/0xff0 [ 1409.733408] ? ioctl_preallocate+0x1a0/0x1a0 [ 1409.737795] ? lock_downgrade+0x740/0x740 [ 1409.741923] ? __fget+0x225/0x360 [ 1409.745357] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.749328] ? security_file_ioctl+0x83/0xb0 [ 1409.753743] SyS_ioctl+0x7f/0xb0 [ 1409.757103] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.761062] do_syscall_64+0x1d5/0x640 [ 1409.765002] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1409.770184] RIP: 0033:0x466459 [ 1409.773363] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1409.781055] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1409.788314] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1409.795575] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1409.802836] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1409.810091] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1409.819763] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 13:05:51 executing program 5: fanotify_init(0x10, 0x0) [ 1409.830848] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1409.836056] CPU: 0 PID: 30685 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1409.843937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1409.853291] Call Trace: [ 1409.855883] dump_stack+0x1b2/0x281 [ 1409.859504] warn_alloc.cold+0x96/0x1cc [ 1409.863465] ? zone_watermark_ok_safe+0x220/0x220 [ 1409.868293] ? trace_hardirqs_on+0x10/0x10 [ 1409.872518] ? deref_stack_reg+0x124/0x1a0 [ 1409.876757] ? fs_reclaim_release+0xd0/0x110 13:05:51 executing program 5: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1409.881169] __vmalloc_node_range+0x10e/0x150 [ 1409.885671] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1409.891034] vmalloc_user+0x47/0xa0 [ 1409.894671] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1409.898991] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1409.904352] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1409.908503] __vb2_queue_alloc+0x47a/0xd90 [ 1409.912736] vb2_core_create_bufs+0x279/0x5a0 [ 1409.917311] ? __vb2_queue_free+0x7a0/0x7a0 [ 1409.921623] ? trace_hardirqs_on+0x10/0x10 [ 1409.925841] ? __lock_acquire+0x5fc/0x3f20 [ 1409.930125] vb2_create_bufs+0x2e1/0x5b0 [ 1409.934287] ? vb2_thread_start+0x310/0x310 [ 1409.938603] ? trace_hardirqs_on+0x10/0x10 [ 1409.942830] ? mark_held_locks+0xa6/0xf0 [ 1409.946882] ? trace_hardirqs_on+0x10/0x10 [ 1409.951107] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1409.955699] v4l_create_bufs+0xa4/0x150 [ 1409.959661] __video_do_ioctl+0x65b/0x6a0 [ 1409.963896] ? video_ioctl2+0x30/0x30 [ 1409.967691] ? __might_fault+0x177/0x1b0 [ 1409.971824] ? video_ioctl2+0x30/0x30 [ 1409.975615] video_usercopy+0xfd/0xe70 [ 1409.979551] ? v4l_g_ctrl+0x390/0x390 [ 1409.983346] ? lock_acquire+0x170/0x3f0 [ 1409.987314] ? trace_hardirqs_on+0x10/0x10 [ 1409.991534] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1409.996594] v4l2_ioctl+0x1bb/0x2f0 [ 1410.000213] ? v4l2_open+0x2f0/0x2f0 [ 1410.003918] do_vfs_ioctl+0x75a/0xff0 [ 1410.007705] ? ioctl_preallocate+0x1a0/0x1a0 [ 1410.012101] ? lock_downgrade+0x740/0x740 [ 1410.016234] ? __fget+0x225/0x360 [ 1410.019673] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.023636] ? security_file_ioctl+0x83/0xb0 [ 1410.028042] SyS_ioctl+0x7f/0xb0 [ 1410.031403] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.035369] do_syscall_64+0x1d5/0x640 [ 1410.039339] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1410.044519] RIP: 0033:0x466459 [ 1410.047690] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1410.055382] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1410.062744] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1410.069996] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1410.077247] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1410.084503] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1410.094012] FAULT_INJECTION: forcing a failure. [ 1410.094012] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.105286] CPU: 0 PID: 30701 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1410.113259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.122619] Call Trace: [ 1410.125216] dump_stack+0x1b2/0x281 [ 1410.128853] should_fail.cold+0x10a/0x149 [ 1410.132998] should_failslab+0xd6/0x130 [ 1410.136969] __kmalloc+0x2c1/0x400 [ 1410.140504] ? __vb2_queue_alloc+0xf4/0xd90 [ 1410.144827] __vb2_queue_alloc+0xf4/0xd90 [ 1410.148976] ? is_bpf_text_address+0xb8/0x150 [ 1410.153457] ? kernel_text_address+0xbd/0xf0 [ 1410.157853] vb2_core_create_bufs+0x279/0x5a0 [ 1410.162466] ? __vb2_queue_free+0x7a0/0x7a0 [ 1410.166776] ? trace_hardirqs_on+0x10/0x10 [ 1410.170994] ? __lock_acquire+0x5fc/0x3f20 [ 1410.175325] vb2_create_bufs+0x2e1/0x5b0 [ 1410.179473] ? vb2_thread_start+0x310/0x310 [ 1410.183790] ? trace_hardirqs_on+0x10/0x10 [ 1410.188025] ? mark_held_locks+0xa6/0xf0 [ 1410.192070] ? trace_hardirqs_on+0x10/0x10 [ 1410.196296] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1410.201065] v4l_create_bufs+0xa4/0x150 [ 1410.205024] __video_do_ioctl+0x65b/0x6a0 [ 1410.209158] ? video_ioctl2+0x30/0x30 [ 1410.212941] ? __might_fault+0x177/0x1b0 [ 1410.216984] ? video_ioctl2+0x30/0x30 [ 1410.222073] video_usercopy+0xfd/0xe70 [ 1410.226168] ? v4l_g_ctrl+0x390/0x390 [ 1410.229961] ? proc_fail_nth_write+0x7b/0x180 [ 1410.234465] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1410.239386] ? trace_hardirqs_on+0x10/0x10 [ 1410.243699] ? fsnotify+0x974/0x11b0 [ 1410.247404] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1410.252334] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1410.257342] v4l2_ioctl+0x1bb/0x2f0 [ 1410.260976] ? v4l2_open+0x2f0/0x2f0 [ 1410.264691] do_vfs_ioctl+0x75a/0xff0 [ 1410.268488] ? ioctl_preallocate+0x1a0/0x1a0 [ 1410.272893] ? lock_downgrade+0x740/0x740 [ 1410.277054] ? __fget+0x225/0x360 [ 1410.280489] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.284448] ? security_file_ioctl+0x83/0xb0 [ 1410.288840] SyS_ioctl+0x7f/0xb0 [ 1410.292187] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.296143] do_syscall_64+0x1d5/0x640 [ 1410.300033] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1410.305217] RIP: 0033:0x466459 [ 1410.308390] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1410.316082] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1410.323333] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1410.330593] RBP: 00007f491b2441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1410.338105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1410.345371] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 13:05:51 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:51 executing program 2 (fault-call:1 fault-nth:0): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:51 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:51 executing program 1 (fault-call:1 fault-nth:0): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:05:51 executing program 5 (fault-call:0 fault-nth:0): fanotify_init(0x10, 0x0) [ 1410.409527] FAULT_INJECTION: forcing a failure. [ 1410.409527] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.436210] CPU: 0 PID: 30712 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1410.444334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.453690] Call Trace: [ 1410.456283] dump_stack+0x1b2/0x281 [ 1410.459922] should_fail.cold+0x10a/0x149 [ 1410.464075] should_failslab+0xd6/0x130 [ 1410.468054] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1410.473159] __kmalloc_node+0x38/0x70 [ 1410.476952] kvmalloc_node+0x46/0xd0 [ 1410.480649] ? video_ioctl2+0x30/0x30 [ 1410.484444] video_usercopy+0x330/0xe70 [ 1410.488422] ? v4l_g_ctrl+0x390/0x390 [ 1410.492221] ? proc_fail_nth_write+0x7b/0x180 [ 1410.496714] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1410.501639] ? trace_hardirqs_on+0x10/0x10 [ 1410.505871] ? fsnotify+0x974/0x11b0 [ 1410.507517] FAULT_INJECTION: forcing a failure. [ 1410.507517] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.509578] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1410.509593] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1410.509611] v4l2_ioctl+0x1bb/0x2f0 [ 1410.534308] ? v4l2_open+0x2f0/0x2f0 [ 1410.538005] do_vfs_ioctl+0x75a/0xff0 [ 1410.541788] ? ioctl_preallocate+0x1a0/0x1a0 [ 1410.546177] ? lock_downgrade+0x740/0x740 [ 1410.550311] ? __fget+0x225/0x360 [ 1410.553748] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.557709] ? security_file_ioctl+0x83/0xb0 [ 1410.562102] SyS_ioctl+0x7f/0xb0 [ 1410.565458] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.569415] do_syscall_64+0x1d5/0x640 [ 1410.573288] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1410.578480] RIP: 0033:0x466459 [ 1410.581676] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1410.589368] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1410.596639] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1410.603893] RBP: 00007ff0a6d931d0 R08: 0000000000000000 R09: 0000000000000000 [ 1410.611143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1410.618393] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1410.625659] CPU: 1 PID: 30723 Comm: syz-executor.5 Not tainted 4.14.231-syzkaller #0 [ 1410.627973] FAULT_INJECTION: forcing a failure. [ 1410.627973] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.633539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.633543] Call Trace: [ 1410.633561] dump_stack+0x1b2/0x281 [ 1410.633574] should_fail.cold+0x10a/0x149 [ 1410.633588] should_failslab+0xd6/0x130 [ 1410.668364] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1410.673019] ? security_capable+0x88/0xb0 [ 1410.677153] fsnotify_alloc_group+0x41/0x2c0 [ 1410.681570] SyS_fanotify_init+0x144/0x640 [ 1410.685788] ? fanotify_write+0x480/0x480 [ 1410.689929] do_syscall_64+0x1d5/0x640 [ 1410.693808] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1410.698980] RIP: 0033:0x466459 [ 1410.702156] RSP: 002b:00007f8e665f1188 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 1410.709950] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1410.717201] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010 [ 1410.724456] RBP: 00007f8e665f11d0 R08: 0000000000000000 R09: 0000000000000000 [ 1410.731711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1410.738962] R13: 00007ffc8baee27f R14: 00007f8e665f1300 R15: 0000000000022000 [ 1410.746326] CPU: 0 PID: 30718 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 13:05:52 executing program 4 (fault-call:1 fault-nth:2): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1410.754212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.763564] Call Trace: [ 1410.766150] dump_stack+0x1b2/0x281 [ 1410.769776] should_fail.cold+0x10a/0x149 [ 1410.773920] should_failslab+0xd6/0x130 [ 1410.777909] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1410.783025] __kmalloc_node+0x38/0x70 [ 1410.786831] kvmalloc_node+0x46/0xd0 [ 1410.790548] ? video_ioctl2+0x30/0x30 [ 1410.794349] video_usercopy+0x330/0xe70 [ 1410.798326] ? v4l_g_ctrl+0x390/0x390 [ 1410.802147] ? proc_fail_nth_write+0x7b/0x180 [ 1410.806641] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1410.811572] ? trace_hardirqs_on+0x10/0x10 [ 1410.815810] ? fsnotify+0x974/0x11b0 [ 1410.819518] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1410.824429] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1410.829429] v4l2_ioctl+0x1bb/0x2f0 [ 1410.833036] ? v4l2_open+0x2f0/0x2f0 [ 1410.836732] do_vfs_ioctl+0x75a/0xff0 [ 1410.840659] ? ioctl_preallocate+0x1a0/0x1a0 [ 1410.845054] ? lock_downgrade+0x740/0x740 [ 1410.849189] ? __fget+0x225/0x360 [ 1410.852625] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.856584] ? security_file_ioctl+0x83/0xb0 [ 1410.861029] SyS_ioctl+0x7f/0xb0 [ 1410.864378] ? do_vfs_ioctl+0xff0/0xff0 [ 1410.868336] do_syscall_64+0x1d5/0x640 [ 1410.872217] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1410.877394] RIP: 0033:0x466459 [ 1410.880562] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1410.888251] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1410.895515] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1410.902893] RBP: 00007f5883dfa1d0 R08: 0000000000000000 R09: 0000000000000000 13:05:52 executing program 5 (fault-call:0 fault-nth:1): fanotify_init(0x10, 0x0) [ 1410.910153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1410.917411] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1410.929568] warn_alloc: 2 callbacks suppressed [ 1410.929572] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1410.948584] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1410.953907] CPU: 0 PID: 30722 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1410.955240] FAULT_INJECTION: forcing a failure. [ 1410.955240] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.961787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.961792] Call Trace: [ 1410.961811] dump_stack+0x1b2/0x281 [ 1410.961826] warn_alloc.cold+0x96/0x1cc [ 1410.961838] ? zone_watermark_ok_safe+0x220/0x220 [ 1410.961855] ? trace_hardirqs_on+0x10/0x10 [ 1411.001591] ? deref_stack_reg+0x124/0x1a0 [ 1411.005819] ? fs_reclaim_release+0xd0/0x110 [ 1411.010240] __vmalloc_node_range+0x10e/0x150 [ 1411.014741] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1411.020104] vmalloc_user+0x47/0xa0 [ 1411.023718] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1411.028023] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1411.033368] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1411.037501] __vb2_queue_alloc+0x47a/0xd90 [ 1411.041736] vb2_core_create_bufs+0x279/0x5a0 [ 1411.046327] ? __vb2_queue_free+0x7a0/0x7a0 [ 1411.050636] ? trace_hardirqs_on+0x10/0x10 [ 1411.054880] ? __lock_acquire+0x5fc/0x3f20 [ 1411.059117] vb2_create_bufs+0x2e1/0x5b0 [ 1411.063165] ? vb2_thread_start+0x310/0x310 [ 1411.067470] ? trace_hardirqs_on+0x10/0x10 [ 1411.071700] ? mark_held_locks+0xa6/0xf0 [ 1411.075765] ? trace_hardirqs_on+0x10/0x10 [ 1411.079985] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1411.084554] v4l_create_bufs+0xa4/0x150 [ 1411.088547] __video_do_ioctl+0x65b/0x6a0 [ 1411.092686] ? video_ioctl2+0x30/0x30 [ 1411.096490] ? __might_fault+0x177/0x1b0 [ 1411.100550] ? video_ioctl2+0x30/0x30 [ 1411.104337] video_usercopy+0xfd/0xe70 [ 1411.108214] ? v4l_g_ctrl+0x390/0x390 [ 1411.112005] ? lock_acquire+0x170/0x3f0 [ 1411.115972] ? trace_hardirqs_on+0x10/0x10 [ 1411.120195] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1411.125196] v4l2_ioctl+0x1bb/0x2f0 [ 1411.128806] ? v4l2_open+0x2f0/0x2f0 [ 1411.132506] do_vfs_ioctl+0x75a/0xff0 [ 1411.136292] ? ioctl_preallocate+0x1a0/0x1a0 [ 1411.140685] ? lock_downgrade+0x740/0x740 [ 1411.144822] ? __fget+0x225/0x360 [ 1411.148258] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.152219] ? security_file_ioctl+0x83/0xb0 [ 1411.156624] SyS_ioctl+0x7f/0xb0 [ 1411.159973] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.163933] do_syscall_64+0x1d5/0x640 [ 1411.167815] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.172996] RIP: 0033:0x466459 [ 1411.176166] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1411.183857] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1411.191197] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1411.198452] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1411.205730] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1411.212984] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1411.220271] CPU: 1 PID: 30729 Comm: syz-executor.5 Not tainted 4.14.231-syzkaller #0 [ 1411.221455] warn_alloc_show_mem: 2 callbacks suppressed [ 1411.221458] Mem-Info: [ 1411.228151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.228156] Call Trace: [ 1411.228173] dump_stack+0x1b2/0x281 [ 1411.228186] should_fail.cold+0x10a/0x149 [ 1411.228199] should_failslab+0xd6/0x130 13:05:52 executing program 5 (fault-call:0 fault-nth:2): fanotify_init(0x10, 0x0) [ 1411.228211] kmem_cache_alloc+0x28e/0x3c0 [ 1411.228222] fanotify_alloc_event+0xd0/0x2d0 [ 1411.233724] active_anon:222583 inactive_anon:6741 isolated_anon:0 [ 1411.233724] active_file:6840 inactive_file:44053 isolated_file:0 [ 1411.233724] unevictable:0 dirty:265 writeback:0 unstable:0 [ 1411.233724] slab_reclaimable:21832 slab_unreclaimable:130586 [ 1411.233724] mapped:62130 shmem:6935 pagetables:15989 bounce:0 [ 1411.233724] free:1181413 free_pcp:273 free_cma:0 [ 1411.235964] SyS_fanotify_init+0x194/0x640 [ 1411.235972] ? fanotify_write+0x480/0x480 [ 1411.235983] do_syscall_64+0x1d5/0x640 [ 1411.245448] Node 0 active_anon:890332kB inactive_anon:26964kB active_file:27236kB inactive_file:176212kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248520kB dirty:1060kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 757760kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1411.247909] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.247917] RIP: 0033:0x466459 [ 1411.247924] RSP: 002b:00007f8e665f1188 EFLAGS: 00000246 [ 1411.251538] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1411.255652] ORIG_RAX: 000000000000012c [ 1411.255658] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1411.255663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010 [ 1411.255668] RBP: 00007f8e665f11d0 R08: 0000000000000000 R09: 0000000000000000 13:05:52 executing program 5 (fault-call:0 fault-nth:3): fanotify_init(0x10, 0x0) [ 1411.255673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1411.255678] R13: 00007ffc8baee27f R14: 00007f8e665f1300 R15: 0000000000022000 [ 1411.322632] FAULT_INJECTION: forcing a failure. [ 1411.322632] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.344062] Node 0 [ 1411.349008] CPU: 1 PID: 30731 Comm: syz-executor.5 Not tainted 4.14.231-syzkaller #0 [ 1411.352093] DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1411.357420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.357424] Call Trace: [ 1411.357442] dump_stack+0x1b2/0x281 [ 1411.357454] should_fail.cold+0x10a/0x149 [ 1411.357466] should_failslab+0xd6/0x130 [ 1411.357478] kmem_cache_alloc+0x28e/0x3c0 [ 1411.357489] __d_alloc+0x2a/0xa20 [ 1411.357499] ? lock_downgrade+0x740/0x740 [ 1411.357512] anon_inode_getfile+0x101/0x2f0 13:05:53 executing program 5 (fault-call:0 fault-nth:4): fanotify_init(0x10, 0x0) [ 1411.357525] ? compat_SyS_epoll_pwait+0x240/0x240 [ 1411.387714] lowmem_reserve[]: [ 1411.394481] ? __alloc_fd+0x1be/0x490 [ 1411.394498] anon_inode_getfd+0x42/0x90 [ 1411.394508] SyS_fanotify_init+0x3db/0x640 [ 1411.394514] ? fanotify_write+0x480/0x480 [ 1411.394525] do_syscall_64+0x1d5/0x640 [ 1411.394542] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.394552] RIP: 0033:0x466459 [ 1411.404300] 0 [ 1411.409060] RSP: 002b:00007f8e665f1188 EFLAGS: 00000246 [ 1411.416339] 2717 [ 1411.423561] ORIG_RAX: 000000000000012c [ 1411.423567] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1411.423573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010 [ 1411.423578] RBP: 00007f8e665f11d0 R08: 0000000000000000 R09: 0000000000000000 [ 1411.423583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1411.423588] R13: 00007ffc8baee27f R14: 00007f8e665f1300 R15: 0000000000022000 [ 1411.468054] FAULT_INJECTION: forcing a failure. [ 1411.468054] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.470680] 2718 [ 1411.484379] CPU: 1 PID: 30733 Comm: syz-executor.5 Not tainted 4.14.231-syzkaller #0 [ 1411.488267] 2718 [ 1411.490430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.494528] 2718 [ 1411.498626] Call Trace: [ 1411.506208] dump_stack+0x1b2/0x281 [ 1411.506221] should_fail.cold+0x10a/0x149 [ 1411.506233] should_failslab+0xd6/0x130 [ 1411.506246] kmem_cache_alloc+0x28e/0x3c0 [ 1411.510537] Node 0 [ 1411.515368] get_empty_filp+0x86/0x3e0 [ 1411.515376] alloc_file+0x23/0x440 [ 1411.515387] anon_inode_getfile+0x163/0x2f0 13:05:53 executing program 5 (fault-call:0 fault-nth:5): fanotify_init(0x10, 0x0) [ 1411.515396] ? compat_SyS_epoll_pwait+0x240/0x240 [ 1411.515403] ? __alloc_fd+0x1be/0x490 [ 1411.515417] anon_inode_getfd+0x42/0x90 [ 1411.515428] SyS_fanotify_init+0x3db/0x640 [ 1411.515435] ? fanotify_write+0x480/0x480 [ 1411.515446] do_syscall_64+0x1d5/0x640 13:05:53 executing program 5: ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0) fanotify_init(0x10, 0x0) [ 1411.524903] DMA32 free:667484kB min:36200kB low:45248kB high:54296kB active_anon:890344kB inactive_anon:26964kB active_file:27236kB inactive_file:176268kB unevictable:0kB writepending:1096kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27264kB pagetables:64016kB bounce:0kB free_pcp:968kB local_pcp:500kB free_cma:0kB [ 1411.526303] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.530510] lowmem_reserve[]: [ 1411.534637] RIP: 0033:0x466459 [ 1411.534642] RSP: 002b:00007f8e665f1188 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 1411.534651] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1411.534655] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010 [ 1411.534660] RBP: 00007f8e665f11d0 R08: 0000000000000000 R09: 0000000000000000 [ 1411.534664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1411.534670] R13: 00007ffc8baee27f R14: 00007f8e665f1300 R15: 0000000000022000 [ 1411.567950] FAULT_INJECTION: forcing a failure. [ 1411.567950] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.575103] 0 [ 1411.587157] CPU: 1 PID: 30735 Comm: syz-executor.5 Not tainted 4.14.231-syzkaller #0 [ 1411.590822] 0 [ 1411.596731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.596736] Call Trace: [ 1411.596753] dump_stack+0x1b2/0x281 [ 1411.596767] should_fail.cold+0x10a/0x149 [ 1411.596779] should_failslab+0xd6/0x130 [ 1411.596794] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1411.608021] 0 [ 1411.610004] apparmor_file_alloc_security+0x129/0x800 [ 1411.618494] 0 [ 1411.619906] security_file_alloc+0x66/0xa0 [ 1411.629294] 0 [ 1411.631280] ? selinux_is_enabled+0x5/0x50 [ 1411.637447] get_empty_filp+0x15c/0x3e0 [ 1411.641584] Node 0 [ 1411.645544] alloc_file+0x23/0x440 [ 1411.645558] anon_inode_getfile+0x163/0x2f0 [ 1411.645567] ? compat_SyS_epoll_pwait+0x240/0x240 [ 1411.645578] ? __alloc_fd+0x1be/0x490 [ 1411.649730] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1411.651928] anon_inode_getfd+0x42/0x90 [ 1411.651941] SyS_fanotify_init+0x3db/0x640 [ 1411.656053] lowmem_reserve[]: [ 1411.659329] ? fanotify_write+0x480/0x480 [ 1411.663747] 0 [ 1411.668481] do_syscall_64+0x1d5/0x640 [ 1411.672262] 0 [ 1411.676220] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.676228] RIP: 0033:0x466459 [ 1411.676234] RSP: 002b:00007f8e665f1188 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 1411.676242] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1411.676246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010 [ 1411.676250] RBP: 00007f8e665f11d0 R08: 0000000000000000 R09: 0000000000000000 [ 1411.676255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1411.676260] R13: 00007ffc8baee27f R14: 00007f8e665f1300 R15: 0000000000022000 [ 1411.967940] 0 0 0 [ 1411.970339] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1411.998936] lowmem_reserve[]: 0 0 0 0 0 [ 1412.002982] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1412.017255] Node 0 DMA32: 739*4kB (UME) 186*8kB (UME) 7*16kB (UME) 6*32kB (UME) 1*64kB (M) 8*128kB (UM) 30*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 667340kB [ 1412.034555] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1412.045621] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1412.063345] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1412.072182] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1412.081165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1412.090082] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1412.099228] 25298 total pagecache pages [ 1412.103274] 0 pages in swap cache [ 1412.106721] Swap cache stats: add 0, delete 0, find 0/0 [ 1412.112065] Free swap = 0kB [ 1412.115155] Total swap = 0kB [ 1412.118168] 2097051 pages RAM [ 1412.121261] 0 pages HighMem/MovableOnly [ 1412.125266] 363849 pages reserved [ 1412.128708] 0 pages cma reserved [ 1412.134572] FAULT_INJECTION: forcing a failure. [ 1412.134572] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1412.146518] CPU: 1 PID: 30727 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1412.154487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.163835] Call Trace: [ 1412.166421] dump_stack+0x1b2/0x281 [ 1412.170054] should_fail.cold+0x10a/0x149 [ 1412.174202] __alloc_pages_nodemask+0x22c/0x2720 [ 1412.178960] ? __lock_acquire+0x5fc/0x3f20 [ 1412.183198] ? trace_hardirqs_on+0x10/0x10 [ 1412.187432] ? free_hot_cold_page+0x878/0xc80 [ 1412.191928] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1412.196947] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1412.201788] ? trace_hardirqs_on+0x10/0x10 [ 1412.206025] ? lock_acquire+0x170/0x3f0 [ 1412.209994] ? mem_cgroup_id_get_online+0xb0/0xb0 [ 1412.214831] ? check_preemption_disabled+0x35/0x240 [ 1412.219843] ? __unlock_page_memcg+0x4f/0x100 [ 1412.224338] alloc_pages_current+0x155/0x260 [ 1412.228744] __get_free_pages+0xb/0x40 [ 1412.232623] __tlb_remove_page_size+0x272/0x440 [ 1412.237290] unmap_page_range+0xf92/0x1ce0 [ 1412.241532] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1412.246890] ? vm_normal_page_pmd+0x340/0x340 [ 1412.251500] unmap_single_vma+0x147/0x2b0 [ 1412.252240] FAULT_INJECTION: forcing a failure. [ 1412.252240] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.255641] unmap_vmas+0x9d/0x160 [ 1412.255698] exit_mmap+0x270/0x4d0 [ 1412.255706] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 1412.255724] ? kmem_cache_free+0x23a/0x2b0 [ 1412.255739] ? __khugepaged_exit+0x29b/0x3c0 [ 1412.287218] mmput+0xfa/0x420 [ 1412.290325] do_exit+0x984/0x2850 [ 1412.293873] ? mm_update_next_owner+0x5b0/0x5b0 [ 1412.298523] ? get_signal+0x323/0x1ca0 [ 1412.302406] ? lock_acquire+0x170/0x3f0 [ 1412.306360] ? lock_downgrade+0x740/0x740 [ 1412.310488] do_group_exit+0x100/0x2e0 [ 1412.314356] get_signal+0x38d/0x1ca0 13:05:53 executing program 1 (fault-call:1 fault-nth:1): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:05:53 executing program 5: fanotify_init(0x10, 0x0) bind$802154_raw(0xffffffffffffffff, &(0x7f0000000000)={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0202}}}, 0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0_to_batadv\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@bridge_getvlan={0x40, 0x72, 0x1, 0x70bd2c, 0x25dfdbff, {0x7, 0x0, 0x0, r0}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 13:05:53 executing program 2 (fault-call:1 fault-nth:1): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:53 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:53 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1412.318056] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1412.323493] do_signal+0x7c/0x1550 [ 1412.327014] ? fsnotify+0x974/0x11b0 [ 1412.330723] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1412.335637] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1412.340658] ? setup_sigcontext+0x820/0x820 [ 1412.344965] ? v4l2_ioctl+0x1d0/0x2f0 [ 1412.348759] ? v4l2_open+0x2f0/0x2f0 [ 1412.352478] ? do_vfs_ioctl+0xe2/0xff0 [ 1412.356354] ? ioctl_preallocate+0x1a0/0x1a0 [ 1412.360744] ? lock_downgrade+0x740/0x740 [ 1412.364876] ? check_preemption_disabled+0x35/0x240 [ 1412.369881] ? kick_process+0xe4/0x170 [ 1412.373750] ? task_work_add+0x87/0xe0 [ 1412.377615] ? exit_to_usermode_loop+0x41/0x200 [ 1412.382265] exit_to_usermode_loop+0x160/0x200 [ 1412.386830] ? SyS_ioctl+0x5c/0xb0 [ 1412.390357] do_syscall_64+0x4a3/0x640 [ 1412.394226] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1412.399397] RIP: 0033:0x466459 [ 1412.402569] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1412.410257] RAX: fffffffffffffe00 RBX: 000000000056bf60 RCX: 0000000000466459 [ 1412.417518] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1412.424802] RBP: 00007f491b2441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1412.432066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1412.439326] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 [ 1412.454440] CPU: 0 PID: 30746 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1412.462347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.471700] Call Trace: [ 1412.474293] dump_stack+0x1b2/0x281 [ 1412.477925] should_fail.cold+0x10a/0x149 [ 1412.482197] should_failslab+0xd6/0x130 [ 1412.486152] __kmalloc+0x2c1/0x400 [ 1412.489667] ? __vb2_queue_alloc+0xf4/0xd90 [ 1412.493970] __vb2_queue_alloc+0xf4/0xd90 [ 1412.498141] ? is_bpf_text_address+0xb8/0x150 [ 1412.502614] ? kernel_text_address+0xbd/0xf0 [ 1412.507004] vb2_core_create_bufs+0x279/0x5a0 [ 1412.511474] ? __vb2_queue_free+0x7a0/0x7a0 [ 1412.515775] ? trace_hardirqs_on+0x10/0x10 [ 1412.519984] ? __lock_acquire+0x5fc/0x3f20 [ 1412.524197] vb2_create_bufs+0x2e1/0x5b0 [ 1412.528236] ? vb2_thread_start+0x310/0x310 [ 1412.532533] ? trace_hardirqs_on+0x10/0x10 [ 1412.536747] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1412.541307] v4l_create_bufs+0xa4/0x150 [ 1412.545260] __video_do_ioctl+0x65b/0x6a0 [ 1412.549385] ? video_ioctl2+0x30/0x30 [ 1412.553162] ? __might_fault+0x177/0x1b0 [ 1412.557221] ? video_ioctl2+0x30/0x30 [ 1412.560995] video_usercopy+0xfd/0xe70 [ 1412.564876] ? v4l_g_ctrl+0x390/0x390 [ 1412.568654] ? proc_fail_nth_write+0x7b/0x180 [ 1412.573125] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1412.578031] ? trace_hardirqs_on+0x10/0x10 [ 1412.582262] ? fsnotify+0x974/0x11b0 [ 1412.585962] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1412.590867] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1412.595860] v4l2_ioctl+0x1bb/0x2f0 [ 1412.599462] ? v4l2_open+0x2f0/0x2f0 [ 1412.603154] do_vfs_ioctl+0x75a/0xff0 [ 1412.606934] ? ioctl_preallocate+0x1a0/0x1a0 [ 1412.611319] ? lock_downgrade+0x740/0x740 [ 1412.615459] ? __fget+0x225/0x360 [ 1412.618893] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.622843] ? security_file_ioctl+0x83/0xb0 [ 1412.627239] SyS_ioctl+0x7f/0xb0 [ 1412.630579] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.634530] do_syscall_64+0x1d5/0x640 [ 1412.638398] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1412.643564] RIP: 0033:0x466459 [ 1412.646730] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1412.654412] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1412.661661] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 13:05:54 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x2000, 0xff, 0x2, {0x1, @win={{0x0, 0x0, 0x4}, 0x0, 0xfffffffd, 0x0, 0xfffffffe, 0x0}}}) 13:05:54 executing program 5: ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x936) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) pipe(&(0x7f0000000040)) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mISDNtimer\x00', 0x20400, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000000)) fanotify_init(0x10, 0x2) [ 1412.668907] RBP: 00007f5883dfa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1412.676153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1412.683507] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1412.708308] FAULT_INJECTION: forcing a failure. [ 1412.708308] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.724916] CPU: 0 PID: 30749 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1412.732817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.742169] Call Trace: [ 1412.744761] dump_stack+0x1b2/0x281 [ 1412.748416] should_fail.cold+0x10a/0x149 [ 1412.752568] should_failslab+0xd6/0x130 [ 1412.756544] __kmalloc+0x2c1/0x400 [ 1412.760084] ? __vb2_queue_alloc+0xf4/0xd90 [ 1412.764415] __vb2_queue_alloc+0xf4/0xd90 [ 1412.768567] ? is_bpf_text_address+0xb8/0x150 13:05:54 executing program 5: fanotify_init(0x20, 0x800) 13:05:54 executing program 5: fanotify_init(0x10, 0x400) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) 13:05:54 executing program 5: fanotify_init(0x10, 0x0) fanotify_init(0x2, 0x1000) r0 = fanotify_init(0x4, 0x101000) fanotify_mark(r0, 0x69, 0xc000011, 0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00') accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x4e22}, 0x10, 0x0) ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000080)={0x0, 0x7fff, 0x10000, &(0x7f0000000040)=0xfffffffffffffffb}) 13:05:54 executing program 5: fanotify_init(0x10, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r1 = syz_mount_image$adfs(&(0x7f0000000040)='adfs\x00', &(0x7f0000000240)='./file0\x00', 0x8000, 0x2, &(0x7f0000000200)=[{&(0x7f00000000c0)="dbfca4ef3d47c588e39a429f99170497294828226b7f104013a82fb2bd0dcbfec22fa46086c2c8ac9067d4274c0562b5fa09db128aaa0df48eee744a1a13e1b1741af1d60a01ceea33a7df", 0x4b, 0xfffffffffffffff7}, {&(0x7f00000001c0)="72c6b54c83d7c4a7de368e68af2ebe7b3be50266f8c276c97ced5b9a", 0x1c, 0x3}], 0x904080, &(0x7f0000000140)=ANY=[@ANYBLOB='\'\"{%\\,\x00\x00\x00\x00=MEY@READP\x00']) fanotify_mark(r0, 0x80, 0x0, r1, &(0x7f0000000180)='./file0\x00') [ 1412.773067] ? kernel_text_address+0xbd/0xf0 [ 1412.777483] vb2_core_create_bufs+0x279/0x5a0 [ 1412.781988] ? __vb2_queue_free+0x7a0/0x7a0 [ 1412.786315] ? trace_hardirqs_on+0x10/0x10 [ 1412.790556] ? __lock_acquire+0x5fc/0x3f20 [ 1412.794797] vb2_create_bufs+0x2e1/0x5b0 [ 1412.798864] ? vb2_thread_start+0x310/0x310 [ 1412.803186] ? trace_hardirqs_on+0x10/0x10 [ 1412.807422] ? mark_held_locks+0xa6/0xf0 [ 1412.811487] ? trace_hardirqs_on+0x10/0x10 [ 1412.815767] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1412.820351] v4l_create_bufs+0xa4/0x150 13:05:54 executing program 5: fanotify_init(0x10, 0x0) r0 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f00000027c0)={0xffffffffffffffff}) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000002900)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x24, r0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @empty}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040004}, 0x40000) [ 1412.824349] __video_do_ioctl+0x65b/0x6a0 [ 1412.828499] ? video_ioctl2+0x30/0x30 [ 1412.832296] ? __might_fault+0x177/0x1b0 [ 1412.836354] ? video_ioctl2+0x30/0x30 [ 1412.840146] video_usercopy+0xfd/0xe70 [ 1412.844030] ? v4l_g_ctrl+0x390/0x390 [ 1412.847831] ? proc_fail_nth_write+0x7b/0x180 [ 1412.852319] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1412.857243] ? trace_hardirqs_on+0x10/0x10 [ 1412.861479] ? fsnotify+0x974/0x11b0 [ 1412.865194] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1412.870124] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1412.875147] v4l2_ioctl+0x1bb/0x2f0 [ 1412.878858] ? v4l2_open+0x2f0/0x2f0 [ 1412.882561] do_vfs_ioctl+0x75a/0xff0 [ 1412.886354] ? ioctl_preallocate+0x1a0/0x1a0 [ 1412.890753] ? lock_downgrade+0x740/0x740 [ 1412.894884] ? __fget+0x225/0x360 [ 1412.898315] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.902272] ? security_file_ioctl+0x83/0xb0 [ 1412.906672] SyS_ioctl+0x7f/0xb0 [ 1412.910042] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.914029] do_syscall_64+0x1d5/0x640 [ 1412.917902] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1412.923077] RIP: 0033:0x466459 [ 1412.926246] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1412.933954] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1412.941218] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1412.948480] RBP: 00007ff0a6d931d0 R08: 0000000000000000 R09: 0000000000000000 [ 1412.955731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1412.962984] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1412.971506] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1412.983322] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1412.988456] CPU: 0 PID: 30750 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1412.996340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.005815] Call Trace: [ 1413.008407] dump_stack+0x1b2/0x281 [ 1413.012027] warn_alloc.cold+0x96/0x1cc [ 1413.015999] ? zone_watermark_ok_safe+0x220/0x220 [ 1413.020821] ? trace_hardirqs_on+0x10/0x10 [ 1413.025039] ? deref_stack_reg+0x124/0x1a0 [ 1413.029268] ? fs_reclaim_release+0xd0/0x110 [ 1413.033685] __vmalloc_node_range+0x10e/0x150 [ 1413.038170] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1413.043524] vmalloc_user+0x47/0xa0 [ 1413.047143] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1413.051454] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1413.056809] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1413.060962] __vb2_queue_alloc+0x47a/0xd90 [ 1413.065183] vb2_core_create_bufs+0x279/0x5a0 [ 1413.069659] ? __vb2_queue_free+0x7a0/0x7a0 [ 1413.073968] ? trace_hardirqs_on+0x10/0x10 [ 1413.078183] ? __lock_acquire+0x5fc/0x3f20 [ 1413.082408] vb2_create_bufs+0x2e1/0x5b0 [ 1413.086454] ? vb2_thread_start+0x310/0x310 [ 1413.090755] ? trace_hardirqs_on+0x10/0x10 [ 1413.094975] ? mark_held_locks+0xa6/0xf0 [ 1413.099024] ? trace_hardirqs_on+0x10/0x10 [ 1413.103252] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1413.107974] v4l_create_bufs+0xa4/0x150 [ 1413.111945] __video_do_ioctl+0x65b/0x6a0 [ 1413.116091] ? video_ioctl2+0x30/0x30 [ 1413.119881] ? __might_fault+0x177/0x1b0 [ 1413.125688] ? video_ioctl2+0x30/0x30 [ 1413.129627] video_usercopy+0xfd/0xe70 [ 1413.133529] ? v4l_g_ctrl+0x390/0x390 [ 1413.137336] ? lock_acquire+0x170/0x3f0 [ 1413.141425] ? trace_hardirqs_on+0x10/0x10 [ 1413.145658] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1413.150661] v4l2_ioctl+0x1bb/0x2f0 [ 1413.154271] ? v4l2_open+0x2f0/0x2f0 [ 1413.157970] do_vfs_ioctl+0x75a/0xff0 [ 1413.161758] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.166155] ? lock_downgrade+0x740/0x740 [ 1413.170433] ? __fget+0x225/0x360 [ 1413.173891] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.177865] ? security_file_ioctl+0x83/0xb0 [ 1413.182257] SyS_ioctl+0x7f/0xb0 [ 1413.185604] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.189571] do_syscall_64+0x1d5/0x640 [ 1413.193717] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1413.198887] RIP: 0033:0x466459 [ 1413.202057] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.209751] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1413.217009] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1413.224264] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1413.231512] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1413.238758] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1413.247657] Mem-Info: [ 1413.250127] active_anon:222585 inactive_anon:6741 isolated_anon:0 [ 1413.250127] active_file:6840 inactive_file:44081 isolated_file:0 [ 1413.250127] unevictable:0 dirty:297 writeback:0 unstable:0 [ 1413.250127] slab_reclaimable:21794 slab_unreclaimable:130730 [ 1413.250127] mapped:62164 shmem:6935 pagetables:15967 bounce:0 [ 1413.250127] free:1181301 free_pcp:341 free_cma:0 [ 1413.284339] Node 0 active_anon:890340kB inactive_anon:26964kB active_file:27236kB inactive_file:176324kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248680kB dirty:1188kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 757760kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1413.313148] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1413.338994] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1413.365228] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1413.370256] Node 0 DMA32 free:666304kB min:36200kB low:45248kB high:54296kB active_anon:890340kB inactive_anon:26964kB active_file:27236kB inactive_file:176324kB unevictable:0kB writepending:1192kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27200kB pagetables:63868kB bounce:0kB free_pcp:1460kB local_pcp:640kB free_cma:0kB [ 1413.401019] lowmem_reserve[]: 0 0 0 0 0 [ 1413.405094] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1413.430700] lowmem_reserve[]: 0 0 0 0 0 [ 1413.434747] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1413.462605] lowmem_reserve[]: 0 0 0 0 0 [ 1413.467278] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1413.481358] Node 0 DMA32: 744*4kB (UME) 132*8kB (UME) 56*16kB (UME) 8*32kB (UME) 2*64kB (UM) 1*128kB (M) 26*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 2*2048kB (UM) 156*4096kB (UM) = 665920kB [ 1413.498889] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1413.510022] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1413.528048] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1413.537424] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1413.546456] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1413.555812] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1413.564949] 25314 total pagecache pages [ 1413.568920] 0 pages in swap cache [ 1413.572348] Swap cache stats: add 0, delete 0, find 0/0 13:05:55 executing program 1 (fault-call:1 fault-nth:2): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:05:55 executing program 5: ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f00000000c0)={0x1, @win={{0x7, 0x8, 0xff, 0x3ff}, 0x1, 0x2, &(0x7f0000000000)={{0x5, 0xfffffff8, 0x0, 0xffffffff}}, 0x6, &(0x7f0000000040)="39ff1e1b1d981af9edd256bf86990496659026d330235654da9d958967b8fcef4ab43d89e487ab8877f1d962d5d93a80e4e81650aa32f643253ffa25dfb5c274ec9e7d43c8e7ee62880066c29e75575a8adc30c36ec3c59f588bad24a27852f25be6eef488dc89da78f2e908a4ce023c3dbbc2dcf1", 0x6}}) fanotify_init(0x10, 0x1000) 13:05:55 executing program 3 (fault-call:1 fault-nth:0): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:05:55 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:55 executing program 2 (fault-call:1 fault-nth:2): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:55 executing program 4: ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x3f, 0x10001, 0x2, {0x0, @sdr={0x32314247, 0x7}}, 0x5}) syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="54000000520001002dbd7000ffdb000008000300", @ANYRES32=0x0, @ANYBLOB="080005000100000008000600018000000800020008000000080006000300000008000600fdffffff0800030008000000000000"], 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x4000800) [ 1413.578457] Free swap = 0kB [ 1413.581523] Total swap = 0kB [ 1413.584649] 2097051 pages RAM [ 1413.587747] 0 pages HighMem/MovableOnly [ 1413.591702] 363849 pages reserved [ 1413.595170] 0 pages cma reserved [ 1413.669799] FAULT_INJECTION: forcing a failure. [ 1413.669799] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.691727] CPU: 0 PID: 30783 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1413.699637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.708991] Call Trace: [ 1413.711586] dump_stack+0x1b2/0x281 [ 1413.715213] should_fail.cold+0x10a/0x149 13:05:55 executing program 5: fanotify_init(0x8, 0x800) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x28000, 0x0) write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000040)={0xa, {0x5, 0x2, 0x9}}, 0xa) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x54b080, 0x0) write$UHID_INPUT2(r1, &(0x7f00000000c0)={0xc, {0x7a, "802ed6325080ade996f1d358929302f6dd56d7404a0a7c30f09e402850059dc32a0e71b184bbeca82b02def2ba29f595788a48bbde7f368de86dd25d07d966d1decc5b085624d8a4dece6fbe99905b7284544533b153a983cfd6975d9d889fe9fdbf951cddf85a9899e9b134961b925c3309ffacf94d7ab9b7e6"}}, 0x80) fork() syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0xff, 0x2001) [ 1413.719351] should_failslab+0xd6/0x130 [ 1413.723317] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1413.727989] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1413.733361] vb2_vmalloc_alloc+0x63/0x2d0 [ 1413.737526] __vb2_queue_alloc+0x47a/0xd90 [ 1413.742087] vb2_core_create_bufs+0x279/0x5a0 [ 1413.742097] ? __vb2_queue_free+0x7a0/0x7a0 [ 1413.742111] ? trace_hardirqs_on+0x10/0x10 [ 1413.742119] ? __lock_acquire+0x5fc/0x3f20 [ 1413.742129] vb2_create_bufs+0x2e1/0x5b0 [ 1413.742142] ? vb2_thread_start+0x310/0x310 [ 1413.742151] ? trace_hardirqs_on+0x10/0x10 [ 1413.742165] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1413.742179] v4l_create_bufs+0xa4/0x150 [ 1413.742188] __video_do_ioctl+0x65b/0x6a0 [ 1413.742201] ? video_ioctl2+0x30/0x30 [ 1413.742212] ? __might_fault+0x177/0x1b0 [ 1413.742222] ? video_ioctl2+0x30/0x30 [ 1413.742229] video_usercopy+0xfd/0xe70 [ 1413.742242] ? v4l_g_ctrl+0x390/0x390 [ 1413.742251] ? proc_fail_nth_write+0x7b/0x180 [ 1413.742260] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1413.742269] ? trace_hardirqs_on+0x10/0x10 [ 1413.742280] ? fsnotify+0x974/0x11b0 [ 1413.742288] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1413.742297] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1413.742308] v4l2_ioctl+0x1bb/0x2f0 [ 1413.742315] ? v4l2_open+0x2f0/0x2f0 [ 1413.742325] do_vfs_ioctl+0x75a/0xff0 [ 1413.742335] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.742342] ? lock_downgrade+0x740/0x740 [ 1413.742355] ? __fget+0x225/0x360 [ 1413.742365] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.742375] ? security_file_ioctl+0x83/0xb0 [ 1413.742384] SyS_ioctl+0x7f/0xb0 [ 1413.742391] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.742411] do_syscall_64+0x1d5/0x640 [ 1413.742426] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1413.742433] RIP: 0033:0x466459 [ 1413.742438] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.742448] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1413.742453] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 13:05:55 executing program 5: fanotify_init(0x8, 0x8000) [ 1413.742458] RBP: 00007ff0a6d931d0 R08: 0000000000000000 R09: 0000000000000000 [ 1413.742463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1413.742469] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1413.770394] FAULT_INJECTION: forcing a failure. [ 1413.770394] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.949832] CPU: 0 PID: 30798 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1413.957714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.967066] Call Trace: 13:05:55 executing program 5: r0 = fanotify_init(0x10, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) write$snapshot(0xffffffffffffffff, &(0x7f0000000040)="9917ed425e9785f116a843ddb96c1c2ac291c153bd24838ac25a48e2a10631b0677b5d93deda51", 0x27) fanotify_mark(r0, 0x68, 0x30, r1, &(0x7f0000000000)='./file0\x00') [ 1413.969656] dump_stack+0x1b2/0x281 [ 1413.973300] should_fail.cold+0x10a/0x149 [ 1413.977453] should_failslab+0xd6/0x130 [ 1413.981423] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1413.986527] __kmalloc_node+0x38/0x70 [ 1413.990333] kvmalloc_node+0x46/0xd0 [ 1413.994045] ? video_ioctl2+0x30/0x30 [ 1413.997901] video_usercopy+0x330/0xe70 [ 1414.001859] ? v4l_g_ctrl+0x390/0x390 [ 1414.005639] ? proc_fail_nth_write+0x7b/0x180 [ 1414.010158] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1414.015078] ? trace_hardirqs_on+0x10/0x10 [ 1414.019295] ? fsnotify+0x974/0x11b0 [ 1414.022988] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1414.027906] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1414.032911] v4l2_ioctl+0x1bb/0x2f0 [ 1414.036518] ? v4l2_open+0x2f0/0x2f0 [ 1414.040219] do_vfs_ioctl+0x75a/0xff0 [ 1414.044009] ? ioctl_preallocate+0x1a0/0x1a0 [ 1414.048474] ? lock_downgrade+0x740/0x740 [ 1414.052613] ? __fget+0x225/0x360 [ 1414.056062] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.060026] ? security_file_ioctl+0x83/0xb0 [ 1414.064422] SyS_ioctl+0x7f/0xb0 [ 1414.067844] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.071803] do_syscall_64+0x1d5/0x640 [ 1414.075675] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1414.080894] RIP: 0033:0x466459 [ 1414.084100] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.091790] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1414.099043] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1414.106295] RBP: 00007efc3f3221d0 R08: 0000000000000000 R09: 0000000000000000 [ 1414.113544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 13:05:55 executing program 2 (fault-call:1 fault-nth:3): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:55 executing program 5: fanotify_init(0x1, 0x0) 13:05:55 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$SIOCPNDELRESOURCE(0xffffffffffffffff, 0x89ef, &(0x7f0000000040)=0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1414.120795] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1414.145593] FAULT_INJECTION: forcing a failure. [ 1414.145593] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.221071] CPU: 1 PID: 30799 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1414.228999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1414.238337] Call Trace: [ 1414.240910] dump_stack+0x1b2/0x281 [ 1414.244525] should_fail.cold+0x10a/0x149 [ 1414.248657] should_failslab+0xd6/0x130 [ 1414.252616] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1414.257317] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1414.262658] vb2_vmalloc_alloc+0x63/0x2d0 [ 1414.266787] __vb2_queue_alloc+0x47a/0xd90 [ 1414.271016] vb2_core_create_bufs+0x279/0x5a0 [ 1414.275499] ? __vb2_queue_free+0x7a0/0x7a0 [ 1414.279800] ? trace_hardirqs_on+0x10/0x10 [ 1414.284018] ? __lock_acquire+0x5fc/0x3f20 [ 1414.288268] vb2_create_bufs+0x2e1/0x5b0 [ 1414.292321] ? vb2_thread_start+0x310/0x310 [ 1414.296621] ? trace_hardirqs_on+0x10/0x10 [ 1414.300832] ? mark_held_locks+0xa6/0xf0 [ 1414.304869] ? trace_hardirqs_on+0x10/0x10 [ 1414.309084] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1414.313654] v4l_create_bufs+0xa4/0x150 [ 1414.317630] __video_do_ioctl+0x65b/0x6a0 [ 1414.321769] ? video_ioctl2+0x30/0x30 [ 1414.325551] ? __might_fault+0x177/0x1b0 [ 1414.329590] ? video_ioctl2+0x30/0x30 [ 1414.333377] video_usercopy+0xfd/0xe70 [ 1414.337252] ? v4l_g_ctrl+0x390/0x390 [ 1414.341034] ? proc_fail_nth_write+0x7b/0x180 [ 1414.345509] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1414.350417] ? trace_hardirqs_on+0x10/0x10 [ 1414.354635] ? fsnotify+0x974/0x11b0 [ 1414.358342] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1414.363254] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1414.368258] v4l2_ioctl+0x1bb/0x2f0 [ 1414.371864] ? v4l2_open+0x2f0/0x2f0 [ 1414.375556] do_vfs_ioctl+0x75a/0xff0 [ 1414.379337] ? ioctl_preallocate+0x1a0/0x1a0 [ 1414.383725] ? lock_downgrade+0x740/0x740 [ 1414.387854] ? __fget+0x225/0x360 [ 1414.391307] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.395275] ? security_file_ioctl+0x83/0xb0 [ 1414.399673] SyS_ioctl+0x7f/0xb0 [ 1414.403019] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.406976] do_syscall_64+0x1d5/0x640 [ 1414.410845] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1414.416013] RIP: 0033:0x466459 [ 1414.419179] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.426862] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1414.434110] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1414.441372] RBP: 00007f5883dfa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1414.448637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1414.455885] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1414.474198] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1414.485356] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1414.490481] CPU: 1 PID: 30814 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1414.498360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1414.507712] Call Trace: [ 1414.510308] dump_stack+0x1b2/0x281 [ 1414.513946] warn_alloc.cold+0x96/0x1cc [ 1414.517918] ? zone_watermark_ok_safe+0x220/0x220 [ 1414.522759] ? trace_hardirqs_on+0x10/0x10 [ 1414.526996] ? deref_stack_reg+0x124/0x1a0 [ 1414.531229] ? fs_reclaim_release+0xd0/0x110 [ 1414.535637] __vmalloc_node_range+0x10e/0x150 [ 1414.540148] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1414.545497] vmalloc_user+0x47/0xa0 [ 1414.549131] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1414.553439] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1414.558789] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1414.562930] __vb2_queue_alloc+0x47a/0xd90 [ 1414.567151] vb2_core_create_bufs+0x279/0x5a0 [ 1414.571641] ? __vb2_queue_free+0x7a0/0x7a0 [ 1414.575954] ? trace_hardirqs_on+0x10/0x10 [ 1414.580174] ? __lock_acquire+0x5fc/0x3f20 [ 1414.584394] vb2_create_bufs+0x2e1/0x5b0 [ 1414.588439] ? vb2_thread_start+0x310/0x310 [ 1414.592739] ? trace_hardirqs_on+0x10/0x10 [ 1414.596952] ? mark_held_locks+0xa6/0xf0 [ 1414.600991] ? trace_hardirqs_on+0x10/0x10 [ 1414.605206] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1414.609774] v4l_create_bufs+0xa4/0x150 [ 1414.613736] __video_do_ioctl+0x65b/0x6a0 [ 1414.617876] ? video_ioctl2+0x30/0x30 [ 1414.621662] ? __might_fault+0x177/0x1b0 [ 1414.625702] ? video_ioctl2+0x30/0x30 [ 1414.629479] video_usercopy+0xfd/0xe70 [ 1414.633355] ? v4l_g_ctrl+0x390/0x390 [ 1414.637159] ? proc_fail_nth_write+0x7b/0x180 [ 1414.641632] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1414.646541] ? trace_hardirqs_on+0x10/0x10 [ 1414.650756] ? fsnotify+0x974/0x11b0 [ 1414.654453] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1414.659374] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1414.664394] v4l2_ioctl+0x1bb/0x2f0 [ 1414.667998] ? v4l2_open+0x2f0/0x2f0 [ 1414.671705] do_vfs_ioctl+0x75a/0xff0 [ 1414.675494] ? ioctl_preallocate+0x1a0/0x1a0 [ 1414.679888] ? lock_downgrade+0x740/0x740 [ 1414.684032] ? __fget+0x225/0x360 [ 1414.687477] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.691446] ? security_file_ioctl+0x83/0xb0 [ 1414.695842] SyS_ioctl+0x7f/0xb0 [ 1414.699193] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.703147] do_syscall_64+0x1d5/0x640 [ 1414.707018] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1414.712213] RIP: 0033:0x466459 [ 1414.715392] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.723087] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1414.730334] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1414.737583] RBP: 00007ff0a6d931d0 R08: 0000000000000000 R09: 0000000000000000 [ 1414.744836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1414.752098] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1414.760582] Mem-Info: [ 1414.763078] active_anon:222585 inactive_anon:6741 isolated_anon:0 [ 1414.763078] active_file:6840 inactive_file:44097 isolated_file:0 [ 1414.763078] unevictable:0 dirty:318 writeback:0 unstable:0 [ 1414.763078] slab_reclaimable:21751 slab_unreclaimable:131426 [ 1414.763078] mapped:62189 shmem:6935 pagetables:15965 bounce:0 [ 1414.763078] free:1180732 free_pcp:196 free_cma:0 [ 1414.797430] Node 0 active_anon:890340kB inactive_anon:26964kB active_file:27236kB inactive_file:176388kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248772kB dirty:1272kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 757760kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1414.826236] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1414.852098] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1414.878273] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1414.883370] Node 0 DMA32 free:665860kB min:36200kB low:45248kB high:54296kB active_anon:890340kB inactive_anon:26964kB active_file:27236kB inactive_file:176388kB unevictable:0kB writepending:1280kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27168kB pagetables:63860kB bounce:0kB free_pcp:888kB local_pcp:252kB free_cma:0kB [ 1414.913620] lowmem_reserve[]: 0 0 0 0 0 [ 1414.917608] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1414.943193] lowmem_reserve[]: 0 0 0 0 0 [ 1414.947188] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1414.974847] lowmem_reserve[]: 0 0 0 0 0 [ 1414.978836] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1414.992482] Node 0 DMA32: 891*4kB (UME) 171*8kB (UME) 5*16kB (UE) 6*32kB (UME) 2*64kB (U) 2*128kB (UM) 24*256kB (UM) 13*512kB (UME) 4*1024kB (UME) 4*2048kB (UM) 155*4096kB (UM) = 665556kB [ 1415.009464] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1415.020204] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1415.037533] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1415.046425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1415.055050] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1415.064155] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1415.072837] 25333 total pagecache pages [ 1415.076808] 0 pages in swap cache [ 1415.080238] Swap cache stats: add 0, delete 0, find 0/0 [ 1415.085672] Free swap = 0kB [ 1415.088740] Total swap = 0kB [ 1415.091736] 2097051 pages RAM [ 1415.094865] 0 pages HighMem/MovableOnly [ 1415.098824] 363849 pages reserved [ 1415.102250] 0 pages cma reserved [ 1415.105815] FAULT_INJECTION: forcing a failure. [ 1415.105815] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1415.106343] syz-executor.4: [ 1415.117656] CPU: 1 PID: 30814 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1415.117661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1415.117665] Call Trace: [ 1415.117683] dump_stack+0x1b2/0x281 [ 1415.117695] should_fail.cold+0x10a/0x149 [ 1415.117707] __alloc_pages_nodemask+0x22c/0x2720 [ 1415.117720] ? __lock_acquire+0x5fc/0x3f20 [ 1415.117727] ? trace_hardirqs_on+0x10/0x10 [ 1415.117737] ? trace_hardirqs_on+0x10/0x10 [ 1415.128914] vmalloc: allocation failure: 0 bytes [ 1415.137955] ? deref_stack_reg+0x124/0x1a0 [ 1415.137965] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 1415.137976] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1415.137983] ? trace_hardirqs_on+0x10/0x10 [ 1415.137990] ? unwind_next_frame+0xe54/0x17d0 [ 1415.138000] ? lock_acquire+0x170/0x3f0 [ 1415.138006] ? mem_cgroup_id_get_online+0xb0/0xb0 [ 1415.138014] ? check_preemption_disabled+0x35/0x240 [ 1415.138022] ? __unlock_page_memcg+0x4f/0x100 [ 1415.138036] alloc_pages_current+0x155/0x260 [ 1415.140773] , mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask= [ 1415.144240] __get_free_pages+0xb/0x40 [ 1415.144249] __tlb_remove_page_size+0x272/0x440 [ 1415.144259] unmap_page_range+0xf92/0x1ce0 [ 1415.144278] ? vm_normal_page_pmd+0x340/0x340 [ 1415.144288] unmap_single_vma+0x147/0x2b0 [ 1415.144298] unmap_vmas+0x9d/0x160 [ 1415.144307] exit_mmap+0x270/0x4d0 [ 1415.144315] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 1415.144333] ? kmem_cache_free+0x23a/0x2b0 [ 1415.144343] ? __khugepaged_exit+0x29b/0x3c0 [ 1415.144352] mmput+0xfa/0x420 [ 1415.144361] do_exit+0x984/0x2850 [ 1415.144374] ? mm_update_next_owner+0x5b0/0x5b0 [ 1415.160942] (null) [ 1415.161678] ? get_signal+0x323/0x1ca0 [ 1415.166529] syz-executor.4 cpuset= [ 1415.170627] ? lock_acquire+0x170/0x3f0 [ 1415.170636] ? lock_downgrade+0x740/0x740 [ 1415.170647] do_group_exit+0x100/0x2e0 [ 1415.170657] get_signal+0x38d/0x1ca0 [ 1415.180900] / [ 1415.185565] ? lock_acquire+0x170/0x3f0 [ 1415.190981] mems_allowed=0-1 [ 1415.194410] do_signal+0x7c/0x1550 [ 1415.194421] ? wait_for_completion_io+0x10/0x10 [ 1415.194429] ? fsnotify+0x974/0x11b0 [ 1415.194439] ? setup_sigcontext+0x820/0x820 [ 1415.194446] ? v4l2_ioctl+0x1d0/0x2f0 [ 1415.194451] ? v4l2_open+0x2f0/0x2f0 [ 1415.194459] ? do_vfs_ioctl+0xe2/0xff0 [ 1415.194468] ? ioctl_preallocate+0x1a0/0x1a0 [ 1415.194476] ? lock_downgrade+0x740/0x740 [ 1415.194485] ? check_preemption_disabled+0x35/0x240 [ 1415.194496] ? kick_process+0xe4/0x170 [ 1415.194503] ? task_work_add+0x87/0xe0 [ 1415.194513] ? exit_to_usermode_loop+0x41/0x200 [ 1415.364977] exit_to_usermode_loop+0x160/0x200 [ 1415.369546] ? SyS_ioctl+0x5c/0xb0 [ 1415.373071] do_syscall_64+0x4a3/0x640 [ 1415.376947] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1415.382144] RIP: 0033:0x466459 [ 1415.385310] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1415.393003] RAX: fffffffffffffff4 RBX: 000000000056bf60 RCX: 0000000000466459 [ 1415.400264] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1415.407512] RBP: 00007ff0a6d931d0 R08: 0000000000000000 R09: 0000000000000000 [ 1415.414763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1415.422016] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1415.429278] CPU: 0 PID: 30818 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1415.437162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1415.446506] Call Trace: [ 1415.449075] dump_stack+0x1b2/0x281 [ 1415.452801] warn_alloc.cold+0x96/0x1cc [ 1415.456761] ? zone_watermark_ok_safe+0x220/0x220 [ 1415.461582] ? trace_hardirqs_on+0x10/0x10 [ 1415.465796] ? deref_stack_reg+0x124/0x1a0 [ 1415.470053] ? fs_reclaim_release+0xd0/0x110 [ 1415.474442] __vmalloc_node_range+0x10e/0x150 [ 1415.478927] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1415.484277] vmalloc_user+0x47/0xa0 [ 1415.487880] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1415.492188] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1415.497544] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1415.501676] __vb2_queue_alloc+0x47a/0xd90 [ 1415.505910] vb2_core_create_bufs+0x279/0x5a0 [ 1415.510396] ? __vb2_queue_free+0x7a0/0x7a0 [ 1415.514697] ? trace_hardirqs_on+0x10/0x10 [ 1415.518921] ? __lock_acquire+0x5fc/0x3f20 [ 1415.523141] vb2_create_bufs+0x2e1/0x5b0 [ 1415.527190] ? vb2_thread_start+0x310/0x310 [ 1415.531495] ? trace_hardirqs_on+0x10/0x10 [ 1415.535710] ? mark_held_locks+0xa6/0xf0 [ 1415.539750] ? trace_hardirqs_on+0x10/0x10 [ 1415.544575] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1415.549137] v4l_create_bufs+0xa4/0x150 [ 1415.553104] __video_do_ioctl+0x65b/0x6a0 [ 1415.557237] ? video_ioctl2+0x30/0x30 [ 1415.561018] ? __might_fault+0x177/0x1b0 [ 1415.565057] ? video_ioctl2+0x30/0x30 [ 1415.568834] video_usercopy+0xfd/0xe70 [ 1415.572697] ? v4l_g_ctrl+0x390/0x390 [ 1415.576496] ? lock_acquire+0x170/0x3f0 [ 1415.580449] ? trace_hardirqs_on+0x10/0x10 [ 1415.584671] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1415.589666] v4l2_ioctl+0x1bb/0x2f0 [ 1415.593282] ? v4l2_open+0x2f0/0x2f0 [ 1415.596978] do_vfs_ioctl+0x75a/0xff0 [ 1415.600766] ? ioctl_preallocate+0x1a0/0x1a0 [ 1415.605165] ? lock_downgrade+0x740/0x740 [ 1415.609298] ? __fget+0x225/0x360 [ 1415.612725] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.616680] ? security_file_ioctl+0x83/0xb0 [ 1415.621063] SyS_ioctl+0x7f/0xb0 [ 1415.624405] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.628359] do_syscall_64+0x1d5/0x640 [ 1415.632225] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1415.637389] RIP: 0033:0x466459 [ 1415.640564] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1415.648262] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1415.655511] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1415.662765] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1415.670016] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 13:05:57 executing program 1 (fault-call:1 fault-nth:3): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:05:57 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:57 executing program 5: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$SNAPSHOT_S2RAM(r1, 0x330b) write$snapshot(r0, &(0x7f0000000000)="25f26962f07fafc18383", 0xa) fanotify_init(0x8, 0x40000) 13:05:57 executing program 3 (fault-call:1 fault-nth:1): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:05:57 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xffff, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) write$snapshot(0xffffffffffffffff, &(0x7f0000000040)="419283d2a68f920f71a51f6a5462717429838cd6b9f7019cd72999583103", 0x1e) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f00000000c0)) [ 1415.677262] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 13:05:57 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000080)={0x7ff, 0x1, 0x4, 0x100000, 0xfffffff7, {0x0, 0xea60}, {0x5, 0x1, 0x4c, 0x1, 0x6, 0xea, "deb5168a"}, 0x7, 0x1, @offset=0x7ff, 0xb2c2, 0x0, r1}) 13:05:57 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0xffffffff, 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000100)={0x5, [0x3, 0x1ff, 0x2, 0x1, 0x101]}, 0xe) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@sack_perm, @timestamp, @window={0x3, 0x2, 0x8}], 0x3) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vim2m\x00', 0x2, 0x0) 13:05:57 executing program 5: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) sendmsg$L2TP_CMD_SESSION_CREATE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0xfff0000000000000}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004004}, 0x240000d0) fanotify_init(0x10, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @local}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x486b}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0xfffd}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, [], 0x35}}, @L2TP_ATTR_L2SPEC_TYPE={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) [ 1415.758517] FAULT_INJECTION: forcing a failure. [ 1415.758517] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.790027] CPU: 1 PID: 30837 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1415.797943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1415.807299] Call Trace: [ 1415.809896] dump_stack+0x1b2/0x281 [ 1415.813530] should_fail.cold+0x10a/0x149 [ 1415.817683] should_failslab+0xd6/0x130 [ 1415.821658] __kmalloc+0x2c1/0x400 [ 1415.825195] ? __vb2_queue_alloc+0xf4/0xd90 [ 1415.829515] __vb2_queue_alloc+0xf4/0xd90 [ 1415.833663] ? is_bpf_text_address+0xb8/0x150 [ 1415.838152] ? kernel_text_address+0xbd/0xf0 [ 1415.842562] vb2_core_create_bufs+0x279/0x5a0 [ 1415.847056] ? __vb2_queue_free+0x7a0/0x7a0 [ 1415.851377] ? trace_hardirqs_on+0x10/0x10 [ 1415.855606] ? __lock_acquire+0x5fc/0x3f20 [ 1415.859839] vb2_create_bufs+0x2e1/0x5b0 [ 1415.863900] ? vb2_thread_start+0x310/0x310 [ 1415.868218] ? trace_hardirqs_on+0x10/0x10 [ 1415.872455] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1415.877037] v4l_create_bufs+0xa4/0x150 [ 1415.881010] __video_do_ioctl+0x65b/0x6a0 [ 1415.885159] ? video_ioctl2+0x30/0x30 [ 1415.889041] ? __might_fault+0x177/0x1b0 [ 1415.893093] ? video_ioctl2+0x30/0x30 [ 1415.896898] video_usercopy+0xfd/0xe70 [ 1415.900793] ? v4l_g_ctrl+0x390/0x390 [ 1415.904590] ? proc_fail_nth_write+0x7b/0x180 [ 1415.909082] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1415.914010] ? trace_hardirqs_on+0x10/0x10 [ 1415.918243] ? fsnotify+0x974/0x11b0 [ 1415.921951] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1415.926873] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1415.931886] v4l2_ioctl+0x1bb/0x2f0 [ 1415.935512] ? v4l2_open+0x2f0/0x2f0 [ 1415.939223] do_vfs_ioctl+0x75a/0xff0 [ 1415.943019] ? ioctl_preallocate+0x1a0/0x1a0 [ 1415.947445] ? lock_downgrade+0x740/0x740 [ 1415.951591] ? __fget+0x225/0x360 [ 1415.955040] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.959013] ? security_file_ioctl+0x83/0xb0 [ 1415.963418] SyS_ioctl+0x7f/0xb0 [ 1415.966777] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.970746] do_syscall_64+0x1d5/0x640 [ 1415.974636] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1415.979820] RIP: 0033:0x466459 [ 1415.983022] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1415.990728] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1415.997993] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1416.005258] RBP: 00007efc3f3221d0 R08: 0000000000000000 R09: 0000000000000000 [ 1416.012521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1416.019791] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:05:57 executing program 5: syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fanotify_init(0x10, 0x0) [ 1416.065249] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1416.083018] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1416.088216] CPU: 0 PID: 30836 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1416.096095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1416.105454] Call Trace: [ 1416.108050] dump_stack+0x1b2/0x281 [ 1416.111687] warn_alloc.cold+0x96/0x1cc 13:05:57 executing program 5: fanotify_init(0x10, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080)='wireguard\x00', 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x93ab40cbe89a423a}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r1, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_FLAGS={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x480c) 13:05:57 executing program 5: fanotify_init(0x78, 0x149000) fanotify_init(0x40, 0x80000) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x1000, 0x80) write$P9_RMKNOD(r1, &(0x7f0000000080)={0x14, 0x13, 0x1, {0x8, 0x1, 0x8}}, 0x14) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x5) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0xd85a) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0xff) [ 1416.115674] ? zone_watermark_ok_safe+0x220/0x220 [ 1416.120528] ? trace_hardirqs_on+0x10/0x10 [ 1416.124770] ? deref_stack_reg+0x124/0x1a0 [ 1416.129018] ? fs_reclaim_release+0xd0/0x110 [ 1416.133444] __vmalloc_node_range+0x10e/0x150 [ 1416.138038] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1416.143411] vmalloc_user+0x47/0xa0 [ 1416.147049] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1416.151565] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1416.151573] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1416.151583] __vb2_queue_alloc+0x47a/0xd90 13:05:57 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x0) write$P9_RLERROR(r0, &(0x7f0000000040)={0xc, 0x7, 0x2, {0x3, '%%%'}}, 0xc) fanotify_init(0x10, 0x0) ioctl$SIOCPNDELRESOURCE(r0, 0x89ef, &(0x7f0000000080)=0x80) [ 1416.151603] vb2_core_create_bufs+0x279/0x5a0 [ 1416.151614] ? __vb2_queue_free+0x7a0/0x7a0 [ 1416.174136] ? trace_hardirqs_on+0x10/0x10 [ 1416.174147] ? __lock_acquire+0x5fc/0x3f20 [ 1416.182616] vb2_create_bufs+0x2e1/0x5b0 [ 1416.186719] ? vb2_thread_start+0x310/0x310 [ 1416.191051] ? trace_hardirqs_on+0x10/0x10 [ 1416.195290] ? mark_held_locks+0xa6/0xf0 [ 1416.199356] ? trace_hardirqs_on+0x10/0x10 [ 1416.203595] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1416.208192] v4l_create_bufs+0xa4/0x150 [ 1416.208205] __video_do_ioctl+0x65b/0x6a0 [ 1416.208219] ? video_ioctl2+0x30/0x30 [ 1416.208230] ? __might_fault+0x177/0x1b0 [ 1416.208240] ? video_ioctl2+0x30/0x30 [ 1416.208249] video_usercopy+0xfd/0xe70 [ 1416.208261] ? v4l_g_ctrl+0x390/0x390 [ 1416.208273] ? lock_acquire+0x170/0x3f0 [ 1416.239723] ? trace_hardirqs_on+0x10/0x10 [ 1416.239737] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1416.248960] v4l2_ioctl+0x1bb/0x2f0 [ 1416.252589] ? v4l2_open+0x2f0/0x2f0 [ 1416.256300] do_vfs_ioctl+0x75a/0xff0 [ 1416.260096] ? ioctl_preallocate+0x1a0/0x1a0 [ 1416.264499] ? lock_downgrade+0x740/0x740 [ 1416.268629] ? __fget+0x225/0x360 [ 1416.272068] ? do_vfs_ioctl+0xff0/0xff0 [ 1416.276077] ? security_file_ioctl+0x83/0xb0 [ 1416.280471] SyS_ioctl+0x7f/0xb0 [ 1416.283819] ? do_vfs_ioctl+0xff0/0xff0 [ 1416.287785] do_syscall_64+0x1d5/0x640 [ 1416.291659] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1416.296833] RIP: 0033:0x466459 [ 1416.300004] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1416.307708] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1416.314976] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1416.322227] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1416.329482] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1416.336747] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1416.344947] warn_alloc_show_mem: 1 callbacks suppressed [ 1416.344950] Mem-Info: [ 1416.352769] active_anon:223656 inactive_anon:6741 isolated_anon:0 [ 1416.352769] active_file:6840 inactive_file:44121 isolated_file:0 [ 1416.352769] unevictable:0 dirty:346 writeback:0 unstable:0 [ 1416.352769] slab_reclaimable:21690 slab_unreclaimable:131021 [ 1416.352769] mapped:62214 shmem:6935 pagetables:16017 bounce:0 [ 1416.352769] free:1179780 free_pcp:284 free_cma:0 [ 1416.387103] Node 0 active_anon:894624kB inactive_anon:26964kB active_file:27236kB inactive_file:176484kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248864kB dirty:1392kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1416.415846] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1416.441745] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1416.467973] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1416.473625] Node 0 DMA32 free:661416kB min:36200kB low:45248kB high:54296kB active_anon:894624kB inactive_anon:26964kB active_file:27236kB inactive_file:176484kB unevictable:0kB writepending:1396kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27424kB pagetables:64068kB bounce:0kB free_pcp:1276kB local_pcp:576kB free_cma:0kB [ 1416.505323] lowmem_reserve[]: 0 0 0 0 0 [ 1416.509312] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1416.534909] lowmem_reserve[]: 0 0 0 0 0 [ 1416.538893] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1416.569662] lowmem_reserve[]: 0 0 0 0 0 [ 1416.573758] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1416.587538] Node 0 DMA32: 714*4kB (UME) 204*8kB (UME) 65*16kB (UE) 7*32kB (UE) 0*64kB 4*128kB (UM) 22*256kB (M) 12*512kB (ME) 4*1024kB (UME) 2*2048kB (UM) 155*4096kB (UM) = 661112kB [ 1416.604509] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1416.615291] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1416.632637] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1416.641547] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1416.650802] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1416.659714] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1416.668349] 25352 total pagecache pages [ 1416.672316] 0 pages in swap cache [ 1416.675817] Swap cache stats: add 0, delete 0, find 0/0 [ 1416.681163] Free swap = 0kB [ 1416.684222] Total swap = 0kB [ 1416.687255] 2097051 pages RAM [ 1416.690344] 0 pages HighMem/MovableOnly [ 1416.694382] 363849 pages reserved [ 1416.697819] 0 pages cma reserved [ 1416.706543] FAULT_INJECTION: forcing a failure. [ 1416.706543] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1416.718424] CPU: 0 PID: 30839 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1416.726300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1416.735675] Call Trace: [ 1416.738265] dump_stack+0x1b2/0x281 [ 1416.741893] should_fail.cold+0x10a/0x149 [ 1416.746250] __alloc_pages_nodemask+0x22c/0x2720 [ 1416.751354] ? __lock_acquire+0x5fc/0x3f20 [ 1416.755587] ? trace_hardirqs_on+0x10/0x10 [ 1416.759818] ? _raw_spin_unlock_irq+0x24/0x80 [ 1416.764310] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1416.769322] ? _raw_spin_unlock_irq+0x5a/0x80 [ 1416.773815] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1416.778655] ? trace_hardirqs_on+0x10/0x10 [ 1416.782892] ? lock_acquire+0x170/0x3f0 [ 1416.786861] ? mem_cgroup_id_get_online+0xb0/0xb0 [ 1416.791712] ? check_preemption_disabled+0x35/0x240 [ 1416.796730] ? __unlock_page_memcg+0x4f/0x100 [ 1416.801226] alloc_pages_current+0x155/0x260 [ 1416.805626] __get_free_pages+0xb/0x40 [ 1416.809494] __tlb_remove_page_size+0x272/0x440 [ 1416.814170] unmap_page_range+0xf92/0x1ce0 [ 1416.818401] ? vm_normal_page_pmd+0x340/0x340 [ 1416.822877] unmap_single_vma+0x147/0x2b0 [ 1416.827006] unmap_vmas+0x9d/0x160 [ 1416.830523] exit_mmap+0x270/0x4d0 [ 1416.834054] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 1416.838720] ? kmem_cache_free+0x23a/0x2b0 [ 1416.842934] ? __khugepaged_exit+0x29b/0x3c0 [ 1416.847320] mmput+0xfa/0x420 [ 1416.850426] do_exit+0x984/0x2850 [ 1416.853867] ? mm_update_next_owner+0x5b0/0x5b0 [ 1416.858520] ? get_signal+0x323/0x1ca0 [ 1416.862383] ? lock_acquire+0x170/0x3f0 [ 1416.866345] ? lock_downgrade+0x740/0x740 [ 1416.870470] do_group_exit+0x100/0x2e0 [ 1416.874334] get_signal+0x38d/0x1ca0 [ 1416.878029] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1416.883472] do_signal+0x7c/0x1550 [ 1416.887005] ? fsnotify+0x974/0x11b0 [ 1416.890703] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1416.895619] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1416.900618] ? setup_sigcontext+0x820/0x820 [ 1416.904942] ? v4l2_ioctl+0x1d0/0x2f0 [ 1416.908725] ? v4l2_open+0x2f0/0x2f0 [ 1416.912418] ? do_vfs_ioctl+0xe2/0xff0 [ 1416.916283] ? ioctl_preallocate+0x1a0/0x1a0 [ 1416.920710] ? lock_downgrade+0x740/0x740 [ 1416.924850] ? check_preemption_disabled+0x35/0x240 [ 1416.929849] ? kick_process+0xe4/0x170 [ 1416.933719] ? task_work_add+0x87/0xe0 [ 1416.937590] ? exit_to_usermode_loop+0x41/0x200 [ 1416.942238] exit_to_usermode_loop+0x160/0x200 [ 1416.946949] ? SyS_ioctl+0x5c/0xb0 [ 1416.950521] do_syscall_64+0x4a3/0x640 [ 1416.954394] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1416.959584] RIP: 0033:0x466459 13:05:58 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0, 0x81}}}) 13:05:58 executing program 5: fanotify_init(0x8, 0x8000) 13:05:58 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x2}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:58 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @local}}, 0x0, 0x0, 0x3c, 0x0, "172afaf5a484d8daffe5ef80214098ad3d9c6d709e95e8fde7fbfeeaab1916f0e94504a8e056ac52e1005949b99482e311ecd5eddae559b2c3f9115e7cff707564fa1003630cb195b138e6db9cedcaa8"}, 0xd8) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x3, @win={{0x7}, 0x0, 0xfdfffffd, 0x0, 0x101, 0x0}}, 0xffffffff}) 13:05:58 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:05:58 executing program 3 (fault-call:1 fault-nth:2): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) [ 1416.962749] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1416.970435] RAX: fffffffffffffe00 RBX: 000000000056bf60 RCX: 0000000000466459 [ 1416.977683] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1416.984930] RBP: 00007f5883dfa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1416.992185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1416.999430] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1417.048772] FAULT_INJECTION: forcing a failure. [ 1417.048772] name failslab, interval 1, probability 0, space 0, times 0 [ 1417.070037] CPU: 0 PID: 30877 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1417.077935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1417.087284] Call Trace: [ 1417.089874] dump_stack+0x1b2/0x281 [ 1417.093506] should_fail.cold+0x10a/0x149 13:05:58 executing program 5: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffffff}) getpeername(0xffffffffffffffff, &(0x7f0000001740)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000017c0)=0x80) sendmsg$nl_route_sched(r0, &(0x7f0000001880)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000044}, 0xc, &(0x7f0000001840)={&(0x7f0000001800)=@getqdisc={0x38, 0x26, 0x300, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x2, 0xc}, {0xe, 0xffe0}, {0xe, 0x2}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x4) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@L2TP_ATTR_FD={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x40054) fanotify_init(0x10, 0x0) 13:05:58 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000002c0)={0xffffffff, 0x12, 0x3, {0x0, @raw_data="1221b7695dd2f9609dcf1ef26c08b2fed8d0a4741434e5b10732160faa960c1cd7c3717502e8d8de88a76440e912815eda01cca5db6ac3764fd4edb8f203d4f5c450d09043da49ffdcb05c1e5142a3f9cc953c0758018f7d9d49934df11422540287bb154d091056da4d551116dfc6a303b7a6a6f184a0d068b3944d5f9051eac116374823b7a7218e7cb4999295803aa500e5ec6768bfa2640ceec55a0b17ee5e2dc790cba3b16b95dd2de9aac4a5a655c4269f6d10d81f37981c03d5a1167d2cb86ced4529c153"}, 0x42a}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000040)={0x2, 0x0, 0x3, {0x6, @pix={0x555, 0x2, 0x3031334d, 0x3, 0xe5, 0xfffff000, 0x1, 0x0, 0x0, 0x4}}, 0xc0}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) 13:05:58 executing program 5: fanotify_init(0x10, 0x0) [ 1417.097652] should_failslab+0xd6/0x130 [ 1417.101624] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1417.106283] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1417.111626] vb2_vmalloc_alloc+0x63/0x2d0 [ 1417.115769] __vb2_queue_alloc+0x47a/0xd90 [ 1417.120013] vb2_core_create_bufs+0x279/0x5a0 [ 1417.124509] ? __vb2_queue_free+0x7a0/0x7a0 [ 1417.128916] ? trace_hardirqs_on+0x10/0x10 [ 1417.133169] ? __lock_acquire+0x5fc/0x3f20 [ 1417.137417] vb2_create_bufs+0x2e1/0x5b0 [ 1417.141481] ? vb2_thread_start+0x310/0x310 13:05:58 executing program 5: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x181002, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000140)={0x9f, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x14, 0x2, &(0x7f0000000000)=@raw=[@map={0x18, 0x2, 0x1, 0x0, r0}], &(0x7f0000000040)='GPL\x00', 0x7f, 0x0, 0x0, 0x41100, 0x2, [], 0x0, 0x5, r1, 0x8, &(0x7f00000000c0)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000100)={0x1, 0xf, 0x1, 0x10001}, 0x10, r2}, 0x78) fanotify_init(0x10, 0x0) 13:05:58 executing program 5: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bsg\x00', 0x1, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r0, 0x8008330e, &(0x7f00000001c0)) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast1}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp6}]}, 0x3c}}, 0x20000080) fanotify_init(0x10, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video2\x00', 0x2, 0x0) [ 1417.145800] ? trace_hardirqs_on+0x10/0x10 [ 1417.150041] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1417.154624] v4l_create_bufs+0xa4/0x150 [ 1417.158598] __video_do_ioctl+0x65b/0x6a0 [ 1417.162751] ? video_ioctl2+0x30/0x30 [ 1417.166554] ? __might_fault+0x177/0x1b0 [ 1417.170614] ? video_ioctl2+0x30/0x30 [ 1417.174411] video_usercopy+0xfd/0xe70 [ 1417.178304] ? v4l_g_ctrl+0x390/0x390 [ 1417.182102] ? proc_fail_nth_write+0x7b/0x180 [ 1417.186607] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1417.191535] ? trace_hardirqs_on+0x10/0x10 [ 1417.195771] ? fsnotify+0x974/0x11b0 13:05:58 executing program 5: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x3304) fanotify_init(0x10, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r0, 0x8008330e, &(0x7f0000000000)) [ 1417.199483] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1417.204410] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1417.209426] v4l2_ioctl+0x1bb/0x2f0 [ 1417.213047] ? v4l2_open+0x2f0/0x2f0 [ 1417.216759] do_vfs_ioctl+0x75a/0xff0 [ 1417.220561] ? ioctl_preallocate+0x1a0/0x1a0 [ 1417.224966] ? lock_downgrade+0x740/0x740 [ 1417.229105] ? __fget+0x225/0x360 [ 1417.232540] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.236512] ? security_file_ioctl+0x83/0xb0 [ 1417.240906] SyS_ioctl+0x7f/0xb0 [ 1417.244249] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.248205] do_syscall_64+0x1d5/0x640 [ 1417.252076] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1417.257246] RIP: 0033:0x466459 [ 1417.260414] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1417.268100] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1417.275347] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1417.282598] RBP: 00007efc3f3221d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.289852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1417.297104] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1417.312542] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1417.327970] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1417.333504] CPU: 1 PID: 30886 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1417.341384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1417.350721] Call Trace: [ 1417.353304] dump_stack+0x1b2/0x281 [ 1417.356923] warn_alloc.cold+0x96/0x1cc [ 1417.360882] ? zone_watermark_ok_safe+0x220/0x220 [ 1417.365712] ? trace_hardirqs_on+0x10/0x10 [ 1417.369936] ? deref_stack_reg+0x124/0x1a0 [ 1417.374153] ? fs_reclaim_release+0xd0/0x110 [ 1417.378541] __vmalloc_node_range+0x10e/0x150 [ 1417.383029] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1417.388379] vmalloc_user+0x47/0xa0 [ 1417.392051] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1417.396355] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1417.401697] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1417.405835] __vb2_queue_alloc+0x47a/0xd90 [ 1417.410068] vb2_core_create_bufs+0x279/0x5a0 [ 1417.414561] ? __vb2_queue_free+0x7a0/0x7a0 [ 1417.418864] ? trace_hardirqs_on+0x10/0x10 [ 1417.423085] ? __lock_acquire+0x5fc/0x3f20 [ 1417.427307] vb2_create_bufs+0x2e1/0x5b0 [ 1417.431349] ? vb2_thread_start+0x310/0x310 [ 1417.435688] ? trace_hardirqs_on+0x10/0x10 [ 1417.439903] ? mark_held_locks+0xa6/0xf0 [ 1417.443953] ? trace_hardirqs_on+0x10/0x10 [ 1417.448176] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1417.452753] v4l_create_bufs+0xa4/0x150 [ 1417.456717] __video_do_ioctl+0x65b/0x6a0 [ 1417.460857] ? video_ioctl2+0x30/0x30 [ 1417.464644] ? __might_fault+0x177/0x1b0 [ 1417.468694] ? video_ioctl2+0x30/0x30 [ 1417.472497] video_usercopy+0xfd/0xe70 [ 1417.476368] ? v4l_g_ctrl+0x390/0x390 [ 1417.480154] ? lock_acquire+0x170/0x3f0 [ 1417.484130] ? trace_hardirqs_on+0x10/0x10 [ 1417.488370] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1417.493364] v4l2_ioctl+0x1bb/0x2f0 [ 1417.496969] ? v4l2_open+0x2f0/0x2f0 [ 1417.500660] do_vfs_ioctl+0x75a/0xff0 [ 1417.504452] ? ioctl_preallocate+0x1a0/0x1a0 [ 1417.508848] ? lock_downgrade+0x740/0x740 [ 1417.512978] ? __fget+0x225/0x360 [ 1417.516409] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.520370] ? security_file_ioctl+0x83/0xb0 [ 1417.524773] SyS_ioctl+0x7f/0xb0 [ 1417.528139] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.532102] do_syscall_64+0x1d5/0x640 [ 1417.535981] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1417.541763] RIP: 0033:0x466459 [ 1417.544935] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1417.552634] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1417.559905] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1417.567155] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1417.574420] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1417.581673] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1417.591530] Mem-Info: [ 1417.594379] active_anon:223635 inactive_anon:6741 isolated_anon:0 [ 1417.594379] active_file:6840 inactive_file:44131 isolated_file:0 [ 1417.594379] unevictable:0 dirty:356 writeback:0 unstable:0 [ 1417.594379] slab_reclaimable:21684 slab_unreclaimable:131223 [ 1417.594379] mapped:62234 shmem:6935 pagetables:16013 bounce:0 [ 1417.594379] free:1179685 free_pcp:350 free_cma:0 [ 1417.628723] Node 0 active_anon:894540kB inactive_anon:26964kB active_file:27236kB inactive_file:176524kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248956kB dirty:1424kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1417.658078] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1417.684799] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1417.711867] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1417.717108] Node 0 DMA32 free:661492kB min:36200kB low:45248kB high:54296kB active_anon:894596kB inactive_anon:26964kB active_file:27236kB inactive_file:176536kB unevictable:0kB writepending:1456kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27360kB pagetables:64068kB bounce:0kB free_pcp:1392kB local_pcp:588kB free_cma:0kB [ 1417.747625] lowmem_reserve[]: 0 0 0 0 0 [ 1417.751640] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1417.777264] lowmem_reserve[]: 0 0 0 0 0 [ 1417.781251] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1417.808935] lowmem_reserve[]: 0 0 0 0 0 [ 1417.813011] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1417.826690] Node 0 DMA32: 755*4kB (UME) 290*8kB (UME) 56*16kB (UME) 3*32kB (UE) 1*64kB (M) 2*128kB (UM) 21*256kB (M) 12*512kB (ME) 4*1024kB (UME) 2*2048kB (UM) 155*4096kB (UM) = 661244kB [ 1417.843957] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1417.855187] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1417.873078] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1417.881937] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1417.891136] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1417.900538] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1417.909648] 25367 total pagecache pages [ 1417.914054] 0 pages in swap cache [ 1417.917525] Swap cache stats: add 0, delete 0, find 0/0 [ 1417.923752] Free swap = 0kB [ 1417.926774] Total swap = 0kB [ 1417.929785] 2097051 pages RAM [ 1417.933932] 0 pages HighMem/MovableOnly [ 1417.937920] 363849 pages reserved [ 1417.941354] 0 pages cma reserved [ 1417.946210] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1417.958242] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1417.963847] CPU: 0 PID: 30902 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1417.971720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1417.981065] Call Trace: [ 1417.983640] dump_stack+0x1b2/0x281 [ 1417.987261] warn_alloc.cold+0x96/0x1cc [ 1417.991233] ? zone_watermark_ok_safe+0x220/0x220 [ 1417.996063] ? trace_hardirqs_on+0x10/0x10 [ 1418.000294] ? deref_stack_reg+0x124/0x1a0 [ 1418.004514] ? fs_reclaim_release+0xd0/0x110 [ 1418.008960] __vmalloc_node_range+0x10e/0x150 [ 1418.013445] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1418.018788] vmalloc_user+0x47/0xa0 [ 1418.022405] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1418.026714] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1418.032065] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1418.036194] __vb2_queue_alloc+0x47a/0xd90 [ 1418.040459] vb2_core_create_bufs+0x279/0x5a0 [ 1418.044936] ? __vb2_queue_free+0x7a0/0x7a0 [ 1418.049244] ? trace_hardirqs_on+0x10/0x10 [ 1418.053460] ? __lock_acquire+0x5fc/0x3f20 [ 1418.057688] vb2_create_bufs+0x2e1/0x5b0 [ 1418.061733] ? vb2_thread_start+0x310/0x310 [ 1418.066035] ? trace_hardirqs_on+0x10/0x10 [ 1418.070245] ? mark_held_locks+0xa6/0xf0 [ 1418.074283] ? trace_hardirqs_on+0x10/0x10 [ 1418.078504] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1418.083190] v4l_create_bufs+0xa4/0x150 [ 1418.087156] __video_do_ioctl+0x65b/0x6a0 [ 1418.091291] ? video_ioctl2+0x30/0x30 [ 1418.095181] ? __might_fault+0x177/0x1b0 [ 1418.099233] ? video_ioctl2+0x30/0x30 [ 1418.103137] video_usercopy+0xfd/0xe70 [ 1418.107019] ? v4l_g_ctrl+0x390/0x390 [ 1418.110807] ? lock_acquire+0x170/0x3f0 [ 1418.114772] ? trace_hardirqs_on+0x10/0x10 [ 1418.118990] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1418.124032] v4l2_ioctl+0x1bb/0x2f0 [ 1418.127641] ? v4l2_open+0x2f0/0x2f0 [ 1418.131333] do_vfs_ioctl+0x75a/0xff0 [ 1418.135119] ? ioctl_preallocate+0x1a0/0x1a0 [ 1418.139506] ? lock_downgrade+0x740/0x740 [ 1418.143653] ? __fget+0x225/0x360 [ 1418.147102] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.151063] ? security_file_ioctl+0x83/0xb0 [ 1418.155457] SyS_ioctl+0x7f/0xb0 [ 1418.158802] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.162757] do_syscall_64+0x1d5/0x640 [ 1418.166627] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1418.171796] RIP: 0033:0x466459 [ 1418.174965] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1418.182658] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1418.189914] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 13:05:59 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xffffffff, 0x0, 0x8}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:05:59 executing program 5: fanotify_init(0x40, 0x40000) 13:05:59 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x7, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1418.197171] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1418.204688] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1418.211944] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:05:59 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xfffffffd}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:05:59 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, 0xfffffffffffffffe) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x8, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x4, 0x1000}, 0x9, 0x9, 0x0, 0x3, 0x0}}, 0x9f08}) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x1, @raw_data="6cf7756c70f55bd89f9b92337cbc8cfcddd36073d563d80f2c57d6aed66ec7e4bf0638bcd9a690a22129aa9c111f9c2f5dfba4e33583f8b47034892545995f7a8dfcf6ed1ad27844900f477ae1182cec015194d552501245f711907d13ace877de7d11bb664e438016bb69c10bd812025a33cb4312df86f6fdf73a99bd241b7146c61493ac2b8a00354dc5a3b0888b7d362ad0bc5b05df3649c40eb6e426a7245c9d4b56f572f11e7be5723467fb9eae79f9aa539bad3bd61627489feebfe0ee7e347ea020182636"}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x3, 0xffffffff, 0x4, {0x3, @sdr={0x34565559, 0x7}}, 0x80000000}) 13:05:59 executing program 3 (fault-call:1 fault-nth:3): r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:05:59 executing program 5: fanotify_init(0x8, 0x8000) 13:05:59 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0xf8, 0x2) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nvram\x00', 0x90b00, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x3, {0x2, @win={{0x0, 0x0, 0xfffff7fc, 0x1000}, 0x8, 0xffdffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000080)={0x2, @sdr={0x30385056, 0x1}}) 13:05:59 executing program 2: pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000002601000025bd70f7ffd3df2500cbd28164fe560bd1cf8ada964ce94cc9eb5aac", @ANYRES32=0x0, @ANYBLOB="01000d00fffff2ff00000c0004000a0004000a0004000a0004000a0004000a0004000a0004000a0004000a0004000a0004000a00"], 0x4c}}, 0x4000801) write$UHID_SET_REPORT_REPLY(r1, &(0x7f0000000900)={0xe, {0x7, 0x5, 0x47, 0x1000, "147dec9175fe1a6537207b2db9487a40e675d3a6a8413b155be9025897ed356823da6714a234ff7d783fb54be274cdf34dcc2f89624d806e9d3b00d751d3b7ca45e42c396bb9edfb8876a9bdd8d0ad40819c3c1caa2ec72818dfc046b1dd202ec1fdc565a2b78d822cc9b5e1466a944a199f07e8d0be345b2a43f67dd86f3de99b73025b440f87cbef3f1ed0220853502324b18d51a489672fda268ca293833a68e218224ebd2cef6ad372bf5170441952b6ef07c1eb0c337de1279b046963a9f6f8da7141f7625e11e8a6df4b95ca064f8cf99e785e857a5a41a0362a9147af958c49fcdaf9ba4c32332776b8259b2d9e31a600b2254a455932f71647dc5a02f25cfd3b3b683aed2f3edd5dfc6587bd3db1be476ec743fbc010352d99432d5e08ef2c62dbb7c768b539f412b2fa51f193180813e9da1e78f937f3ca845553a3dc7fd911bee89e31d11759293efb800f94a7d2831b63cccffa6fb0d7c1bd97cd75624553ad9ff18d7820061f5b428561f9a001b1d837cac2ac7d933ca93b863523faa7291e00bbb59a41d5243748db0de678ae12adc509e4141b4cb4dcff196b282bc36e5535c3e947d75e188c9c28e60e86c43514d8f99e57d145d289e3f51a6a47e3843b1e1b3b0febb84c7ce29c6cfae41b9127b1cdecb1ea85f43e85316d79ac954f656c74494f2b031b7a9f4cbdaac6d090e2cd907947e061d159407717f5da25e999951f0304b09cc3e9c921f696f39710fee04ddc179f4b802364fd2efe723d4847f0fc10709dde89969378915c5efbfd3265915db49f86befd0da6e6fdf81103175547f96a7e173c5c78e76f48008615e98d3ebebf6f0a22a0f97e958d8139478236c803ef769c691f3cfd7e424908ee94e8b54c767a799e0c90aaa93b60b5a4e5d7b5430161c976b1772fd40152830a769f6f58f19b1827f7ef1321f213b11acb9ac0915abed824858a3f9b0764486e9d1d5edbc9071d0ff5accaeae3d3eb67eda15a25680cb38c3c1e2d0eb97230b4426f79457e066991bbbacb37dffc3f5fa1ae7dbd2ccfbba8fc91d555922b39e6f4efd3a32375b8a5aefdd9b49fc3e81e4e0fbcfb4db99fb2419e5acacde5e2e7d5a5c99de52c4ca12c4d7218ef7065d808613e5ec4bd7f9716ed6a4cbaf710b6a6cd6a565211d4081ade430e1ea65bd5f7ecb2c490dc153ee3993a4517a4f9c328619ba12c62955f19b67adacb453bc27e237b6dfd9ccc068827b6bb464bc8a70fc631891425a336ad4d9b066d6fabe4a55b506a866b8d2c985e813dc244739e7e0350af7af42c4dcb041a0b53db6441f215d0406f4ac5572277fea7c8c597cd7d986aba000a9699e11c58b5fd4db8f50d8eaad6fccf2778517b0ec38ae484c49fb86307a3fc495cc7c3535108619b4eb5fd251487542aa1da96c8b2af8d0fec24aa9292d8788498a716fcfe8155998f1cb7d81a7b818e4441d7e3e73a64f9fcf647ae14cd928c299636b8c511b1691d05f0e1d8899d78c883c9b96dfc0a028c89d54ef0494ab2bd1d485be4f84f4676221a16b982552c4ea7679cedd5ee363da28866f9a5f1ad6f7e5bb0301f3c8e925948649f51c8257f283aad11cd62563aa2cc00920c491def6a8556b52e84940f970cd7a226f2ae3ac926def864686dde4a37b9050a0c2a8a393e447f35d3478bf4c6fdba2e923189c6b373620cdaf14dce30d38faf796d6550a00d8c28010d1903469b5a309d74b6d6df9a9bfe063b4cdec2db2151756d3309fc2449243f89699b54fb65686c72fad3f69855a48c6b12ee245516af9f7b2290edb8bac661a7da87e53cec50b09d0922e7b10463c9c337ac7a93a222989184f00cc2c7bb26cce79e516c1620801ec947c34572374166ac8d7e3660dff32f33834f00986a3b69a43b06927ac004f2ae4ef29eed0f32363b65f5be392f3afbdb4c811c3cb0be0d844c5f83b3b345a4ef0dd9257e150223633822e54acb9e6a52cc9b529c82333b5e9be12bc5508be033ddd5d110ac3f3a3adc026229b3fafbc9180c35fc9ebf3e64cafcfc4ae21f4a0d2374835b232e9770ec8f68291cc3f14a40408d3fa8479d6f71499ed12c7c7ff58c075c53d7f0a81ce035cfaf7fd4d3210371e5070ba9eae1a82e2d628ddea106928a3ae68e98de086dec04765995b93effee02eb3108cd5e27be65c56174f79e998f94807f5d2e2572f2a03cf7e74a7f257b9cae521bbed1c657508f714911e3fffed04cac3feb6b9f0258101269dde68c9b154ed4d3901baab392bdb5099409ca4b02b02679288e4ecd986af3449c9ac54bf11f43a9c153f23e1039bbbe7e3db3306957a1aaba04ccfa7351463f6e3a26c69e37307f20295419fb6fe84366ed1b85084ea685bfc434ead2740f0249fe7c38b9ca60f3b55c55f3bbe47fe049a231b5fa0aebd4fde1ec30f6a13c8f8fc968d4a5a398b1c1f0b8512fbaf242421984ed525ba2fe823f3b71dcab1a496be97ae2bc8bd76c004028b7d8f6a22e0e9c48e1694a70788734196134376eb768da44d6096fbad623d2ce6ba632098a1e7ff173500fc622569c8ffb4e153eceda473fa71bbd828d77326b0e4cd1d96b9d205fc0179ab58e689c93a178a104df7d1adf2448f58c35a986bf9b67c17c8564b1dd25f1b9da3fe67e4000ca425d312b25f78205c812cd53af748abae91b904ebf81765054e806e16dcd86e032d24d426f4975f7247e6d915955391194d16508b6fe6c38d678962caea78a79db621777ea3d1c1e728a1029facbc664927902b197f01a26c9fc972e1b52132deb1f7abb95244df2abc8f9594a4170e4a9e6e07f9ca28e53baa6bc15f9139e9cfb585d940fb4d789d48edd5d1e2166362c37fb7d48be4cf368ca11a6dd428be08bf09df827a97dde070aaedd523115ac1657b9c58c4fc8322d9e514610623795c3f5fad55ec07fb2f8576392c8e62ecc7a91bdc3674e9cfaf3ad2aa957683abecca5ad8da09244c822449f6f10cbc103067fa5e50fa51a0bd78d6a3d1772c412c15736c3639fe01022c2a89e0e3da5c52bb754cfc5b58b03852541f2c6a114c7b1d06610743b1e25a270a7d8a7c51d15527ce331416e1ac1a36469d8315bae4923feaf4c955113ba0caa09b1d6613a482ee4f62142353fcc44ebb29e78c8643158d6169d76e3e23a6973beea2159624de9a99db86ec58da4935583fd2644b4c12ae9541aa56241c5833ac7e569120f0d843ebf4aaf95bd2630594ea19108f3db462f80f9fa817817545c806dfcd0fe705f6c394029dca387cadc0790ca8327b6e8a6e6822e61f46ccbdf6042fe6291f187053813594c12db54f7d9a3ce3ac2d9e7c4fca73e4a0a27d25fae6ad20e403061fbb34ad581fc8f389accd4897200f872bde8802ae6af89c6adb13d0c8219f61b4c75b5b5d6efefd64519442e098bba03fa919c0f6cd04985129d735ed5eee5a11c6d866f3452b8da30d8446c493ebf1a31f9fd1166b60f4ed80df098cdc370c5a8626029ba42cc954c9087f1d62c7da55f101c18c43a07de123f621202824d4de825d61fec33362370542cb8a839951f36eb0c01e4bcb22301e6dc535f5649938ff20a19129a173e1966758df48cea6f9bb6a987cbb32fb04082486d586d855549e018ea14a74214ec8a9bc010fde98fda27cf6476cf4f50c33651d13a68d19dc8258225bcb4af1287f459569cfe8c49e49947c831d5e7693155f7c43471ef10e24245668b3d73f1e3068bac5eefcb21fef3dbf453600399e7781e059e1e16502b8274cff318dc2818f4c19f4318dcec1621d4763589e8463ad7e12a5cd6064bc1bdf9eaab67c4f6b0bcf4db9894ba8b4faa0e19b4fc74fd79a0e80f2d4c443fc01708a32b728e9cb91625635ce084c7fb6cc6000acb658f3dea9ec5979c5734fa2fd6d1a4c8c02d1f05060427ca341eb3f999113d12d5a7ca48fcf1d6be8c1102682d7a1ca560168cd9183801a8794843db885c2ccca7c147cb3cd7c73cbbcf66bcf8dec798f81a63dffa11d18ac55c6ce657fbcc4e11b6d2d7acf5235de6932d929694f21b62a4d3c05c9686fc92bbf1e3cbe5668137e9da6d5e6c65aa82cb082f49dc85570640b7d3e6ffb810b71f91dc3cc7dfa292cf7151035cabcf4f385b3e1cb898db2ae0a07742a22d5506bd36aeb1d6c35fe4bb885af2243134a0e2242a7b218910dee020dda51bec35bdcb4869fc43f5d23924a51a8f021cc9f5b53f997f901543350fc94e2a5b0f26bf02284042ee52b5383c4ef622a87c53fcd03db1219deffaa2aba88218a85152a051c6963e43a2ed4dd3ca9363dbf20c6c518c3a68ce63f6ec067f0eb4452f95d8bd0b007994312bf439247c72e5fb726d21aba305439ff962f352cfbd130344e21bdf82d4bd19cf770a59c5f2fd931fd7ae814205442e0371810bfe8f542fb87c1d7f3a947a51a43e638bb014bbeccf9022adfcfcdd7f7ec0514f4ffa52f850191e81b2b71490b40746c300403f6c3d6501ffa9c6506e21b67e5a0d11135a945f295f2aa39387e72bee17f2497d0afff2cfe2b9d36d8a73726bb0e2b18f23bd7e847b6cf2acf6707a0f3518a1da8cdc469f0d8ed0878169c41d2b31c7edf1e8ebf4a81a8dd2f019dc1d87e854c8792676eb859d1035072ede5030109566c0593f12f112275726d841dc828aac747e589d620fbf81eaaa67e4fd8fbf6ffc70ad98bbfb9a531ccad8f366a7671ee19274d599d514a3a506bfc8ad4f49e0cfc57f39698e71a3100e0589a0def09454b05b79dc4ab6547885dafc96105fc919c8c83d8aa71b54425604aa3cca07f06512bbca7f85adb4b120b1bbcb3da3e915646518d3fe365929aa273f071c8c27c18fb31f80da7a907fac88cf6a26be1212c9329ad1e757a4939f80d889550702347040288cbcf6bf95afea8bffae7488cf799dbae4b2ae9e3aefc15c4cd90e4e1739a68986b4c4497803fdb132e31c1759eb44fbd77c4955af291339366e2e8d72bd40204632c5d225ad1bfa7d94ca8b821e80e3ad993673d494ebea67aa2334c79a603b633c6d33b06704b862b928a599aa3b23e6cb0b0377bde48b89181ec18bc66662d7547a2b686000e7bdb4d1c32e085176fdd91702f65a3efc16a372f15d22c150761aaf0e930bb0b03122f799e5a650ac3f7389f9f766d3adc72a743bbc263419cac40fe9b839420b294b7f4c20fbeb79d680ff41e6dc14eadf47b088e488d287c3770479f9220d1b91d6daa02a0672ceff03af37aa4e2393293018bca531a0e01b14ed9bd3961101e388e55c31eded5ea7c75170103aee4d16b0c330749f0ac068e1af8c1eb8af12ac9cd360466753c40a396cd9d92d0b447433245b84975045fb81429ac4d1e09294438041e7071c6a7f71d6595a0cd909116fdd479581114fc6666da3fd4707579a495cb2578419e5b7d02e192a21e114ed7a5b033276f1db31759b9384e08201b6bae00cb373b15a0bf2e24d1b823d1d6fa5099a3c557e3cfb9aea4d0a24388e2c2639d8b2b661d342884206346b4c8d33bbcf6c173e44b2bcfff474a45e4ad13c869970ac69bef01465182cb3902ca9b2916a61de94d0844eea24a448a6a5c2392928804d64c13b15341b1488feabadf9826b2e50857f4e19b65728bd844abaa489fa32846e6f2b87366830f2d8414eccea784a6fecb86de4547b0291c1f6b98bba99d994dab7ddbe9f3bd83746f8b62f38c495f0fa87d39f85caeb8562fc756a33453625b631222d5226d53a45a969e89b46b5b2282fa92776306c084498d8b886f8adc1333cf5027505a893bfa35430"}}, 0x100c) r2 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000040)={0x15, 0x7, 0x1, {0xc, '/dev/video#\x00'}}, 0x15) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1418.365857] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1418.377950] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1418.386014] CPU: 1 PID: 30930 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1418.393921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1418.403273] Call Trace: [ 1418.405863] dump_stack+0x1b2/0x281 [ 1418.409575] warn_alloc.cold+0x96/0x1cc [ 1418.413651] ? zone_watermark_ok_safe+0x220/0x220 [ 1418.418475] ? trace_hardirqs_on+0x10/0x10 [ 1418.422700] ? deref_stack_reg+0x124/0x1a0 [ 1418.426928] ? fs_reclaim_release+0xd0/0x110 [ 1418.431472] __vmalloc_node_range+0x10e/0x150 [ 1418.436003] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1418.441373] vmalloc_user+0x47/0xa0 [ 1418.444989] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1418.449345] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1418.454687] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1418.458832] __vb2_queue_alloc+0x47a/0xd90 [ 1418.463070] vb2_core_create_bufs+0x279/0x5a0 [ 1418.467559] ? __vb2_queue_free+0x7a0/0x7a0 [ 1418.471878] ? trace_hardirqs_on+0x10/0x10 [ 1418.476124] ? __lock_acquire+0x5fc/0x3f20 [ 1418.480343] vb2_create_bufs+0x2e1/0x5b0 [ 1418.484394] ? futex_wait_queue_me+0x3bb/0x590 [ 1418.488965] ? vb2_thread_start+0x310/0x310 [ 1418.493272] ? trace_hardirqs_on+0x10/0x10 [ 1418.497494] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1418.502076] v4l_create_bufs+0xa4/0x150 [ 1418.506050] __video_do_ioctl+0x65b/0x6a0 [ 1418.510188] ? video_ioctl2+0x30/0x30 [ 1418.513968] ? __might_fault+0x177/0x1b0 [ 1418.518020] ? video_ioctl2+0x30/0x30 [ 1418.521797] video_usercopy+0xfd/0xe70 [ 1418.525673] ? v4l_g_ctrl+0x390/0x390 [ 1418.529460] ? lock_acquire+0x170/0x3f0 [ 1418.533420] ? lock_downgrade+0x740/0x740 [ 1418.537573] ? trace_hardirqs_on+0x10/0x10 [ 1418.541816] ? futex_exit_release+0x220/0x220 [ 1418.546304] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1418.551414] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1418.556453] v4l2_ioctl+0x1bb/0x2f0 [ 1418.560063] ? v4l2_open+0x2f0/0x2f0 [ 1418.563769] do_vfs_ioctl+0x75a/0xff0 [ 1418.567557] ? ioctl_preallocate+0x1a0/0x1a0 [ 1418.571947] ? lock_downgrade+0x740/0x740 [ 1418.576088] ? __fget+0x225/0x360 [ 1418.579527] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.583498] ? security_file_ioctl+0x83/0xb0 [ 1418.587943] SyS_ioctl+0x7f/0xb0 [ 1418.591300] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.595262] do_syscall_64+0x1d5/0x640 [ 1418.599148] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1418.604325] RIP: 0033:0x466459 [ 1418.607506] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:06:00 executing program 5: openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vim2m\x00', 0x2, 0x0) fanotify_init(0x10, 0x101000) [ 1418.615203] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1418.622454] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1418.629724] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1418.636975] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1418.644233] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 [ 1418.661601] warn_alloc_show_mem: 1 callbacks suppressed 13:06:00 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x2710, @my=0x1}, 0x10) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f0000000000), &(0x7f0000000040)=0x8) fanotify_init(0x0, 0x0) getsockopt(r0, 0x1, 0x200, &(0x7f0000000080)=""/40, &(0x7f00000000c0)=0x28) [ 1418.661604] Mem-Info: [ 1418.674024] active_anon:223654 inactive_anon:6741 isolated_anon:0 [ 1418.674024] active_file:6840 inactive_file:44141 isolated_file:0 [ 1418.674024] unevictable:0 dirty:369 writeback:0 unstable:0 [ 1418.674024] slab_reclaimable:21681 slab_unreclaimable:131193 [ 1418.674024] mapped:62246 shmem:6935 pagetables:16022 bounce:0 [ 1418.674024] free:1179743 free_pcp:322 free_cma:0 13:06:00 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000002600)='l2tp\x00', r0) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000004a40)={&(0x7f0000002dc0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000004a00)={&(0x7f0000002e80)={0xec4, 0x0, 0x0, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0xeb0, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g='\xd1s(\x99\xf6\x11\xcd\x89\x94\x03M\x7fA=\xc9Wc\x0eT\x93\xc2\x85\xac\xa4\x00e\xcbc\x11\xbeik'}]}, {0x54, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g='\xd1s(\x99\xf6\x11\xcd\x89\x94\x03M\x7fA=\xc9Wc\x0eT\x93\xc2\x85\xac\xa4\x00e\xcbc\x11\xbeik'}]}, {0x50, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "61193bbda1eaa61d42ff53117daebf2fb2847f03fc21d3d2a2db2f9c67116701"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}]}, {0x814, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x5a4, 0x9, 0x0, 0x1, [{0xdc, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8}, {0x5}}, @ipv4={{0x6}, {0x8}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}]}, {0xac, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @dev}}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8}, {0x5}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @dev}}, {0x5}}]}]}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @local}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g='\xd1s(\x99\xf6\x11\xcd\x89\x94\x03M\x7fA=\xc9Wc\x0eT\x93\xc2\x85\xac\xa4\x00e\xcbc\x11\xbeik'}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @mcast1}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @local}}, @WGPEER_A_ALLOWEDIPS={0x1b0, 0x9, 0x0, 0x1, [{0xa0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x5}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "76f9769a7378f4eca73cbe9ae5b19fd40e06e88e99f12aa489ece273f5950feb"}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x44, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "37988aa31631abcb9c7a30d9f7fa8e08d7ab48015eacc49462f9aa216cfab11f"}]}, {0x57c, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x568, 0x9, 0x0, 0x1, [{0xd0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @local}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}]}, {0x160, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @multicast1}}, {0x5}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5}}]}]}]}]}]}, 0xec4}}, 0x0) fanotify_init(0x10, 0x0) [ 1418.709621] Node 0 active_anon:894672kB inactive_anon:26964kB active_file:27236kB inactive_file:176564kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248984kB dirty:1476kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 765952kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1418.742445] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1418.769101] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1418.795825] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1418.800965] Node 0 DMA32 free:660212kB min:36200kB low:45248kB high:54296kB active_anon:894676kB inactive_anon:26964kB active_file:27236kB inactive_file:176564kB unevictable:0kB writepending:1476kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27296kB pagetables:64088kB bounce:0kB free_pcp:1152kB local_pcp:636kB free_cma:0kB [ 1418.831426] lowmem_reserve[]: 0 0 0 0 0 [ 1418.835501] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1418.861229] lowmem_reserve[]: 0 0 0 0 0 [ 1418.865726] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1418.894212] lowmem_reserve[]: 0 0 0 0 0 [ 1418.898203] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1418.912855] Node 0 DMA32: 811*4kB (UME) 320*8kB (UE) 53*16kB (UME) 5*32kB (UE) 1*64kB (M) 0*128kB 22*256kB (UM) 12*512kB (ME) 4*1024kB (UME) 2*2048kB (UM) 155*4096kB (UM) = 661724kB [ 1418.929339] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1418.940849] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1418.959730] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1418.969068] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1418.978121] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1418.987525] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1418.996617] 25377 total pagecache pages [ 1419.000581] 0 pages in swap cache [ 1419.007213] Swap cache stats: add 0, delete 0, find 0/0 [ 1419.013201] Free swap = 0kB [ 1419.016212] Total swap = 0kB [ 1419.019228] 2097051 pages RAM [ 1419.022316] 0 pages HighMem/MovableOnly [ 1419.030157] 363849 pages reserved [ 1419.034076] 0 pages cma reserved [ 1419.037541] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1419.051778] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1419.057372] CPU: 0 PID: 30929 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1419.065242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1419.074597] Call Trace: [ 1419.077171] dump_stack+0x1b2/0x281 [ 1419.080782] warn_alloc.cold+0x96/0x1cc [ 1419.084748] ? zone_watermark_ok_safe+0x220/0x220 [ 1419.089581] ? trace_hardirqs_on+0x10/0x10 [ 1419.094069] ? deref_stack_reg+0x124/0x1a0 [ 1419.098430] ? fs_reclaim_release+0xd0/0x110 [ 1419.102839] __vmalloc_node_range+0x10e/0x150 [ 1419.107382] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1419.112734] vmalloc_user+0x47/0xa0 [ 1419.116349] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1419.120664] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1419.126016] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1419.130157] __vb2_queue_alloc+0x47a/0xd90 [ 1419.134406] vb2_core_create_bufs+0x279/0x5a0 [ 1419.138888] ? __vb2_queue_free+0x7a0/0x7a0 [ 1419.143213] ? trace_hardirqs_on+0x10/0x10 [ 1419.147470] ? __lock_acquire+0x5fc/0x3f20 [ 1419.151712] vb2_create_bufs+0x2e1/0x5b0 [ 1419.155762] ? vb2_thread_start+0x310/0x310 [ 1419.160067] ? trace_hardirqs_on+0x10/0x10 [ 1419.164282] ? mark_held_locks+0xa6/0xf0 [ 1419.168334] ? trace_hardirqs_on+0x10/0x10 [ 1419.172567] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1419.177135] v4l_create_bufs+0xa4/0x150 [ 1419.181101] __video_do_ioctl+0x65b/0x6a0 [ 1419.185256] ? video_ioctl2+0x30/0x30 [ 1419.189049] ? __might_fault+0x177/0x1b0 [ 1419.193102] ? video_ioctl2+0x30/0x30 [ 1419.196887] video_usercopy+0xfd/0xe70 [ 1419.200767] ? v4l_g_ctrl+0x390/0x390 [ 1419.204558] ? proc_fail_nth_write+0x7b/0x180 [ 1419.209055] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1419.213991] ? trace_hardirqs_on+0x10/0x10 [ 1419.218216] ? fsnotify+0x974/0x11b0 [ 1419.221911] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1419.226823] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1419.231827] v4l2_ioctl+0x1bb/0x2f0 [ 1419.235435] ? v4l2_open+0x2f0/0x2f0 [ 1419.239132] do_vfs_ioctl+0x75a/0xff0 [ 1419.242916] ? ioctl_preallocate+0x1a0/0x1a0 [ 1419.247309] ? lock_downgrade+0x740/0x740 [ 1419.251456] ? __fget+0x225/0x360 [ 1419.254890] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.258845] ? security_file_ioctl+0x83/0xb0 [ 1419.263234] SyS_ioctl+0x7f/0xb0 [ 1419.266578] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.270624] do_syscall_64+0x1d5/0x640 [ 1419.274494] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1419.279665] RIP: 0033:0x466459 [ 1419.282849] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1419.290541] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1419.297815] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1419.305066] RBP: 00007efc3f3221d0 R08: 0000000000000000 R09: 0000000000000000 [ 1419.312312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1419.319589] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1419.348141] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1419.359449] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1419.365520] CPU: 1 PID: 30934 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1419.373404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1419.382737] Call Trace: [ 1419.385325] dump_stack+0x1b2/0x281 [ 1419.388929] warn_alloc.cold+0x96/0x1cc [ 1419.392881] ? zone_watermark_ok_safe+0x220/0x220 [ 1419.397735] ? trace_hardirqs_on+0x10/0x10 [ 1419.401949] ? deref_stack_reg+0x124/0x1a0 [ 1419.406160] ? fs_reclaim_release+0xd0/0x110 [ 1419.410546] __vmalloc_node_range+0x10e/0x150 [ 1419.415020] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1419.420359] vmalloc_user+0x47/0xa0 [ 1419.423964] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1419.428259] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1419.433596] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1419.437733] __vb2_queue_alloc+0x47a/0xd90 [ 1419.441950] vb2_core_create_bufs+0x279/0x5a0 [ 1419.446424] ? __vb2_queue_free+0x7a0/0x7a0 [ 1419.450735] ? trace_hardirqs_on+0x10/0x10 [ 1419.455033] ? __lock_acquire+0x5fc/0x3f20 [ 1419.459247] vb2_create_bufs+0x2e1/0x5b0 [ 1419.463290] ? vb2_thread_start+0x310/0x310 [ 1419.467588] ? trace_hardirqs_on+0x10/0x10 [ 1419.471797] ? mark_held_locks+0xa6/0xf0 [ 1419.475841] ? trace_hardirqs_on+0x10/0x10 [ 1419.480064] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1419.484624] v4l_create_bufs+0xa4/0x150 [ 1419.488573] __video_do_ioctl+0x65b/0x6a0 [ 1419.493308] ? video_ioctl2+0x30/0x30 [ 1419.497083] ? __might_fault+0x177/0x1b0 [ 1419.501125] ? video_ioctl2+0x30/0x30 [ 1419.504923] video_usercopy+0xfd/0xe70 [ 1419.508787] ? v4l_g_ctrl+0x390/0x390 [ 1419.512563] ? lock_acquire+0x170/0x3f0 [ 1419.516513] ? trace_hardirqs_on+0x10/0x10 [ 1419.520725] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1419.525716] v4l2_ioctl+0x1bb/0x2f0 [ 1419.529317] ? v4l2_open+0x2f0/0x2f0 [ 1419.533009] do_vfs_ioctl+0x75a/0xff0 [ 1419.536786] ? ioctl_preallocate+0x1a0/0x1a0 [ 1419.541166] ? lock_downgrade+0x740/0x740 [ 1419.545293] ? __fget+0x225/0x360 [ 1419.548722] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.552677] ? security_file_ioctl+0x83/0xb0 [ 1419.557060] SyS_ioctl+0x7f/0xb0 [ 1419.560411] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.564363] do_syscall_64+0x1d5/0x640 [ 1419.568242] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1419.573412] RIP: 0033:0x466459 [ 1419.576578] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1419.584262] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1419.591507] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1419.598752] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1419.605996] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1419.613242] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1419.640782] FAULT_INJECTION: forcing a failure. [ 1419.640782] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1419.652706] CPU: 1 PID: 30929 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1419.660587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1419.669936] Call Trace: [ 1419.672526] dump_stack+0x1b2/0x281 [ 1419.676155] should_fail.cold+0x10a/0x149 [ 1419.680300] __alloc_pages_nodemask+0x22c/0x2720 [ 1419.685057] ? __lock_acquire+0x5fc/0x3f20 [ 1419.689306] ? trace_hardirqs_on+0x10/0x10 [ 1419.693558] ? trace_hardirqs_on+0x10/0x10 [ 1419.697792] ? deref_stack_reg+0x124/0x1a0 [ 1419.702021] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 1419.707905] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1419.712741] ? trace_hardirqs_on+0x10/0x10 [ 1419.716970] ? unwind_next_frame+0xe54/0x17d0 [ 1419.721462] ? lock_acquire+0x170/0x3f0 [ 1419.725432] ? mem_cgroup_id_get_online+0xb0/0xb0 [ 1419.730270] ? check_preemption_disabled+0x35/0x240 [ 1419.735281] ? __unlock_page_memcg+0x4f/0x100 13:06:01 executing program 1: r0 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@l2tp={0x2, 0x0, @loopback}, &(0x7f0000000100)=0x80, 0x80800) accept4(r0, 0x0, &(0x7f0000000140), 0x81800) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000040)=@target_default='target default\x00', 0xf) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:01 executing program 5: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) fanotify_init(0x10, 0x0) 13:06:01 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:01 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0x401, 0x4, 0x4, 0x4, 0x10001, {r1, r2/1000+10000}, {0x2, 0x8, 0x4, 0xf9, 0x6, 0x8d, "043fbd72"}, 0x99cb, 0x2, @userptr=0x8034, 0x2}) 13:06:01 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x100000000, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000080)={0x3, @sliced={0x8, [0xe54a, 0x101, 0xb6b9, 0x8, 0x1, 0x0, 0xec44, 0x7, 0x7ff, 0x3f, 0x7b, 0x2, 0x0, 0x6, 0x6, 0x5, 0x800, 0xd14c, 0xff, 0x7, 0x9, 0x9, 0x8, 0xfff, 0x0, 0x82f0, 0xf6, 0xff, 0xfffb, 0x6, 0x9, 0xfffb, 0x0, 0xfff9, 0x1ff, 0x9, 0x1, 0x4, 0x800, 0x2f99, 0x9, 0x40, 0x1, 0x7, 0x20, 0x32e4, 0x4]}}) [ 1419.739782] alloc_pages_current+0x155/0x260 [ 1419.744193] __get_free_pages+0xb/0x40 [ 1419.748076] __tlb_remove_page_size+0x272/0x440 [ 1419.752749] unmap_page_range+0xf92/0x1ce0 [ 1419.756992] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1419.762350] ? vm_normal_page_pmd+0x340/0x340 [ 1419.766842] unmap_single_vma+0x147/0x2b0 [ 1419.770989] unmap_vmas+0x9d/0x160 [ 1419.774526] exit_mmap+0x270/0x4d0 [ 1419.778067] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 1419.782743] ? kmem_cache_free+0x23a/0x2b0 [ 1419.784538] syz-executor.1: [ 1419.786988] ? __khugepaged_exit+0x29b/0x3c0 [ 1419.787000] mmput+0xfa/0x420 [ 1419.787011] do_exit+0x984/0x2850 [ 1419.787025] ? mm_update_next_owner+0x5b0/0x5b0 [ 1419.787038] ? get_signal+0x323/0x1ca0 [ 1419.790771] vmalloc: allocation failure: 0 bytes [ 1419.794436] ? lock_acquire+0x170/0x3f0 [ 1419.794445] ? lock_downgrade+0x740/0x740 [ 1419.794457] do_group_exit+0x100/0x2e0 [ 1419.794469] get_signal+0x38d/0x1ca0 [ 1419.794476] ? lock_acquire+0x170/0x3f0 [ 1419.794493] do_signal+0x7c/0x1550 13:06:01 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f0000000080)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:01 executing program 5: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@newchain={0x34, 0x64, 0x20, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r0, {0xfff2, 0x3}, {0xe, 0xb}, {0x8, 0xc}}, [@TCA_RATE={0x6, 0x5, {0x9f, 0x7f}}, @TCA_CHAIN={0x8, 0xb, 0x3f}]}, 0x34}, 0x1, 0x0, 0x0, 0xc4}, 0x4000085) fanotify_init(0x10, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f0000000040)=0x8, 0x4) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r1}, 0x8) write$P9_RLERROR(r2, &(0x7f00000000c0)={0xd, 0x7, 0x1, {0x4, '^:@('}}, 0xd) 13:06:01 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffc, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) write$snapshot(r2, &(0x7f0000000080)="895846d7e0d31d6d0d3a8880e4e8afed123268c2306ce50190b53908d4d66a8eec1c33f8ce82904bad9a28617118ad8f02ca5814cb5e74ab380e74c41b245a71fd6f16d26a87f53bc412a4102b24e1387989cc44551cf3849e91e7efe2c0eddeec58654410a514b87c64b2b09c8c4312eb16955c71e882f95801bee74125fe", 0x7f) ioctl$SNAPSHOT_S2RAM(r1, 0x330b) [ 1419.794502] ? wait_for_completion_io+0x10/0x10 [ 1419.794510] ? fsnotify+0x974/0x11b0 [ 1419.794523] ? setup_sigcontext+0x820/0x820 [ 1419.794529] ? v4l2_ioctl+0x1d0/0x2f0 [ 1419.794535] ? v4l2_open+0x2f0/0x2f0 [ 1419.794545] ? do_vfs_ioctl+0xe2/0xff0 [ 1419.794554] ? ioctl_preallocate+0x1a0/0x1a0 [ 1419.794560] ? lock_downgrade+0x740/0x740 [ 1419.794569] ? check_preemption_disabled+0x35/0x240 [ 1419.794579] ? kick_process+0xe4/0x170 [ 1419.794586] ? task_work_add+0x87/0xe0 [ 1419.794593] ? exit_to_usermode_loop+0x41/0x200 [ 1419.794601] exit_to_usermode_loop+0x160/0x200 [ 1419.794607] ? SyS_ioctl+0x5c/0xb0 [ 1419.794617] do_syscall_64+0x4a3/0x640 [ 1419.794628] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1419.794635] RIP: 0033:0x466459 [ 1419.794640] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1419.794648] RAX: fffffffffffffff4 RBX: 000000000056bf60 RCX: 0000000000466459 [ 1419.794653] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1419.794658] RBP: 00007efc3f3221d0 R08: 0000000000000000 R09: 0000000000000000 13:06:01 executing program 5: fanotify_init(0x40, 0x0) [ 1419.794662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1419.794667] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1419.958493] , mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1419.969066] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1419.974307] CPU: 0 PID: 30960 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1419.982274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 13:06:01 executing program 5: fanotify_init(0x10, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x10100, 0x0) ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000080)={0x6, 0x2, 0x0, 0x0, r1}) 13:06:01 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000480)={'wg2\x00'}) fanotify_init(0x10, 0x0) [ 1419.991622] Call Trace: [ 1419.994230] dump_stack+0x1b2/0x281 [ 1419.997862] warn_alloc.cold+0x96/0x1cc [ 1420.001838] ? zone_watermark_ok_safe+0x220/0x220 [ 1420.006674] ? trace_hardirqs_on+0x10/0x10 [ 1420.010907] ? deref_stack_reg+0x124/0x1a0 [ 1420.015142] ? fs_reclaim_release+0xd0/0x110 [ 1420.019552] __vmalloc_node_range+0x10e/0x150 [ 1420.024054] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1420.029419] vmalloc_user+0x47/0xa0 [ 1420.033047] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1420.037366] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1420.042729] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1420.046870] __vb2_queue_alloc+0x47a/0xd90 [ 1420.051132] vb2_core_create_bufs+0x279/0x5a0 [ 1420.055728] ? __vb2_queue_free+0x7a0/0x7a0 [ 1420.060037] ? trace_hardirqs_on+0x10/0x10 [ 1420.064257] ? __lock_acquire+0x5fc/0x3f20 [ 1420.068486] vb2_create_bufs+0x2e1/0x5b0 [ 1420.072536] ? futex_wait_queue_me+0x3bb/0x590 [ 1420.077118] ? vb2_thread_start+0x310/0x310 [ 1420.081433] ? trace_hardirqs_on+0x10/0x10 [ 1420.085655] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1420.090222] v4l_create_bufs+0xa4/0x150 [ 1420.094191] __video_do_ioctl+0x65b/0x6a0 [ 1420.098325] ? video_ioctl2+0x30/0x30 [ 1420.102111] ? __might_fault+0x177/0x1b0 [ 1420.106209] ? video_ioctl2+0x30/0x30 [ 1420.110041] video_usercopy+0xfd/0xe70 [ 1420.113911] ? v4l_g_ctrl+0x390/0x390 [ 1420.117693] ? trace_hardirqs_on+0x10/0x10 [ 1420.121904] ? lock_downgrade+0x740/0x740 [ 1420.126055] ? trace_hardirqs_on+0x10/0x10 [ 1420.130292] ? futex_exit_release+0x220/0x220 [ 1420.134790] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1420.139882] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1420.144887] v4l2_ioctl+0x1bb/0x2f0 [ 1420.148501] ? v4l2_open+0x2f0/0x2f0 [ 1420.152197] do_vfs_ioctl+0x75a/0xff0 [ 1420.155995] ? ioctl_preallocate+0x1a0/0x1a0 [ 1420.160384] ? lock_downgrade+0x740/0x740 [ 1420.164519] ? __fget+0x225/0x360 [ 1420.167960] ? do_vfs_ioctl+0xff0/0xff0 [ 1420.171923] ? security_file_ioctl+0x83/0xb0 [ 1420.176311] SyS_ioctl+0x7f/0xb0 [ 1420.180095] ? do_vfs_ioctl+0xff0/0xff0 [ 1420.184060] do_syscall_64+0x1d5/0x640 [ 1420.187932] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1420.193114] RIP: 0033:0x466459 [ 1420.196290] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1420.203997] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1420.211247] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1420.218516] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1420.225787] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1420.233039] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1420.243265] warn_alloc_show_mem: 2 callbacks suppressed [ 1420.243268] Mem-Info: [ 1420.251076] active_anon:224203 inactive_anon:6741 isolated_anon:0 [ 1420.251076] active_file:6840 inactive_file:44164 isolated_file:0 [ 1420.251076] unevictable:0 dirty:410 writeback:0 unstable:0 [ 1420.251076] slab_reclaimable:21662 slab_unreclaimable:130951 [ 1420.251076] mapped:62277 shmem:6935 pagetables:16065 bounce:0 [ 1420.251076] free:1179344 free_pcp:261 free_cma:0 13:06:01 executing program 5: fanotify_init(0x10, 0x1) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, 0x0, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8084}, 0x40000) [ 1420.285827] Node 0 active_anon:896856kB inactive_anon:26964kB active_file:27236kB inactive_file:176668kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249140kB dirty:1652kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 763904kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1420.314763] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1420.340790] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1420.367653] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1420.372881] Node 0 DMA32 free:661492kB min:36200kB low:45248kB high:54296kB active_anon:894716kB inactive_anon:26964kB active_file:27236kB inactive_file:176676kB unevictable:0kB writepending:1660kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27424kB pagetables:64156kB bounce:0kB free_pcp:1380kB local_pcp:676kB free_cma:0kB [ 1420.403238] lowmem_reserve[]: 0 0 0 0 0 [ 1420.407269] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1420.432870] lowmem_reserve[]: 0 0 0 0 0 [ 1420.436859] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1420.464752] lowmem_reserve[]: 0 0 0 0 0 [ 1420.468746] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1420.482452] Node 0 DMA32: 916*4kB (UME) 187*8kB (UME) 25*16kB (UME) 32*32kB (UME) 2*64kB (UM) 0*128kB 21*256kB (UM) 12*512kB (ME) 4*1024kB (UME) 2*2048kB (UM) 155*4096kB (UM) = 661304kB [ 1420.499750] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1420.510592] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1420.527998] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1420.536933] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1420.545566] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1420.554501] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1420.563526] 25397 total pagecache pages [ 1420.567499] 0 pages in swap cache [ 1420.570929] Swap cache stats: add 0, delete 0, find 0/0 [ 1420.577264] Free swap = 0kB [ 1420.580282] Total swap = 0kB [ 1420.584150] 2097051 pages RAM [ 1420.587252] 0 pages HighMem/MovableOnly [ 1420.591200] 363849 pages reserved [ 1420.595537] 0 pages cma reserved [ 1420.599021] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1420.612676] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1420.617971] CPU: 1 PID: 30962 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1420.625848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1420.635199] Call Trace: [ 1420.637788] dump_stack+0x1b2/0x281 [ 1420.641401] warn_alloc.cold+0x96/0x1cc [ 1420.645372] ? zone_watermark_ok_safe+0x220/0x220 [ 1420.650201] ? trace_hardirqs_on+0x10/0x10 [ 1420.654420] ? deref_stack_reg+0x124/0x1a0 [ 1420.658636] ? fs_reclaim_release+0xd0/0x110 [ 1420.663042] __vmalloc_node_range+0x10e/0x150 [ 1420.667638] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1420.672985] vmalloc_user+0x47/0xa0 [ 1420.676611] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1420.680936] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1420.686284] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1420.690413] __vb2_queue_alloc+0x47a/0xd90 [ 1420.694635] vb2_core_create_bufs+0x279/0x5a0 [ 1420.699111] ? __vb2_queue_free+0x7a0/0x7a0 [ 1420.703423] ? trace_hardirqs_on+0x10/0x10 [ 1420.707646] ? __lock_acquire+0x5fc/0x3f20 [ 1420.711881] vb2_create_bufs+0x2e1/0x5b0 [ 1420.715933] ? vb2_thread_start+0x310/0x310 [ 1420.720232] ? trace_hardirqs_on+0x10/0x10 [ 1420.724446] ? mark_held_locks+0xa6/0xf0 [ 1420.728485] ? trace_hardirqs_on+0x10/0x10 [ 1420.732709] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1420.737278] v4l_create_bufs+0xa4/0x150 [ 1420.741259] __video_do_ioctl+0x65b/0x6a0 [ 1420.745391] ? video_ioctl2+0x30/0x30 [ 1420.749171] ? __might_fault+0x177/0x1b0 [ 1420.753218] ? video_ioctl2+0x30/0x30 [ 1420.757029] video_usercopy+0xfd/0xe70 [ 1420.760901] ? v4l_g_ctrl+0x390/0x390 [ 1420.764682] ? lock_acquire+0x170/0x3f0 [ 1420.768646] ? trace_hardirqs_on+0x10/0x10 [ 1420.772880] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1420.777891] v4l2_ioctl+0x1bb/0x2f0 [ 1420.781498] ? v4l2_open+0x2f0/0x2f0 [ 1420.785223] do_vfs_ioctl+0x75a/0xff0 [ 1420.789019] ? ioctl_preallocate+0x1a0/0x1a0 [ 1420.793414] ? lock_downgrade+0x740/0x740 [ 1420.797583] ? __fget+0x225/0x360 [ 1420.801032] ? do_vfs_ioctl+0xff0/0xff0 [ 1420.804987] ? security_file_ioctl+0x83/0xb0 [ 1420.809374] SyS_ioctl+0x7f/0xb0 [ 1420.812728] ? do_vfs_ioctl+0xff0/0xff0 [ 1420.816691] do_syscall_64+0x1d5/0x640 [ 1420.820575] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1420.825748] RIP: 0033:0x466459 [ 1420.828917] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1420.836619] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1420.843879] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1420.851139] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1420.858390] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1420.865638] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1420.882983] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1420.906130] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1420.911278] CPU: 0 PID: 30978 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1420.919160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1420.928506] Call Trace: [ 1420.931080] dump_stack+0x1b2/0x281 [ 1420.934694] warn_alloc.cold+0x96/0x1cc [ 1420.938652] ? zone_watermark_ok_safe+0x220/0x220 [ 1420.943480] ? trace_hardirqs_on+0x10/0x10 [ 1420.947708] ? deref_stack_reg+0x124/0x1a0 [ 1420.951978] ? fs_reclaim_release+0xd0/0x110 [ 1420.956371] __vmalloc_node_range+0x10e/0x150 [ 1420.960852] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1420.966193] vmalloc_user+0x47/0xa0 [ 1420.969849] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1420.974153] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1420.979494] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1420.983633] __vb2_queue_alloc+0x47a/0xd90 [ 1420.987862] vb2_core_create_bufs+0x279/0x5a0 [ 1420.992338] ? __vb2_queue_free+0x7a0/0x7a0 [ 1420.996649] ? trace_hardirqs_on+0x10/0x10 [ 1421.000886] ? __lock_acquire+0x5fc/0x3f20 [ 1421.005100] vb2_create_bufs+0x2e1/0x5b0 [ 1421.009152] ? vb2_thread_start+0x310/0x310 [ 1421.013454] ? trace_hardirqs_on+0x10/0x10 [ 1421.017681] ? mark_held_locks+0xa6/0xf0 [ 1421.021736] ? trace_hardirqs_on+0x10/0x10 [ 1421.025966] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1421.030549] v4l_create_bufs+0xa4/0x150 [ 1421.034556] __video_do_ioctl+0x65b/0x6a0 [ 1421.038700] ? video_ioctl2+0x30/0x30 [ 1421.042480] ? __might_fault+0x177/0x1b0 [ 1421.046521] ? video_ioctl2+0x30/0x30 [ 1421.050298] video_usercopy+0xfd/0xe70 [ 1421.054175] ? v4l_g_ctrl+0x390/0x390 [ 1421.058042] ? __mutex_unlock_slowpath+0x75/0x770 [ 1421.062864] ? trace_hardirqs_on+0x10/0x10 [ 1421.067078] ? snapshot_ioctl+0x184/0xa70 [ 1421.071207] v4l2_ioctl+0x1bb/0x2f0 [ 1421.074814] ? v4l2_open+0x2f0/0x2f0 [ 1421.078508] do_vfs_ioctl+0x75a/0xff0 [ 1421.082289] ? ioctl_preallocate+0x1a0/0x1a0 [ 1421.086676] ? lock_downgrade+0x740/0x740 [ 1421.090804] ? __fget+0x225/0x360 [ 1421.094241] ? do_vfs_ioctl+0xff0/0xff0 [ 1421.098201] ? security_file_ioctl+0x83/0xb0 [ 1421.102607] SyS_ioctl+0x7f/0xb0 [ 1421.105962] ? do_vfs_ioctl+0xff0/0xff0 [ 1421.109927] do_syscall_64+0x1d5/0x640 [ 1421.113814] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1421.118980] RIP: 0033:0x466459 [ 1421.122154] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1421.129856] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1421.137113] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1421.144368] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1421.151625] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1421.158884] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1421.186157] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1421.197662] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1421.202950] CPU: 0 PID: 31000 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1421.210834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1421.220185] Call Trace: [ 1421.222777] dump_stack+0x1b2/0x281 [ 1421.226429] warn_alloc.cold+0x96/0x1cc [ 1421.230424] ? zone_watermark_ok_safe+0x220/0x220 [ 1421.235278] ? trace_hardirqs_on+0x10/0x10 [ 1421.239515] ? deref_stack_reg+0x124/0x1a0 [ 1421.243755] ? fs_reclaim_release+0xd0/0x110 [ 1421.248168] __vmalloc_node_range+0x10e/0x150 [ 1421.252657] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1421.258011] vmalloc_user+0x47/0xa0 [ 1421.261618] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1421.265919] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1421.271264] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1421.275407] __vb2_queue_alloc+0x47a/0xd90 [ 1421.279630] vb2_core_create_bufs+0x279/0x5a0 [ 1421.284117] ? __vb2_queue_free+0x7a0/0x7a0 [ 1421.288419] ? trace_hardirqs_on+0x10/0x10 [ 1421.292630] ? __lock_acquire+0x5fc/0x3f20 [ 1421.296857] vb2_create_bufs+0x2e1/0x5b0 [ 1421.301016] ? futex_wait_queue_me+0x3bb/0x590 [ 1421.305577] ? vb2_thread_start+0x310/0x310 [ 1421.309898] ? trace_hardirqs_on+0x10/0x10 [ 1421.314113] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1421.318678] v4l_create_bufs+0xa4/0x150 [ 1421.322630] __video_do_ioctl+0x65b/0x6a0 [ 1421.326759] ? video_ioctl2+0x30/0x30 [ 1421.330538] ? __might_fault+0x177/0x1b0 [ 1421.334578] ? video_ioctl2+0x30/0x30 [ 1421.338356] video_usercopy+0xfd/0xe70 [ 1421.342228] ? v4l_g_ctrl+0x390/0x390 [ 1421.346005] ? lock_acquire+0x170/0x3f0 [ 1421.349959] ? lock_downgrade+0x740/0x740 [ 1421.354086] ? trace_hardirqs_on+0x10/0x10 [ 1421.358299] ? futex_exit_release+0x220/0x220 [ 1421.362775] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1421.367887] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1421.372882] v4l2_ioctl+0x1bb/0x2f0 [ 1421.376501] ? v4l2_open+0x2f0/0x2f0 [ 1421.380204] do_vfs_ioctl+0x75a/0xff0 [ 1421.383982] ? ioctl_preallocate+0x1a0/0x1a0 [ 1421.388365] ? lock_downgrade+0x740/0x740 [ 1421.392492] ? __fget+0x225/0x360 [ 1421.395921] ? do_vfs_ioctl+0xff0/0xff0 [ 1421.399883] ? security_file_ioctl+0x83/0xb0 [ 1421.404277] SyS_ioctl+0x7f/0xb0 [ 1421.407625] ? do_vfs_ioctl+0xff0/0xff0 [ 1421.411594] do_syscall_64+0x1d5/0x640 [ 1421.415471] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1421.420695] RIP: 0033:0x466459 [ 1421.423869] RSP: 002b:00007f5883dd9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1421.431654] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 1421.438905] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1421.446151] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1421.453399] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1421.460647] R13: 00007fff3377dd0f R14: 00007f5883dd9300 R15: 0000000000022000 [ 1421.478105] warn_alloc_show_mem: 2 callbacks suppressed [ 1421.478109] Mem-Info: [ 1421.486087] active_anon:221567 inactive_anon:6741 isolated_anon:0 [ 1421.486087] active_file:6840 inactive_file:44174 isolated_file:0 [ 1421.486087] unevictable:0 dirty:424 writeback:0 unstable:0 [ 1421.486087] slab_reclaimable:21663 slab_unreclaimable:131254 [ 1421.486087] mapped:62301 shmem:6935 pagetables:15933 bounce:0 [ 1421.486087] free:1181958 free_pcp:317 free_cma:0 [ 1421.520367] Node 0 active_anon:886188kB inactive_anon:26964kB active_file:27236kB inactive_file:176712kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249208kB dirty:1712kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 757760kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1421.549262] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1421.575445] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1421.602145] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1421.607317] Node 0 DMA32 free:669572kB min:36200kB low:45248kB high:54296kB active_anon:886188kB inactive_anon:26964kB active_file:27236kB inactive_file:176712kB unevictable:0kB writepending:1720kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27008kB pagetables:63644kB bounce:0kB free_pcp:1356kB local_pcp:644kB free_cma:0kB [ 1421.637717] lowmem_reserve[]: 0 0 0 0 0 [ 1421.641708] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1421.667339] lowmem_reserve[]: 0 0 0 0 0 [ 1421.671324] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1421.699144] lowmem_reserve[]: 0 0 0 0 0 [ 1421.703195] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1421.716879] Node 0 DMA32: 1037*4kB (UME) 298*8kB (UME) 10*16kB (UME) 34*32kB (UME) 2*64kB (UM) 0*128kB 21*256kB (UM) 12*512kB (ME) 4*1024kB (UME) 4*2048kB (UM) 156*4096kB (UM) = 670692kB [ 1421.734180] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1421.744944] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1421.762271] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1421.771205] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1421.779857] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1421.788865] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1421.797512] 25411 total pagecache pages [ 1421.801477] 0 pages in swap cache [ 1421.804973] Swap cache stats: add 0, delete 0, find 0/0 13:06:03 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7ff, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x1, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:03 executing program 5: fanotify_init(0x10, 0x400) 13:06:03 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:03 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x7fffffff, 0x0}}}) 13:06:03 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f0000000040)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:03 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xb1, 0x2) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000080)={0x3, 0x2, 0x4, 0x40, 0x2, {0x0, 0x2710}, {0x1, 0xc, 0xc9, 0x12, 0x6, 0x40, "52d0f1a6"}, 0x1f, 0x1, @fd=r2, 0x3}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x1, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1421.810325] Free swap = 0kB [ 1421.813402] Total swap = 0kB [ 1421.816408] 2097051 pages RAM [ 1421.819504] 0 pages HighMem/MovableOnly [ 1421.823536] 363849 pages reserved [ 1421.826976] 0 pages cma reserved [ 1421.852438] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1421.874226] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1421.879398] CPU: 0 PID: 31009 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1421.887280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1421.896639] Call Trace: [ 1421.899226] dump_stack+0x1b2/0x281 13:06:03 executing program 5: fanotify_init(0x10, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x3f) 13:06:03 executing program 5: fanotify_init(0x10, 0x0) fanotify_init(0x10, 0x40000) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x10500, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00', 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1020402}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r1, 0x200, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "32bff4e6cc26447d8cbfcdf41770b30e"}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x40440c1) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) fanotify_mark(r2, 0x21, 0x8000000, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') [ 1421.902857] warn_alloc.cold+0x96/0x1cc [ 1421.906834] ? zone_watermark_ok_safe+0x220/0x220 [ 1421.911679] ? trace_hardirqs_on+0x10/0x10 [ 1421.915916] ? deref_stack_reg+0x124/0x1a0 [ 1421.920154] ? fs_reclaim_release+0xd0/0x110 [ 1421.924581] __vmalloc_node_range+0x10e/0x150 [ 1421.929078] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1421.934436] vmalloc_user+0x47/0xa0 [ 1421.938056] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1421.942376] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1421.947741] vb2_vmalloc_alloc+0xa6/0x2d0 13:06:03 executing program 5: fanotify_init(0x10, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x80, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000000040)={0x3, 0x2002}) fanotify_init(0x2, 0x400) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x240081, 0x0) bpf$LINK_DETACH(0x22, &(0x7f00000000c0)=r1, 0x4) [ 1421.951889] __vb2_queue_alloc+0x47a/0xd90 [ 1421.956135] vb2_core_create_bufs+0x279/0x5a0 [ 1421.960646] ? __vb2_queue_free+0x7a0/0x7a0 [ 1421.964972] ? trace_hardirqs_on+0x10/0x10 [ 1421.969205] ? __lock_acquire+0x5fc/0x3f20 [ 1421.973443] vb2_create_bufs+0x2e1/0x5b0 [ 1421.977509] ? futex_wait_queue_me+0x3bb/0x590 [ 1421.982089] ? vb2_thread_start+0x310/0x310 [ 1421.986402] ? trace_hardirqs_on+0x10/0x10 [ 1421.990620] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1421.995190] v4l_create_bufs+0xa4/0x150 [ 1421.999143] __video_do_ioctl+0x65b/0x6a0 [ 1422.003275] ? video_ioctl2+0x30/0x30 [ 1422.007064] ? __might_fault+0x177/0x1b0 [ 1422.011114] ? video_ioctl2+0x30/0x30 [ 1422.014904] video_usercopy+0xfd/0xe70 [ 1422.018782] ? v4l_g_ctrl+0x390/0x390 [ 1422.022561] ? lock_acquire+0x170/0x3f0 [ 1422.026513] ? lock_downgrade+0x740/0x740 [ 1422.030653] ? trace_hardirqs_on+0x10/0x10 [ 1422.034889] ? futex_exit_release+0x220/0x220 [ 1422.039377] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1422.044464] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1422.049463] v4l2_ioctl+0x1bb/0x2f0 [ 1422.053075] ? v4l2_open+0x2f0/0x2f0 [ 1422.056769] do_vfs_ioctl+0x75a/0xff0 [ 1422.060555] ? ioctl_preallocate+0x1a0/0x1a0 [ 1422.065033] ? lock_downgrade+0x740/0x740 [ 1422.069161] ? __fget+0x225/0x360 [ 1422.072603] ? do_vfs_ioctl+0xff0/0xff0 [ 1422.076577] ? security_file_ioctl+0x83/0xb0 [ 1422.080982] SyS_ioctl+0x7f/0xb0 [ 1422.084326] ? do_vfs_ioctl+0xff0/0xff0 [ 1422.088281] do_syscall_64+0x1d5/0x640 [ 1422.092177] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1422.097354] RIP: 0033:0x466459 [ 1422.100539] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1422.108242] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1422.115526] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1422.122795] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1422.130048] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1422.137310] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 13:06:03 executing program 5: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000100)={0x8000000000000000, 0x2, 0x0, 0x2, 0x1f}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r3}, 0xffffffffffffff12) fanotify_init(0x10, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r4, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40) [ 1422.146230] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1422.159719] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1422.172937] CPU: 0 PID: 31008 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1422.180866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1422.190213] Call Trace: [ 1422.192812] dump_stack+0x1b2/0x281 [ 1422.196450] warn_alloc.cold+0x96/0x1cc [ 1422.200429] ? zone_watermark_ok_safe+0x220/0x220 [ 1422.205270] ? trace_hardirqs_on+0x10/0x10 [ 1422.209490] ? deref_stack_reg+0x124/0x1a0 [ 1422.213728] ? fs_reclaim_release+0xd0/0x110 [ 1422.218120] __vmalloc_node_range+0x10e/0x150 [ 1422.222601] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1422.227954] vmalloc_user+0x47/0xa0 [ 1422.231569] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1422.235878] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1422.241224] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1422.245355] __vb2_queue_alloc+0x47a/0xd90 [ 1422.249587] vb2_core_create_bufs+0x279/0x5a0 [ 1422.254086] ? __vb2_queue_free+0x7a0/0x7a0 [ 1422.258408] ? trace_hardirqs_on+0x10/0x10 [ 1422.262629] ? __lock_acquire+0x5fc/0x3f20 [ 1422.266856] vb2_create_bufs+0x2e1/0x5b0 [ 1422.270905] ? vb2_thread_start+0x310/0x310 [ 1422.275206] ? trace_hardirqs_on+0x10/0x10 [ 1422.279419] ? mark_held_locks+0xa6/0xf0 [ 1422.283461] ? trace_hardirqs_on+0x10/0x10 [ 1422.287703] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1422.292290] v4l_create_bufs+0xa4/0x150 [ 1422.296255] __video_do_ioctl+0x65b/0x6a0 [ 1422.300385] ? video_ioctl2+0x30/0x30 [ 1422.304170] ? __might_fault+0x177/0x1b0 [ 1422.308226] ? video_ioctl2+0x30/0x30 [ 1422.312008] video_usercopy+0xfd/0xe70 [ 1422.315884] ? v4l_g_ctrl+0x390/0x390 [ 1422.319663] ? lock_acquire+0x170/0x3f0 [ 1422.323621] ? trace_hardirqs_on+0x10/0x10 [ 1422.327844] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1422.332857] v4l2_ioctl+0x1bb/0x2f0 [ 1422.336463] ? v4l2_open+0x2f0/0x2f0 [ 1422.340166] do_vfs_ioctl+0x75a/0xff0 [ 1422.343957] ? ioctl_preallocate+0x1a0/0x1a0 [ 1422.348347] ? lock_downgrade+0x740/0x740 13:06:03 executing program 5: fanotify_init(0x10, 0x40000) 13:06:03 executing program 5: fanotify_init(0x10, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) write$UHID_DESTROY(r1, &(0x7f0000000040), 0x4) [ 1422.352548] ? __fget+0x225/0x360 [ 1422.356014] ? do_vfs_ioctl+0xff0/0xff0 [ 1422.360013] ? security_file_ioctl+0x83/0xb0 [ 1422.364421] SyS_ioctl+0x7f/0xb0 [ 1422.367784] ? do_vfs_ioctl+0xff0/0xff0 [ 1422.371758] do_syscall_64+0x1d5/0x640 [ 1422.375663] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1422.380848] RIP: 0033:0x466459 [ 1422.384031] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1422.391736] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1422.398999] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1422.406265] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1422.413530] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1422.420798] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1422.429026] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1422.442375] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1422.447502] CPU: 0 PID: 31017 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1422.455370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1422.464706] Call Trace: [ 1422.467375] dump_stack+0x1b2/0x281 [ 1422.470992] warn_alloc.cold+0x96/0x1cc [ 1422.474948] ? zone_watermark_ok_safe+0x220/0x220 [ 1422.479769] ? trace_hardirqs_on+0x10/0x10 [ 1422.484032] ? deref_stack_reg+0x124/0x1a0 [ 1422.488257] ? fs_reclaim_release+0xd0/0x110 [ 1422.492702] __vmalloc_node_range+0x10e/0x150 [ 1422.497182] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1422.502522] vmalloc_user+0x47/0xa0 [ 1422.506131] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1422.510433] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1422.515777] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1422.519906] __vb2_queue_alloc+0x47a/0xd90 [ 1422.524128] vb2_core_create_bufs+0x279/0x5a0 [ 1422.528604] ? __vb2_queue_free+0x7a0/0x7a0 [ 1422.532907] ? trace_hardirqs_on+0x10/0x10 [ 1422.537118] ? __lock_acquire+0x5fc/0x3f20 [ 1422.541342] vb2_create_bufs+0x2e1/0x5b0 [ 1422.545392] ? vb2_thread_start+0x310/0x310 [ 1422.549692] ? trace_hardirqs_on+0x10/0x10 [ 1422.553922] ? mark_held_locks+0xa6/0xf0 [ 1422.557976] ? trace_hardirqs_on+0x10/0x10 [ 1422.562194] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1422.566759] v4l_create_bufs+0xa4/0x150 [ 1422.570713] __video_do_ioctl+0x65b/0x6a0 [ 1422.574842] ? video_ioctl2+0x30/0x30 [ 1422.578625] ? __might_fault+0x177/0x1b0 [ 1422.582672] ? video_ioctl2+0x30/0x30 [ 1422.586453] video_usercopy+0xfd/0xe70 [ 1422.590352] ? v4l_g_ctrl+0x390/0x390 [ 1422.594141] ? trace_hardirqs_on+0x10/0x10 [ 1422.598358] ? trace_hardirqs_on+0x10/0x10 [ 1422.602584] ? lock_acquire+0x170/0x3f0 [ 1422.606568] v4l2_ioctl+0x1bb/0x2f0 [ 1422.610192] ? v4l2_open+0x2f0/0x2f0 [ 1422.613898] do_vfs_ioctl+0x75a/0xff0 [ 1422.617682] ? ioctl_preallocate+0x1a0/0x1a0 [ 1422.622072] ? lock_downgrade+0x740/0x740 [ 1422.626202] ? __fget+0x225/0x360 [ 1422.629644] ? do_vfs_ioctl+0xff0/0xff0 [ 1422.633611] ? security_file_ioctl+0x83/0xb0 [ 1422.638011] SyS_ioctl+0x7f/0xb0 [ 1422.641375] ? do_vfs_ioctl+0xff0/0xff0 [ 1422.645340] do_syscall_64+0x1d5/0x640 [ 1422.649223] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1422.654405] RIP: 0033:0x466459 [ 1422.657580] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1422.665272] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1422.672528] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1422.679790] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1422.687045] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1422.694295] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1422.702523] warn_alloc_show_mem: 2 callbacks suppressed [ 1422.702526] Mem-Info: [ 1422.710302] active_anon:223664 inactive_anon:6741 isolated_anon:0 [ 1422.710302] active_file:6840 inactive_file:44190 isolated_file:0 [ 1422.710302] unevictable:0 dirty:443 writeback:0 unstable:0 [ 1422.710302] slab_reclaimable:21659 slab_unreclaimable:131145 [ 1422.710302] mapped:62314 shmem:6935 pagetables:16009 bounce:0 [ 1422.710302] free:1179745 free_pcp:275 free_cma:0 [ 1422.745377] Node 0 active_anon:894656kB inactive_anon:26964kB active_file:27236kB inactive_file:176760kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249280kB dirty:1788kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1422.774116] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1422.799984] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1422.826211] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1422.831237] Node 0 DMA32 free:660912kB min:36200kB low:45248kB high:54296kB active_anon:894680kB inactive_anon:26964kB active_file:27236kB inactive_file:176792kB unevictable:0kB writepending:1792kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27424kB pagetables:64040kB bounce:0kB free_pcp:1252kB local_pcp:648kB free_cma:0kB [ 1422.862029] lowmem_reserve[]: 0 0 0 0 0 [ 1422.866196] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1422.891908] lowmem_reserve[]: 0 0 0 0 0 [ 1422.896073] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1422.924107] lowmem_reserve[]: 0 0 0 0 0 [ 1422.928096] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1422.941751] Node 0 DMA32: 774*4kB (E) 167*8kB (UME) 54*16kB (UME) 18*32kB (UME) 2*64kB (UM) 0*128kB 21*256kB (UM) 12*512kB (ME) 4*1024kB (UME) 2*2048kB (UM) 155*4096kB (UM) = 660592kB [ 1422.958399] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1422.969163] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1422.986933] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1422.996073] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1423.004842] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1423.013766] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1423.022421] 25426 total pagecache pages [ 1423.026386] 0 pages in swap cache [ 1423.029821] Swap cache stats: add 0, delete 0, find 0/0 [ 1423.035241] Free swap = 0kB [ 1423.038245] Total swap = 0kB [ 1423.041254] 2097051 pages RAM [ 1423.044428] 0 pages HighMem/MovableOnly [ 1423.048385] 363849 pages reserved [ 1423.051815] 0 pages cma reserved [ 1423.055998] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1423.067447] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1423.073126] CPU: 0 PID: 31016 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1423.081014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1423.090359] Call Trace: [ 1423.092930] dump_stack+0x1b2/0x281 [ 1423.096541] warn_alloc.cold+0x96/0x1cc [ 1423.100500] ? zone_watermark_ok_safe+0x220/0x220 [ 1423.105332] ? trace_hardirqs_on+0x10/0x10 [ 1423.109548] ? deref_stack_reg+0x124/0x1a0 [ 1423.113775] ? fs_reclaim_release+0xd0/0x110 [ 1423.118183] __vmalloc_node_range+0x10e/0x150 [ 1423.122676] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1423.128072] vmalloc_user+0x47/0xa0 [ 1423.131723] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1423.136034] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1423.141408] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1423.145546] __vb2_queue_alloc+0x47a/0xd90 [ 1423.149771] vb2_core_create_bufs+0x279/0x5a0 [ 1423.154248] ? __vb2_queue_free+0x7a0/0x7a0 [ 1423.158552] ? trace_hardirqs_on+0x10/0x10 [ 1423.162765] ? __lock_acquire+0x5fc/0x3f20 [ 1423.166981] vb2_create_bufs+0x2e1/0x5b0 [ 1423.171026] ? vb2_thread_start+0x310/0x310 [ 1423.175326] ? trace_hardirqs_on+0x10/0x10 [ 1423.179541] ? mark_held_locks+0xa6/0xf0 [ 1423.183581] ? trace_hardirqs_on+0x10/0x10 [ 1423.187795] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1423.192359] v4l_create_bufs+0xa4/0x150 [ 1423.196318] __video_do_ioctl+0x65b/0x6a0 [ 1423.200451] ? video_ioctl2+0x30/0x30 [ 1423.204229] ? __might_fault+0x177/0x1b0 [ 1423.208270] ? video_ioctl2+0x30/0x30 [ 1423.212055] video_usercopy+0xfd/0xe70 [ 1423.215924] ? v4l_g_ctrl+0x390/0x390 [ 1423.219703] ? trace_hardirqs_on+0x10/0x10 [ 1423.223915] ? lock_acquire+0x170/0x3f0 [ 1423.227865] v4l2_ioctl+0x1bb/0x2f0 [ 1423.231482] ? v4l2_open+0x2f0/0x2f0 [ 1423.235186] do_vfs_ioctl+0x75a/0xff0 [ 1423.238986] ? ioctl_preallocate+0x1a0/0x1a0 [ 1423.243372] ? lock_downgrade+0x740/0x740 [ 1423.247505] ? __fget+0x225/0x360 [ 1423.250938] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.254892] ? security_file_ioctl+0x83/0xb0 [ 1423.259277] SyS_ioctl+0x7f/0xb0 [ 1423.262623] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.266577] do_syscall_64+0x1d5/0x640 [ 1423.270446] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1423.275614] RIP: 0033:0x466459 [ 1423.278781] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1423.286470] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1423.293726] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1423.300979] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1423.308231] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1423.315486] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 [ 1423.324862] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1423.336175] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1423.341338] CPU: 0 PID: 31018 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1423.349229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1423.358566] Call Trace: [ 1423.361141] dump_stack+0x1b2/0x281 [ 1423.364763] warn_alloc.cold+0x96/0x1cc [ 1423.368726] ? zone_watermark_ok_safe+0x220/0x220 [ 1423.373563] ? trace_hardirqs_on+0x10/0x10 [ 1423.377835] ? deref_stack_reg+0x124/0x1a0 [ 1423.382059] ? fs_reclaim_release+0xd0/0x110 [ 1423.386456] __vmalloc_node_range+0x10e/0x150 [ 1423.390945] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1423.396312] vmalloc_user+0x47/0xa0 [ 1423.399927] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1423.404233] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1423.409577] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1423.413707] __vb2_queue_alloc+0x47a/0xd90 [ 1423.417928] vb2_core_create_bufs+0x279/0x5a0 [ 1423.422405] ? __vb2_queue_free+0x7a0/0x7a0 [ 1423.426727] ? trace_hardirqs_on+0x10/0x10 [ 1423.430949] ? __lock_acquire+0x5fc/0x3f20 [ 1423.435165] vb2_create_bufs+0x2e1/0x5b0 [ 1423.439207] ? vb2_thread_start+0x310/0x310 [ 1423.443520] ? trace_hardirqs_on+0x10/0x10 [ 1423.447748] ? mark_held_locks+0xa6/0xf0 [ 1423.451806] ? trace_hardirqs_on+0x10/0x10 [ 1423.456031] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1423.460606] v4l_create_bufs+0xa4/0x150 [ 1423.464569] __video_do_ioctl+0x65b/0x6a0 [ 1423.468697] ? video_ioctl2+0x30/0x30 [ 1423.472478] ? __might_fault+0x177/0x1b0 [ 1423.476536] ? video_ioctl2+0x30/0x30 [ 1423.480402] video_usercopy+0xfd/0xe70 [ 1423.484276] ? v4l_g_ctrl+0x390/0x390 [ 1423.488079] ? lock_acquire+0x170/0x3f0 [ 1423.492214] ? trace_hardirqs_on+0x10/0x10 [ 1423.496431] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1423.501436] v4l2_ioctl+0x1bb/0x2f0 [ 1423.505041] ? v4l2_open+0x2f0/0x2f0 [ 1423.508737] do_vfs_ioctl+0x75a/0xff0 [ 1423.512517] ? ioctl_preallocate+0x1a0/0x1a0 [ 1423.516905] ? lock_downgrade+0x740/0x740 [ 1423.521033] ? __fget+0x225/0x360 [ 1423.524463] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.528420] ? security_file_ioctl+0x83/0xb0 [ 1423.532830] SyS_ioctl+0x7f/0xb0 [ 1423.536177] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.540131] do_syscall_64+0x1d5/0x640 [ 1423.544011] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1423.549186] RIP: 0033:0x466459 [ 1423.552354] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:06:05 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x80000000, 0x2, 0x1, "f61d6a4e838e4790c202d16b8defdb1a52df68dba2f4dc0232d54a32811ce90d", 0x34325842}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)={0x8, 0x2, 0x4, 0x20, 0x1f, {r4, r5/1000+10000}, {0x2, 0x8, 0x2, 0x8, 0x8, 0x3, "3e735fcf"}, 0x9, 0x2, @fd=r2, 0x1a9a4ba7, 0x0, r1}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r7, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000340)={0x2, 0x2, 0x4, 0x2000, 0x2, {}, {0x1, 0x8, 0xb9, 0x50, 0x3f, 0x8, "ab52a88c"}, 0xeb2c, 0x4, @fd=r6, 0x5a21cf34, 0x0, r7}) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f00000000c0)={0xffffffff, 0x2, 0x4, 0x1, 0x8000, {0x0, 0x2710}, {0x2, 0xc, 0x4, 0x3, 0x9, 0x5d, "84acfe1e"}, 0x7, 0x3, @offset=0x200, 0x40e6}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x8000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:05 executing program 5: r0 = fanotify_init(0x2, 0x8000) fanotify_init(0x20, 0x400) sendmsg$sock(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000000)=@un=@abs={0x1, 0x0, 0x4e23}, 0x80, &(0x7f0000001380)=[{&(0x7f0000000080)="bf14234d26663092237c1c2a593e9af70004fb74313be1f6d2f8cfd1daea887ee18bb46af9ab2c371ba33f1c7cec03e109afce4cda30aafd33b6d0f42ccbad8fb3157ec60da194844ceb6ef29a7ceb3fe13f24887c9453b0545e9cee7d1d3b8c83cad4484386f274432f0973c1f7bfb93571b0ce2677eb2385076302b24b41d4534507dec8eaeaaffde345760adb9f6792109b304b42712399259fa04b6b1891114b3f99c23545789a926a3ef4372b18d7fd31046a959e2a0ff97fa71a7d6395ee24bd36be2cd7d5fa0104a4e75c88623a138f1163bd", 0xd6}, {&(0x7f0000000180)="c8851b1a83c31fbd4ab72064836580f90ff34c3a6e32bd0258c1bcfcbb49ee3e2d5302c954a84295bf5ba7f80abcbd7fcba15bb7fab3793a60fce40ffcd0818e89e75e7174451f6da29f04deaaabf84d8172f65389a834c0db8b8d60dad6b95d66806f22c8b5c74844baf781d4ba8497620281173790f1e318ef44c11f657d6c5d33124d01c78e8e31358f2b2fa7e839f55f1bfa8060e74fb3ea85038af3111dc74f6699a7695b5b6dcdcb", 0xab}, {&(0x7f0000000240)="9e5a9537228f6eca6a92310851733b57f51e1f655505b53b5c1405e36354b09e64e4c67dbe72", 0x26}, {&(0x7f0000000280)="7f77815d1bc1384ce8160c2589bba3147ed7e49547f586e8159049b4c2afbe9a1243d8e9ca7c2b39965b88d3bed4df241a5cc22d3bd5da87cfa4746d7f8d4a52eea45a768563f1d769cb377b3633aacd91044fc0c4280c167addd702cc125dac1bd16d13c94a95fab9314207b205fceefc3a171832001c91db8faadeb3999a3f0e35bda83a83725d7473046488c66f52ec25274e2a716f51c04d3df74338c0690e1c8a2b0e44e1eae79dd5b45fc30d5006076616aaf2b289f989888c51e7f9c89289a667cb0d257ae009c73a0683fe4272031de43130c10fb55de4cb539c89730a2abaa7fbf6fa5a542b8a64ed3dfd7e8010f715f308c0a3e18d12ffd1f1f41c9c388e60f8a861f3c380b4fbdbad8bfa0653c0c5e30d357b7bf289cd1d4974d8862fa60a0d32190bef7892fc00038312e01a21a0d3b52c291cdbd193af5d3c7234b68c0d6facf973ac6f44bfd8971f5c9d2d3d1dabcbdc8b69d3092bb3624c81cbc209b95562521b10fa84f1802fa84cd1d8072b3fa1208ffcbed52a633a6736018c4c7ad5dc3dc85a61abc56277b95789c555212b9f046c6c67c03ed3bb8472aaade2240a7460ad7f1450074cec7a56296ac38236ca0260b689f98cae123c48b002eb75137a734012e1e8f9019607666a328d8411760573fc52001ac3aeb8be1dfd917ebe07e91e7535cc06940864d2b8c5213b7cb67b92bd57aca29c7e2ee1977055b93558862d01149f5f019980824ed1c7b98fa0909be8229cae7b3c95dbadf1d9c44fd61f5343cb58237487a4d04653faf20733d173a1279b226acb6e1643e86b95dc2aaa4a488230d749eab95077181ae1be0d11dd39292db7bf4fd49ed41e8b58dfe417c5a176f992e75777ca59af5850aedb4a67ac5aaf46a13ecaba8faac2d2a76bdab6ea849293fe435f8292c4b98750af630d6ccece2a53adc9a7fbe43bdb851d776d37a4e3f7727d891577fa6da64c178adb8a56171c19a9999527967e8ccdcbc5bb92f990ab91ab003983c71a1e752f0c4fd0bdc09b939bd5159c28dac80884d479e700b788e13300a4e3454cbcf02d59aa6cb22c103e547273ee42f030805ea16230920b0b65aace35e9fd86ffabe7e180b789a1f047fa61120cf43992c6b51b71a4b05ca2327a7e07dfcbd60af410e5d4b02796acc0fefaaefb00fbf6e9028e269e2b8b885f6849ef273bfe5e9e9dce8bd75b8202c83d075589057812892001d55eee2509654a49dbf294e36e66156093b72b4417db5b2ffdfaffba6583c7e73ae03e56af4a2550aad5b14a9587d394f792bb1741f13ab593381fd2283449230f7cb18ea6c1730a66d53902e7a662a8e14141d09659befe55d880b3c3089f329ad50f48974cc1f66b6e2fc2bd2dee5ac17a6823f4e6f9e202c5cf42f0fab3f866b07b8323124cf25fdbf14a06680cf041e1a73f8a4465a5ab52c569563050dbd8bebcb978fdb8aa9bddb1c526fa82be57eb291fba1da2f27e37d573997a1f28f4619f83a2874e61cc459a794a09cc2817c4a4ca2051ea389c05704a9512dd2f5b097c2e2ab524d0b3741c3c77ac64944b7d4acd28078e4ae05f7cf434b724cacfa077ba839c48c0552750bf08b219bbeaf7fb9da045fa26f7cccb5832458568a45e104fb89f802c7651f4f2c199543b88617b61c17ab83b9493414727c0311edd7ac293602cab8a2cab5201913646275d39aa684df69612de856092e1ccbe274a573ad3b7edd088580530d0629f5206def48555e9d6167c86153001692908a544460cfc2137457c75c67f57929f5ec164347fa6d6d1dcf4ee4416cdd023df7928e5c49eb107cd7b1ca5c06cb66dbb2c652fd5d8d322964ed1325b3e93f1c03e51517cd5b0651edb754652f3e8c9866ff8b1223b173d5c64fdf4206281cedd460f177b2dab53528f1ce1512d3ac36c889b0d368d6c7f2797bef5644dbdd64dc7c4de885633d2d5c333dee67ba01c98a481594268027efd5bcd4a60e386becd8a5f9a549ecf1ac30105c3a3d64d432a5a18ccf5bc0fb7992e27774ceadbc4277ad9b4ed04c029c4a762cf92a0e5c48fbdf538fcc55b9e3400143224658ab1381b864b5eb3cd984071047369cef8f62c52df769b52af131dcd8357bf965329868ce71d4b349f0f27c1513860c5883dbd0037005d4eed5cecd9b49499a78bdcc36e3d15c3266849db42c92746fe7432ccc1ba69b55af86f0622539c59837455a0560174776d25941901bc01f4196c824c81b8b97570bbaa4720a1458842ee9cc1ec1f7434454e6330bb3fef3f26ca8dbf1e27b756057110f8fee1e24ba75e8b9e444657c7af8a2529c37570bb8b473f94a5b2eefd4374d5c554fa085180f5c0448d0620dce4ef50e0caa067c3abed52e6e44e046475f0ba536006760e38e92a72856395fa207134874da344b3c497405873f72481150c4f73a406dec4c657098e5e5e6df38061a35f892865f22d17a46c221382e9fff8c8be373ed0cc9c147e5fd1b0efc554f12f3f931e774a812fa7640eee637f0caf584bbb55937f8786ba5c9a7afa93be7b98e7198507962aded20420a7e77e101cfe5bbac829b928ca325a1619f53d6d48c8f85e27846dbb22c75c7f4a86ca61443b109f17ec025e42752791c7c4b696a70126bce7209c1ae24d5d26219f1a0b162a581e0056bc0f4aaa06e704eb55080d3f8b15a3a14e011519b704731c309ad12173fbf5d0ae4e7d077de6f62ec3aea892b13b9a4cfc394a7c2f3d3e285cf3224cb5ddbfc1ca4479cb98f6fcca3110c84249704158a349fb55b20e939a22679f99cb45420891709ae4071d52807ab4e8e112a782ed5a65e2f0ae10b8a0d5f5ff5eff2dd4894878ebe52fccbd6820b81abcc9c3fbe1a719df3ed8779da6acd40b8b5e670a6b62264556223ec2dc683f3673ffad8be833654c157852d377bfef5daf99fb4ba96c20dc16ed8a6c069a4ca85c6f602e31f8b21ff785398db547ec8165967bb6e71ac0e5a954449d96bb6a706bfd62d877b28b9b00755f922513a3f394dbdb5181c828f7a5bb9b3ce4c58254f26d214546543042166bc051b9454d771461dfb1fc25c357b56fb979eb8a552eeb2230fce9ea1ad0ca8935a06b9f7f59f0b35280228febd60b694fb1736eaa575307f4cdfee895d139eabfad53d0a321c1402a538dff01d49a9af9665a49ad8cc85c41b5fd93d9b02f89ba0c4fc3ee8aae360dafd46d5025277db4319485c545df29a095973436cbd2ca7ed021dd10736d1cd0390919904452c43c0c98c61e0893d801abbe30f9669dca196244f1748faa18068c4faf8b6fda74d7bfc6f72093bd39c2603dd684c54839010c560593146794ad30face0c307ec936295209391bc1f9b5f30068496849b742a71ca36ac2bb2753f658ff3846f89aef5a26e48e3cdaad60e2e7aba6fafbc66382baf5e180b0ac354bff6f1f639c2d84b58e278e16707389641fb8488ab335ba40444cce913f8b391cff482c8ff85b50fa560246817fad9a731c3c713833318aefcc7e84d4b071084a890e3240d821eeaa035bdee3acd6e4cca28f151b8c9e0e1697f51bce00c45212644c11e02d157fe9cffd6b803be9d05aab0eb7cc5564bcdd8d88a811fabde86160dbae0164c8c7480232a653bcde5e28dd5315e5f76158d62f0065b7d4d91b093c2fcadd6ebb1c99dcf9da56a1519bf3e7b4927b1deb2c7794bbf77f92ea0d4ba9b6c26af414f6692d0e1f4fde2a908ed714ad4b09f667dcd52715c4792804205526ada08a887a1e105cd9dec269b33c29bd4b4ebf4a6d661a15413dd5d5f9094f0887bde88533691d079e3ef010da6744b18e17e8d6ba39fd7aa8f4aceb29707ee09df1def7d250fbaebd3a8fa263b1cf8ae32d0557ed760df9f5db5c5bff1b3b443316f4cf6e6fb44fd37741d1b74e9fba5049ac9972a8f051d3f2448c88e1f265e6cb8b4517f9a0ec2406f130c03cfc7f1cdb6a63b5eb884f575c338e69f2e996e4c335a5162f4b37e0fb19ef8ae64af5ade8eb23751a19a6536793e732eb28df27af80f1c7b31fdd8d2e14158e199c15dffa6729c76c5ccb83898caf006f6037dab9f8d11cc1fd5a00d6a8337fa480df81943473e518473e828d6caf6499a868590010450300a2f32fa99d7ad4c3504f8d4b6ba4eabe1085eb83f7c8f603ebb42c26c29609335e3aa8fe76973537e0d4cdd0f7ea92896fb01c05d29d41d53550e20de11fff0d43369669ed61df2ad8c848e6a8219feef366717962e298bbb008d1dbc7f4b2135a9c35cf88bc3ee6c7e23f2fdd5751286495d08323771db7bebf1eec77304f00cf7e674365cef0a7993af09a0045855b466f7e63922b4dc084290e1436bb5e0cedcfd1d60ace01862f5acf18f5c094e3add00b906c213a14f47c358609dace7876f789003e78b4d47b3dfab34d8e075ea83aab8df26627f365aef60d10e612976ac84cbf725c09ac7d1804301eb4afaa49a56bfb939094df802fe1e55cfbbbe84aed913e6ccbd741ecbe4e5161681c320007ab0482b88310f21b2cfb06873dc7b7ebdb8cd592bbddb77d304911ee0d9eef55ba3be983e3dfeda23ec2e5ed53bf988f00fa30622c19eae39ceb0348fbd53459fa0f91f28234508569d36f2340b04acd4534e3151ec279fb569026355bcc299cd90ba581c68eef4fa028b410c16e3003d3c094fede61684dd607c2316a4c7b7773142f8f3f6f87362bcf92d396810a04a90d06f5dc1c4b6756146c24316c05e3ab2d3209ea3dcb6371c3e7632f483280474d622470d9ce45c6e11f7b82bfca49e9ce8cc759a63a620885f96587a84bcc419dbeb3a22472828a6171c6d29be7c125804edc4ff34362db39d535e4fae12aa084eb1e77ded52e17cd09d216d48e9d5425269eb70021146dce42291b3b108d36bf1a11d12026d2159424cef49a923b74683cd5021c149237291b2eb00af8ef2c636e692863bf6f377335cb059bfe1a1d6ca995fcd58144e4ac3107489dc86402978a65b6d383ded1d47859e1513535513cfcd9180a76a52118262f69ba07d29a50a3dbb9a762bd209712479a311f4c08a65ed5d414b24a5ab826c23fae8311e160750eb91737d01dd4f032c18ae87c7d0cf09eb18c251c431e081f388c083bb233ea70f0b2200a924e1b398c94de03046bc47fdb2e99ec313d126e7b523e318d4f9c7d6ef2e02afc09cb7fc0ce17c930d3c80b73264d8196c11ccfd2bf6bb8982f4e50627f4e137ad0fa6a1991caedba0da525326c5b0bb420a7d84b8ccc189d939dda73323d1bc8bb5c4988c476bb1b2825420436cf1ddf257a37655e62dffbe7c54582803519c256decad8fab063ebc0f40349a992a055936ff1b350888f59893781d7e993cf9546144d3a49a5746885500e76a9eeb0d9d75cb521993c11c226cfb8b7d088a6ef320734cd5810c20d84d486baa649a0800585660732c01f4639098aeebff84e365e00219773087e207353f8430a9da1a48cf731e20c572eb061210f602a877bac6a5364eb6128e14658b5b1fedf01c032475fdca8bc97b2c3986aa3e1447b70f3f46f7dbbf7c9b145bddedcecf6280cf98fdc6101cbd2c0d736c9a428be8ea49503e54e3bd7a216e6ca38398d2de2bfd662342ab34c12123b1c3115ff00b121edd39b2a9815d6b6e62a5af680ad9446a1c120e4f2d390b759dadbc86676b8597e50ec4dd34d1f875f49c31539c5e21053988cc2c5b92450e8d6de6be21ed7aa6e5f6585c642eedcb47f28ee81f8fe009dd77030884ad6db348396212f9d7b0444fea65050b4d5b17afefbd1d5cb", 0x1000}, {&(0x7f0000001280)="0b60b83fc6483c257cedfce979168113b6d08b01054cdd8cf0ce05607003dcfa676549bf60d70b15abd909cbc7e86f751ce6d9821842a86aad3a3a19d7d0a894d399bd1ff233c331e9336e58619d2158448ff90dc708a058226d3eb8938fd6281ab6ae2c3e08ab12bbcc98f424c745e0eac19eebe94750ccc7d57a304ddbd2c29e221dda4313554ad03b28ebae38750ef29bc0be914f167d009c0d4398ede35e0042177cd646640583a7c9e861d891506c40e1b2099dc18b21e64feeb4f84f1a9b20be0c3e05b7b6ad99269487d85d", 0xcf}], 0x5, &(0x7f0000001400)=[@txtime={{0x18, 0x1, 0x3d, 0x1000}}, @timestamping={{0x14, 0x1, 0x25, 0x9f6}}, @mark={{0x14, 0x1, 0x24, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0xfff}}, @timestamping={{0x14, 0x1, 0x25, 0x9}}, @mark={{0x14, 0x1, 0x24, 0x36c}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}], 0xc0}, 0x20000804) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) fanotify_mark(r0, 0x11, 0x18, r1, &(0x7f0000001500)='./file0\x00') [ 1423.560055] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1423.567303] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1423.574549] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1423.581797] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1423.589141] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 13:06:05 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x3ff}, 0x8, 0x1676, 0x0, 0x0, 0x0}}}) 13:06:05 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000300)={0x2f, 0x0, 0x4, 0x0, 0x0, {}, {0x1, 0xc, 0x5, 0x4, 0x0, 0x1, "fc626e7d"}, 0xffffff80, 0x2, @planes=&(0x7f00000002c0)={0x9, 0xfffffffc, @mem_offset=0x401, 0x6}, 0x1}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000080)={0x6, 0x9, 0x3, {0x2, @raw_data="7d58dad3296054cac0c86c347222168b05dc013f41a823c3afc9669d240ce8fa99ea848a8a3ab385c5811392036f01644fdb6e70f8ac4006edc6d79dce06ae6e3c02355275cd7038defef9a1d8a3a6347f2245c1cd6ed3b7a93148cd7dc9b103ed9a237b7092b6deb10805a136b3ea1bf444816eb29c106caa24bc223dc45cf29a90138d5360c5800fdb061bbd062e99fbdb0eca83ffa41e093921e39bf5f2d65b3abfdaea11a41a7f1584a770e342311b7a0aad45d0c370cfdf562e79f6e263af7f87740c1b1f43"}, 0xe22}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:05 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:05 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:05 executing program 4: r0 = gettid() syz_open_procfs$namespace(r0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x7, 0x1, 0x20, 0x1, 0x0, 0x3f, 0x80, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x9, 0xfffffffffffffffc}, 0x40, 0x5, 0x3, 0x2, 0x4, 0x1, 0xc9}, r0, 0xf, 0xffffffffffffffff, 0x8) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) sendmsg$802154_raw(r1, &(0x7f00000002c0)={&(0x7f0000000040), 0x14, &(0x7f0000000180)={&(0x7f0000000080)="60b68a2f9b37a751d81529ba3e203f7a404b96a839187b15a80af02ce6ea74fed4ec8d9db2beafcddf896330064cc99f60eba0432ce1bffb5ca8af9cb9653b080ea2423e1048ee27d8fd1b576f6407ca1f41253d58411f1d59e578e0a774b3a0b94bb929cc8e2b25dd8bd579089bdcde8c86bfe2dade5019eae39ee9c52853c5dd9b4d6b43a2d8f6b3becaabe66cede14570e544366f9a1c9932930b40b53d2ce888edefc1e9c8bc354e26393c3f24af1beb314170d2082f172aadadd7080683888981bf9ed02859e0a04509e0d261dc4a5600a6a53dc0cde1553dea97a591b72d8de2773457aab06529c6f0603dfb766b", 0xf1}, 0x1, 0x0, 0x0, 0x8080}, 0xd0) 13:06:05 executing program 5: syz_mount_image$adfs(&(0x7f00000000c0)='adfs\x00', &(0x7f0000000100)='./file0\x00', 0x2, 0x1, &(0x7f0000000240)=[{&(0x7f0000000140)="278b3f346cd7a3eb57dec3d92584edad08e5b946d74911ab503bb02c6c9cc7c9bdf051be49bab5a0ce910cd2ed01a44e93b527f72ec4d8a3fed32854a2839e53e2979f20497f2e9eeea23b429978fd638f942f8804b002d9c2f89bae55286bc053ef1876052413afa71cd1e503cbde5ece5c26cec41c8acfc4a67a4c76043011d9e944996785f1af2d498b1880da45bb1818f65df669df4c3bbf48cdd2f7e65ebad030da984944a8639caa97c2cc4a5b87563d8c3790780fb561a7a03dcb169c9321cf720927782a3e6ce6fc", 0xcc, 0x7ff}], 0x10408, &(0x7f0000000280)=ANY=[@ANYBLOB="2c2c2a2c7d5c2d2c5c267b272c105b2c262c532e282c40253a7b252b2c61756469742c7375626a5f757365723d5b2c736d61636b66736465663d242d2c657569643c", @ANYRESDEC=0x0, @ANYBLOB='\x00', @ANYRESDEC=0xee01, @ANYBLOB=',pcr=00000000000000000062,fsmagic=0x000000000000ffff,dont_appraise,\x00']) fanotify_init(0x20, 0x40801) r0 = geteuid() syz_mount_image$adfs(&(0x7f0000000000)='adfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000001640)=[{&(0x7f0000000480)="191398128c0ce3d51f1e8c497fb87727ba055f91c7d3d23d945a10bed8bacd91a397448c8aef93bc18abb187939ae1978f89c6ce0b5f8093e829277870d967b63b86f94a50eaead455795b0fe6bdb9a49b247d4fd17ce83e2088e3c5bb219291154d494cdcb39c040604c89dcc9d6cda36a541253a4a3ca437789cfd101bcd24193cb6d5133666e061472d4ed56ef82c824f5a12f5ac30dc769dd5f4ec2ad966073f84b014dde1cbbb5c2c613d49eff692903b922244655df3f4dca076e6d8b645a1a19e9562afd15a40549ad4ff29e2b4f7c87fab4b5b7d6431ecbecd6fdd3a2f6004c89c6ee83d01327352d608a9c45bf5ed14d1d237aebbc3f20a595c8e2b7e2502c312de6ab4aa7d0f78cff52c13d1406cedff9a593159f07d5e9b0f842666dc431f5c5564a416efc34aef636fca0df8c06bbfb901933282e3dd9bbbe36865752510d195e676e1ab3a5c4c1d770eeed82440d515a8d94644bb0d84f60c4e52e8af9ed815a6309ab8011975ddb40bab2b45b27870ae67c24d131803541da06829c3b8085181b0074edefb07818df1530b8b5f0f0a69606d3d6731da45a10447b7fc0a2c4f26beef77e96cd4bd4ec108c121fe5bd555734303c212b5822dcbae68f4a6daad83a3cb9ce34e9a0ed68524a6e79266f225d64e824fb66cca9249f8679242cd679d19423f75b820260ec4260bcf2e05b42a4a84bb6fa8af968337fa79282a718f802a84b34def7ed5669064a9b0eeb35c3a3f7e64d86fbe8e1bc092f476c5f2a17030cc0c1c276c6d34f6d504087c671432626ffe1f44b3b6055096f6671e00bf0c0ae2f51ead0a0d6c01bf2b64a03edf7d2949e52cde06f662912187eab04db9ebc7f7d38d3bc6fb1ec653b17a7671ab533a8bab76d9d3426e58a3f0b8cfa20c2cc61373d5a7b2e5ebad2a2ef7ce1889e46ad92fc74fd46e38c8784c56dc49f9debedac84c4eef94e93c28c507cd86158d4746d33da58d664e630e510efeb2f7da5b770ca18eaf225c6371ef8e2ff01651bb1c6899f3696832efc1da7bfbc9cdd2871e7cd0252565f61499527a88eefd4313b7183361e3f98d1604aabce30ce77fe5a6b11cacf29f8d16c7350c4a6fd6ec741e6053c4d6568cab3106484550632d9480d3ffac6fe770d0b85b7422104e1fd562b9cbe99749a76357d9cca4eb50523494e250f64c5d7b6045830a39f0376dc7cdd500780a9839eb26c1ee777fa99327a6585dfcd3330933d28e74ea4ba6ea44b87431294a4b2185a296d1d6ccd65069294ef5663d430d7c51635b7788a49f5e48f6517063954d5022503fc863ff00c615148b136c4c7d27a19c8d2cf2f1d2250395d6d044fbe33c25d763dfe32d45270048ecb2824271fa8f5304866e605f9da98b24a4e2cdc3c48d34a8978072c65909fa64a075f75a86fa4d3a8b06322d3fc485aeab6ac7693ecb965da6d715bb338ba084071e31ba95d825a918b9615ac3e968c3d22e206a3b7fbcdbe6f8f37ab81001aeeed2acdcb0521999ae37763a7c16d08a6b77013168384b9d4289ae686114d771eb0fa50dce6f2708d259159ad7ef048b008cd09475da6eae7cc87162f17b1bc47f4d70289e95d7afa2d3b9e8128c7ec81c8aeff49c284853678cbbd7b650d49c9d967f42f689ab1339ebff38bf684893a91d4293a372b8825c3795ae825467a45b7ecf970d7c87f17da8e12849ab41f29209cfde9eae8c4ddae5ddb9caf890d19ccc62c236ee9f4ed58b3667d0d37622c0f5f19b15ea4822a7939b2672117e32d789ce7beef38403c02065dca088d049380fadc0d2d2512a8484e4f1070810d39d4054039203d263e4bc655c0206c946126d6d95c9e7e6235b1094bdd2cf8af773f58a83db2a0eebccfd49ae9621a9f41857059b9e8bce15627c09fd58f8e7f5afd16d15cbbbb3d48b40ccc21f79473854e49dbc11782c0b14bad9fa41880bb07ea01ae75cabe6b81e52b5e58051cedf9bd6d91c5aa4dd1c0006004e69e68b2b3704fbc0adf89c6a64b5ab913a701bbe33e63ee299d05650fe893e33cda2b93ee00698a3d9277df27294a55c7c5755dfaef4b8bbbdcf6bfe70263b09cea1093ec5c61302b02d22769881cf22713e2ab91ce7eee765cdc0761bacdba0911fc8dd6003036ded7846bfab4b32fa6f6863ee956cd71f9d3e324d67c0202bf1b414e3b6858cd4616e607d1c75570af49ddee118992390296a67b24611028d5c4bf27cc954df68251cec6d92bb6f31665df42eda41b94f1110d3a56c3ec4a3b791854a690fb18b96ebc5591b94a949c2dda69360763babe161195aaba0fc004dc0fe4f57869f3294372144c576149de4a94cdedf9e0b55661986cdb111cd6ef58100bcb247b28a6e743d8c5476417c653970f7a3383564f8f896def4121d0da511e107cdd9f40c52c1d929a913241522d12db9cbb09b0e7e47d6f9bae4f696d7981cd42d1e1d5650947e0ed2290f4e954d6926c8b5bab02af88189025458867346dbc7509b29e57110e1f9611ae59a08dab272faa397a7e0a5faa2f740f9b54ed60dbe6d6504e49b2530b0f648e869d733a7a6ed85632b82eebb3a63fa2f2103856f7bae7a5c5a7fc9b93d3e7d78d260d36db371baf0f4526d3f93002de2e243e490cbb8a8bca742951494c5d11a642b88dbbe5917d0835ee71549dd0086b151d3b144d3b47acdafb4c4fd1611fdfe07160610bcc51c681a7a5b7d545933e76d6ea1c0d36a22e680740553cbfabf648f9e761813b8e250153d899f085e7499754d2e1fc9104e011faccc221ec1d53c86ed4a35ec6b9605847ecdede3830e659d2e82ac5ae698f8ba6500f44c70c976e8a678b7aa063b78fa2db17f15d37878342179a12ac37567a9c763e63faee592f78f040eae8e7ec3b5c760e083a04db23cc1199279934670ce5d986d369c9d760da4b5bbb32520c1b40724a0d73152b70be1716d6d00881359a56454bc331ca1602e3e8b639c62c1283f3fd4e9191d09f229b0ceb67528dd6d982deade3327514ba6d325388fc85ae675e37b54e5fd0c19406c9143e6eb32f2bf6532bf340a7a4f30b4c9ddf645a33816670b0e189e5a4af992cf649c2d418506e8ed38c48b9a44619d7b018dba33f7531a71928f9d77f515e9e028c544793cdb96a434b2a837771be08f9604bc3062390678c31ac122fd843ca2bb8b9d2a3da6c39263f821f30fe90d624a653bff114032b10519debef7e9632afe5d91aaec38ba06f65650deb1a4191cda60276d5f3fa658f95dbb8aa4d896d2e8a29bd1858ff00af4a8b570846a7be44314a2c4b7a55752512c33750e2978e2dad07b70563315f6cae680e7047507392227b1b30cda2f67a815ba90e73bf58f278d81d3d10939a1efceb425e4a49baa714d1c0983683b242bd7e876275865418a3c74647f1626dac43c4fd43fc1e75917a6126e20adfac82cee560effbeab63443951c56cf153a58887ebfe2db8ad048a55917fafc499e81b1aa6ce7fd42d5624be34fcc90be7df42adf3c9ffd0d342f7f848a361522474a4bb64fa0a285fb34411d26be527361c89c019c8390394f967d8f4b8a5982318eb97df8e61b1a9e1cd6c4cbc731694feacc47e6e5d6e0177e3e1aea6e776d8c2646aefc52be0c4e22d2861471a2c61c519ce9a4278ee0e823d7ea8204f527dd38e020d539f0716d5cbdb0d5c2ab799a3c31ba21c1b87e123e91548769e08b22aca425fb4097d1631fd978e5a7a70c06e168da7b11feb49a41da550379b32e9bc413d81f0e7fd37143db8bdeb661bd671c1c84ef51add131867abfe286ba4b6fd0b16f35ab5b12e545aa0ba6b138502b6fc498fb63c3e4a0fffa6fa7904acc63cbfa691dd27dd866379b233ff18dcaf771b436bf17552fa66e6ec181b72ad873bc53fb90d0a6c621729e22a3a62c684e4a9af35b32abff13daa8ab50b824d324535281a64c2ccd3f99694197abe8d865cdc773123f0ff2cab6e87a0430f8e87268d4a3b7383464e293c285aea827e1a0d750da166e00b705be6e959c38020a524e0daf097c7b490c90edba8e5c613e4e0ccaff51d3cac69603b06da1e9d5c689fbda1d99a057fb1e0807ac035af580ea8801a201058229af0912405ee9a20c8b9ccd1184c89b6bd3147b876d5c68b3cdd64f6ae055b63e27a29e07d7590be6e289ef43e5d1f93c0eee8e31b555c809a81e48cfef8cfbcea507b0c53c64542edaacbb6d977f132cd729c8179cc823e4db60b73cb7582c388f7b196bbb6685301da4f04b9934ada9485a25b50983198874c781514f9cef1c57abe3b514be85d8fb0d3ffbd3572d6223576fb4f22fdd5f2bbcc2127481c6fd05d4f2714c93e5876a1778346b1f81e555169a384694ff76dcad481133b435789452284cbbb3ca7f2bfc8d907ac8e40beb46cb9553eebb73d2fe5faa3299a5cadf8a103934e7eea2bd078ab3d57cee68e36cd87c34e34315b15633b0f370806f695c12e21a7ab881b73136fdf4cf11d04c719f26c1f1bfbe6e1876614903b9739fab0f0d9c628435fcbe072494d0c7139ad56363ca72d2962314341115ae400b6aa03315aba5d0eaa65c343400876e6eee8e80a66ce3606b103387367f8623bd7eb17ecb814ff6cfb8ef38c64b372b9d8c6af6f8122d23ec5c3a39ef9d4715df2fb30a183bc3de89693636c70c9aafc45201a78a664d0ea138bf963b5fa74bde522dc717454cec312b2615dfe4f26a2d34a1082272ca6eed091e4e375bb03f2843c3d82bef617d73333098d8f1da7a66fb3284dbf2e82c18b9b6efe8d316b807d693e21c4d78b1dfc7257005e65f66d55438cbb7d52dc04470748aacf2e57fb92fcbd6ecad2dcbc58e85f9faf937e573032bd1c19a326c6959080b5d6c0576178ebb172b6ec3fc020c6bc78fddb44cc6148d558d69fd90c242b7ad69086fa76d274b43055d90496c91fd31ddc16d996e03625c46609126cb72b7fe454992a10d67f0deef800eeffbf7dd550bff1af1f6d1ea48ec27fa03c4a6085a191bf17543401a62de411e1416663b7e2fb1967314bdbde4cf6e03cd76a7a1f62644086954dc02d6d3eeca7be95df42d3daa72c412f81a3563ef7921c7a1d252dd38112ae9a85e1cc398f80a7c81f969d76bf96987727978e1bf08f9e24ab481d865d0f6d202dee7998a88c12725e9b2c3400088eb6f3648e44c1ad7ed9c9937e487ad5c7cba56ba085bcab52a5be8b8e5bc74cad4cfb9f41d81aca4a862c6a72dbf2eb089c52b789d8554a18855e69876165001616e5a507b1a1a47def05c05fa29837f2c4034c69a7548a05dd9dd7b82e5f6d88aca0fb777e8a0a5fab2d5be354e41dd02ba265466c11912edfca9b5f3046b62fd8f072790d14fcd5e047e3e9e0fb88e81a1d0e7d55eac300072bd3cfef9e3150028a38e2d4123b4373aaa4c93cdf191edb4f0d380653eee73c2dbe5f6adb26747d36cb943b75f258c1cd52aacc3ce3032d476e5c6a3d638dab6da98ae1463aea7549f462ef0ccd466a6cbd9072e81d8993a8c81b4a58d925318718b8e7315a548e3aa595de69939f9e6bc15127a8bdedb09265d8e21385bf313b2792cd6f1ca912db2892cd2baa7be489a1004a5fbad0e98a7e5e38eff2fd7d90baf99082995abbc59f77b85b17d6b4f45df7b9cde57e7f540769de3dbfa0f047061ec598058d3650bfc9bb8358d10d2547a6e6865bff846a0ec64a5b4663480acc0a76d33c4d03e9be7eea92d727be607f711f88a72e1a896228664dd41d9b9cbfe1c425c7ea31ef76e41d2ff7e82c81016355e91403c5b6ba8ebcd9a8", 0x1000, 0x1000}, {&(0x7f0000001480)="550014734119bfa512bc1212f995ebfdf48a24c3952a74b1d6971e129b7b5c5022d1d631dc0b79adee300f3a4af89a6eec1b77d974d04d34a9224eb9a9da19696471f4befb873043a050ea7df86ec6a815bba8e4818627287ee03f9cf853eaed6f53e8a4cf752fffdc5768fa13e01db62ef3a861214dd2739b7a2718c0e0f732f78019994ec78d16a9c5ae40579ff0b987a93f371f446d89354f2091f7c15b9c72e3e34b2b8bbc986983c64f989b5fd132a1f1448666d6fe9098b3a36d3233a8fa24ace6e114a5cd90b27da8fd61dbd89fbb7397d435aa5d8528e7e1d6209ebd13bf9014c90acac4235bfc6179fb188bee7d591e39a734d48603", 0xfa, 0x3}, {&(0x7f0000001580)="c02e3918c7385331be291c65fce6a29cba478085d3479f6fae1b4358afc4c3ed660332d791ff55f8ba80ff0d2464766e314f2b1c9f0c80d9c100ffd97b489cf825fe4cebb013c1de4eeb8a99c3f9f5b971aafa12e96e6d715eb054581fe343dfe04fe45a73dfe9f6d18a0bd9db571834ddaf53e13303da6d85e149404ecb93002355976eef943ddf590b9a00dd698bdac09b64f227edbe9ec17e9572b1f47ef42c3f1e", 0xa3, 0x20}], 0x80004, &(0x7f00000016c0)={[{'adfs\x00'}, {}, {'adfs\x00'}, {'adfs\x00'}, {'adfs\x00'}], [{@fsmagic={'fsmagic', 0x3d, 0x8}}, {@uid_lt={'uid<', r0}}, {@dont_measure='dont_measure'}, {@fsname={'fsname', 0x3d, 'adfs\x00'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@euid_lt={'euid<', 0xee01}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}]}) write$UHID_SET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="0e0000000a00000008097e001c0c64441d27dc54c22b9083c714cd3c06c4f859b1654ca46eade833bc79a7ee5f49ca2a94fa54bdaf09d69a7bfe5199266a33149498d00d88044a49c0c1ff35d0da559496db54b4b902d3a349b12401e3e8e923cca9245c600f6131680195130aa32ed73e412eeea967deba0565637115c3d0be569ef7a5c299cbbd460f50668780348ef31d77e21636746316665e0a7172232ff24fa939f732fa8ddb1f048c6f320b1b34acaf19597a8e13014c96dfd123e7a1b9e17aab474a78d4caba98efad6e6046f0c85cc3267d270f61d2f6030000000000000052bec4da43cb61589ee7ebdb6e2a3d18bb6146b93c345dc07b8d351e333c5cbdaef2d5f78afd00"/293], 0x8a) [ 1423.744012] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1423.764078] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1423.769471] CPU: 1 PID: 31054 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1423.777360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1423.786721] Call Trace: [ 1423.789307] dump_stack+0x1b2/0x281 [ 1423.792962] warn_alloc.cold+0x96/0x1cc [ 1423.796919] ? zone_watermark_ok_safe+0x220/0x220 [ 1423.801738] ? trace_hardirqs_on+0x10/0x10 [ 1423.805954] ? deref_stack_reg+0x124/0x1a0 [ 1423.810184] ? fs_reclaim_release+0xd0/0x110 [ 1423.814607] __vmalloc_node_range+0x10e/0x150 [ 1423.819126] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1423.824473] vmalloc_user+0x47/0xa0 [ 1423.828089] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1423.832392] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1423.837740] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1423.841874] __vb2_queue_alloc+0x47a/0xd90 [ 1423.846095] vb2_core_create_bufs+0x279/0x5a0 [ 1423.850571] ? __vb2_queue_free+0x7a0/0x7a0 [ 1423.854882] ? trace_hardirqs_on+0x10/0x10 [ 1423.859092] ? __lock_acquire+0x5fc/0x3f20 [ 1423.863316] vb2_create_bufs+0x2e1/0x5b0 [ 1423.867367] ? futex_wait_queue_me+0x3bb/0x590 [ 1423.871928] ? vb2_thread_start+0x310/0x310 [ 1423.876228] ? trace_hardirqs_on+0x10/0x10 [ 1423.880445] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1423.885020] v4l_create_bufs+0xa4/0x150 [ 1423.888982] __video_do_ioctl+0x65b/0x6a0 [ 1423.893110] ? video_ioctl2+0x30/0x30 [ 1423.896889] ? __might_fault+0x177/0x1b0 [ 1423.900992] ? video_ioctl2+0x30/0x30 [ 1423.904797] video_usercopy+0xfd/0xe70 [ 1423.908676] ? v4l_g_ctrl+0x390/0x390 [ 1423.912472] ? trace_hardirqs_on+0x10/0x10 [ 1423.916747] ? futex_exit_release+0x220/0x220 [ 1423.921235] ? wait_for_completion_io+0x10/0x10 [ 1423.925890] ? lock_acquire+0x170/0x3f0 [ 1423.929844] v4l2_ioctl+0x1bb/0x2f0 [ 1423.933452] ? v4l2_open+0x2f0/0x2f0 [ 1423.937160] do_vfs_ioctl+0x75a/0xff0 [ 1423.940965] ? ioctl_preallocate+0x1a0/0x1a0 [ 1423.945367] ? lock_downgrade+0x740/0x740 [ 1423.950041] ? __fget+0x225/0x360 [ 1423.953492] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.957454] ? security_file_ioctl+0x83/0xb0 [ 1423.961997] SyS_ioctl+0x7f/0xb0 [ 1423.965343] ? do_vfs_ioctl+0xff0/0xff0 [ 1423.969305] do_syscall_64+0x1d5/0x640 [ 1423.973184] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1423.978399] RIP: 0033:0x466459 [ 1423.981578] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:06:05 executing program 5: fanotify_init(0x8, 0x1000) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xf, 0x9, 0x80000001, 0x1, 0x1400, 0x1, 0xc4, [], 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x3}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x16, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, [@map={0x18, 0x7, 0x1, 0x0, r0}]}, &(0x7f0000000080)='GPL\x00', 0x12, 0xb5, &(0x7f00000000c0)=""/181, 0x41000, 0x14, [], 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x2, 0x5, 0x9, 0x200}, 0x10, 0xffffffffffffffff}, 0x78) [ 1423.989265] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1423.996516] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1424.003772] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1424.011030] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1424.018280] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:06:05 executing program 5: fanotify_init(0x0, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x12080, 0x0) r1 = gettid() r2 = accept4(r0, &(0x7f0000000040)=@ethernet, &(0x7f00000000c0)=0x80, 0x80000) ptrace$setsig(0x4203, r1, 0x6, &(0x7f0000000240)={0x19, 0xffffffff, 0x5}) sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@ipv6_newrule={0x44, 0x20, 0x2, 0x70bd2c, 0x25dfdbff, {0xa, 0x80, 0x0, 0x1f, 0x1, 0x0, 0x0, 0x6, 0x2}, [@FRA_DST={0x14, 0x1, @loopback}, @FRA_DST={0x14, 0x1, @dev={0xfe, 0x80, [], 0x1e}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x8000) [ 1424.042349] warn_alloc_show_mem: 2 callbacks suppressed [ 1424.042352] Mem-Info: [ 1424.050153] active_anon:223662 inactive_anon:6741 isolated_anon:0 [ 1424.050153] active_file:6840 inactive_file:44208 isolated_file:0 [ 1424.050153] unevictable:0 dirty:319 writeback:25 unstable:0 [ 1424.050153] slab_reclaimable:21652 slab_unreclaimable:131469 [ 1424.050153] mapped:62338 shmem:6935 pagetables:16017 bounce:0 [ 1424.050153] free:1179394 free_pcp:279 free_cma:0 13:06:05 executing program 5: fanotify_init(0x8, 0x40000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = syz_mount_image$adfs(&(0x7f0000000000)='adfs\x00', &(0x7f0000000040)='./file0\x00', 0xb522, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000080), 0x0, 0x7f}, {&(0x7f00000000c0)="a098edc1270f97ee82bf8a7ecf96dffe3aca88ea5e98bced67e7ea588c98dc4c28a1bca25db77a25306bd2f4072bcc01ec7a39d401aaf698c63343e9c0cb9c3eb98e907c5b3cc4655539acc11fdb5a44e9a17f5924a7bc30aec0660e12e00871e06fca97212d0fe04a15f82cb096854105fa940f55542740cf9b3f70e908110149af8591b0d5c51ae76e31b86d6449968330432e0efcabfe44a19c16038d2c0f3c17afe3fe6a74ef78b937ddd5b62ec29ad752ed67d970e55c9c3a1c98af46ad1a67e50a11ab42246f4b746fdd6bc4ef3a67642af09b25a1683a0866e6d79f", 0xdf, 0x10000}], 0x1000415, &(0x7f0000000200)={[{'{'}, {}], [{@audit='audit'}, {@fowner_gt={'fowner>', 0xffffffffffffffff}}, {@appraise='appraise'}, {@smackfsroot={'smackfsroot'}}, {@subj_role={'subj_role', 0x3d, ':z%&'}}, {@context={'context', 0x3d, 'root'}}]}) fanotify_mark(r0, 0x1, 0x8001000, r1, &(0x7f0000000280)='./file0\x00') fanotify_init(0x8, 0x2) 13:06:05 executing program 5: fanotify_init(0x40, 0x400) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) fanotify_mark(r0, 0x36, 0x38, 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00') write$UHID_CREATE(r1, &(0x7f0000000080)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/9, 0x9, 0x5, 0x0, 0x7, 0x9e45, 0xfffffffb}}, 0x120) [ 1424.085323] Node 0 active_anon:894668kB inactive_anon:26964kB active_file:27236kB inactive_file:176832kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249352kB dirty:1276kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1424.115022] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1424.142900] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1424.169177] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1424.174849] Node 0 DMA32 free:661696kB min:36200kB low:45248kB high:54296kB active_anon:894668kB inactive_anon:26964kB active_file:27236kB inactive_file:176832kB unevictable:0kB writepending:1284kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27392kB pagetables:64068kB bounce:0kB free_pcp:1256kB local_pcp:556kB free_cma:0kB [ 1424.205760] lowmem_reserve[]: 0 0 0 0 0 [ 1424.209761] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1424.235966] lowmem_reserve[]: 0 0 0 0 0 [ 1424.239976] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1424.268333] lowmem_reserve[]: 0 0 0 0 0 [ 1424.273120] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1424.287162] Node 0 DMA32: 817*4kB (UE) 411*8kB (UME) 10*16kB (UE) 10*32kB (UE) 5*64kB (UM) 0*128kB 21*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 661436kB [ 1424.304152] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1424.315301] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1424.333082] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1424.341910] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1424.351304] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1424.360607] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1424.369701] 25434 total pagecache pages [ 1424.374185] 0 pages in swap cache [ 1424.377633] Swap cache stats: add 0, delete 0, find 0/0 [ 1424.383752] Free swap = 0kB [ 1424.386818] Total swap = 0kB [ 1424.389826] 2097051 pages RAM [ 1424.393828] 0 pages HighMem/MovableOnly [ 1424.397792] 363849 pages reserved [ 1424.401225] 0 pages cma reserved [ 1424.405859] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1424.417342] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1424.422920] CPU: 1 PID: 31062 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1424.430793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1424.440127] Call Trace: [ 1424.442709] dump_stack+0x1b2/0x281 [ 1424.446336] warn_alloc.cold+0x96/0x1cc [ 1424.450299] ? zone_watermark_ok_safe+0x220/0x220 [ 1424.455127] ? trace_hardirqs_on+0x10/0x10 [ 1424.459354] ? deref_stack_reg+0x124/0x1a0 [ 1424.463588] ? fs_reclaim_release+0xd0/0x110 [ 1424.467996] __vmalloc_node_range+0x10e/0x150 [ 1424.472493] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1424.477838] vmalloc_user+0x47/0xa0 [ 1424.481455] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1424.486462] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1424.491809] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1424.495950] __vb2_queue_alloc+0x47a/0xd90 [ 1424.500178] vb2_core_create_bufs+0x279/0x5a0 [ 1424.504662] ? __vb2_queue_free+0x7a0/0x7a0 [ 1424.508978] ? trace_hardirqs_on+0x10/0x10 [ 1424.513243] ? __lock_acquire+0x5fc/0x3f20 [ 1424.517508] vb2_create_bufs+0x2e1/0x5b0 [ 1424.521565] ? vb2_thread_start+0x310/0x310 [ 1424.525881] ? trace_hardirqs_on+0x10/0x10 [ 1424.530106] ? mark_held_locks+0xa6/0xf0 [ 1424.534154] ? trace_hardirqs_on+0x10/0x10 [ 1424.538388] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1424.542971] v4l_create_bufs+0xa4/0x150 [ 1424.546937] __video_do_ioctl+0x65b/0x6a0 [ 1424.551631] ? video_ioctl2+0x30/0x30 [ 1424.555416] ? __might_fault+0x177/0x1b0 [ 1424.559466] ? video_ioctl2+0x30/0x30 [ 1424.563259] video_usercopy+0xfd/0xe70 [ 1424.567137] ? v4l_g_ctrl+0x390/0x390 [ 1424.570926] ? trace_hardirqs_on+0x10/0x10 [ 1424.575146] ? trace_hardirqs_on+0x10/0x10 [ 1424.579414] ? lock_acquire+0x170/0x3f0 [ 1424.583415] v4l2_ioctl+0x1bb/0x2f0 [ 1424.587042] ? v4l2_open+0x2f0/0x2f0 [ 1424.590748] do_vfs_ioctl+0x75a/0xff0 [ 1424.594547] ? ioctl_preallocate+0x1a0/0x1a0 [ 1424.599010] ? lock_downgrade+0x740/0x740 [ 1424.603152] ? __fget+0x225/0x360 [ 1424.606689] ? do_vfs_ioctl+0xff0/0xff0 [ 1424.610652] ? security_file_ioctl+0x83/0xb0 [ 1424.615043] SyS_ioctl+0x7f/0xb0 [ 1424.618389] ? do_vfs_ioctl+0xff0/0xff0 [ 1424.622349] do_syscall_64+0x1d5/0x640 [ 1424.626221] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1424.631390] RIP: 0033:0x466459 [ 1424.634573] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:06:06 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0xfffffff9, 0xc97e, 0x2, {0x2, @sliced={0x0, [0x81, 0x1f, 0x8, 0x51, 0x1, 0x310, 0x1, 0x80, 0x800, 0x1, 0x3, 0x8, 0x0, 0x401, 0x2, 0x7fff, 0x0, 0x2, 0x1, 0xf801, 0x20, 0x1f, 0x1, 0x9, 0x1f, 0x5, 0x88, 0x4, 0x23c, 0x3ff, 0x1, 0x3, 0x8, 0xfffd, 0x20, 0x7, 0x5, 0x7ff, 0x8000, 0x6, 0xe02, 0xb, 0x31, 0x100, 0x0, 0xfff, 0x1, 0xa19], 0xdcc}}, 0x5}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @pix={0x8000006, 0xb65, 0x32314d54, 0x2, 0x9, 0x8, 0xb, 0x5, 0x0, 0x2, 0x0, 0x4}}}) 13:06:06 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vim2m\x00', 0x2, 0x0) 13:06:06 executing program 5: fanotify_init(0x10, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x5, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1c, 0x5, &(0x7f0000000000)=@raw=[@ldst={0x1, 0x1, 0x0, 0x0, 0x0, 0x6}, @map={0x18, 0xb}, @generic={0x1, 0x0, 0x6, 0x1}, @exit], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xad, &(0x7f0000000080)=""/173, 0x1f00, 0x4, [], 0x0, 0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000180)={0x5, 0x1, 0x6, 0x57}, 0x10, r0}, 0x78) 13:06:06 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:06 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000080)={0x81, 0x0, 0x4, 0x10, 0xcf7, {0x0, 0xea60}, {0x3, 0x0, 0x5, 0x5, 0x87, 0x6b, "4703a9b2"}, 0x44, 0x1, @userptr=0x60000000, 0x8000}) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x3, {0x2, @vbi={0x81, 0x7fff, 0x8001, 0x56544943, [0x800, 0x8001], [0x16, 0x40], 0x13a}}}) 13:06:06 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x7, 0x0, 0x1, 0xffeffffd}, 0x0, 0xfffffffd, 0x0, 0x2000000, 0x0}}}) [ 1424.642265] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1424.649525] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1424.656780] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1424.664032] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1424.671281] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 13:06:06 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xfb, 0x2) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20002000}, 0xffffff5c, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, 0x0, 0x2, 0x70bd2d, 0x25dfdc00, {}, [@L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x9}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x69}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_L2SPEC_TYPE={0x0, 0x5, 0x1}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth1_vlan\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x2400c0d1}, 0x4000) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) syz_open_dev$vim2m(&(0x7f00000002c0)='/dev/video#\x00', 0x1f, 0x2) syz_genetlink_get_family_id$l2tp(&(0x7f0000000300)='l2tp\x00', r1) 13:06:06 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x14, 0x7, 0x2, {0x2, @win={{0x0, 0x0, 0x0, 0x1004}, 0x8, 0xfffffffd, 0x0, 0x1, 0x0, 0x8}}, 0x400000}) [ 1424.809141] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1424.820942] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1424.829617] CPU: 1 PID: 31108 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1424.837513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1424.846863] Call Trace: [ 1424.849449] dump_stack+0x1b2/0x281 [ 1424.853075] warn_alloc.cold+0x96/0x1cc [ 1424.857082] ? zone_watermark_ok_safe+0x220/0x220 [ 1424.861934] ? trace_hardirqs_on+0x10/0x10 [ 1424.866164] ? free_one_page+0x119/0x1210 [ 1424.870307] ? deref_stack_reg+0x124/0x1a0 [ 1424.874546] ? fs_reclaim_release+0xd0/0x110 [ 1424.878960] __vmalloc_node_range+0x10e/0x150 [ 1424.883462] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1424.888823] vmalloc_user+0x47/0xa0 [ 1424.892452] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1424.896771] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1424.902147] vb2_vmalloc_alloc+0xa6/0x2d0 13:06:06 executing program 5: fanotify_init(0x10, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) 13:06:06 executing program 5: r0 = fanotify_init(0x4, 0x101000) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) fanotify_mark(r0, 0x60, 0x8000000, r1, &(0x7f0000000080)='./file0\x00') r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040)='wireguard\x00', 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wg0\x00', 0x0}) sendmsg$sock(r2, &(0x7f00000002c0)={&(0x7f00000000c0)=@ipx={0x4, 0x3ff, 0x4decab0e, "10fc06e86a81", 0x3}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000140)="2387c49e27fbdb3ec27217e2c8bf67ef396cad4c57a41fd2be893ed09881b92ebea4bc74ed85e9eab479bb4bc7ededdbfaa5d6f7221f0fef223db86d008d1a1aad4af5b97073e7044c66d1df45c683f3cabada8380d4a265df54ba254d01545455abb4f4f8c44d12fddbe3012bfbcc8e66f1a4699cc53732a12012e992a5643608ffa34e1c8b605673534531543d0dc888d01c5d2ed4aea0dc7b08d22def0501a3a9866f264b682071e2ef12db6729c5b8755c25dd18131747bba46cccf64135f02a878c7436a03782db658b94e553b63db399055dacdc52a4792efdf56a9f38", 0xe0}], 0x1, &(0x7f0000000280)}, 0x40080c4) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000000), 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x90, r3, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r4}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a='\xa0\\\xa8Ol\x9c\x8e8S\xe2\xfdzp\xae\x0f\xb2\x0f\xa1R`\f\xb0\bE\x17O\b\ao\x8dxC'}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b='\xb0\x80s\xe8\xd4N\x91\xe3\xda\x92,\"C\x82D\xbb\x88\\i\xe2i\xc8\xe9\xd85\xb1\x14):M\xdcn'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b='\xb0\x80s\xe8\xd4N\x91\xe3\xda\x92,\"C\x82D\xbb\x88\\i\xe2i\xc8\xe9\xd85\xb1\x14):M\xdcn'}]}, 0x90}, 0x1, 0x0, 0x0, 0x80}, 0x4004) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000300)='/dev/video2\x00', 0x2, 0x0) 13:06:06 executing program 5: fanotify_init(0x10, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000340), 0x8) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x34, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_FD={0x8, 0x17, @udp6}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 13:06:06 executing program 5: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x1, 0x0) fanotify_init(0x10, 0x0) [ 1424.906293] __vb2_queue_alloc+0x47a/0xd90 [ 1424.910546] vb2_core_create_bufs+0x279/0x5a0 [ 1424.915043] ? __vb2_queue_free+0x7a0/0x7a0 [ 1424.919378] ? trace_hardirqs_on+0x10/0x10 [ 1424.923622] ? __lock_acquire+0x5fc/0x3f20 [ 1424.927863] vb2_create_bufs+0x2e1/0x5b0 [ 1424.931928] ? futex_wait_queue_me+0x3bb/0x590 [ 1424.936507] ? vb2_thread_start+0x310/0x310 [ 1424.940843] ? trace_hardirqs_on+0x10/0x10 [ 1424.945083] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1424.949671] v4l_create_bufs+0xa4/0x150 [ 1424.953646] __video_do_ioctl+0x65b/0x6a0 [ 1424.957800] ? video_ioctl2+0x30/0x30 [ 1424.961601] ? __might_fault+0x177/0x1b0 [ 1424.965657] ? video_ioctl2+0x30/0x30 [ 1424.969452] video_usercopy+0xfd/0xe70 [ 1424.973327] ? v4l_g_ctrl+0x390/0x390 [ 1424.977121] ? lock_acquire+0x170/0x3f0 [ 1424.981075] ? lock_downgrade+0x740/0x740 [ 1424.985209] ? trace_hardirqs_on+0x10/0x10 [ 1424.989432] ? futex_exit_release+0x220/0x220 [ 1424.993911] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1424.998996] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1425.004004] v4l2_ioctl+0x1bb/0x2f0 [ 1425.007633] ? v4l2_open+0x2f0/0x2f0 [ 1425.011335] do_vfs_ioctl+0x75a/0xff0 [ 1425.015144] ? ioctl_preallocate+0x1a0/0x1a0 [ 1425.019537] ? lock_downgrade+0x740/0x740 [ 1425.023681] ? __fget+0x225/0x360 [ 1425.027133] ? do_vfs_ioctl+0xff0/0xff0 [ 1425.031087] ? security_file_ioctl+0x83/0xb0 [ 1425.035478] SyS_ioctl+0x7f/0xb0 [ 1425.038882] ? do_vfs_ioctl+0xff0/0xff0 [ 1425.042845] do_syscall_64+0x1d5/0x640 [ 1425.046725] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1425.051893] RIP: 0033:0x466459 [ 1425.055062] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1425.062755] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1425.070018] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1425.077273] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1425.084529] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1425.091790] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 [ 1425.111724] warn_alloc_show_mem: 1 callbacks suppressed [ 1425.111729] Mem-Info: [ 1425.126765] active_anon:223665 inactive_anon:6741 isolated_anon:0 [ 1425.126765] active_file:6840 inactive_file:44219 isolated_file:0 [ 1425.126765] unevictable:0 dirty:379 writeback:0 unstable:0 [ 1425.126765] slab_reclaimable:21633 slab_unreclaimable:130967 [ 1425.126765] mapped:62350 shmem:6935 pagetables:16017 bounce:0 [ 1425.126765] free:1179796 free_pcp:295 free_cma:0 [ 1425.161587] Node 0 active_anon:894660kB inactive_anon:26964kB active_file:27236kB inactive_file:176876kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249420kB dirty:1516kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1425.195231] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1425.221257] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1425.247539] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1425.252661] Node 0 DMA32 free:660992kB min:36200kB low:45248kB high:54296kB active_anon:894660kB inactive_anon:26964kB active_file:27236kB inactive_file:176876kB unevictable:0kB writepending:1516kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27360kB pagetables:64068kB bounce:0kB free_pcp:1436kB local_pcp:728kB free_cma:0kB [ 1425.283222] lowmem_reserve[]: 0 0 0 0 0 [ 1425.287195] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1425.312880] lowmem_reserve[]: 0 0 0 0 0 [ 1425.316864] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1425.345130] lowmem_reserve[]: 0 0 0 0 0 [ 1425.349138] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1425.362838] Node 0 DMA32: 861*4kB (UME) 134*8kB (UME) 60*16kB (UME) 23*32kB (UE) 6*64kB (UM) 0*128kB 21*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 660676kB [ 1425.379699] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1425.390485] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1425.407838] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1425.416741] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1425.425394] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1425.434322] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1425.443399] 25452 total pagecache pages [ 1425.447380] 0 pages in swap cache [ 1425.450810] Swap cache stats: add 0, delete 0, find 0/0 [ 1425.457143] Free swap = 0kB [ 1425.460154] Total swap = 0kB [ 1425.464021] 2097051 pages RAM [ 1425.467119] 0 pages HighMem/MovableOnly [ 1425.471072] 363849 pages reserved [ 1425.475729] 0 pages cma reserved [ 1425.479371] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1425.491360] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1425.497069] CPU: 0 PID: 31110 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1425.504948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1425.514294] Call Trace: [ 1425.516874] dump_stack+0x1b2/0x281 [ 1425.520486] warn_alloc.cold+0x96/0x1cc [ 1425.524445] ? zone_watermark_ok_safe+0x220/0x220 [ 1425.529270] ? trace_hardirqs_on+0x10/0x10 [ 1425.533495] ? deref_stack_reg+0x124/0x1a0 [ 1425.537725] ? fs_reclaim_release+0xd0/0x110 [ 1425.542130] __vmalloc_node_range+0x10e/0x150 [ 1425.546620] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1425.551967] vmalloc_user+0x47/0xa0 [ 1425.556965] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1425.561266] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1425.566617] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1425.570760] __vb2_queue_alloc+0x47a/0xd90 [ 1425.575033] vb2_core_create_bufs+0x279/0x5a0 [ 1425.579509] ? __vb2_queue_free+0x7a0/0x7a0 [ 1425.583814] ? trace_hardirqs_on+0x10/0x10 [ 1425.588035] ? __lock_acquire+0x5fc/0x3f20 [ 1425.592261] vb2_create_bufs+0x2e1/0x5b0 [ 1425.596311] ? vb2_thread_start+0x310/0x310 [ 1425.600629] ? trace_hardirqs_on+0x10/0x10 [ 1425.604861] ? mark_held_locks+0xa6/0xf0 [ 1425.608909] ? trace_hardirqs_on+0x10/0x10 [ 1425.613126] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1425.617690] v4l_create_bufs+0xa4/0x150 [ 1425.621653] __video_do_ioctl+0x65b/0x6a0 [ 1425.625793] ? video_ioctl2+0x30/0x30 [ 1425.629582] ? __might_fault+0x177/0x1b0 [ 1425.633629] ? video_ioctl2+0x30/0x30 [ 1425.637428] video_usercopy+0xfd/0xe70 [ 1425.641310] ? v4l_g_ctrl+0x390/0x390 [ 1425.645099] ? lock_acquire+0x170/0x3f0 [ 1425.649063] ? trace_hardirqs_on+0x10/0x10 [ 1425.653298] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1425.658305] v4l2_ioctl+0x1bb/0x2f0 [ 1425.661919] ? v4l2_open+0x2f0/0x2f0 [ 1425.665632] do_vfs_ioctl+0x75a/0xff0 [ 1425.669433] ? ioctl_preallocate+0x1a0/0x1a0 [ 1425.673825] ? lock_downgrade+0x740/0x740 [ 1425.677956] ? __fget+0x225/0x360 [ 1425.681395] ? do_vfs_ioctl+0xff0/0xff0 [ 1425.685378] ? security_file_ioctl+0x83/0xb0 [ 1425.689770] SyS_ioctl+0x7f/0xb0 [ 1425.693114] ? do_vfs_ioctl+0xff0/0xff0 [ 1425.697076] do_syscall_64+0x1d5/0x640 [ 1425.700957] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1425.706124] RIP: 0033:0x466459 13:06:07 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x9, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) [ 1425.709295] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1425.716998] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1425.724253] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1425.731590] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1425.738848] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1425.746096] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:06:07 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000040)=0x401, 0x8) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f00000000c0)={0x1, @pix_mp={0x8000, 0x8, 0x50424752, 0x4, 0x7, [{0x80010, 0x4}, {0x2127, 0x1ff}, {0x6, 0xc29f5497}, {0x40, 0x1000}, {0x2de9, 0x4cdc}, {0x6, 0x80000001}, {0x10000, 0x7f}, {0x8, 0x2}], 0x4, 0x6, 0x2, 0x2, 0x6}}) 13:06:07 executing program 5: fanotify_init(0x0, 0x80000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000040)={r1, r2/1000+10000}, 0x10) 13:06:07 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x100, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000080)={0x8000, 0x5ef, 0x3, {0x0, @pix={0x3, 0x0, 0x32314d59, 0x5, 0x6, 0xff, 0xc, 0xfffffff8, 0x1, 0x7, 0x2, 0x1}}}) 13:06:07 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:07 executing program 4: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000080)={0x5, 0x2, 0x4, 0x4, 0xffffffff, {0x77359400}, {0x3, 0x2, 0xad, 0x8, 0x2, 0x5, "637bd1f5"}, 0x80, 0x3, @userptr=0x94ce, 0x7, 0x0, r1}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x3, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x86}) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYCAP(r2, 0x80685600, &(0x7f0000000140)) 13:06:07 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) bind$802154_raw(0xffffffffffffffff, &(0x7f0000000040)={0x24, @short={0x2, 0x0, 0xaaa2}}, 0x14) 13:06:07 executing program 2: socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x5f, 0x101, 0x5, 0x2, 0x1ff, 0x1, "cd42726bd7db590babf8c13e10cfff309ec3c12bbc0e62299eb1aedd8088b9710e081d40da272e22439b4486e0e0d1b9726022f98d45f20ef1f12d1a54aaacbb48ae71512041b0efdc02de7682c55471b3eed29fef5d3912ba524aede7bbf1"}}, 0x177) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:07 executing program 4: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x8, 0x1, {0x0, @win={{0x0, 0x6, 0x20000000}, 0x9, 0xfffffffd, 0x0, 0x4, 0x0}}, 0x3}) 13:06:07 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000080)={0x1, @pix_mp={0x0, 0x1, 0x0, 0x0, 0x0, [{0x0, 0x8}, {0xfffff3c0}]}}) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) perf_event_open(&(0x7f0000000740)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000340)={0x7, 0x1, 0x1, {0x3, @pix_mp={0x20, 0x1, 0x39565559, 0x1, 0x6, [{0x9, 0x9}, {0x0, 0x7f}, {0x20000000, 0xfffff800}, {0x441b, 0x3f}, {0xffff43aa, 0x6}, {0x0, 0x48}, {0x1, 0x2}, {0x2, 0x10001}], 0x1, 0x5, 0x8, 0x2, 0x6}}, 0x1efba9bf}) ioctl$vim2m_VIDIOC_QUERYCAP(r2, 0x80685600, &(0x7f00000002c0)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x4, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:07 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mISDNtimer\x00', 0x2000, 0x0) ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f00000000c0)=0x32) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_STREAMON(r2, 0x40045612, &(0x7f0000000040)=0x3) 13:06:07 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:07 executing program 5: fanotify_init(0x20, 0x40000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xf, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x21}, @generic={0x2, 0x7, 0x5, 0x400, 0x7}, @initr0={0x18, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0xfffffffd}], &(0x7f0000000040)='syzkaller\x00', 0x5, 0x48, &(0x7f0000000080)=""/72, 0x40f00, 0x9, [], 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000140)={0x3, 0xe, 0x7, 0xda47}, 0x10, 0xffffffffffffffff}, 0x78) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000200)={0xffffffffffffffff, r0, 0x0, r1}, 0x10) 13:06:07 executing program 3: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0x5b, 0xfd, &(0x7f0000000040)="ccf20dd9af3ec77d207501dc6bfa947dad62ff9c98ba6c2b05a4b2266fb460790bd1350cec21a181d65a76c81932625afe67897b22bc143bd573be113d8bbf498389560eec165ccce76997c8b97908167bb90afbedce2911432910", &(0x7f00000000c0)=""/253, 0x5, 0x0, 0x35, 0xaf, &(0x7f00000002c0)="f5e0a18d11dbf19982ec2e0d28523fabb2d5d223cb4ab64b53acde06646b006f9511f59b932db18a90f6cbabf28de570d4c5a25b2d", &(0x7f0000000300)="d966c0a340fe4e01a4479d1425420759aa3b71255165ea10998dcbcb1f569896ef521a73cf883cc85b50f007ed53a2f62a14b44558e322b55bdfee98051b47f5b976c915dcd90b2689124b2c6d25ad812bcaf2d7fd3f14fe79fe1f88566bece980b40c87a4fac21ebcef56a6a5a6487d5a062e64d6db514c629d5d64ad16ec0742fd35b1962419f0085c8f8c49374adb45e70a7e0758e85945e663ab6ccf0a394ecd830aebc2873c18038a86b69bd4", 0x1, 0xfffffffb}, 0x48) 13:06:07 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:07 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x4, {0x2, @win={{0x0, 0x0, 0xfffffffd, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$SNAPSHOT_S2RAM(0xffffffffffffffff, 0x330b) 13:06:07 executing program 2: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) accept$nfc_llcp(r1, &(0x7f0000000100), &(0x7f0000000180)=0x60) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @my=0x0}, 0x10) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, 0xffffffffffffffff) r3 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_STREAMON(r2, 0x40045612, &(0x7f0000000040)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x100, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:07 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x80, 0x640100) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$vim2m_VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000140)={0xfffffffa, 0x2, 0x4, 0x10000, 0x6fef, {r2, r3/1000+10000}, {0x2, 0xc, 0x80, 0x0, 0x2, 0x12, "ceed184b"}, 0xffffffff, 0x2, @planes=&(0x7f00000000c0)={0x0, 0xfffffff7, @userptr=0x4, 0x200}, 0x0, 0x0, r5}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) bpf$LINK_DETACH(0x22, &(0x7f00000002c0)=r4, 0x4) pipe(&(0x7f0000000400)) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r6, 0x330f, 0x0) ioctl$KVM_GET_CPUID2(r6, 0xc008ae91, &(0x7f0000000300)={0x5, 0x0, [{}, {}, {}, {}, {}]}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r7, 0x330f, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000440)=0x2, 0x4) 13:06:07 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000140)={0xffff, 0x1, 0x2, "8c47cc21abc4cd772604b190d00082548eb106f4ad00136b015e8d8238d76080", 0x3131354f}) write$UHID_SET_REPORT_REPLY(r2, &(0x7f0000000180)={0xe, {0x0, 0x9, 0x1, 0x1d, "7ed46a9bd1d00143e3b33a44471820ace537cdfd93dff202fb89b8a0e1"}}, 0x29) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000040)={0x7, @pix={0x7, 0x3, 0x34424752, 0x7, 0xd27, 0x401, 0x2, 0x9, 0x1, 0x6, 0x2, 0x6}}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:07 executing program 2: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0xb5, 0x109000) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) sendmsg$sock(r0, &(0x7f00000013c0)={&(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x1, 0x2, 0x3, 0x2, {0xa, 0x4e24, 0x3, @mcast2, 0x2}}}, 0x80, &(0x7f00000012c0)=[{&(0x7f00000002c0)="76b4cc37bb48a8047bc6af98cd98e4dc7d5212d48e364b166f4d156407d1e3f00f00f98c263b390cc9ac92d98bce211204eff68c1828d89a13defb7bc5e92bfef743a2f6805a419ff443520bd7b00bbe5ff4edc155b90dfdfe286e7a8c6a341bfe0d989398d55f395214fc283c616716dfc495a9dbae38e94b8996d192fef2ab5ed8c2bb66e6ca556e3292f7d71f1cb055cc9e15f821eade22522449cdc4d50fecf64ed1375c4e256120b442318bbfbc7c149204b4e439f8d5eb494d0cb93c60a05802f404b820af6df5266047bce6e9196041906a5de72daebe39cbd4db5135cdae01f90ac6357fde77bc257143584099f01d4049c69533d0997a9622c4557d34c8772a39a86fad8008b1134c9e28b1dada0b7ee51c3f2898a8d02d322baac31bc98e7e99d2a58fe6dbb9d07fa8eb700075f71f88978461aeba0bbeda993389f45e6b7456dddaa99f7970797bea505688a6d02d30ba7129daa29d1bde58535fb25b7f9e6c5686c94cc32cdd6fa4de04173db6f7c6340fb10d06783d05774b9aeeb432ecdbc8136d7dea7947468c88dfd3e358c55306f7630084e2153deaa659276d872b4a4105c70f44d20514e6bb80aca3ae4165ce14c076002f9e0c30634489205761254f08ec8cfbabbc402b44e3ceba44583bdf3e9268787f172188b4b4f7b3449dcdddf8793bff03a4024a8b6d8aa8e269ccab9e50b66312f77fc107c45f43b25f40c5a7e5beb1c1a2eb378d55912392a85244505ae531ae270d9ab8890f5f6ec9b3203307e4e5be7a9211ad143ec8aada430597c80aa334cb5250cf3253f2ab49e13d0c266a38a13c08da5efe0aa2846f7965dd7111812d77ca6537c70b55de8c75d8beedf08a3a6ab3c234d0b2c4300dd5b76cf616612734ae5294ed0410cadc320040d95da0e0030b2689508ae5404a15b462274c79653e31718b7f2276dad91f95a6eca6528fbac649a9054d152fdce4583f03f07dbf5e704801b98e45374617c40766d472286bff744642081eca330f5e38547523cc3dba33d6a2bb9175aa3f0534adc5fa7056363e39098095c93cbeb7bc1acb6048d069d7597764d9791ac61bd0ff706ba544833f7e83d8f24867437abd7cd007ffcd5b27982dad9418966172f3bd500b91f5e4f384d1e950efd9269b4ee1c61eb19356e3477bc23fc1b5a178847540c7c9a60eab9168227132f50f7771dcbfe5cec4015e5892c682cdbe18e8125d79c3957915f31711a117d3c4a8b4015695c0b86d955e85509a4142c9e07b4653d1d031a6dc99c39563fb305274b661ee94685ebb9d3fb07eaff55a9628f05e02a0bcf2e12981c81326f3a30a9390be818e436e6d1219a85b60cdb39b336b228bc71c5a2e024e4c19f6443cfd7a2675146d4cb02de34b0f35f73b0ba6fb23ccb53eee6a12ca4312a9861456c8b136683531a710ae41dc97607708c0137ec47fcb5f9d655cb62458061b121bdfe8dbdc46ff9f09b274e78308a430546eb64c6649777cc440f8a00b66e7f1ec53769f055c36cf22b37e99a87b852eedbdb71e1489e0c9c2b4dde151d223a5a98e603fc83bd953bf4868156ff0acd5d073bab65c2f8e8087bafc8eb3eab6582a1f026843f78f28eba214cd7c26710fe086e4dbbce63c533a4a7f4372c418441b86cf774351f7069b84f6accb16880f44119080ddcb2635a56795fb3dbb203365d3fc06617084ce33bc476148d468047f18e3517dae0bc9ae223047ea5b1f91da89539f6238ecee500981973c502ac0216ffdbaffd3b44e50bb546c9b991b3786205b5e4b182ea42d9b8455c2351f60ee755d58220f88c061d7f7eae1e575a7e4a56cbdc870481ffcd6a5b8dde74c535832a3ef41b0b9280b0926ba2a8c276e6364cdefa0db6d44ba7e73ce43c7f75d9c2b59ab4dca57a62558f2b7a329114e6bac757339e0e9299a2b8c3759b6ab9dbf70aa313f38a67e974287e69948e3f53c14ed77332d378e4ee3e294bc607eceef8b92f6269303211dcf96989f667761e9062132bc8204eee7902ec6bf3504daf9bcfe53ed8318c0acaa2f8815ee88ba045489015c9cb0f5faa6c5ee8d043dedf17ebb0f64da331a4749af5e73e9eb3cc828cde4a8126fc4364480b598849c625bba049af334091e952da2442d9f4c5a1395265fa9933b1309eefb04eb4a8f75ceae10ba60ebd42186561d4c69e828c36a81051cd9b053f62e74f09f4542b2294217118e498f8ca24dfe24f2d1d42c8850d3591904affd6955ee5436ef21c832145e8799a5decad75684c28678c9dc4d264d61c2e07e71675467348a181a31d261e971f43f997e4f865150e53d75c8c67ca74b86783ed8b0310b2a0bef3d783764f36053c1aba9fbce4784edfaa3526a21652b97525c6225d59c683f132494651ea02536bb9d4cc7a2c4728098e2daae695afcc78fc6d6d70914c09e79c2c3582ebe0be631eb1d38aff63578d8435d680df4e6ff07f3021ebd5c172b85e4f9ccc3ad0389cae566a90eb587f27ab0c9b7e92a3248ebeb3aa4a28bda6e5bb5ae916ca315032bd0c9e17b9fe939bf0b7ef448cbb4722ae5ba08ddcdb76620d2eda8dc4ed383cbe57901185ebcdbfa65d38db396b774c7357dddacce956043fc944df84e8e59ecb8fd4e25a95befcf0a584e5370bcd2b1d383f773dada84bb9829cac384a584d1683fd33f4b51166f8ec11577cda6396487b87a252c0a2dcc89c821f920978d373167e4b958c5549816abdc9b31e2002f2eef647a4216c7b5f201ee957b107962a902887ec7540c682572ff1294145e17a5c6e6f32efbcc3643809a1e138b3b0036456e1a91fb59e65cb7006d1b353f1369796c1c918af1d956124df49fea0c920a1420ee53f4b692fd46e3d2e4dfc00ccfd34d3a3c7c47287e8bc274e77e1fcc03abe64ed213ef5ce370b2e5f5a572a0dcc5c488418d773dfdf9707204da184c5eff02528d2c2a500c0eb5d0a9327c963aa9b0459814545f97c82e48b730aba8d054120b4e13c3008f56a8e31eae37ed28cc073c20ae463a5e8027fd642a1dbe86f4094d9127446ce45c944cc9a07f35245e6d482feb975822b8042d895cefc8f12a05794a1edc01f81219f452399b3d349bbcd20d8eb5756049c03b23cb87dff90645e93cc88f90913f273cf73df1f7d41157efb2516d2699f7d4e8838853f795f44d3843133942fe0afc41699a037ad8e67679449cea965f931cf4ce6ff6eabd6447b3a07f85952bc134b220373d69f530e9bc579208da26626484f71b9b5e58967612adbc1429022cf41c70af0de6a3dbb4fb0f718db1203c9e70f1dbd65ebd1575bbbeba66bb9b6507645903e10c4f7cbc5e69b9b20f4ad8d162d433fd61fce4b766cd8b8e04284fb2587aff1b96e275f79ee5bd6f78af20c34bf922d907b70947a625596d52b853c8f2b1d65402798fd2d705f748165a8c38e2204c6c64af2677cc040ae6fd2cb06b9ae5fd232546cfd6d40fab61d896460a6882ab26543a82c0662efd5dc0ceae9d30f7f67c5b63f17a20c3c18327ba5c03abe27b0e5937a750a341c9c1fbe8af6ea28fbdeddaaf0f19794270e0c20a20041cd9f7d135e1bda0ce3f993501423b2f4ed7cf9e24da21df8aca673477971a57afc3999ae76b7daeb01063fb2d4c2675f998563240243f89a40e79f358aa9c4b07a8acaf442b11f545f66858e96921aabaa630ef3fd72a310646af93bdcde859a74f6696eb21706b10521f4baf552dabb642953fcc354a1ff4e214b30d90ebc499d79acc1f42c9c4cab2d41a53e86106b8f06cc2b6cc7b9288349c976a4c28c6cdcdca23b2027be15f03304754240f5de2159ce2a60e5f6b0fe0586a7dc65bf823ca91a5f47a59da25e8d2abf12e3e2a2916ba984f2041bfe1147537bc40f6ab025b15b402506c3f0b47072e68844ea8cc4c62b033b8a4ef808ed822e3b4ecddf8fe7f85df05b58963981e71d9d524155656743405d09d90ad5df40f954b037652195fae982b200a1c5259f8c6b7be574eecb4906ef9c36d61027e8a9524200ff881ec4dc8347277cdb847bbf262a6deb5a1ab26882aa18a3ae2e1ffb77d851578299c1baca41fddd285cb45bf7e019b79de8ccf8b1c0a2dc3a35af97112bab1a3d1ddf39863ab5cccb1f73eb63a84083449e4806ffbf6c4d33b3f853a8f87d2f894c7ca80cb423650439a5833d0538d1fd1aed7732fbed94a19b53f922df572321513fddf8bc5c6399b6f5d93cd78b47323e627886972f8bfe2574a5a12f189244bf0c1505868e8e43b82c8f00f09e95dd9af182e92234444038f1d88f5bc31c819b8c75f592f71f38b75d64e941f86c3f621a5ccaedb8a980ef9f60720e08c98027dc86f889104beaabbb5de44e8346e4895bb128aa540ceddd681b222ba6a3acafb0ec8164a66ae2ac379724493c29eb66fc7fdd84eecba3d990ac61267c3b7ac72e10745ca70cad418e341f3acd3ed47c8c1f5ce84a9a739ba43dcdad6b15f1279743b08cabb3e269e88469887b34af9041e18d7ed506a46a44fe852868cb0e1f928ab80f03cbb3b9329ef5c394178288306a2aafd487d00d657251b2afadc86679af8e39bcf2c69646594bfd8acb4c855e03229abbaa84d4e7ded7e91128b0def0669512d3cab94fcaa33bc18aa79900ea68ecbebf11c81d2ed1419d6d6b628fd621aa9738347744be44298529e4764fb5fd5bfc53f514cf5f39caa8c4351549c151f268801726abaea25454a09a3529bcce9b147731833e277f6d4f0eb8f84fd980c7fc9b188d60b3e0501cb87b79c7b2fc76d06caf5874ca72e5f228cc11e3b4eccb361b284d8af72dfea28bd1a2ce078b1a5d678cdbfe3ae2e456afeec4cf661ed16d9a0fc013281fb9b31249e14a3e76dff762bbebcb133ad67a780353647cc528a4fba08b20296b28f313b2d5c0782534d0b2b1f9d3b4ba67471b26a154330abc288cfce484595d627b7a3d96956f2b603105e728763d6774e717b7e92bbee43de86786c9f8b04b77187c65b708d5e0160160077eb1a373aba8f103e405b8e72d0023b34b6da06bd68a6f5a864ff7091d982bd9cfdb4dd11380a85b45a62dbeb9b85fedac0a988c0145fff66387b247f921e48e3cab415fd17cf6e559314eb2551992cae9afcd387ffbd4ec43f9c2b2a2fc30eb417f49433c13394a06f63db89f6defa566a5e9b3b4ee6e582e2c308fda83df9c17dcfb792bf77c0c097f4500143a994238974c1f31779d947820809eb9257a77ed382e5a3b5066cef9a226bfdb765255681352378402a4636a4fd45a4a1770af8a2bcc9a91952e9e7a03d0fc71ebdd5ff38807d3e52485ffa32d739fe306c3008898c2270acd916b652de92fb81be4e85110fa96eff02bc7582b0d3c5312ef1be10ef74573dfd37a7549939dff29dd23c0b14099374fb0839c247fd396f197f3b0b0eff21e763837c0ffff8542da8ae270162489deae4bf4d093b950596552e4c293e96075226ea0d553ee576accecadde075e8d215c149ff643aa2b71043b5ae818710ec5dd67376c1a1b7d59eb30a83fffb362c865f7af99ccf389a4f362f464b5dfa46c89137391ef8e32e86a9af637c68f4fcddc91a135b64de0149b6c2c806006a96e302085d441b1488b543df7d8a1187e66f3cbd086ac9ead903825bada32864829acceb6472f3caf80553fbe2a7149cb3d1d76d15c819efb59e978b94e3e6aec2a85135acf193c44fd7d168313b0a87bea1d1772a5a3a4b9171ac7c0b3645bc11158037f2bd4f035e15eb37a3c1a7a10388792b94afd6ec86ea1ebd6f7856bb7e05", 0x1000}, {&(0x7f00000000c0)="7df2f3c0c13ee8c881a1e527d98b3cedd201b6fb658b1b358ad7da970e65", 0x1e}, {&(0x7f0000000100)}, {&(0x7f0000000140)="8b0ec1ced72ef5078e18825b9bb340468dad46b5f717afa26226008a5af3ad73b94c786c8887447993537ed876323390575c4f0737dd0d6f370c13d55b77bad3204d10f0efd41e0fa5c8f770b54278754dce8c7a1891650ccc4c1fae27478a309a75645cc4d9886a5332c647f97046434bc3f8", 0x73}], 0x4, &(0x7f0000001300)=[@mark={{0x14, 0x1, 0x24, 0x916}}, @mark={{0x14, 0x1, 0x24, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0xffffffff}}, @txtime={{0x18, 0x1, 0x3d, 0x1fb50cbf}}, @txtime={{0x18, 0x1, 0x3d, 0x7f}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}], 0x90}, 0x44000) r2 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:07 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:07 executing program 5: fanotify_init(0x2, 0x80800) pipe(&(0x7f0000000000)={0xffffffffffffffff}) fanotify_init(0x20, 0x8000) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000080)={0x1, 0x3, 0x4, 0x0, 0x1000, {}, {0x2, 0x0, 0x3, 0x1, 0x0, 0x6, "00126c58"}, 0x47, 0x2, @fd=r0, 0x1}) 13:06:07 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x8, 0x3, 0x0, "0b44bf1df5f0f5950ec6642199f6b7f1242cf1477155a4119200ef428fcb65fc", 0x30395056}) 13:06:07 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f00000002c0)) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000040)={0x1, 0x0, 0x4, 0x4000, 0x101, {0x77359400}, {0x1, 0x0, 0x8c, 0x1, 0x4, 0x3, "c3637c34"}, 0x62d1, 0x3, @offset=0x81, 0xf762, 0x0, r2}) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000100)={0xff, 0x6, 0x8, 0x1, 0x0, 0x7, 0x31, 0x0, 0xa8, 0x4, 0x2, 0x2, 0x2}, 0xe) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r4, 0x40043311, &(0x7f00000000c0)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:07 executing program 3: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000040)=0x83, 0x4) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x6, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x5}) 13:06:07 executing program 2: syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x2000000, 0x2) 13:06:07 executing program 5: fanotify_init(0x10, 0x80000) [ 1426.204873] warn_alloc: 23 callbacks suppressed 13:06:07 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x0, 0x10100) sendmsg$L2TP_CMD_SESSION_GET(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x3}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x6}]}, 0x44}}, 0x8000) 13:06:07 executing program 2: sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x2c, 0x0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@L2TP_ATTR_UDP_CSUM={0x5}, @L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x8000}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000040}, 0x88c0) syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x3, 0x2) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x6, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@cgroup=r1, 0xffffffffffffffff, 0x3}, 0x10) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) fanotify_mark(r2, 0x8, 0x8000000, r3, &(0x7f0000000100)='./file0\x00') syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x46b, 0x2) [ 1426.204878] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1426.260085] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1426.267157] CPU: 1 PID: 31215 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1426.275045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1426.284394] Call Trace: [ 1426.286985] dump_stack+0x1b2/0x281 [ 1426.290604] warn_alloc.cold+0x96/0x1cc [ 1426.294569] ? zone_watermark_ok_safe+0x220/0x220 [ 1426.299410] ? trace_hardirqs_on+0x10/0x10 [ 1426.303645] ? deref_stack_reg+0x124/0x1a0 [ 1426.307989] ? fs_reclaim_release+0xd0/0x110 [ 1426.312401] __vmalloc_node_range+0x10e/0x150 [ 1426.316898] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1426.322256] vmalloc_user+0x47/0xa0 [ 1426.325882] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1426.330201] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1426.335558] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1426.339703] __vb2_queue_alloc+0x47a/0xd90 [ 1426.343946] vb2_core_create_bufs+0x279/0x5a0 [ 1426.348439] ? __vb2_queue_free+0x7a0/0x7a0 [ 1426.352767] ? trace_hardirqs_on+0x10/0x10 [ 1426.356998] ? __lock_acquire+0x5fc/0x3f20 [ 1426.361237] vb2_create_bufs+0x2e1/0x5b0 [ 1426.365306] ? futex_wait_queue_me+0x3bb/0x590 [ 1426.369890] ? vb2_thread_start+0x310/0x310 [ 1426.374212] ? trace_hardirqs_on+0x10/0x10 [ 1426.378451] vb2_ioctl_create_bufs+0x1f7/0x330 13:06:07 executing program 5: r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@mpls_getnetconf={0x4c, 0x52, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@NETCONFA_IFINDEX={0x8}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x7}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x7ff}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x4}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8, 0x1, r1}, @NETCONFA_IFINDEX={0x8}]}, 0x4c}}, 0x11) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) fanotify_init(0x10, 0x0) 13:06:07 executing program 5: fanotify_init(0x10, 0x0) r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @hyper}, 0x10, 0x80000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f0000000040)=0x8001, 0x8) 13:06:07 executing program 5: fanotify_init(0x10, 0x0) [ 1426.383034] v4l_create_bufs+0xa4/0x150 [ 1426.387008] __video_do_ioctl+0x65b/0x6a0 [ 1426.391159] ? video_ioctl2+0x30/0x30 [ 1426.394958] ? __might_fault+0x177/0x1b0 [ 1426.399017] ? video_ioctl2+0x30/0x30 [ 1426.402816] video_usercopy+0xfd/0xe70 [ 1426.406694] ? v4l_g_ctrl+0x390/0x390 [ 1426.410561] ? lock_acquire+0x170/0x3f0 [ 1426.414623] ? lock_downgrade+0x740/0x740 [ 1426.418752] ? trace_hardirqs_on+0x10/0x10 [ 1426.422975] ? futex_exit_release+0x220/0x220 [ 1426.427477] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1426.432568] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1426.437593] v4l2_ioctl+0x1bb/0x2f0 [ 1426.441206] ? v4l2_open+0x2f0/0x2f0 [ 1426.444916] do_vfs_ioctl+0x75a/0xff0 [ 1426.448716] ? ioctl_preallocate+0x1a0/0x1a0 [ 1426.453121] ? lock_downgrade+0x740/0x740 [ 1426.457258] ? __fget+0x225/0x360 [ 1426.460687] ? do_vfs_ioctl+0xff0/0xff0 [ 1426.464645] ? security_file_ioctl+0x83/0xb0 [ 1426.469035] SyS_ioctl+0x7f/0xb0 [ 1426.472386] ? do_vfs_ioctl+0xff0/0xff0 [ 1426.476400] do_syscall_64+0x1d5/0x640 [ 1426.480272] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1426.485447] RIP: 0033:0x466459 [ 1426.488630] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1426.496336] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1426.503589] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1426.510848] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1426.518185] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1426.525439] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 [ 1426.535706] warn_alloc_show_mem: 1 callbacks suppressed [ 1426.535709] Mem-Info: [ 1426.547418] active_anon:223658 inactive_anon:6741 isolated_anon:0 [ 1426.547418] active_file:6840 inactive_file:44229 isolated_file:0 [ 1426.547418] unevictable:0 dirty:392 writeback:0 unstable:0 [ 1426.547418] slab_reclaimable:21626 slab_unreclaimable:131120 [ 1426.547418] mapped:62383 shmem:6935 pagetables:16023 bounce:0 [ 1426.547418] free:1179743 free_pcp:199 free_cma:0 [ 1426.583975] Node 0 active_anon:894632kB inactive_anon:26964kB active_file:27236kB inactive_file:176920kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249464kB dirty:1572kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1426.613135] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1426.639161] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1426.665626] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1426.670703] Node 0 DMA32 free:663548kB min:36200kB low:45248kB high:54296kB active_anon:894632kB inactive_anon:26964kB active_file:27236kB inactive_file:176920kB unevictable:0kB writepending:1580kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27424kB pagetables:64068kB bounce:0kB free_pcp:1168kB local_pcp:664kB free_cma:0kB [ 1426.701609] lowmem_reserve[]: 0 0 0 0 0 [ 1426.705671] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1426.731289] lowmem_reserve[]: 0 0 0 0 0 [ 1426.735842] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1426.764037] lowmem_reserve[]: 0 0 0 0 0 [ 1426.768018] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1426.782587] Node 0 DMA32: 857*4kB (UME) 383*8kB (UME) 25*16kB (UME) 64*32kB (UME) 5*64kB (U) 1*128kB (M) 20*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 663212kB [ 1426.799698] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1426.811250] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1426.830010] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1426.839400] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1426.848505] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1426.857800] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1426.866987] 25459 total pagecache pages [ 1426.871031] 0 pages in swap cache [ 1426.875370] Swap cache stats: add 0, delete 0, find 0/0 [ 1426.880729] Free swap = 0kB [ 1426.884434] Total swap = 0kB [ 1426.887449] 2097051 pages RAM [ 1426.890548] 0 pages HighMem/MovableOnly [ 1426.895424] 363849 pages reserved [ 1426.898869] 0 pages cma reserved [ 1426.903153] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1426.916939] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1426.922626] CPU: 0 PID: 31233 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1426.930543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1426.939878] Call Trace: [ 1426.942458] dump_stack+0x1b2/0x281 [ 1426.946083] warn_alloc.cold+0x96/0x1cc [ 1426.950042] ? __lock_acquire+0x5fc/0x3f20 [ 1426.954275] ? zone_watermark_ok_safe+0x220/0x220 [ 1426.959123] ? trace_hardirqs_on+0x10/0x10 [ 1426.963339] ? deref_stack_reg+0x124/0x1a0 [ 1426.967556] ? fs_reclaim_release+0xd0/0x110 [ 1426.971955] __vmalloc_node_range+0x10e/0x150 [ 1426.976439] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1426.981781] vmalloc_user+0x47/0xa0 [ 1426.985394] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1426.989806] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1426.995163] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1426.999303] __vb2_queue_alloc+0x47a/0xd90 [ 1427.003527] vb2_core_create_bufs+0x279/0x5a0 [ 1427.008003] ? __vb2_queue_free+0x7a0/0x7a0 [ 1427.012308] ? trace_hardirqs_on+0x10/0x10 [ 1427.016532] ? __lock_acquire+0x5fc/0x3f20 [ 1427.020762] vb2_create_bufs+0x2e1/0x5b0 [ 1427.024817] ? vb2_thread_start+0x310/0x310 [ 1427.029170] ? trace_hardirqs_on+0x10/0x10 [ 1427.033384] ? mark_held_locks+0xa6/0xf0 [ 1427.037439] ? trace_hardirqs_on+0x10/0x10 [ 1427.041658] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1427.046231] v4l_create_bufs+0xa4/0x150 [ 1427.050202] __video_do_ioctl+0x65b/0x6a0 [ 1427.054345] ? video_ioctl2+0x30/0x30 [ 1427.058140] ? __might_fault+0x177/0x1b0 [ 1427.062190] ? video_ioctl2+0x30/0x30 [ 1427.065984] video_usercopy+0xfd/0xe70 [ 1427.069866] ? v4l_g_ctrl+0x390/0x390 [ 1427.073645] ? lock_acquire+0x170/0x3f0 [ 1427.077599] ? trace_hardirqs_on+0x10/0x10 [ 1427.081822] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1427.086826] v4l2_ioctl+0x1bb/0x2f0 [ 1427.090435] ? v4l2_open+0x2f0/0x2f0 [ 1427.094127] do_vfs_ioctl+0x75a/0xff0 [ 1427.097909] ? ioctl_preallocate+0x1a0/0x1a0 [ 1427.102459] ? lock_downgrade+0x740/0x740 [ 1427.106598] ? __fget+0x225/0x360 [ 1427.110039] ? do_vfs_ioctl+0xff0/0xff0 [ 1427.113994] ? security_file_ioctl+0x83/0xb0 [ 1427.118395] SyS_ioctl+0x7f/0xb0 [ 1427.121741] ? do_vfs_ioctl+0xff0/0xff0 [ 1427.125696] do_syscall_64+0x1d5/0x640 [ 1427.129566] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.134741] RIP: 0033:0x466459 [ 1427.137929] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1427.145619] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1427.152870] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 1427.160119] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1427.167368] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1427.174615] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1427.193219] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1427.204434] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1427.209572] CPU: 1 PID: 31235 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1427.217442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1427.226780] Call Trace: [ 1427.229370] dump_stack+0x1b2/0x281 [ 1427.232981] warn_alloc.cold+0x96/0x1cc [ 1427.236937] ? zone_watermark_ok_safe+0x220/0x220 [ 1427.241773] ? trace_hardirqs_on+0x10/0x10 [ 1427.245989] ? deref_stack_reg+0x124/0x1a0 [ 1427.250206] ? fs_reclaim_release+0xd0/0x110 [ 1427.254601] __vmalloc_node_range+0x10e/0x150 [ 1427.259081] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1427.264428] vmalloc_user+0x47/0xa0 [ 1427.268065] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1427.272370] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1427.277731] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1427.281859] __vb2_queue_alloc+0x47a/0xd90 [ 1427.286081] vb2_core_create_bufs+0x279/0x5a0 [ 1427.290557] ? __vb2_queue_free+0x7a0/0x7a0 [ 1427.294862] ? trace_hardirqs_on+0x10/0x10 [ 1427.299081] ? __lock_acquire+0x5fc/0x3f20 [ 1427.303313] vb2_create_bufs+0x2e1/0x5b0 [ 1427.307362] ? vb2_thread_start+0x310/0x310 [ 1427.311662] ? trace_hardirqs_on+0x10/0x10 [ 1427.315883] ? trace_hardirqs_on+0x10/0x10 [ 1427.320108] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1427.324679] v4l_create_bufs+0xa4/0x150 [ 1427.328642] __video_do_ioctl+0x65b/0x6a0 [ 1427.332781] ? video_ioctl2+0x30/0x30 [ 1427.336576] ? __might_fault+0x177/0x1b0 [ 1427.340626] ? video_ioctl2+0x30/0x30 [ 1427.344412] video_usercopy+0xfd/0xe70 [ 1427.348298] ? v4l_g_ctrl+0x390/0x390 [ 1427.352079] ? lock_acquire+0x170/0x3f0 [ 1427.356040] ? trace_hardirqs_on+0x10/0x10 [ 1427.360262] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1427.365267] v4l2_ioctl+0x1bb/0x2f0 [ 1427.368873] ? v4l2_open+0x2f0/0x2f0 [ 1427.372567] do_vfs_ioctl+0x75a/0xff0 [ 1427.376365] ? ioctl_preallocate+0x1a0/0x1a0 [ 1427.380875] ? lock_downgrade+0x740/0x740 [ 1427.385036] ? __fget+0x225/0x360 [ 1427.388484] ? do_vfs_ioctl+0xff0/0xff0 [ 1427.392448] ? security_file_ioctl+0x83/0xb0 [ 1427.396836] SyS_ioctl+0x7f/0xb0 [ 1427.400180] ? do_vfs_ioctl+0xff0/0xff0 [ 1427.404142] do_syscall_64+0x1d5/0x640 [ 1427.408018] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.413198] RIP: 0033:0x466459 [ 1427.416373] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1427.424069] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1427.431329] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000005 [ 1427.438581] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1427.445831] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1427.453095] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:06:08 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:08 executing program 5: fanotify_init(0x2, 0x2) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000000)={0xb, 0x77, 0x1, 0x4}, 0xb) 13:06:08 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x1, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x309a, 0x0, 0x3, "da4ba7908c63911ed66ac893f2fb5b2a61261d5ae60400ec6f7051805b858a8f", 0x34343459}) 13:06:08 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) munlockall() 13:06:08 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x1f, 0x1) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000080)={0x1, 0x1, 0x4, 0x40, 0x6de, {}, {0x1, 0x2, 0xff, 0x3f, 0x81, 0xf7, "d142af21"}, 0x40000, 0x1, @offset=0x8, 0x8, 0x0, r2}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:08 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x1000, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) r2 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f00000027c0)={0xffffffffffffffff}) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000002900)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x24, r2, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000426bd7000fddbdf25060000000500070003000000050006000300000008000c000700000006000100000000000500050001000000080011000000000008001900ac14143940ffdda24a076e41b8171301e8760a72e1ab69463a1497d4c280a274240f00f02e67b12cd8d850c4076266cf1dba53e55ccba28cd0734b4036eaddde214884eac545ebc9a24f05fcbcb62b3c05304e1fa0468993a51bede2dae2e5d7deeb8ed175b795611f19b78c24b52d4f55854762f1ea26839e2c1d83d081006170caec543c8e651178ecaeb09324cb3787a19cd45646725235565266512937d21591fbc188bdb4f58ce64c415dc8220d54d7381e618d2ad0e39d1e94ca858f3d76d6bc8f9e7d387f4ace7a0470dc2d5b00b6e7978504dd7a451013a03bb9e25e00af3781ee0d64a4fea37ac9544851f97dc7d407fdcc4a31f646050abb80fc43d51560f3be20b134590f941f99641cf2b99f4cae4633fa9388f0584227265794a9d46794e7b889ade3a9110b482b00"/383], 0x4c}}, 0x880) socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$vcsn(&(0x7f00000009c0)='/dev/vcs#\x00', 0x4, 0x801) connect$nfc_llcp(r4, &(0x7f0000000a00)={0x27, 0x1, 0x1, 0x0, 0x7, 0x4, "c924a89db0a23caf3d275c29226470b97a8dcdd9b4c8c50ecc6d14367f92bb5d2bf3b01c0e4f80a4e57db6757d939e6ab1943ea5d760b7eea3e49ef31f366d", 0x33}, 0x60) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={@cgroup, r3, 0x16}, 0x10) r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0)='NLBL_CALIPSO\x00', 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r5, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40408a0}, 0x10) [ 1427.543020] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1427.565432] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1427.577291] CPU: 1 PID: 31265 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 13:06:09 executing program 5: fanotify_init(0x4, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0xc0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=0x1, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x8, 0x3}, 0x0, 0x0, &(0x7f0000000080)={0x3, 0x0, 0x3d53, 0x2}, &(0x7f00000000c0)=0x8d3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=0x2}}, 0x10) [ 1427.585193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1427.594542] Call Trace: [ 1427.597139] dump_stack+0x1b2/0x281 [ 1427.600778] warn_alloc.cold+0x96/0x1cc [ 1427.604752] ? __lock_acquire+0x5fc/0x3f20 [ 1427.608990] ? zone_watermark_ok_safe+0x220/0x220 [ 1427.613831] ? trace_hardirqs_on+0x10/0x10 [ 1427.618068] ? deref_stack_reg+0x124/0x1a0 [ 1427.622319] ? fs_reclaim_release+0xd0/0x110 [ 1427.622338] __vmalloc_node_range+0x10e/0x150 [ 1427.622353] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1427.622360] vmalloc_user+0x47/0xa0 13:06:09 executing program 5: fanotify_init(0x2, 0x80000) 13:06:09 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3, 0x400000) ioctl$SNAPSHOT_S2RAM(r0, 0x330b) write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000040)={0x44e1dbc27890c0aa, 0x4d, 0x5}, 0xffffffffffffff7f) fanotify_init(0x10, 0x0) [ 1427.622368] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1427.622379] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1427.649890] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1427.654044] __vb2_queue_alloc+0x47a/0xd90 [ 1427.658294] vb2_core_create_bufs+0x279/0x5a0 [ 1427.662793] ? __vb2_queue_free+0x7a0/0x7a0 [ 1427.667146] ? trace_hardirqs_on+0x10/0x10 [ 1427.671376] ? __lock_acquire+0x5fc/0x3f20 [ 1427.675608] vb2_create_bufs+0x2e1/0x5b0 [ 1427.679709] ? ___preempt_schedule+0x16/0x18 [ 1427.684121] ? vb2_thread_start+0x310/0x310 [ 1427.688443] ? trace_hardirqs_on+0x10/0x10 13:06:09 executing program 5: fanotify_init(0x10, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 13:06:09 executing program 5: openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x206040, 0x0) fanotify_init(0x10, 0x0) [ 1427.692675] ? _raw_spin_unlock_irqrestore+0xaf/0xe0 [ 1427.697792] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1427.697806] v4l_create_bufs+0xa4/0x150 [ 1427.697817] __video_do_ioctl+0x65b/0x6a0 [ 1427.697831] ? video_ioctl2+0x30/0x30 [ 1427.697842] ? __might_fault+0x177/0x1b0 [ 1427.697851] ? video_ioctl2+0x30/0x30 [ 1427.697860] video_usercopy+0xfd/0xe70 [ 1427.697874] ? v4l_g_ctrl+0x390/0x390 [ 1427.697883] ? lock_acquire+0x170/0x3f0 [ 1427.697892] ? lock_downgrade+0x740/0x740 [ 1427.697903] ? trace_hardirqs_on+0x10/0x10 13:06:09 executing program 5: fanotify_init(0x10, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x2000, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg2\x00'}) fanotify_init(0x40, 0x8000) ioctl$SNAPSHOT_FREE(r0, 0x3305) [ 1427.697915] ? futex_exit_release+0x220/0x220 [ 1427.697927] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1427.697938] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1427.697949] v4l2_ioctl+0x1bb/0x2f0 [ 1427.697957] ? v4l2_open+0x2f0/0x2f0 [ 1427.697967] do_vfs_ioctl+0x75a/0xff0 [ 1427.697978] ? ioctl_preallocate+0x1a0/0x1a0 [ 1427.697985] ? lock_downgrade+0x740/0x740 [ 1427.697998] ? __fget+0x225/0x360 [ 1427.698006] ? do_vfs_ioctl+0xff0/0xff0 [ 1427.698017] ? security_file_ioctl+0x83/0xb0 [ 1427.698027] SyS_ioctl+0x7f/0xb0 [ 1427.698034] ? do_vfs_ioctl+0xff0/0xff0 [ 1427.698045] do_syscall_64+0x1d5/0x640 [ 1427.698058] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.698066] RIP: 0033:0x466459 [ 1427.698071] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1427.698080] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1427.698085] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1427.698090] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1427.698094] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1427.698099] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1427.698919] warn_alloc_show_mem: 2 callbacks suppressed [ 1427.698922] Mem-Info: [ 1427.860671] active_anon:223651 inactive_anon:6741 isolated_anon:0 [ 1427.860671] active_file:6840 inactive_file:44241 isolated_file:0 [ 1427.860671] unevictable:0 dirty:415 writeback:0 unstable:0 [ 1427.860671] slab_reclaimable:21626 slab_unreclaimable:130810 [ 1427.860671] mapped:62388 shmem:6935 pagetables:16017 bounce:0 [ 1427.860671] free:1179902 free_pcp:216 free_cma:0 [ 1427.898147] Node 0 active_anon:894676kB inactive_anon:26964kB active_file:27236kB inactive_file:176992kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249564kB dirty:1700kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1427.927331] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1427.954675] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1427.981503] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1427.986633] Node 0 DMA32 free:662516kB min:36200kB low:45248kB high:54296kB active_anon:894676kB inactive_anon:26964kB active_file:27236kB inactive_file:176992kB unevictable:0kB writepending:1704kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27392kB pagetables:64068kB bounce:0kB free_pcp:992kB local_pcp:628kB free_cma:0kB [ 1428.016959] lowmem_reserve[]: 0 0 0 0 0 [ 1428.020934] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1428.046876] lowmem_reserve[]: 0 0 0 0 0 [ 1428.050862] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1428.078545] lowmem_reserve[]: 0 0 0 0 0 [ 1428.082619] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1428.096315] Node 0 DMA32: 972*4kB (UME) 401*8kB (UME) 11*16kB (UME) 55*32kB (UE) 7*64kB (U) 1*128kB (M) 20*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 663432kB [ 1428.113969] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1428.124760] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1428.142118] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1428.150953] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1428.159600] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1428.168535] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1428.177237] 25476 total pagecache pages [ 1428.181212] 0 pages in swap cache [ 1428.184807] Swap cache stats: add 0, delete 0, find 0/0 [ 1428.190267] Free swap = 0kB [ 1428.193345] Total swap = 0kB [ 1428.196357] 2097051 pages RAM [ 1428.199450] 0 pages HighMem/MovableOnly [ 1428.203482] 363849 pages reserved [ 1428.206924] 0 pages cma reserved [ 1428.210380] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1428.222396] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1428.227521] CPU: 0 PID: 31268 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1428.235401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1428.244765] Call Trace: [ 1428.247349] dump_stack+0x1b2/0x281 [ 1428.250963] warn_alloc.cold+0x96/0x1cc [ 1428.254938] ? zone_watermark_ok_safe+0x220/0x220 [ 1428.259766] ? trace_hardirqs_on+0x10/0x10 [ 1428.263997] ? deref_stack_reg+0x124/0x1a0 [ 1428.268229] ? fs_reclaim_release+0xd0/0x110 [ 1428.272628] __vmalloc_node_range+0x10e/0x150 [ 1428.277108] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.282456] vmalloc_user+0x47/0xa0 [ 1428.286078] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.290383] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.295734] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.299877] __vb2_queue_alloc+0x47a/0xd90 [ 1428.304097] vb2_core_create_bufs+0x279/0x5a0 [ 1428.308571] ? __vb2_queue_free+0x7a0/0x7a0 [ 1428.312896] ? trace_hardirqs_on+0x10/0x10 [ 1428.317117] ? __lock_acquire+0x5fc/0x3f20 [ 1428.321332] vb2_create_bufs+0x2e1/0x5b0 [ 1428.326335] ? vb2_thread_start+0x310/0x310 [ 1428.330644] ? trace_hardirqs_on+0x10/0x10 [ 1428.334861] ? mark_held_locks+0xa6/0xf0 [ 1428.338906] ? trace_hardirqs_on+0x10/0x10 [ 1428.343162] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1428.347739] v4l_create_bufs+0xa4/0x150 [ 1428.351698] __video_do_ioctl+0x65b/0x6a0 [ 1428.355827] ? video_ioctl2+0x30/0x30 [ 1428.359606] ? __might_fault+0x177/0x1b0 [ 1428.363648] ? video_ioctl2+0x30/0x30 [ 1428.367425] video_usercopy+0xfd/0xe70 [ 1428.371298] ? v4l_g_ctrl+0x390/0x390 [ 1428.375102] ? trace_hardirqs_on+0x10/0x10 [ 1428.379413] ? trace_hardirqs_on+0x10/0x10 [ 1428.383636] ? lock_acquire+0x170/0x3f0 [ 1428.387593] v4l2_ioctl+0x1bb/0x2f0 [ 1428.391212] ? v4l2_open+0x2f0/0x2f0 [ 1428.394934] do_vfs_ioctl+0x75a/0xff0 [ 1428.394947] ? ioctl_preallocate+0x1a0/0x1a0 [ 1428.403128] ? lock_downgrade+0x740/0x740 [ 1428.407281] ? __fget+0x225/0x360 [ 1428.410733] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.414712] ? security_file_ioctl+0x83/0xb0 [ 1428.419112] SyS_ioctl+0x7f/0xb0 [ 1428.422460] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.426425] do_syscall_64+0x1d5/0x640 [ 1428.430327] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.435493] RIP: 0033:0x466459 [ 1428.438668] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1428.446368] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1428.453627] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1428.460879] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1428.468134] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1428.475387] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1428.484113] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1428.495340] syz-executor.3 cpuset=/ mems_allowed=0-1 13:06:10 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:10 executing program 5: fanotify_init(0x4, 0x2) r0 = socket$vsock_stream(0x28, 0x1, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000000)={r0, r1}) 13:06:10 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff, 0x1}) 13:06:10 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @pix={0xb35, 0x3, 0x64737664, 0xb, 0x4, 0x0, 0xc, 0x1, 0x0, 0x4, 0x0, 0x6}}}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x6, 0xffffffffffffffff, 0x1}) [ 1428.495363] CPU: 0 PID: 31277 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1428.495370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1428.495374] Call Trace: [ 1428.495390] dump_stack+0x1b2/0x281 [ 1428.495405] warn_alloc.cold+0x96/0x1cc 13:06:10 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) ioctl$vim2m_VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f00000000c0)={0x40, 0x2, 0x4, 0x2, 0x927, {0x77359400}, {0x5, 0x0, 0x3, 0x7f, 0x7, 0x8, "8d5319ce"}, 0x400, 0x2, @offset=0x7, 0x1000}) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000001c0)={0x63, 0x5, 0x4, 0x2000, 0x400, {r4, r5/1000+60000}, {0x1, 0x8, 0x4, 0x6, 0x9, 0x6, "eecb05a2"}, 0x8, 0x2, @userptr=0x8, 0x4, 0x0, 0xffffffffffffffff}) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000240)={0x5, 0x1, 0x4, 0x100, 0xfff, {r2, r3/1000+60000}, {0x2, 0x0, 0x76, 0x4, 0x8, 0x6, "ee62c82b"}, 0x1ff, 0x2, @userptr=0x4, 0x540, 0x0, r6}) [ 1428.495417] ? zone_watermark_ok_safe+0x220/0x220 [ 1428.495425] ? trace_hardirqs_on+0x10/0x10 [ 1428.495435] ? deref_stack_reg+0x124/0x1a0 [ 1428.495450] ? fs_reclaim_release+0xd0/0x110 [ 1428.495468] __vmalloc_node_range+0x10e/0x150 [ 1428.495482] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.495490] vmalloc_user+0x47/0xa0 [ 1428.495499] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.495509] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.495518] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.495530] __vb2_queue_alloc+0x47a/0xd90 [ 1428.495552] vb2_core_create_bufs+0x279/0x5a0 [ 1428.495563] ? __vb2_queue_free+0x7a0/0x7a0 [ 1428.495575] ? trace_hardirqs_on+0x10/0x10 [ 1428.495584] ? __lock_acquire+0x5fc/0x3f20 [ 1428.495597] vb2_create_bufs+0x2e1/0x5b0 [ 1428.495611] ? vb2_thread_start+0x310/0x310 [ 1428.495621] ? trace_hardirqs_on+0x10/0x10 [ 1428.495629] ? mark_held_locks+0xa6/0xf0 [ 1428.495638] ? trace_hardirqs_on+0x10/0x10 [ 1428.495650] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1428.495663] v4l_create_bufs+0xa4/0x150 [ 1428.495674] __video_do_ioctl+0x65b/0x6a0 [ 1428.495689] ? video_ioctl2+0x30/0x30 [ 1428.495700] ? __might_fault+0x177/0x1b0 [ 1428.495711] ? video_ioctl2+0x30/0x30 [ 1428.495719] video_usercopy+0xfd/0xe70 [ 1428.495733] ? v4l_g_ctrl+0x390/0x390 [ 1428.495742] ? lock_acquire+0x170/0x3f0 [ 1428.495754] ? trace_hardirqs_on+0x10/0x10 [ 1428.495768] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1428.495780] v4l2_ioctl+0x1bb/0x2f0 [ 1428.495788] ? v4l2_open+0x2f0/0x2f0 [ 1428.495799] do_vfs_ioctl+0x75a/0xff0 [ 1428.495811] ? ioctl_preallocate+0x1a0/0x1a0 [ 1428.495819] ? lock_downgrade+0x740/0x740 [ 1428.495833] ? __fget+0x225/0x360 [ 1428.495842] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.495852] ? security_file_ioctl+0x83/0xb0 [ 1428.495863] SyS_ioctl+0x7f/0xb0 [ 1428.495870] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.495881] do_syscall_64+0x1d5/0x640 [ 1428.495896] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.495904] RIP: 0033:0x466459 [ 1428.495909] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1428.495919] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1428.495925] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1428.495930] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1428.495936] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1428.495941] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1428.496296] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1428.496316] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1428.496335] CPU: 0 PID: 31265 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1428.496341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1428.496345] Call Trace: [ 1428.496357] dump_stack+0x1b2/0x281 [ 1428.496372] warn_alloc.cold+0x96/0x1cc [ 1428.496384] ? zone_watermark_ok_safe+0x220/0x220 [ 1428.496393] ? trace_hardirqs_on+0x10/0x10 [ 1428.496404] ? deref_stack_reg+0x124/0x1a0 [ 1428.496418] ? fs_reclaim_release+0xd0/0x110 [ 1428.496435] __vmalloc_node_range+0x10e/0x150 [ 1428.496449] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.496457] vmalloc_user+0x47/0xa0 [ 1428.496467] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.496475] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.496484] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.496495] __vb2_queue_alloc+0x47a/0xd90 [ 1428.496517] vb2_core_create_bufs+0x279/0x5a0 [ 1428.496527] ? __vb2_queue_free+0x7a0/0x7a0 [ 1428.496540] ? trace_hardirqs_on+0x10/0x10 [ 1428.496548] ? __lock_acquire+0x5fc/0x3f20 [ 1428.496561] vb2_create_bufs+0x2e1/0x5b0 [ 1428.496574] ? futex_wait_queue_me+0x3bb/0x590 [ 1428.496584] ? vb2_thread_start+0x310/0x310 [ 1428.496593] ? trace_hardirqs_on+0x10/0x10 [ 1428.496608] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1428.496621] v4l_create_bufs+0xa4/0x150 [ 1428.496632] __video_do_ioctl+0x65b/0x6a0 [ 1428.496646] ? video_ioctl2+0x30/0x30 [ 1428.496657] ? __might_fault+0x177/0x1b0 [ 1428.496667] ? video_ioctl2+0x30/0x30 [ 1428.496676] video_usercopy+0xfd/0xe70 [ 1428.496689] ? v4l_g_ctrl+0x390/0x390 [ 1428.496697] ? lock_acquire+0x170/0x3f0 [ 1428.496707] ? lock_downgrade+0x740/0x740 [ 1428.496718] ? trace_hardirqs_on+0x10/0x10 [ 1428.496729] ? futex_exit_release+0x220/0x220 [ 1428.496739] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1428.496749] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1428.496761] v4l2_ioctl+0x1bb/0x2f0 [ 1428.496768] ? v4l2_open+0x2f0/0x2f0 [ 1428.496779] do_vfs_ioctl+0x75a/0xff0 [ 1428.496791] ? ioctl_preallocate+0x1a0/0x1a0 [ 1428.496799] ? lock_downgrade+0x740/0x740 [ 1428.496812] ? __fget+0x225/0x360 [ 1428.496822] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.496832] ? security_file_ioctl+0x83/0xb0 [ 1428.496843] SyS_ioctl+0x7f/0xb0 [ 1428.496850] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.496861] do_syscall_64+0x1d5/0x640 [ 1428.496875] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.496882] RIP: 0033:0x466459 [ 1428.496886] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1428.496896] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1428.496902] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1428.496907] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1428.496913] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1428.496918] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1428.497158] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1428.497175] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1428.497191] CPU: 1 PID: 31286 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1428.497196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1428.497198] Call Trace: [ 1428.497209] dump_stack+0x1b2/0x281 [ 1428.497221] warn_alloc.cold+0x96/0x1cc [ 1428.497231] ? zone_watermark_ok_safe+0x220/0x220 [ 1428.497241] ? trace_hardirqs_on+0x10/0x10 [ 1428.497249] ? deref_stack_reg+0x124/0x1a0 [ 1428.497261] ? fs_reclaim_release+0xd0/0x110 [ 1428.497272] __vmalloc_node_range+0x10e/0x150 [ 1428.497286] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.497294] vmalloc_user+0x47/0xa0 [ 1428.497303] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.497312] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.497321] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.497331] __vb2_queue_alloc+0x47a/0xd90 [ 1428.497350] vb2_core_create_bufs+0x279/0x5a0 [ 1428.497360] ? __vb2_queue_free+0x7a0/0x7a0 [ 1428.497372] ? trace_hardirqs_on+0x10/0x10 [ 1428.497380] ? __lock_acquire+0x5fc/0x3f20 [ 1428.497392] vb2_create_bufs+0x2e1/0x5b0 [ 1428.497405] ? vb2_thread_start+0x310/0x310 [ 1428.497414] ? trace_hardirqs_on+0x10/0x10 [ 1428.497424] ? trace_hardirqs_on+0x10/0x10 [ 1428.497435] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1428.497446] v4l_create_bufs+0xa4/0x150 [ 1428.497456] __video_do_ioctl+0x65b/0x6a0 [ 1428.497468] ? video_ioctl2+0x30/0x30 [ 1428.497477] ? __might_fault+0x177/0x1b0 [ 1428.497486] ? video_ioctl2+0x30/0x30 [ 1428.497495] video_usercopy+0xfd/0xe70 [ 1428.497508] ? v4l_g_ctrl+0x390/0x390 [ 1428.497516] ? lock_acquire+0x170/0x3f0 [ 1428.497529] ? trace_hardirqs_on+0x10/0x10 [ 1428.497542] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1428.497566] v4l2_ioctl+0x1bb/0x2f0 [ 1428.497573] ? v4l2_open+0x2f0/0x2f0 [ 1428.497585] do_vfs_ioctl+0x75a/0xff0 [ 1428.497598] ? ioctl_preallocate+0x1a0/0x1a0 [ 1428.497606] ? lock_downgrade+0x740/0x740 [ 1428.497621] ? __fget+0x225/0x360 [ 1428.497631] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.497642] ? security_file_ioctl+0x83/0xb0 [ 1428.497652] SyS_ioctl+0x7f/0xb0 [ 1428.497659] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.497669] do_syscall_64+0x1d5/0x640 [ 1428.497683] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.497690] RIP: 0033:0x466459 [ 1428.497695] RSP: 002b:00007efc3f301188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1428.497703] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 1428.497709] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1428.497714] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1428.497719] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1428.497725] R13: 00007ffd57a131af R14: 00007efc3f301300 R15: 0000000000022000 [ 1428.631547] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1428.631568] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1428.631589] CPU: 0 PID: 31315 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1428.631595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1428.631598] Call Trace: [ 1428.631614] dump_stack+0x1b2/0x281 [ 1428.631629] warn_alloc.cold+0x96/0x1cc [ 1428.631639] ? zone_watermark_ok_safe+0x220/0x220 [ 1428.631649] ? trace_hardirqs_on+0x10/0x10 [ 1428.631660] ? deref_stack_reg+0x124/0x1a0 [ 1428.631674] ? fs_reclaim_release+0xd0/0x110 [ 1428.631690] __vmalloc_node_range+0x10e/0x150 [ 1428.631704] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.631712] vmalloc_user+0x47/0xa0 [ 1428.631722] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.631731] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.631740] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.631750] __vb2_queue_alloc+0x47a/0xd90 [ 1428.631768] vb2_core_create_bufs+0x279/0x5a0 [ 1428.631778] ? __vb2_queue_free+0x7a0/0x7a0 [ 1428.631797] ? trace_hardirqs_on+0x10/0x10 [ 1428.631807] ? __lock_acquire+0x5fc/0x3f20 [ 1428.631819] vb2_create_bufs+0x2e1/0x5b0 [ 1428.631831] ? futex_wait_queue_me+0x3bb/0x590 [ 1428.631840] ? vb2_thread_start+0x310/0x310 [ 1428.631849] ? trace_hardirqs_on+0x10/0x10 [ 1428.631862] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1428.631874] v4l_create_bufs+0xa4/0x150 [ 1428.631885] __video_do_ioctl+0x65b/0x6a0 [ 1428.631899] ? video_ioctl2+0x30/0x30 [ 1428.631908] ? __might_fault+0x177/0x1b0 [ 1428.631918] ? video_ioctl2+0x30/0x30 [ 1428.631926] video_usercopy+0xfd/0xe70 [ 1428.631938] ? v4l_g_ctrl+0x390/0x390 [ 1428.631945] ? lock_acquire+0x170/0x3f0 [ 1428.631953] ? lock_downgrade+0x740/0x740 [ 1428.631962] ? trace_hardirqs_on+0x10/0x10 [ 1428.631972] ? futex_exit_release+0x220/0x220 [ 1428.631983] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1428.631993] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1428.632003] v4l2_ioctl+0x1bb/0x2f0 [ 1428.632010] ? v4l2_open+0x2f0/0x2f0 [ 1428.632020] do_vfs_ioctl+0x75a/0xff0 [ 1428.632042] ? ioctl_preallocate+0x1a0/0x1a0 [ 1428.632058] ? lock_downgrade+0x740/0x740 [ 1428.632073] ? __fget+0x225/0x360 [ 1428.632082] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.632093] ? security_file_ioctl+0x83/0xb0 [ 1428.632104] SyS_ioctl+0x7f/0xb0 [ 1428.632111] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.632122] do_syscall_64+0x1d5/0x640 [ 1428.632135] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.632143] RIP: 0033:0x466459 [ 1428.632148] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1428.632158] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1428.632163] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1428.632169] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1428.632175] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1428.632181] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 [ 1428.658350] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1428.658373] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1428.658393] CPU: 1 PID: 31318 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1428.658398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1428.658402] Call Trace: [ 1428.658417] dump_stack+0x1b2/0x281 [ 1428.658428] warn_alloc.cold+0x96/0x1cc [ 1428.658438] ? zone_watermark_ok_safe+0x220/0x220 [ 1428.658449] ? trace_hardirqs_on+0x10/0x10 [ 1428.658460] ? deref_stack_reg+0x124/0x1a0 [ 1428.658472] ? fs_reclaim_release+0xd0/0x110 [ 1428.658485] __vmalloc_node_range+0x10e/0x150 [ 1428.658498] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.658505] vmalloc_user+0x47/0xa0 [ 1428.658514] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.658522] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1428.658539] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1428.658552] __vb2_queue_alloc+0x47a/0xd90 [ 1428.658574] vb2_core_create_bufs+0x279/0x5a0 [ 1428.658585] ? __vb2_queue_free+0x7a0/0x7a0 [ 1428.658597] ? trace_hardirqs_on+0x10/0x10 [ 1428.658606] ? __lock_acquire+0x5fc/0x3f20 [ 1428.658619] vb2_create_bufs+0x2e1/0x5b0 [ 1428.658632] ? vb2_thread_start+0x310/0x310 [ 1428.658641] ? trace_hardirqs_on+0x10/0x10 [ 1428.658649] ? mark_held_locks+0xa6/0xf0 [ 1428.658657] ? trace_hardirqs_on+0x10/0x10 [ 1428.658668] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1428.658680] v4l_create_bufs+0xa4/0x150 [ 1428.658690] __video_do_ioctl+0x65b/0x6a0 [ 1428.658705] ? video_ioctl2+0x30/0x30 [ 1428.658715] ? __might_fault+0x177/0x1b0 [ 1428.658724] ? video_ioctl2+0x30/0x30 [ 1428.658733] video_usercopy+0xfd/0xe70 [ 1428.658747] ? v4l_g_ctrl+0x390/0x390 [ 1428.658753] ? lock_acquire+0x170/0x3f0 [ 1428.658765] ? trace_hardirqs_on+0x10/0x10 [ 1428.658777] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1428.658790] v4l2_ioctl+0x1bb/0x2f0 [ 1428.658797] ? v4l2_open+0x2f0/0x2f0 [ 1428.658808] do_vfs_ioctl+0x75a/0xff0 [ 1428.658818] ? ioctl_preallocate+0x1a0/0x1a0 [ 1428.658826] ? lock_downgrade+0x740/0x740 [ 1428.658838] ? __fget+0x225/0x360 [ 1428.658847] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.658856] ? security_file_ioctl+0x83/0xb0 [ 1428.658865] SyS_ioctl+0x7f/0xb0 [ 1428.658871] ? do_vfs_ioctl+0xff0/0xff0 [ 1428.658881] do_syscall_64+0x1d5/0x640 [ 1428.658895] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.658902] RIP: 0033:0x466459 [ 1428.658907] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:06:11 executing program 3: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000040)={'wg2\x00'}) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:11 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000040)={0x1, @raw_data="3a1bf8fede9a62d795249edefa0ead15180f6d8a160ce5cdc4f2332e9592c2328016f11a5ce96371a6a7777b234c07c69ba7727ce696d9ba08c6189bf6d16b2f851d5439da4941f8c05e61922cc6fd60691797ccf5d3ca8382643b370a5e37d7fab0d642e3f270de34a0c5a0e95b571cf01b9ba1ec4d853661d2bb139258e5acebae625dd74932dc82e4e2f75e92049889f3524d008426207f6e4e64659f94e3d2bc760026cc1865d765d8cacc44ccafbd531d5f664e0829ccadd25b504c230ddede075f3e05ee72"}) 13:06:11 executing program 5: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) write$UHID_SET_REPORT_REPLY(r1, &(0x7f0000000100)={0xe, {0x1, 0x3f, 0x40, 0xac, "054a61f1f61b8e7e2554f231d2d23675334fdb4497aae98c7c332a704c11231c913a09eef671dacd5dd1f957ae4a71360449a1cc0eef286cd41964721c90a96534b763ba8bb38c48840942b77393a6566809172be1f89e677e0e7bc098d09710feae33a6e01bf77808584bbd101417e4a79276d8a23cc0f791312e4e44d17da1b9c4b58e83a4810ae95af4c87086796c7ec011228b45396f721ddc91bdea9d589eacab8345bf04c195c608e1"}}, 0xb8) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) sendmsg$L2TP_CMD_SESSION_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_FD={0x8, 0x17, @udp6=r0}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x24}}, 0x4008084) fanotify_init(0x10, 0x0) 13:06:11 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x0, 0xfffffffd, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:11 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) ioctl$SNAPSHOT_CREATE_IMAGE(r1, 0x40043311, &(0x7f0000000080)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:11 executing program 4: getpid() r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @mcast1}, @L2TP_ATTR_L2SPEC_LEN={0x5}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast1}]}, 0x44}, 0x1, 0x0, 0x0, 0xc084}, 0x40) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=@delnexthop={0x58, 0x69, 0x308, 0x70bd2b, 0x25dfdbfb, {}, [{0x8}, {0x8}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x22}, {0x8, 0x1, 0x2}, {0x8, 0x1, 0x1}, {0xffffffffffffff75, 0x1, 0x2}, {0x8, 0x1, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x20080800) bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) socket$nl_generic(0x10, 0x3, 0x10) [ 1428.658918] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1428.658923] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1428.658928] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1428.658933] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1428.658938] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 13:06:11 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x2, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:11 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r1) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:11 executing program 5: fanotify_init(0x40, 0x140c01) 13:06:11 executing program 2: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) bind$802154_raw(r0, &(0x7f00000000c0)={0x24, @short={0x2, 0x2}}, 0x14) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000100), 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r0, 0x4) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x2000000, 0x4, 0x1, {0x2, @win={{0x1, 0x0, 0x2000, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:11 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000002c0)={0x0, @win={{0x1, 0x400, 0x9}, 0x6, 0x8, &(0x7f0000000040)={{0x9, 0x6, 0x1ff, 0xfffffff7}}, 0x4, &(0x7f0000000080)="625b2ce72c648d51be7140fca27bc2a57d68f070ebb7ad1e1670aa2c4f6d31f4180fda5e1793dd6304900e1070bfc972432c4a079bba7886e83a62d31b09e81fbe212f785b21fd6bb055eb8d71003a4aac0e9da9925de98b931b2d5e59a54ba1f7bdeb4f8a22054a1225dbdc46699b7fd15678872f6cc397a31b8df4e8501a632804a81b2f18bacbfde9", 0x2}}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x3, @win={{0x7}, 0x1, 0x9, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000140)={0x9, 0x3, 0x4, 0x4000, 0x20, {0x77359400}, {0x2, 0x1, 0x1, 0x2, 0x1, 0x7, "8cd64ef1"}, 0x7ffffffc, 0x3, @fd, 0x15}) connect$vsock_stream(0xffffffffffffffff, &(0x7f00000003c0)={0x28, 0x0, 0xffffffff, @local}, 0x10) 13:06:11 executing program 2: pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) write$UHID_SET_REPORT_REPLY(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00800000030000649de3d103ae41d462d17801b6000702be27513bbb695aab40b838cacd778c53e19c2721d9fdbaf77f99521ff8b816a4111fbc60f0bc0f93dee0c1c0cc6e0d5ec16925e55a72a4c4d3cc"], 0x17) r2 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x4, {0x2, @raw_data="e323a755013afe6a185a6841d56f725860fa673e5bd85abe08ff0c96e02da6ce359a28ae6abd3a8d1f2d350b96b6554eb74350ef197e91055ed144f5e4e526b91c0d4cf471bc7be9b4d7df14444cc0a5c0c8d62023befd06c93e00ff1fdbc3fcf6e9f1b1434f2d1ec91e7b887783f012c4a7514be12b87d502db3d6dffdb6f93f356e9a18bea54340fc4a8c1cbd286189344eaaa3ab4a99c959ea773667d4202bad2b00f180cb428c5307a3940130b91386d480e1057cb6b14ce470edd3564aecd2d9f170a3edeca"}}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4(r3, 0x0, &(0x7f0000000340), 0x800) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000000380), &(0x7f00000003c0)=0x4) write$UHID_GET_REPORT_REPLY(r4, &(0x7f0000000180)={0xa, {0x3, 0x1f, 0x4}}, 0xa) ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x8) read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/212, 0xd4) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000002900)={&(0x7f0000000400)=@ieee802154, 0x80, &(0x7f0000000840)=[{&(0x7f0000000480)}, {&(0x7f00000004c0)=""/121, 0x79}, {&(0x7f0000000540)=""/216, 0xd8}, {&(0x7f0000000640)=""/219, 0xdb}, {&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f0000000740)=""/206, 0xce}], 0x6, &(0x7f0000001900)=""/4096, 0x1000}, 0x12000) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x1) 13:06:11 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @vbi={0xa4e, 0x7, 0x5, 0x38416761, [0xffffffff, 0x9f3f], [0x6eb6], 0x2}}, 0x3}) 13:06:11 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:11 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x1, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:11 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @vbi={0x10000, 0xe8b, 0xc91c, 0x3436324d, [0x101, 0x5], [0x1, 0x1], 0x1}}}) 13:06:11 executing program 5: fanotify_init(0x10, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x109000, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x800, 0x0) write$P9_RWRITE(r0, &(0x7f0000000040)={0xb, 0x77, 0x2, 0x6}, 0xb) 13:06:11 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:11 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, 0x0, 0x300, 0x70bd27, 0x25dfdbff, {}, [@L2TP_ATTR_COOKIE={0xc, 0xf, 0xffffffffffffff01}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e23}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e20}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x40}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xbe}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x3}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x3}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x4004081}, 0x4000000) 13:06:11 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x9, 0x1000}, 0x7, 0xfffffffd, 0x0, 0x40c3, 0x0}}, 0x2}) 13:06:11 executing program 2: modify_ldt$write(0x1, &(0x7f0000000040)={0x5, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:11 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1f, 0x2) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000180)={0x8400000000000000, 0x4, 0x3, 0x0, 0x9}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) recvmsg$can_raw(r3, &(0x7f0000000140)={&(0x7f0000000080)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000100)=[{&(0x7f00000003c0)=""/254, 0xfe}, {&(0x7f00000004c0)=""/141, 0x8d}], 0x2}, 0x2102) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x5, 0x3bf7, 0x3, {0x0, @vbi={0x0, 0x8, 0x1, 0x30314442, [0x10000, 0x180], [0x55dc, 0x2], 0x13b}}, 0x9}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xfffffffd, 0x1, 0x5}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x4}) 13:06:11 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x9, 0x2, 0x2, "11ee27b7b83f5d822b7252b316d5bc01da72d3c6ed10b338b7d20bf0f3403307", 0x41415270}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) ioctl$vim2m_VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000080)) 13:06:11 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000300)={0x3, @win={{0x8, 0xc5, 0x6, 0x8}, 0x2, 0x3, &(0x7f0000000180)={{0x9, 0x5, 0x40, 0x3ff}, &(0x7f0000000140)={{0x1, 0xfffffdfb, 0x7}}}, 0x0, &(0x7f00000002c0)="fcd6b496a7345520a18e118d371026d689de7df6e0a2c03342a0f6c1a407bbad2e747d2cf1471905cd559fbcfddc3d775fe3519b339e685cf94985", 0x2}}) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x3, @pix_mp={0x5, 0x6, 0x4c47504a, 0x4, 0x4, [{0x2, 0x20}, {0x1}, {}, {0x5, 0x800}, {0x7}, {0x7859}, {0xb20, 0x322b}, {0x6, 0x80000001}], 0x5, 0x6, 0x0, 0x0, 0x6}}) 13:06:11 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0x0, &(0x7f0000000080)={{0x9, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:11 executing program 5: fanotify_init(0x10, 0x400) 13:06:11 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000180)='/dev/video#\x00', 0x7fffffff, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x400000, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000040)={0x2, @raw_data="bc6fa815a67c3b654a1343f0b1b51f4a6d7cc59eeb63076c6f19536ed10cd1504411662b2275ade3e395b7331645748dd83cc0cc4695770d9d2674333668cc7a7c8049eaea4590be7f53875b31d6bfac7dd696f105e526ff67e72259a540730666590ebb2ee2ea847abbc2bdace38ec075253adffc233bd16bc33af81c26646cdded10896d36b6f0aa5ada4c6059f50033401f7f544c855e4c06d4efdad0c677a054b5bb3896a1754d4fe683399ceaee582ac0ddffcd199634114bdfb6579a9a3532532ae0049f3f"}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x400, 0x200007, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:11 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x80000000, 0x7, 0x1, {0x3, @win={{0x0, 0x0, 0x0, 0xffd}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:11 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0xd25, 0xff, 0x1, {0x3, @pix={0x7, 0x6, 0xa0363159, 0x8, 0x2, 0x2, 0x1, 0x61, 0x0, 0xf, 0x0, 0x2}}, 0xff}) 13:06:11 executing program 4: openat$vimc2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video2\x00', 0x2, 0x0) syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r1, 0x8983, &(0x7f00000002c0)={0x8, 'team0\x00', {'bond_slave_0\x00'}, 0x3f}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) write$UHID_GET_REPORT_REPLY(r2, &(0x7f00000000c0)={0xa, {0x3, 0x1, 0x3f}}, 0xa) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xffffffff, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) connect$nfc_llcp(r3, &(0x7f0000000380)={0x27, 0x0, 0x1, 0x3, 0x0, 0x6, "431ce3cf216dc4711c0242f55dc7ea47591abf0121073e6376a75029214dc7bff478921310cacc40a36366492db40f3bc229142e7082c7696e95eb601867bf", 0x11}, 0x60) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000300), 0x4) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4000, 0x0) write$UHID_GET_REPORT_REPLY(r5, &(0x7f0000000140)={0xa, {0x8, 0x1, 0x81}}, 0xa) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$vim2m_VIDIOC_STREAMON(r6, 0x40045612, &(0x7f0000000080)=0x1) 13:06:11 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = syz_open_dev$vim2m(&(0x7f0000000180)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f00000002c0)) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000380)={0x0, 0x2, 0x4, 0x0, 0x7350, {r3, r4/1000+60000}, {0x5, 0x0, 0x4, 0x5, 0x7, 0xf9, "bf31ee57"}, 0x1, 0x2, @userptr=0x1f, 0x8, 0x0, r5}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000080)={0x81, 0x1, 0x3, {0x2, @sliced={0x4, [0x0, 0x1, 0x8, 0x3316, 0x8, 0x914, 0x3, 0x0, 0x5, 0x1f, 0x8, 0x6, 0x9, 0x4, 0x400, 0x20, 0x1, 0x1, 0x8000, 0x7, 0x6, 0x7ff, 0x8, 0x0, 0x0, 0x7, 0x46e5, 0xfc, 0x1, 0x7, 0x4, 0x4, 0x4, 0x9, 0x0, 0x20, 0x2e, 0xa486, 0x8, 0x8, 0x1f, 0x8, 0x9d2, 0x1f, 0x2, 0xa917, 0xffff], 0x1}}}) 13:06:11 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @vbi={0x92, 0x2, 0x80000001, 0x31364d59, [0xa, 0x6], [0x4, 0x1000], 0x108}}, 0x3}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) write$P9_RUNLINKAT(r1, &(0x7f0000000040)={0x7, 0x4d, 0x2}, 0x7) 13:06:11 executing program 5: fanotify_init(0x10, 0x40000) 13:06:12 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000080)={0x0, @pix_mp={0xd4, 0x6, 0x20385655, 0x2, 0x3, [{0x8000, 0xc0}, {0x6, 0xc}, {0x200, 0x1}, {0x4, 0xe9f5}, {0x0, 0x8000}, {0xbb4, 0x101}, {0x4, 0x5}, {0x7, 0xffffffff}], 0x2, 0x1, 0xa}}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f00000002c0)={0x1, 0xab73d0c7f038e6fa, 0x4, 0x4, 0x400, {0x0, 0xea60}, {0x2, 0x8, 0x8, 0x2, 0x7, 0xda, "57d6f3de"}, 0x2, 0x3, @userptr=0x1, 0x2b, 0x0, r2}) 13:06:12 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, 0x0, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:12 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000080)={0x1, @pix_mp={0x8001, 0x1, 0x50313459, 0x7, 0x5, [{0x4, 0x6}, {0x3, 0x1000}, {0x1, 0x1f}, {0xeed}, {0x3d, 0x3ff}, {0x0, 0xd2a}, {0x91fc, 0x3}, {0x4}], 0x47, 0x1, 0x4, 0x2, 0x1}}) 13:06:12 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f00000000c0)={0x0, 0x3, 0x0, &(0x7f0000000080)=0x4}) 13:06:12 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000080)={0x1, 0x2, 0x4, 0x4b25c67adc92688e, 0x6, {0x0, 0xea60}, {0x1, 0x2, 0x6, 0x3, 0x4, 0x1, "885bf8a0"}, 0x2, 0x2, @offset=0x10000, 0x7}) write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x4d, 0x1}, 0x7) 13:06:12 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = syz_open_dev$vim2m(&(0x7f00000000c0)='/dev/video#\x00', 0x9, 0x2) ioctl$vim2m_VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f0000000040)) syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x80, 0x100) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x5, 0x8, 0x3, {0x2, @win={{0x0, 0x800, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x5}) 13:06:12 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff}) write$UHID_CREATE(r0, &(0x7f0000000080)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/59, 0x3b, 0xbf3, 0x77, 0x6, 0xffff, 0x10000}}, 0x120) fanotify_init(0x10, 0x0) 13:06:12 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, 0x0, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:12 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000002900)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x24, r1, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) sendmsg$L2TP_CMD_TUNNEL_MODIFY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r1, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@L2TP_ATTR_MTU={0x6, 0x1c, 0x6}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}, @L2TP_ATTR_MRU={0x6}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x2}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x20}]}, 0x48}, 0x1, 0x0, 0x0, 0x8040010}, 0x48010) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001800)={&(0x7f00000002c0)=@nfc={0x27, 0x1, 0x1, 0x4}, 0x80, &(0x7f0000001700)=[{&(0x7f0000000340)="60cc2568d0eb3dff8a3c1c33c2a85ccab0b09f1753a37e67d86c63832da2f17489a9ca2051c5ad3ff210ddbe6584314efe98170e7c48a089beaa72b3b1fbc21225b0ecd272940e7b482d8b3df01448255d63784758954fbc7ea7f07ca2383d86bc5850ccc5665396483ddf6a021ba0c2b1029f4900a513840f", 0x79}, {&(0x7f00000003c0)="e5b22dd72ff50bc128d84ba33e3e59a8054b0791888bbc0351f7e1cc4b99f97077dffc346f82150e2b8120a3c4da87ba37a9f7980f4f36b55ccb25f5a31b370faa95228ea3de3714af6ba74f3dd408c990a866795bf8e9025cc49899a1dd311d0a7f93fce188f7b90b459586825388b074498bcd0a8c26a38b9bf86be3d3b210ab5e36aed7303235037861fc8d1100212269971e9325a6e413ae763cea36309c330379d7c6a7adfb2bc35634a26f5d7b100a97ee3f89a4af61ed8f72d3f724a45c9e9fd4f01ac3ab88ed701eb155545c409da4f530c4f4f46ad5e4d46efaa577acec823483648186c956165a7a2fa4353407c24404930690e00f328f35d8d00fd24f9c3ab1f0322c0aaebec9a5053d9b15ba97fa54fe8a114ae5cecfe8a8f4cce0706ec8c8d362e439a18142071db9561303b8bdda93ba6ca8b4279b682527a79f820abe60139e6a13bfc4c38f50122dd0c110b9c6eec3875936b0ad96081660a9b615fdd085d8219859792eaafe7053c14c579cf423161018c27d5a4829e41472075fc52a18a9f4a77fc7d0d6f3c49973fed45800b8e5ea0133ac84ede8bb4547345104ce955edd7ba646d3da562238fa9eac7873854ee989c7452c2053f90e7afad42f6c57514c7c2d5a741942abd7544dad9943b0791468430c7880e8d75b64fb1604c2562cc5dfa7d56f108b2e682009b733e4237bd42948bdeec7ddb3d2d7257b4bedceb357558d4f259f12963694049e9ad2c8ffae75ab387d7317b8ee96d8ccbcaa41d1fca6586016fc73e6e5e02896cc2b401bbb7a895dffe9f7995c8f508a75162b6080d2fb4a6fd8478f29c23f44bcc0005d9e102644d44e8cddf8dffe993faed1b0eb5fa4d9eeebefb01cacb0489e888c882a197a25c4c8a36fe733be80c71e0931429238664235cfe41cbd6aa06f1561ce05c0cc746beb0d026f2e958d783737cc9456a982ea58f5b14cedadaeacfdb898bba1133fe7b10b732db88d9b8d016b3f5a2f1e4dc780a8046d5706c8debb92fbdce875993e48cc5357358bfb85ca75e67c8cc93f9a89800af9c5fb19a92a683b3f7455e4bfa64027616c9ae17ddb921fa6987f7d605d2559c4dc6f13bad5927e1545e400221cc4b7f2d433d88eb49674889ce5c9e9d2c874f88b3acdfd809f353bd28b2dce11a2eb93d1635d1a31adc7e41190e3d82f8d2dcd6352958e081dbb4090058b8048a95662795f79f6acf22c684ccfefe9d98b27f2b277f8ed3e39e3fad12d74c297e0bb918c1a781071eb71c2cb9abc2de282fa82eaec7c5b5bd975daf7bad4ce675d77839ec8280082b3cce1c5859003bcfe3bd3303f4f5367fabf26ca065718f36e555a0203ab7e32d5da30141a42e9e6215f35790f2a8fb1187c571cad7995f165bc7775b6cbf3f66487a25cb0456f310d65c6560ae4fb3daf5fe7b0394d2d8245c6512d1600e83f8845b6e6ba29bf16c879220018135502297ba86eddac9db45633d4beb09e801227dffa429f591a65c79b0c4081cc1b3f2eaadccba85e4ad2a924d8f3a23f8f53ad6415e3a7fb3d593f0a0b9d8897423dac82f12dcf7eaab6e25f04f3df9d835cbc7511cedf2a2a92dfdfeb6618fa4bbeaca1a213854c6301927abeca7e34a32e10358a53324471367dc59cba23e6a4518ca7eb4b299aa5257bde8ad274619387bb5a48d64229ad15f7873ac2e384e900df51dc070a59de8f99f61bd2c97ffe2517e61fcba4f54307a38a020b4aa1340abafff3ab39df0a8d550893f3fad74899e25a0e9083f0af65d5817ae11525e055c56a486fd01c317c347c945be3821b330a44b6913223a6223491b3fedbc3fda0d843e7ca25a1daca8af531b09ba614c04284abc7bba52c46b8c48ada868e59130d04c870dbdda2e7b81fd1973b06979125ab37a60b43e8cbdca2e9d40d4c69f88fecd86ac767a17e81a177a67e0672d45d531b70aa30dccf0fa63b74069a7316dad2baf6cf0246ef4ad2b41e3fa6afe132343d88dc6e1e2b758a06f9987bb542644b08158000561421109600173d18521871b97b2e01c932524841dc67026ab043fbea4d61c272576c5900993cd931dc2d479eacf7f4336ab78ba892cab7bd370812b84d3f678c23c335171c845b13207b7ccb8e6766c18c88d7f380705633210ebd51c86551580cdc591f420a16a89421a62fcdffd4d82fb708add3aa37e916f2300fbce84a1715788e93b6aa5af5d27a0957010d0f88fb2abf6f41da2a572c3c99a15840519691032f3941a57985be9bb06079b64a0faf4c7e75db7b374446f10d5b70f438c62d912ed0ffd4f58cf13d45d29293867d69f8a3a18fb9d3099c5005c2f81d48e43203e364eb1287ac9bf5d5155a4fea670e8a561236eb5ae6de8b0f00e6e62741c74f4e7ea83827cf62a7792eaf10be5a951e2dae1f975a7bc4d4099e88fad9b7ac92563b217aeb5f272554cac9788c55513657c018948798dd7dcf5a23f85bf5c5e4765627c76ee6cd6d9266ea91b19d0ae860f03a0328aca0c767c8f4280d8b3c6b12a968e103deee7b579494f213674f93161c03c6f41787e6feae3926dd647226d2da7652a85c01fd11fcb3b12b52ba9f7a9ade58de65b0d26eb491e1189ddd04beb36a1922c33a874a2a2448f0b66c127d114f6786ce4a29e31f3195e7c7432be0da595d976b4e8ba79e8e949a5afabe442dacc3d29665352510f8346e51075f2a543c36ce944b20fbcd7d9e498e9cf78ebeeb7a6c9aba9fbe45f038f2d11f2d5ced4e3d82ec0c89c3b50b29cef21e6a39238cf5a2205e4f7fe4f616b13cdc3795d32c26092ed818ef7a49b8d6a9c652cdcb42bbee0139f9e04a99cbbf7c9f23eb76ffbf4369cb12ba57379216866b50ea6feea37cb14a1975a8e6eae7c5be1b7f6107781b7ac41280e2f6f5f240de85acef116b4cb321ea66a5f556646ad4a994b058dcf8d045cf84aaa62d5a471cfecf65a42e10e06513b55e3c1b3e4e16f0b7971e396bfee12c9efc1cf8a3a525b4f83e23c14d44d2f7d9139076a0fc93c632c01c660f1bf0f158b01e056e177e4bd8b4859047ad5d7f9a6386d8abafd38952fbd706b9a5106e8c271d07bc697cc7cf6b2e678dfad0e5c1540ece34da91cc31cf6465ff2b356aff37fc3b48a11d9ea337698681c9dd19e534a943f0fb844c3b38f88281935ea42112777d941b3480d8258d002fa67fdedae897919d09adaab7b9ddca6789f70f0e3b9a8333ce06f53621615aa521f5da12a13e5fd3ded6bacf92a71672df58c34825b8a4457de4ebc99ef862f3e04fceb009ddd0ac9ed234c1cd6afcca73d975b52f1d82abb6a12c69ac44e074d54d142aa8a30123202b9254f62c1314de4df8799ff0edb8483676e0f29a47e50cc548f492252984e010385e6020269f3bbf298c6d05a3def090aae23587107d9601ef9f92d6fc6ae03e51254f072ded48aa6f7b4e15b22b664f4e243153b66b69777e231e0836a4996e3a7a3a85502bc8821b10e69dfe85a1ed0fde8036ea344954198931cce3038cccfe78fc9400f1d05484b874c8439eeabac87ae7fcca18e7c983b51946e6cf9b7b5ed4155b5b947ac67aac5886e11f39003b69a3334a642128b555ff738c5453fb63e3855ee446b1abb8901eca0d51f2490fdd5c884936d12ed8a73f3b6ae122b47abff6c40290ccf93f49fac2b37a73f09fff048858fd046db9c04efbddfe4ada8ca2696c884a40e8086c613aba888f7116014399a9c45ef8c3a0608ad8b27663b5d8e86ab6c2aa1e462beb8817696265bd276fcb6cdac12625cf81c3690eb299245b3b127fe0c266869a45c0314486de0db7ca7d170e525b5fceb7695400415707e5426abfb44c96157b3f16abdbca4e66799dfbd294febf5b2ea05c3efb19671fcffae64506253aacc9a8373afb82d8a4b2fd8cdcae4f4fefe83f4d74f372740cc451eeb56f295555aad32103504c634aca027de956656087cfba26bbbbb106310acd0832759a8b28ec513bbb2d72f19f9a4c0be0ae24cb91ec3962bb09d53f8448d6de0add94754fea1fbcd08616a28d9f4cf6f4a810aad328e08b5fbc271ea859ddcef0e1f5137cf45bd12fab054010ae04c412aa3f1afba9abc00e995e4940a9a9590c881c2240e85905cf5697622d54d04a5d971279cf4f08bc35b53b97278a916c95e0b436db55ec046f20afde03d1a01c86552ed7902e3d46e45170193204e3de91f65b4ad5febfa5219c37b837f9808a50cc7a958ba8a0689a8beb02acc799c49b0e54284cc833443a2e8bc44a55570b64dc0714da3fa0a4a11b3ad3fdf3b92b792459bfcb3dfef178db43c0983d18075a1ee7a77973b209c69dbe86dd845053a9b1d880706e6cb8ac5da9c1e4b241b83d7cc9b31559b9353e47fa70699b2f4dfcb002a88305b57d00a6c39eb96c45a0f7f1a6172b6931058b6c017577a3fba78a6e6f8a562baec1ab98bc62884b8c2733120aaa687b68e72682a76823950ce80ac455f8aa1974b81201e26e279d31f390ddb7f4c97f24c3e6f20a11212319d3db2a9051c2c911bc37a9a6db972b13ea6a9a4d6df72a51ca03b9fa3c816d3d2866c73d3744f269f7ce73c2861b759d8da2f0ee1eeb368997589700ed902063374cfbebc0c07630b8d1fdf1a82a1c92069f5c357af7cd8c9d53edc8af1f8567d6eb27438dae1f00d1e828f9478ac871d139cc80b88d83a652f1ba324aa6dba8d8bca7b4fd22b88a5ee490eb25007b8022e7a77133af11caaab4c5c4c991df9886be62b7767cbd90f431c01f9f2266280bfc4cfff190c3522a71731ad0630a5afa102046fcc2fe8b3455d8cf4c3f7920e5fdefcff75a11526a7d5c9fee6d5553bf9ccd9e3397bab724159873460270a1ec962e8fe7e5e47b2fc1e84067b7fd7c3bd1245307dfe93bf449fd9498b16e1a0d7cebd56479a35570785ec84e3474fa04cc5fadca6252fc807508fa0bea85314fd2a6e138e1efb377902dbd032fc4cfaa16bf122e07443b58edeffa2e42616ac1ce5e74bb10c933656d0d941833bc8928e7539311cfe4d2fbbe02cccc80bfa1ee2b1afed3bbec66e42259412c4b6ea602c7951755b74c28c7ee29726a432665f9a4363c3fa5c32125eacf9298ec9a401b313ccfbdfbe25505d93f890e1ee8eafd63c57691b51c61320f6b941d93dc92a22f550bca2f8eb4cb05b434b30e7b12b519f7c8bf70740751d1145facd190cdc996d5703f65c6cafec7271e84a0ae0d903b6681b38c50eff66c1008dde132be9d9c99d713ed9a627cd68486f9d4fd9e732c783c7e7010efc7604b720b3bad16a47ceb762b902865000935c1509ac09c2d16d60a1645ca3a22031c711da1f76e3c14289f8c5255a7c578739ce4a060b85f88cdb4dbae2b07224bf8001c515b3546ec5eb0378421856a0f14e82b4447a6f3c234c18a3b21aed5b5b83f4d3abee808b5695143c624e43558e4df5ca2e9fc49f2b6b3028c40e4805fef16038aa75eb1f590f7fcb6d67bf322db78bdb47ea0df7766b6c78b8880a8f2a1eea99486bfd624a65325b1b5ee4a5a08b21fe604adcb6eaf0e984dd5e1a68538ffda8eb753ce5ccdf4eb78fbd3ebe1bd395f2851b3b57108091f502f717ec48cf0af633934ccf3f3dcfe701d4520b68caf2b44093dbae99c8b68d740c5d3f0f055e9042ef7ae947274fe7cfb45459f3097b2855c9213944be3d03de293e35da9232ea5ed8039fbb409a1d0fdef50bb7662748d42e4056ba4108471ce8568aeb9db54e21c9b8984dbd494c5e920511fdf90b28a6c69b131c1c329dad992fec9d7631da03f4b", 0x1000}, {&(0x7f00000013c0)="fe23dd37a223deafc429d36b0dbbae97a23232799c756215e70f217194120904e5bb46c799d170591d5864f5692c106a4b07c6ea3ce900b6f4ab7a3da787330a7786ab5e833eabbe6e6f683674eaf0237a0e12189a10a39c34fe8e8d0775608505c5e5769ccfcff8a34301f3b0f80598", 0x70}, {&(0x7f0000001440)="9920bdbb745525f9686de4f141c60502a6344abd4e9b0f974e3698926985911bd14f548b4baa4207d6ab6c10f567bbf78b0bca8824a4636516e310a55d32e573834d1659fedc6942522629e9058b489707e15b0a7b2dc4dcb37ebb9f7c6796f2bff35b60c45344a64ce0819f43b8fd1ed34b5bed35b2af518090c801c15a45a4b4b1819d91ebcc5fa010e59da8ed535240d99c338a27fdde3c6d62495d8644ee175aa54050cc652041a822e44d24", 0xae}, {&(0x7f0000001500)="3f15e8fffa8870d9d11cdfbde093e74ee9e4ca71766fb4993b558bc0a1cf294b544bfde9e139f221316abcf495b3a8593338f7ea0ca82d513e295442664033f64df2f583f9d6e88ad7fa2c14889106c9f7fcbfe6fb2eea5fa5a689fd95c36f2a8c4299333209a49a48e44ba808518d834f27ecacf7309557255b3ee58f3647091caa5d3e6b9146b5a11a1c1e8db590d832910387fe321ab9e540de9948abe0476f2ed3935e05baf5079731f224db780885a6e8fb2a91fd117f71af7b7bd8b338e0aae70fef984ee306ca1d2bab8f3de3a73b4c421fb6de492f25", 0xda}, {&(0x7f0000001600)="d640eaf951b135447128f2b4a53180792a36e523374557b8cdeb5e76681753ff5641dd67151ca3c45aa8044614c6f4d195c30e43edcec454dca50b6255f7b351a57d07a009c45b2300db1d4b6d174eea7ca9bb491d22610682793e9485dabb1872ea4a7d12e7bc14df143b0cecc0f67599b9d06bb007dd931a487c9ce0ff11cfce59a09a6855dd3f6023548cb610d4055baeab138df88edfac474c217befc32eb3af10c2fbe55a1b60660941167eb8f4a14fe219c047923df91e4e2b02a022e4", 0xc0}, {&(0x7f0000000180)="a80289a7ca0026cbb2ebd8eb33f74401042ba329b9576d27daf9d8f8f72682ad5343f4830bc2e033a911db340d", 0x2d}, {&(0x7f00000016c0)="8c6cf5", 0x3}], 0x8, &(0x7f0000001780)=[@mark={{0x14, 0x1, 0x24, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0x8}}, @txtime={{0x18}}], 0x48}, 0x801) 13:06:12 executing program 2: waitid(0x1, 0x0, &(0x7f00000002c0), 0x40000000, &(0x7f0000000340)) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000080)={0x7, @pix_mp={0x10000, 0x100, 0x34324d59, 0x1, 0x6, [{0x81, 0x1}, {0x0, 0x1}, {0x10000, 0x5}, {0x401, 0x1000}, {0x5, 0x4}, {0xfff, 0x20}, {0x7, 0x80}, {0x4e, 0x7ff}], 0x20, 0x1, 0x6, 0x3, 0x6}}) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000180)={0x7f, 0x3, 0x2, "08354ead53a311020d2ed4114ab673413851ee8c5b0edad72839e053803a73df", 0x55595659}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f0000000040)) 13:06:12 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f00000000c0)) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x1ff, 0x3, 0x4, 0x40, 0x3, {0x77359400}, {0x3, 0x1, 0x1, 0xff, 0xb9, 0x0, "f74089db"}, 0x5c7, 0x2, @offset=0x8, 0x2}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) write$snapshot(0xffffffffffffffff, &(0x7f0000000140)="07798c23681a57a887b0e9dfa719fb79f051928c9610847356b74c4ef0bd449c8a31b54c11f56862d85241b2ec591ed8612abf97776134018a1bd2f06cb6c78213e44ddb7b9f626c612dfc6d01b93950a6c46fdbc76cfb87bee1a9b92477fd60a1596bb9cc2974c4", 0x68) socketpair(0x1f, 0x1, 0x6a6, &(0x7f0000000080)) 13:06:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000080)={0x0, 0x5, 0x2, &(0x7f0000000040)=0x10001}) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x40000, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:12 executing program 1: fanotify_init(0x20, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffc, 0x0, 0x7fe, 0x0, 0xff}}}) syz_open_dev$vim2m(&(0x7f0000000100)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000012c0)={0x1, @win={{0x0, 0x4, 0x1, 0x1}, 0x3, 0x7f, &(0x7f00000000c0)={{0x0, 0x100, 0x1251, 0xc2fe}, &(0x7f0000000080)={{0x0, 0x2, 0x401, 0x7}, &(0x7f0000000040)={{0x8, 0x9, 0x3f, 0x6}}}}, 0xfffeffff, &(0x7f00000002c0)="79335a0a6fb4595d0f63b83a408e731ebe83e49ea463b2bdb97a313299278edba30bbbd5808442c2c77b999b5117a7661d35754c6f99112d3119a41726ab5ad2266452302292bdecbcec09cf80db075b953ee8c834a03219aa7d3b6a0e8c74e7fc9cc3fd8570359e8e51ea64e86a604f373af07c88f785a9f8f3f4df4e35cc055919053eacd9c907717d23779078e07cacec8ff4f1534ab4d3f34ccaade7effd09bd8ab763d05feba642054ce916e1556b7eed4859c9d81290759135c10af4287a387ed665784f0e18fab8b8dc7e1a85bda44b3f8f5a2bcc556c2fda765cc6e535f2a3b891d93b042348170f53516509073688ec28ff92959604e8efcb0422e5dc6263d6b494d7efec6322cff6c3ec8c30da181672150e6ff08ef43c8bc93de7d8b9fc723d5cbb7693c188deba79095334753fd135445bb7f3ec3138a114d67eafde7f6669b3cffb23113c0e6e499ed8456e53a189c3ba298d6d605744131db9556a6a0a99f87d0b84647f1a15f97be45ee96a9e51e470858bad8c4892c6997d45f5e021bc69d61abbb86b114f05a7c135f0bca16368d53dc8bccc7591e04559ea2772d5e58b6a8020b792652bbf5d3be9ecff9670a5298d5f332b38e81e4c6020edfc86f73710b819b716c73802470d623d62c5ca9297f7641387cbb6d281584f77f2fb4b546219763d0288f2c2703852df1f9d466c0dbef32c77684f98144f22492898088e3868efb4ae5ca0ff7a1008c9fb1925ac3d9239df6ad0da1ee80996ec2ad131b423eec573d73e6465d55a87f30f74f46726e85e6030ad7d0283cbac3c633872a593d58f41bf862be43f9950dcbbd8c79b00463d001add6ad4b5170ba079c255e220c98d46a8a0e6b832dc3c39090e6e4cb63686b6971941a4d41ff019beeb2394a637002448dd603a2db6b2ba4150bace97083460cf91bca9d7ce268821df332054922ad28b4c51993cda98d3f0a67517a415fe5b22a0f29fa75ad7adea8407a644b7de499714a2496d839a106a857d7de109ab0e9764fd0508a127687b0f9e939a0975888a1744974e2d44df6ce44e9508360cc308af70e1c079f6dd97836ea658b301f878617e31ed80cd0f918161e1a0c8dd81ea6f679528f54886a0609274ba568df198464ff4a4a6aee12cba2b5c80785af44d4e9b2b4b0b4c2aaba14d306c4a31767083ffe30c8a0235298b38043a29d977308a8a4ec91cfcb3b3706c9e8aecaa5fd011a05760e5f223b6ebd8645211578183346a23a00a9539ab466b2ac24af80e9452934bf709942febf42f7e4b9a24315deaf236b8dc953221ab048ac9ba19706f3edb5b811d3c7929aaa2ee4ae2ff8a2acf606e53914402de8a9ff223287a7e75389a6d830543424b3c69772bcf656a922ada3cc6b2797b3226ee54979cc2171fe66aa4c63d92e40adf7774d163c542fd1cf889f13955b6b4526fb91628ee9e28336fcd1da966f57307299733b7e62c316180cb910d6dc99588b97299ba80f3492372aea38a32ab4c6af3296c1f6914bd4f18d04df41ea1dc780f8e76f7b55d7c40110b639eeb6bc7f20e5aee6077a9dec01b14322ed32ace311a706d2ade87d4d08a055ed2e5f7cdd81caa31c4cc1430aa2f8961f6d21df5e8a0fc5217842fc0e799407d27fea5aea0ae911221ab28bc12541616a445f7685e99c353dbdbe4b789ce31d008b9500ae84704d107bb344dd91391738dbdb53b7e8dc3b8d728a82b1088924b90cb4d114cd65629a9df1297b6dc6e8c731f022e6fd010af2cf4ae48f26408f3796dbbcbedf4855dccfd92a8dc904173ecc5b3c33effcb06fc35508f4eb63463890d465d2a6a13cf1484103f1ad21727f556517a7aad6d4f12017e40d3aaee4f2c1ed74f13059a7b45c8175846287a50caf3aebaebfe8d32e2a7f42c01e667fe91d38a852b0d18c582babd0ced21d1855a7b82ef3598660eef59ef0b5df10894003e65ac2f12bb384aabc8f73b65b2faa75986585f4dd700beb5645b7f9fd32f10d8fed721452074ad0cd17e5b12e54bca51aa46fcd01adc44971babbcf661a119da6e83a062d4ed2d530b6f42d7984dccbc6cc17787d1f07b668b45ee31737765b174a114e2dfd41059abdd9534289de0c976947c7699a021b873642a02d47721a20bf65eed1baad45e52983a291de489ab8e66cf77bd40773c6cd18437125faf65ef5d662c4aad06866020efbd09c6a88cebd0fd1c8d3c4a92fa48d988551c6b38a28ee3f2d93db47d94a81b1070a1c9a750fd3d689d373d5ce8fec2ebefb8e2aefd8d315fd0f0f824a411248ad7a1544888ddf5e52441b421e3f17cba3f7bec50ef8918cdcb1ef51c8a508b28831602cad4ee65a1ac75b83ef5eb69ea093d2c52a5f14b88b9f66ad273b37350ecc84eb1b576e7b0bb172a0a8911906776833636199c5557bf7a53ed76dcc6d1298f7543a89f9e10d0fecbb527dcf947366b33c48944dd21b995bc9097367577936a4982a65c411035f7583f199377d5b24f9b857817420e89bb4b497586b9411878bd180a698f2141f785b816db676cfa269dd9b577add349c4fcac8946e415aa9f1c65a16dea29e521d6afb270a881089991f69d38a75346361b5c2ab1244715c93c6d67115ef4a1063263c5860d2304e90e85733ef2c2c56934cf05c48f045edc7e95723b8dfd66cc2649b3f3c759ee61ae9aa6b24709b438c5c460fdc393e234d13dca6a37861cde1f735d5efb7a78af34d919e7f4ff1df13ed0963b14e43ad331da0d90f0d9bb9b9d5fff749adb4f7e9bd937e084ff763ed2e817763361ecd1ffb8254f35bb65aed342f9d3cdcf6529cddaefd7b259481aaa93ad6242ac41ddc4ba1ce991b522774b21eb17d549a7a342485ac8a16285e2032abe75a55c217ca145cc74e85ceacd5367f5317c1ae232532b9cabcc640e6f4a912758b300b9c6e2099b2cfe7fc3c52b88f17878588c10509106b650cafdf57b828c47a5d11ee963088b1aae41f367ef8fc055b3f8bf366b4764c5ff7a9e756484fc00b02b088d959deb42b6af033da6a1a089fba1630e416df2d868d7ab6d538669a2b0d12097ee9a6ba3cfd446ffcbbf0d398619b04d6c74cbae5c11c3d15bb31c786e6b1b425785d7564f92375a4e26cf5926039d1c822e673ff0c0cab3c0427024ff717ca3c624b62dc6a8402a60b5d9933072dcd921ee423e1c01da5aca5d9384fc50e568f4a1c855795ecf01599f7f174c4bea6e306aab68724bab8c4abfd45f68c211f654f7be41785d7aafec8d3c4edc1be057b2bbe221cba7d63dbbc943bc02a5a95876fbcb3bbb9c62d925716d21a0ea6bec8b6c4e794eb7158055c3be67f00bc2d693f7ed48c686c256359415031d5720b96fdb1fcd2837fd3fb164167996cc717d4f76b0f3e74171242d7a60646cab51a5674a149916ff74ffe930e8859fa6408073e3dbdd014df9811d05f71224b96ab18e8cd213f6150b625bf57031819be2ecbbd4852aa3fd17f535203a299c72552ac7cac3c91915fc6c2a54eb5e5d85df1cb1f46af43c578df1fc7336387deed32b3e6dd6fd367be105eec1b39c2712a7ae17ec5879c438dfface27bb8ffe74001a420d89bc5596500dd2efdb93fb861f1b483dfb9b422de649ec49336e3ab740adcf8cd84341ee9b4c97030370b0c9ecdf10d70a17dd3055aa80b49c108b68cf773266d37e9404b60d6dd2d3afcee2c730a6a756df2e712f61a141da94b097ae051eedbf8faa4b68c681f309ba603ed3c1ff3b4f082a120550a6a796939379fec4a9ec217c57f5b0bcb555d31464257234af02771219d9c49f87daa860dd2bb691117a9a2ca7ff427404aa4c9ce342a2ceb919a68154ea7dfaf21c4a232a41d24e331f9985a541727c7a3120eb54a4ffebc7b30d7a791d52a20dcbdee7ffc093218aa4cdd2cce8c5e0776616e6099d86c2c5aa10a6d27c7aadc5fbfa39b5d7601422e29bb48b870a3aaeeaa02afb1ab6589f1964d94e8cf19e34a148029699a2a14ab07cec5c0ce1a78b5d6d33e0b75b07d185b99fec8119fb01709734e28ca20ece52152718b78b20071438986170d0c319fabb4ddc63050fadede920fab850f79a5210c82ad9fd7a2076a04256c18e03fcdd2f38ec24fb5453be42e6d64096867de25d1baf0050c019e96398393dd174c07527dd19bacfd52d227773fed012fda1fd7bc6ca2f5a1a624642986c9f014988ffc260b26956780919ae6af404fc11a9d9e7cfb951292f5f0896e1ef9bbf21c5e41380c61666a0f6da968d96a54a6635db4c2379ed1c3bd2f5507d8d404107046681ce20c56ae3e56f793aa0744f144e98bd06bbdeded6a2362d7cd598c31be8a80d3eb1a37d3f5be8133d9d50447d2363e37eee4af81cf21f00a68775b55496b4a4b944e9fdde1ac295eb22b4e39a74a883ef1ace8707bcb50dbe46893bbafa26ccda60f7b25948c3a3370d628a12d1a2b711e42c71d8ff8880e5a619d4983596ee52f61123eac354e4dbfa976e5d90d520702687719358562ef2b0c220a65e87fa3b4c05abd174b6faee0108b504da94f3bbe1d0c83da801d24555c500b9a5f7dcaa37fa91fb5b3ddaf2301ba42037488e6dac1b30d86c12d30ea8c7c6fc4df9e211e1bea2cfd6f59b2a5bee60680ee7616a7677d21bf6c9eefab308dafa69adee66fd3e8da4167b562ea944d152829e9229ce633a6e8d320b5c7c4342092ef51912f139d9d1f2ed5a57bea8e6f73a812db280241ff7707cd468e29c3b0c3130dd5d9b41ed06e8d006ff671b963ff8638770a20ac9754431a99f89a876a844844e566c957b4c03b7eec395a79d5d9c96db57616a326044e8ed9e52c4bb2a2c357c069dd5cba579488a177e49bb1f48b2824a5ed7b8af473188c592569e40e349740cf140837304ef8a107f52d1eef874af12f3d725b2e6ad4f5c5fd2cccefe96e1d01fe7e0752a9121ccfea5bd9b0cb5bf07843574b271fc8030b4be1ea1fd67807a92a86f8396aef9aa4e3e4e43deab149111327ebcb9398ed4672c6220dd35c47a25464d003e6d3deccbc5067bf7e574b9965759f0ea5814c2ceab8e5a5145ff459325db43873b9cff617955ece315c4d2641a6838d988cf4af37ec9abdb4d02f4c9e6c416d207096b0e2d0371e77d54574ab87cc0fc394e9440a8239ba57a32a7360cedafe4bd6b4914d9bdc541028b0a344b6b1e833134c45b59c28606aad48dfadfa98d4857268aef9742de8d10b36b5196f2bec579ef128d339d51d3ed6cc6345cb5d371dd1dab7a75f013e867398fda7948402811aed19abb0ccb15c44e0f0aa5316d7589e55dbfeae59d71b6a7c5fd90bfdffeab76c7e6d33ef231fa07b518a71f380756d77ac7231caf771dd7a702033bc8d9c4a1a96d6fe5accbd8e76096bc04f372b4288fdd1c303db4d0f1a54aed84f50110b392b2cb7fab72d48facb32853b52ec44a44dd72cbc5a2e0b3ac60c3fd47555b4945c72775a2e5c526a69006ea3f2d75b22a3853e6d7923cb8796c9c01bbe0c101bc73e8276d1fd5e45196d85c933b5267f7d812faa53a38a4000b707b7be1f01ae88c57e2ebba5a147c430d1c5d0bdd89f36c4251fd07345c54b11ad61a091dc008272ba3730f6b6d4fac3e9cda8ecb79562d247396b55b5e0ed0fed2fa041a7ca753f01e359737bda62456c64bf817d543783819a962f01bb07a3d057556632838217a1411d3edbd459bc835382888c3f511a1f286a5b345668dd156676a901c6ad06663fff9eb2ac9e786773fb864d521fc3e5ddd207aebda38bc6feaa0c2118761a9eb2fd4", 0x5c}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000140)={0x5, 0x2, 0x4, 0x0, 0x3, {0x77359400}, {0x2, 0x2, 0x0, 0xf7, 0x4, 0x80, "87fdf7c6"}, 0x77c00000, 0x74449dd0e1570582, @userptr=0x800, 0x91}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000001440)) pipe(&(0x7f00000013c0)={0xffffffffffffffff}) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001400)={@cgroup=r2, r3, 0x1d}, 0x10) 13:06:12 executing program 2: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000900)=@deltfilter={0x71b0, 0x2d, 0x8, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xa, 0x5}, {0xfff3, 0xfff3}, {0xf, 0x10}}, [@TCA_RATE={0x6, 0x5, {0xff, 0x55}}, @TCA_CHAIN={0x8, 0xb, 0xfffffffc}, @TCA_RATE={0x6, 0x5, {0x8, 0x3f}}, @TCA_RATE={0x6, 0x5, {0x54, 0x6}}, @filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x4924, 0x2, [@TCA_BPF_ACT={0x44c8, 0x1, [@m_xt={0x1a4, 0x1f, 0x0, 0x0, {{0x7, 0x1, 'xt\x00'}, {0x11c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xd3, 0x6, {0x87, 'security\x00', 0x4, 0x8001, "ea9848c931be00f4001ae70b89806da3856565849eb96be94dd90bbf44f90adab120a7d7a96e19ea18f19be4123c1bb34875c0b78ef989af8685aa043691d019a89d23a3883085be4cbe137a1f20cebc089bb66f5e5314d4b036a6ef642da05d6fe8f4d1c2e65d584da84e69aeef7128cf90ce8bfa051b19193bbfb047a51cf3eb15c0b9e91cfba897b29a74a6e9762df2de2d741def2b333bb5d83612841caa21b1b60c87f9056e90"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x3ff}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0x7}]}, {0x63, 0x6, "cc2ceefe64994d5df8b0ca23efb72cbf884985bc98f474be7e72f35e0662c1bb928825dbf2581742915177607b7fd8ed2e0454b99d9f9417ba954f737101656cca39fc359a254c694d7f0431e45f696336da5ab18ecb4eedbd38f3e72cb4ab"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_simple={0x12c, 0x14, 0x0, 0x0, {{0xb, 0x1, 'simple\x00'}, {0x38, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x6, 0x3, '.\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x18, 0x4, 0x0, 0x100, 0x5}}, @TCA_DEF_DATA={0x13, 0x3, '#-,+!]\\#\\3.+]@\x00'}]}, {0xcb, 0x6, "7ee387bcd1e0c5c7090de15ff21541a69b388500209e17ff54330825be79bd8a9453ebac0fded384ebdb30fc7825341cfc171daa8f2851c3465683fc5ff6a68d029b1b7e4bfcd68df2c00630c640fe875ed4b48aaca2ad0279fcbade7267e4af840c8742914340eed97f23bd499aacd9cc1bbe0895856f6f1b32dee0997f230dc2cf3f50c3b8a6c80af66aae90f1567f9e0a729e3fe25a9c1098de94b4ba407fe7646c3c9d6c9d5d78cc41978f5c1f4008b7772380f7145a993eb43f87b44c67e6c30c27898dbc"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_xt={0xcc, 0x14, 0x0, 0x0, {{0x7, 0x1, 'xt\x00'}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}]}, {0x7f, 0x6, "8984b415581b28a2782a4b3b70e371cf9d7d8ac9e1c3b1a493fa67bb2a1cc92b632e95bb062b886ebefdf58b42a63f759c621b65cc895a6c27ea7044c7308bc12483da56f54d954ce8a0537788797ec81811f1517bdfe38fc3cb14a5d446ddc7d0ad1ed7c61dd8c8e6cd70cb7efde204370db433f71b98076d4306"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_pedit={0x3ba8, 0x14, 0x0, 0x0, {{0xa, 0x1, 'pedit\x00'}, {0x3a7c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe98, 0x2, {{{0x9, 0x45d7, 0x2, 0x7, 0x7}, 0xff, 0x4, [{0x3529, 0x7f, 0x3, 0x3, 0x3ff, 0x4}, {0x3f, 0x6, 0x5, 0x144, 0x3f, 0x1}, {0x4, 0x5, 0x470, 0x4, 0x9, 0x9}, {0x9, 0x1000, 0x2, 0x5, 0x400, 0x3bab}, {0x2, 0x8, 0x2, 0x9, 0x5, 0x1}]}, [{0x0, 0x3, 0x9, 0x6, 0x3f, 0xb37}, {0xfffff017, 0x1, 0xffffffff, 0x100, 0x2, 0x7f}, {0x7, 0x7f, 0x1, 0x2, 0x4c, 0x40}, {0x444e, 0xffffffff, 0x3, 0x3, 0x2, 0x9}, {0x0, 0x6, 0x7, 0x3, 0x8001, 0x3}, {0x3, 0x952a, 0x4, 0xfffffc01, 0x1, 0x40}, {0x200, 0x7fffffff, 0x80, 0x40, 0x7ff, 0x4cc7}, {0x12dc, 0x1, 0xfff, 0xf6a1, 0x7}, {0x6c6, 0x1, 0x49, 0x5, 0x7, 0x101}, {0x7, 0x7, 0x8, 0x6, 0x8000, 0x80}, {0x7, 0x2, 0xffff36f8, 0x7, 0x2, 0x21989b2a}, {0xffffff80, 0x6, 0x7f, 0x4, 0x2516, 0xed2}, {0x6, 0xfeb7e71, 0x8, 0x5, 0x0, 0x7}, {0x1, 0xad, 0x800, 0x4, 0xfffffffe, 0x1a34}, {0x1000, 0x9, 0x10000, 0x3, 0xfff, 0xffffffff}, {0xff, 0x44a1, 0xfff, 0x3, 0x8, 0x400}, {0xff, 0x8, 0x200, 0x2, 0x7, 0x6}, {0x1000, 0x9, 0x0, 0x2, 0x0, 0x2}, {0x1f, 0x0, 0x1, 0x4, 0x3, 0x2}, {0x499, 0x8000, 0x1, 0x502, 0x7fffffff, 0x200}, {0x800, 0x7fffffff, 0x1, 0x7fffffff, 0x8, 0x8}, {0x81, 0x35f3e204, 0x100, 0x100, 0xb, 0x8}, {0x400, 0x9, 0x400, 0x6, 0xfff, 0x2}, {0x0, 0xffff05f5, 0x8, 0x7fffffff, 0x5, 0xfff}, {0x125, 0x3, 0x8, 0xae1, 0x4, 0x8}, {0xfffff001, 0x2, 0x6, 0x7, 0x0, 0x81}, {0x2, 0x10001, 0x29c9, 0x6, 0x6, 0xfffffffb}, {0xd38, 0x10000, 0x4, 0x9, 0x2, 0x3f}, {0xfff, 0x4, 0x10001, 0x6f334ecc, 0xfffffffa, 0x9}, {0x5, 0x5, 0x4, 0x8, 0x9, 0xf6b}, {0x4, 0x8000, 0x1f, 0x3, 0x1, 0x7f}, {0xffff, 0x8000, 0x7, 0x7, 0x8, 0x8}, {0x0, 0x6, 0x0, 0xbaa, 0xe9, 0x2}, {0x40, 0x4d92, 0x1, 0x80000, 0x89, 0x3}, {0x200, 0x40, 0x2, 0x47, 0xce, 0x4}, {0xffffffa4, 0x9, 0x4, 0x7ff, 0x9, 0xa8}, {0x3f, 0xfff, 0x38a, 0x7, 0x401}, {0x1, 0x5a, 0xfff, 0xffff, 0xb7, 0x5}, {0x2b58, 0x31b, 0x6, 0x8, 0x8, 0x8}, {0xfffffffb, 0x1, 0x76, 0xa08, 0x95, 0x8}, {0x7, 0x101, 0x2, 0x3673, 0x10001, 0x4120}, {0x200, 0x1000, 0x0, 0xffff, 0x3, 0xda19}, {0x5, 0x3, 0x23eb01fb, 0x6a49, 0x387, 0x596}, {0x4, 0x7, 0x5c, 0xfffffffb, 0x200, 0x100}, {0x8, 0xb, 0x1, 0x0, 0x7fffffff, 0xfffff0cc}, {0xfffffffc, 0x4, 0x10001, 0x40, 0x400, 0xffff}, {0x10000, 0x1, 0x0, 0x9, 0x8, 0x3}, {0x101, 0x6, 0x7, 0x5d2, 0x800, 0x5}, {0x6, 0x6, 0x80, 0x7, 0x30f, 0x4}, {0xf3, 0x7, 0x5e4, 0x4, 0x9, 0x2}, {0x1, 0x1, 0x6d07ec42, 0x800, 0x9, 0x7e8}, {0x81, 0x0, 0x1, 0x2, 0x2, 0x4}, {0x795a2981, 0x3ff, 0x4, 0xfffffffb, 0x4, 0x6a}, {0x101, 0x1, 0xffff98dd, 0x7, 0x5b77, 0xffffff7f}, {0x4, 0x1, 0x78db, 0x2, 0x182e, 0x7}, {0x9, 0x0, 0x0, 0xe4a3, 0x101, 0x5}, {0x4e6, 0x7f, 0xfff, 0x8c1, 0x5, 0xfffffffe}, {0x2, 0x5, 0x79, 0x9, 0x5, 0x2}, {0x7fff, 0xffff, 0xfffffff7, 0x3, 0x4, 0x7}, {0x800, 0x6, 0x6dfbe610, 0x7c2, 0xbc, 0x3}, {0x1000, 0x0, 0x80000000, 0xd33b, 0x789, 0x7}, {0x7, 0x2, 0x9, 0x800, 0x8}, {0x3, 0x1, 0xb861, 0x9, 0x9, 0x346bda4d}, {0xfff, 0x0, 0x1, 0x80000000, 0x6, 0x5}, {0x1, 0x9, 0x0, 0x6, 0x6, 0x3ff}, {0x12, 0x7b8, 0x1, 0x669, 0x1, 0x5}, {0x8000, 0x7fff, 0x1f, 0x7ff, 0x1f, 0x401}, {0x48000000, 0x7, 0x7, 0x0, 0x81, 0x8}, {0x4, 0x0, 0x3f, 0x3, 0x20, 0x401}, {0x1, 0x200, 0xdfba, 0x3, 0x6, 0x1}, {0x8, 0x382c, 0x4, 0x2, 0xd43, 0x97}, {0x7f, 0x0, 0x775, 0x0, 0x7ff, 0x8846}, {0x3f, 0x8, 0x2, 0xfffff801, 0x7ff, 0x70a3104f}, {0x2, 0x284, 0x200, 0x9, 0x4, 0x1}, {0x8, 0x5, 0x1, 0x6, 0x0, 0x2}, {0xffff, 0xfae8, 0x8, 0x6, 0x5, 0x4}, {0x0, 0x9, 0x101, 0x9393, 0x828, 0x4}, {0x7ff, 0xef7, 0x3, 0x0, 0x77, 0x2}, {0x2b8, 0x3, 0x3, 0x9f05, 0x401, 0x4}, {0x9, 0x7fff, 0x6, 0x35e, 0xfffff6e7, 0x918}, {0x9, 0x1ff, 0x1f, 0x8, 0x1, 0x8}, {0x4, 0x4, 0x8, 0x20, 0x2}, {0x5, 0xfffff800, 0x2, 0x2, 0x8, 0x2}, {0x7, 0x0, 0xfffffffb, 0x8, 0x6, 0x80000000}, {0x5, 0xf78, 0x1, 0x2, 0xf0f3, 0x40}, {0x0, 0x1, 0x6625, 0xffffffe1, 0x6466, 0x6}, {0x1, 0x9, 0x8, 0x3, 0x5, 0x6}, {0x7, 0x967a, 0x2, 0x1, 0x7, 0x7}, {0x20, 0xfffffffa, 0x6, 0xcb, 0x5, 0xff}, {0x6, 0xfffff1eb, 0x0, 0x1, 0xd20, 0x4}, {0x1, 0x13, 0x7, 0x1, 0x5, 0x8001}, {0x4, 0x3, 0x3, 0x5, 0x200, 0x2}, {0x1, 0x5, 0xfffffffe, 0x6448, 0x8, 0x3ff}, {0xfffffffe, 0x4, 0x6, 0x1ff, 0x10000, 0x1}, {0x4, 0xffffffff, 0x3, 0x7, 0x3, 0x59e}, {0x6, 0x2, 0x10000, 0x7, 0x8000, 0x10000}, {0x355, 0x3, 0x7fffffff, 0x7, 0x9}, {0x7, 0x4, 0x80, 0x4, 0xce, 0xf75}, {0x200, 0xcc, 0x9, 0x0, 0x26d9, 0x1}, {0x9, 0x4, 0x6, 0x9, 0x100, 0x3}, {0x0, 0x4, 0x4, 0xbc93, 0x7, 0x4}, {0x9, 0xdadd820, 0x324e, 0x0, 0x4, 0x4}, {0x6, 0x0, 0xff, 0xffffff00, 0x9, 0x60}, {0x2, 0xfffffff8, 0x8000, 0x5, 0x8, 0x6}, {0xfffffffc, 0x8001, 0xffff, 0x7, 0x1, 0xfffffe00}, {0x9, 0xfffffff8, 0x7fff, 0x8, 0x5, 0x80000000}, {0x1000, 0x1, 0xc785, 0x1, 0x8, 0x4}, {0x8, 0x7, 0x9, 0x7f, 0x1f, 0x10001}, {0xfbb, 0x6, 0xe3, 0xffffff17, 0x6, 0x4}, {0x7ff80000, 0x4, 0x800, 0x0, 0x3, 0x2}, {0x5, 0x5, 0x1, 0x2, 0x9, 0x100}, {0x4, 0x9, 0x1ff, 0x7, 0x7fff, 0x9}, {0x7ff, 0x1, 0x8, 0x1, 0x5, 0x5}, {0x7fffffff, 0x7, 0x0, 0x6, 0x7, 0xd6d}, {0x28000, 0x101, 0xcf7e, 0xde6, 0x7, 0x6f1}, {0xf6f, 0x2, 0x7, 0x2, 0x9, 0x9}, {0xfffffffe, 0x5, 0x6, 0x2, 0x2, 0x270}, {0x8, 0xd316, 0x7fffffff, 0x8, 0x1f, 0x5}, {0xe279, 0x7, 0x1f, 0x4, 0x5, 0x10000}, {0x7f, 0x8001, 0xff8d, 0x3b, 0x7, 0xfffffffc}, {0x7, 0x401, 0xfffffff7, 0x0, 0x4d5, 0x7}, {0x1ef, 0x3ff, 0x0, 0x8, 0x2}, {0x4, 0x401, 0x6, 0x50e, 0x101, 0x800}, {0xd22, 0xffff, 0x4, 0x3, 0xd449, 0x3}, {0x0, 0x1, 0x40000000, 0x2, 0x7, 0x9}, {0x4, 0x43df, 0x100, 0xab82, 0x5, 0x6}, {0x0, 0x2, 0x1, 0x3, 0x2f9fe63d, 0x7fffffff}, {0x5, 0x3, 0x6, 0x2, 0x7, 0x4}], [{0x5}, {0x5, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x3}, {}, {0x2, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x1}, {0x1}, {0x4, 0x1}, {0x5}, {0x2, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2}, {0x2, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0xf3fe53367e094f94}, {0x1}, {0x4}, {0x5}, {0x0, 0x1}, {0x4}, {0x4}, {0x2}, {0x4, 0x1}, {0x2, 0x1}, {0x3}, {0x2}, {0x5, 0x1}, {0x2}, {0x2, 0x1}, {0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x1}, {0x2}, {0x4, 0x1}, {0x1, 0x1}, {0x7, 0x1}, {0x3}, {0x67699d541507f3ec}, {0x1, 0x1}, {0x0, 0x1}, {0x4}, {0x4, 0x1}, {0x5, 0x1}, {}, {0x5, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x2}, {0x4}, {0x1, 0x1}, {0x5}, {0x7, 0x1}, {0x1}, {0x4}, {0x2, 0x1}, {0x3}, {0x1}, {}, {0x5}, {0x2}, {0x4}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x1}, {0x5}, {0x1}, {0x4}, {0x5}, {0x2}, {0x6, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x9, 0x1}, {0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x2}, {0x2, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x3}, {0x1}, {0x3, 0x31d5209b2918408d}, {0x2, 0x1}, {0x2}, {0x3}, {0x4}, {0x1, 0x1}, {0x5, 0x1}, {}, {0x1}, {0x886fccc454739692, 0x1}, {0x4, 0x1}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x1}, {0x2, 0x1}, {0x0, 0x9b3569f56614fa0d}, {0x3}]}}, @TCA_PEDIT_PARMS={0xf10, 0x2, {{{0xfff, 0x81, 0x3, 0x7, 0x80}, 0x1, 0x40, [{0x200, 0x5, 0x5, 0x4, 0x1, 0x6}, {0x0, 0x7ff, 0x1, 0xd4, 0x6, 0x10001}, {0x3, 0x8001, 0xb422, 0x20e2, 0x800, 0x3}, {0x4, 0x7, 0x6, 0x101, 0x0, 0x8}, {0xc90, 0xffffffff, 0x61a, 0x101, 0x3, 0x78}, {0x5, 0x101, 0x7, 0x2, 0xb1, 0x4}, {0x6b9b, 0x20000000, 0x401, 0x8000, 0x0, 0x7}, {0x7fffffff, 0x1, 0x8a86, 0x5, 0xeca, 0x7ff}, {0x7, 0x3, 0x1, 0x380000, 0xe53a, 0xc}, {0x200, 0x8, 0x8001, 0x2, 0x1, 0x6bba}]}, [{0x7f, 0x1, 0x8, 0xfffffffa, 0x2, 0xfffffbd9}, {0x26c8, 0xc33, 0x7, 0x8143, 0xffff2344, 0xedc9}, {0x5, 0x4, 0x3, 0x5, 0x1f624d56, 0x6}, {0x68, 0xffffff81, 0x4, 0x80, 0x3, 0x7f}, {0x8, 0x10001, 0x6, 0x56a70790, 0xfffffff8, 0x1}, {0x80000001, 0x2, 0x4, 0x7, 0x9f4, 0x7378}, {0x0, 0x92, 0x20, 0xffffffff, 0x1041, 0x80}, {0x7, 0x10000, 0x5, 0x20, 0xab25, 0x5}, {0x5, 0x800, 0x1000, 0x1, 0x101, 0x5}, {0xffffffff, 0x6, 0x3, 0x2e76, 0x8, 0x7}, {0xfffffffb, 0x7, 0x0, 0x3, 0x0, 0x10000}, {0x4, 0x24ac, 0x8, 0x9, 0x8, 0x7}, {0x80000000, 0x9, 0x2, 0x5, 0x0, 0x1}, {0xffffffff, 0xd1, 0x7fffffff, 0x4, 0x7, 0x1}, {0x8, 0x0, 0x2, 0x3f, 0x2, 0x401}, {0xfff, 0x3, 0x800, 0x10001, 0x9}, {0x0, 0x23f80, 0x8000, 0x7, 0x6, 0x1}, {0x9, 0x8, 0xe0000000, 0xfffffffe, 0x8766, 0x7}, {0x369, 0x0, 0x6, 0x7f, 0x9, 0x1}, {0x7, 0x7, 0xffff, 0x101, 0x1, 0x13}, {0x4, 0x1f, 0x1000, 0x2e286f4d, 0x10000, 0x8001}, {0x100, 0x200, 0x8001, 0x7ff, 0xde5, 0x800}, {0x81, 0xd9, 0x7, 0x0, 0xfff00000, 0x805}, {0x7, 0x101, 0x80000001, 0x401, 0x96f5, 0x1}, {0x8, 0x2, 0x7fffffff, 0x5, 0x9, 0x200}, {0x3, 0x0, 0x3, 0x3, 0x7, 0x1}, {0x22, 0xfff, 0x1, 0x20, 0x68, 0x2}, {0x6, 0xfffffffd, 0x5, 0xfffffff8, 0xeb, 0x80000001}, {0x10001, 0x4, 0x0, 0x7, 0x4, 0x200}, {0x112, 0x8001, 0x7, 0x1, 0xc3, 0xd7b1}, {0xb3, 0x10001, 0x10001, 0x7, 0x2d, 0x4}, {0x7657, 0x7fff, 0x0, 0x6d, 0x0, 0x7}, {0x10001, 0x9, 0x10001, 0x6, 0x1, 0x10001}, {0x40, 0x6, 0x8, 0x7, 0x1, 0x6}, {0x101, 0x5, 0x6057ff7, 0x8001, 0x6, 0x7}, {0x8, 0x0, 0xb5, 0x8001, 0x4, 0x4}, {0x0, 0x1, 0x10001, 0x7, 0x32e49a6c, 0xab}, {0x5, 0xffff, 0x80000000, 0x6, 0x0, 0x5}, {0x84a, 0x1, 0xcbc, 0xc5a, 0x6, 0xfffffa83}, {0x797e7b44, 0x9, 0x80000001, 0x3, 0x338, 0x20}, {0x24d, 0x2, 0x4, 0x2, 0x4, 0x9}, {0x7, 0x1, 0x3, 0xffffffff, 0x6d, 0xff}, {0x81, 0x31e2, 0xe8f, 0x7f, 0x3f, 0x1}, {0x101, 0x8, 0x9, 0x0, 0xff, 0x1f}, {0x8, 0x6, 0x37f, 0x3a, 0x401, 0x2}, {0x5, 0x3ff, 0x0, 0x8219, 0x9, 0x4}, {0xfffffffe, 0x9, 0xa7, 0xbb2, 0xf7, 0x6d}, {0xffff7c14, 0xcdc, 0x80, 0x1, 0x8, 0x3}, {0x24, 0x2, 0x3, 0x81, 0x7, 0x7fffffff}, {0x1abf4471, 0x6, 0x0, 0x6, 0x7fff, 0xffffffff}, {0x1, 0x3, 0x0, 0x1dd, 0x3ff, 0x1ba1}, {0x80000001, 0xec, 0x80, 0x5e28, 0x40, 0x9}, {0x3, 0x1, 0x2, 0x37, 0x1ff, 0x5}, {0x3ff, 0x8000, 0x6, 0x10000, 0x4, 0x5}, {0x1f30dab5, 0x2, 0x3, 0x10001, 0x5, 0x800}, {0x5, 0x1000, 0x4, 0xffff8f73, 0x8, 0x97}, {0x3, 0x9, 0xff, 0x2, 0x20, 0x3f}, {0x3, 0xff, 0x401, 0x8, 0x1, 0x7}, {0x5b43, 0x81, 0x9, 0x7, 0xfff, 0xf67}, {0x0, 0x2, 0xe3, 0x6e1, 0x0, 0xfff}, {0x37, 0x6, 0x10000, 0x3, 0x4, 0x1000}, {0x6, 0x800, 0x7ff, 0x0, 0x3f}, {0x9, 0x8, 0x9, 0x9, 0x28}, {0x10001, 0xffff8000, 0x3, 0xa474, 0x10000, 0x400}, {0x4, 0x3, 0x0, 0x200, 0x1f, 0x20}, {0x4, 0x81, 0x8, 0x5, 0x100000, 0x7}, {0x0, 0xb2d, 0x400, 0x8, 0xfffffffd, 0xe7b4}, {0x1, 0x3, 0x96, 0x4, 0x8, 0x80000001}, {0x9, 0x400, 0xc9a, 0x1f, 0x7, 0x81}, {0xa02a, 0x40, 0x43d4, 0xffff, 0x1, 0x2}, {0xfffffff0, 0x80000001, 0x2, 0x9, 0x1, 0x2}, {0x0, 0x5, 0x2, 0x6, 0xa89a, 0x7ff}, {0x200, 0x9, 0x7fff, 0x1db000, 0x9, 0x3f}, {0x1, 0x39bdd944, 0x0, 0x8d3, 0x1, 0x2}, {0xb9e, 0x7, 0xffffffff, 0xd1, 0x3f, 0xe41b}, {0x8, 0x5, 0x401, 0x1, 0x1}, {0x33d, 0xfa, 0x2335, 0x3, 0x8, 0x1}, {0x9, 0x6, 0xfffffff8, 0x1, 0x7, 0x2}, {0x2, 0x5, 0x0, 0x3, 0xff}, {0x9, 0x7, 0x0, 0xd9, 0x7fff, 0xffff0001}, {0x400, 0x3f, 0x9, 0x6, 0x3, 0x1}, {0x8, 0x4, 0xd2, 0x4, 0x6, 0x7f}, {0x800, 0x5, 0x4, 0x7, 0x2, 0x828}, {0x2, 0x9, 0x2, 0x4, 0x101}, {0x1, 0x7, 0xffff, 0x6, 0x9, 0x3}, {0x6, 0x8, 0x5, 0x2, 0x3, 0x5}, {0x2, 0xbec, 0x2, 0x2, 0x3, 0x40}, {0x10000, 0x7ff, 0x3, 0x200, 0x61c, 0x80}, {0xb45, 0x4, 0x7, 0x67, 0xefe, 0x4}, {0x3, 0x0, 0xffffffff, 0x7, 0x2, 0xe}, {0x5, 0xf498, 0xace1, 0x8da5, 0x20, 0x2}, {0x74, 0x5, 0x80000001, 0x800, 0x4}, {0x1, 0x3, 0xfff, 0x1, 0xffffffff, 0xfff}, {0xffff, 0x5, 0x8, 0x6, 0x8, 0x7}, {0x8, 0x7ff, 0x887, 0x3, 0x1, 0x80000001}, {0x6, 0x8a, 0x7fffffff, 0x0, 0x0, 0x1}, {0xfffffffc, 0x7, 0xd0f, 0x5, 0x20, 0x1}, {0x1, 0x7, 0x4, 0x9, 0xcca, 0x2}, {0x400, 0x5, 0x0, 0x6, 0x7, 0x9}, {0xe72ed34, 0x0, 0x5ca, 0x5a5, 0x3, 0x5}, {0x3, 0x1f, 0x1, 0x1, 0x9d2, 0x6}, {0x1, 0x8, 0xec, 0x8, 0x81, 0x3}, {0x1f, 0x3, 0x4, 0xe608, 0x7f}, {0x7, 0x4, 0x6, 0x2, 0x0, 0x8}, {0x7, 0x9, 0x5, 0x5, 0x9, 0x3}, {0x3f, 0x0, 0x2, 0x5, 0x10000, 0xd7a}, {0x1, 0x9, 0x2, 0x9, 0x401, 0xfffff6cd}, {0x3, 0x7fe00, 0x0, 0x5a, 0x5df2, 0x1}, {0x1ff, 0x2, 0x1, 0x1, 0x8, 0x6}, {0x70369b, 0x4, 0xe33, 0xbd, 0xf972}, {0x401, 0x6, 0x2, 0x7}, {0x0, 0x4, 0xffff8000, 0xffff, 0x7, 0xd4d}, {0x7, 0xc5, 0x5, 0x1ff, 0x9, 0x1}, {0x1f, 0x81, 0x0, 0x8001, 0x800, 0x7}, {0x2, 0x400, 0x9, 0x51, 0xffffffff, 0x8}, {0x1, 0x7, 0x9, 0x2e56df16, 0x401, 0x2}, {0x1, 0x5, 0x3c52, 0x7ff, 0x0, 0x469a}, {0x1, 0x80, 0x5, 0x7fffffff, 0x81, 0xbc6}, {0x3, 0x1, 0xffff, 0x0, 0xcb, 0x2a}, {0xd08, 0x5, 0x7fffffff, 0x2, 0xe81, 0x5}, {0xfffffffc, 0x8000, 0x9, 0x1, 0x3, 0x4}, {0x9, 0x8, 0x40, 0x9, 0x4, 0xc7dc}, {0x7fffffff, 0x8000, 0x2, 0x8, 0x5, 0x1a}, {0x99, 0x124a, 0x8000, 0x401, 0xc8, 0x5}, {0x7, 0x496, 0x5, 0x5, 0x6, 0xfffff2a9}, {0x7fff, 0x1f, 0x7, 0x6a, 0xfffffffb, 0x4d4}, {0x9, 0x1, 0x7fff, 0x7, 0x0, 0x9}, {0x4, 0x2, 0x7, 0x800, 0xffff, 0xfff}], [{0x1, 0x1}, {0x1}, {0x5, 0x1}, {0x4, 0x2}, {0x2, 0x1}, {0x4}, {0x1, 0x1}, {0x6}, {0x1}, {0x2, 0x1}, {0x2}, {0x3, 0x1}, {0x0, 0x1}, {0x2}, {}, {0x1, 0x1}, {0x5}, {}, {0x4, 0x1}, {0x4}, {0x4, 0x1}, {0x5, 0x1}, {0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x2}, {0x2}, {0x2, 0x1}, {0x1}, {0x2}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x5}, {0x1, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x3}, {0x1, 0x1}, {0x5}, {0x4}, {}, {0x5}, {0x5, 0x1}, {}, {0x2, 0x1}, {0xc76ea5509a8c222b}, {0x3}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x4}, {0x99b137e83daddf11}, {0x3, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x5}, {0x3}, {}, {}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x2}, {0x4}, {0x2, 0x1}, {0x2}, {0x5}, {0x1, 0x1}, {0x4}, {0x1, 0x1}, {0x4}, {0x3, 0x1}, {0x4, 0x1}, {0x2}, {0x1}, {0x3}, {0x0, 0x1}, {0x2}, {0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x3, 0x1}, {0x5}, {0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x1}, {0x3}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x2, 0x1}, {0x1, 0x1}, {0x4}, {0x3}, {0x3}, {0x0, 0x1}, {0x2}, {0x5, 0x1}, {0x0, 0x1}, {0x4}, {0x3}, {0x4}, {0x3, 0x1}, {0x1}, {0x3}, {0x4}, {0x3}], 0x1}}, @TCA_PEDIT_PARMS_EX={0xe68, 0x4, {{{0x1, 0x6, 0xffffffffffffffff, 0xffffffff, 0x87}, 0xad, 0x8, [{0x7ff, 0x101, 0xc, 0xffffffff, 0x20, 0xfffffbda}, {0x1, 0x3, 0x6, 0xffffffff, 0x8c11, 0x3}, {0x10000, 0x80000000, 0x7, 0x20, 0x1f, 0x10001}]}, [{0x1ab8, 0x5, 0x1, 0x6, 0x2, 0x6}, {0x1, 0x6, 0xfff, 0x1000, 0xd8a, 0x5}, {0x4, 0xd29, 0x8, 0x38, 0x9, 0x81}, {0xffffffff, 0x7f, 0x7, 0x67, 0x800, 0x80000001}, {0x3, 0x3, 0xa44, 0xf0000000, 0x2, 0xa0e}, {0x4, 0x3, 0x6, 0x8001, 0x8, 0x730b}, {0x7, 0x5, 0x7f, 0x0, 0x9a, 0x6}, {0xfffffffd, 0x1, 0xe1, 0x4c5fa2a9, 0x1, 0x20}, {0x3f, 0x10000, 0xffffffff, 0x6, 0x3ff, 0x7}, {0xffffffff, 0x7ff, 0x1f, 0x7ff, 0x7ff3, 0xfff}, {0x6, 0xffffff01, 0x20, 0x7, 0xc5}, {0x1ff, 0xfb, 0x7, 0x3, 0x9, 0xffff}, {0x6, 0xffffff62, 0x7, 0x7, 0x9, 0x4}, {0x3, 0x9, 0x1, 0x2, 0x56d, 0xc6b}, {0xba7, 0x0, 0x3, 0x609, 0x7f, 0x3}, {0x3ff, 0x6, 0x7, 0x6, 0xb11, 0x6}, {0x1, 0xffffffff, 0x8b0, 0xd7, 0x800, 0x7fffffff}, {0x9, 0x1400, 0x8, 0x7, 0x400, 0xb0}, {0x80000001, 0xffffffff, 0xc652, 0xe61, 0x0, 0x8}, {0x1, 0x7fffffff, 0x0, 0x2, 0x9}, {0xfffffff8, 0x4, 0x86, 0x6, 0x7fff, 0x8}, {0xfffff60f, 0x8, 0x4, 0x6, 0xc9}, {0xfffffff9, 0xfff, 0xff, 0xdced, 0xfffffffb, 0x1}, {0x9, 0xffff, 0x0, 0x6, 0x1ff, 0x5}, {0x4, 0xffffffff, 0x5, 0x5, 0x1ff, 0x5}, {0x0, 0x1ff, 0x80d, 0x6, 0x100, 0x777c}, {0x59, 0x7, 0x5, 0x0, 0x5, 0x7}, {0x82fb, 0x200, 0x80000000, 0x4, 0x7d, 0xfffff001}, {0x0, 0x8, 0x6, 0x7, 0x6, 0x4}, {0x9b, 0x401, 0x53ca, 0x3, 0x6, 0x8}, {0xffff15fd, 0x1, 0x80, 0x8, 0x9, 0x3ff}, {0x3, 0x1000, 0x400, 0x7f000, 0x7, 0x6da}, {0x0, 0x2, 0x8, 0x3, 0x5, 0x4}, {0x2, 0x8, 0x5, 0x80000001, 0x1, 0x1d5cf435}, {0x4, 0x80000001, 0x12, 0x89, 0x1ff, 0x6b}, {0x6, 0xffffffff, 0x1ff, 0x6, 0x9, 0xfffffff7}, {0x1, 0xffffff04, 0x20, 0x1000, 0x7, 0x1ff}, {0x0, 0x1, 0x28c, 0x1, 0x9, 0x64}, {0x1, 0x1000, 0x1, 0x3, 0x5, 0x93}, {0x3, 0x10001, 0x0, 0x1, 0x2858}, {0x2, 0x2, 0xfff, 0x2, 0x2ea, 0xfffffeff}, {0xff, 0x6, 0xc50, 0x0, 0x20}, {0x8000, 0x80000000, 0x8c2b, 0x1000, 0x4}, {0xe6d2, 0x5, 0x5, 0x5, 0xfffffffd, 0x4}, {0x3, 0x4, 0x7, 0x1, 0xfffffffd, 0x9}, {0x5, 0x5, 0x0, 0x2, 0x7fff, 0xfffffff8}, {0x0, 0x58, 0x1, 0x8, 0x4, 0xfffffff7}, {0x7fff, 0x6, 0x8, 0x0, 0x7, 0x80}, {0x1, 0x2, 0x2, 0x6, 0x40, 0x1}, {0x2, 0x40, 0x10001, 0x3f, 0x1ff, 0x20}, {0x2000, 0x8, 0x2, 0x6, 0x3, 0x9}, {0x80, 0x8, 0x10000, 0x7fffffff, 0x7, 0xffb}, {0x4, 0xfffff001, 0xda, 0x8, 0x800, 0x80000001}, {0x7f, 0x10001, 0x7, 0xfffffff8, 0x0, 0x7}, {0x6, 0x7fffffff, 0x800, 0x636e, 0x6, 0xfff}, {0x5, 0x5, 0x77, 0xc0000000, 0x6, 0x9}, {0x0, 0x9, 0x1, 0x3, 0xfffffffc, 0xffffff80}, {0x6, 0xa89, 0x2f0da041, 0x6f, 0xed4, 0x4f69}, {0xffffdb5e, 0x7, 0x897c, 0x6, 0x5, 0x8}, {0x2, 0xaeb5, 0x401, 0x80000001, 0x3, 0x7}, {0xfff, 0x1000, 0x3, 0x9bb, 0xb5, 0xfffffffb}, {0x0, 0x2, 0x8, 0xfffff86e, 0x1, 0x8000}, {0x5, 0x7, 0x9, 0xf8000000, 0x6, 0x2}, {0x8, 0x9, 0x6, 0xeee, 0x1ff000}, {0x4bc, 0x8, 0xd6, 0x8, 0x1, 0xfffffffe}, {0x6, 0x3, 0x20, 0x6, 0x81, 0x3}, {0x20, 0xfff, 0x3f, 0x4, 0xf564}, {0x14, 0xa0, 0xfffffffb, 0x1ff, 0x81, 0x80}, {0xffffffc1, 0x7, 0x9, 0x8, 0x6, 0x5}, {0x4, 0x80000001, 0x401, 0x80000000, 0x0, 0x8001}, {0x1000, 0x64d6, 0x432, 0x1, 0x1ff, 0x800}, {0x7, 0x5, 0x1ff, 0xfffff801, 0x5d, 0x7}, {0x7, 0x400, 0x6, 0x0, 0x8, 0x1}, {0xe91c, 0x9, 0x3f, 0x4, 0xfffffff8, 0x1}, {0x19, 0x7fffffff, 0x2, 0x3, 0x100, 0x7}, {0x2, 0x1ff, 0xabf, 0x3ff, 0xfffffff9, 0x2}, {0x6, 0x7f, 0x0, 0x8, 0x2, 0x3f}, {0x2, 0x82a7, 0x80000000, 0x800}, {0x3, 0x5, 0xb2, 0x2, 0x3ff, 0xff}, {0x0, 0x1, 0xfffffffd, 0x1ff, 0x9, 0x3}, {0x79a, 0x9, 0x0, 0x7, 0x20, 0x7}, {0x9, 0x54, 0x1, 0x4, 0x9, 0xff}, {0x1d, 0x9, 0x9, 0xfffffffa, 0x401, 0x8}, {0x9, 0x0, 0x8, 0xe47, 0x0, 0x5}, {0x100, 0x0, 0xff, 0x1, 0x0, 0x40}, {0x9, 0x5, 0x3, 0x1f, 0x8, 0x9}, {0x9, 0x4e49cf34, 0x7, 0x0, 0x7fffffff, 0x1}, {0x5, 0x8, 0x0, 0xbbdb74a1, 0x9, 0x4}, {0xfff, 0x3, 0x5, 0x1000, 0x7, 0x2289}, {0x7, 0x0, 0x2, 0x1, 0x4, 0x3}, {0x4c3, 0xb9, 0xb013, 0x8001, 0xf08, 0x3f}, {0x52, 0x6, 0x3ff, 0x64, 0xf96, 0xc373}, {0x200, 0xff, 0x4, 0x3f, 0x4, 0x1}, {0x5, 0xf437, 0x4, 0x4, 0x400, 0xfffffff8}, {0xffffffff, 0xffffffff, 0x7fffffff, 0x7ec1, 0x5, 0x4}, {0x400, 0x101, 0x9, 0x7, 0x9, 0x3661}, {0x5, 0x1, 0x6ece, 0x4, 0x0, 0x5}, {0x240, 0x1d4, 0x9, 0x1, 0x2, 0x3}, {0x2, 0xaf41, 0x200, 0x7fff, 0x0, 0x10000}, {0x5, 0x7, 0xffffff80, 0x3, 0xfff, 0x9}, {0x10000, 0x4, 0x0, 0x8000, 0x80, 0xcc6}, {0x40000000, 0x4, 0x0, 0x2, 0x9, 0x7}, {0x5, 0x9, 0xff, 0xfffffc00, 0x2, 0xdf}, {0xff5, 0x360c, 0x7e, 0x4, 0x3, 0x7f}, {0x2, 0x42, 0xfffff1ce, 0x3, 0x2, 0x7}, {0xdd, 0x1, 0x3, 0x7710000, 0x3ff, 0x1000}, {0x83f, 0x7, 0x3f, 0x10000, 0x1, 0x3}, {0x5, 0x6, 0x6, 0x1, 0x3, 0x4}, {0x8, 0x2, 0x8001, 0xffff, 0x7, 0x2}, {0x2, 0x81, 0xffffffff, 0x46e, 0x10001, 0xfffffffc}, {0x7ff, 0x487, 0x44, 0x5, 0x0, 0x8000}, {0x1, 0x400, 0x0, 0x1, 0x20, 0x2}, {0x8, 0x8, 0x3f, 0xfff, 0x0, 0x1f}, {0x2, 0x2, 0xfffffff8, 0x6, 0x800, 0x80}, {0x40, 0x5, 0x87, 0x2, 0x10000, 0x5}, {0x7, 0x0, 0x77, 0x9, 0x7, 0xfff}, {0x0, 0x5, 0x1a7a6227, 0x86, 0x0, 0x8d}, {0x2a, 0x9, 0x1e1, 0x1, 0x3, 0x7}, {0xcb, 0x5, 0x3, 0x5, 0x5, 0x9}, {0x7fff, 0x1ff, 0x5, 0x6, 0xfffffe00}, {0x2d, 0x4000000, 0x101, 0xa6, 0x0, 0x3c63}, {0x9, 0x4, 0x1, 0x9, 0x9ba, 0xcacb}, {0x8, 0x5, 0x3, 0x7fffffff, 0x9, 0xfff}, {0x6, 0xc2a, 0x9, 0x80000001, 0x836a, 0x3}, {0x400, 0x9a9, 0x9, 0x6, 0x40, 0x937a}, {0x80, 0xbf4e, 0x101, 0x9, 0x69, 0x1}, {0x4, 0x5, 0x3, 0x5, 0x5cd, 0x9}, {0x6, 0x92, 0x2, 0x78e6, 0x0, 0x6}], [{0x0, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x4}, {}, {0x3}, {0x1, 0x1}, {0x0, 0x1}, {0x4}, {0x4, 0x1}, {0x4}, {0x1}, {}, {0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x1, 0x1}, {0x5}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x3}, {0x2, 0x1}, {0x2}, {0x5, 0x1}, {0x2}, {0x4}, {0x6}, {0x2}, {0x3}, {0x2}, {0x4, 0x1}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {}, {0x1, 0x1}, {0x1, 0x1}, {0x3}, {0x5, 0x1}, {0x3, 0x1}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x1}, {0x1}, {0x2, 0x1}, {0x1}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x5, 0x1}, {0x1}, {0x4}, {0x5, 0xef78f96eee843bc3}, {0x1, 0x1}, {0x3}, {0x1}, {0x5, 0x1}, {0x3}, {0x3}, {0x4, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {}, {0x1, 0x1}, {0x4}, {0x5}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {}, {0x1}, {}, {0x1}, {0x3}, {0x4}, {0x0, 0x1}, {0x1, 0x1}, {0x5}, {0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x1}, {0x3}, {0x3}, {0x14b997fc788edcb9}, {0x4, 0x1}, {0x1}, {0x5}, {0x3}, {0x4}, {0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x1}, {0x0, 0x1}], 0x1}}, @TCA_PEDIT_PARMS_EX={0xe68, 0x4, {{{0x6, 0xffff1917, 0xffffffffffffffff, 0x6, 0x1}, 0x5, 0x10, [{0x331, 0x1000, 0xfffffe78, 0x6, 0xd295, 0x4}, {0x6, 0x7fffffff, 0xffff, 0x7, 0x200, 0x2}, {0xffffff6d, 0x6, 0x3f, 0x39f0, 0x1, 0x800}]}, [{0x0, 0x3, 0x0, 0x3, 0x2, 0x10001}, {0x7, 0x5, 0x3f, 0x1, 0x2, 0x1f}, {0x4, 0x10000, 0x2, 0x1, 0x5, 0xc2a6}, {0x40, 0x8, 0x80000000, 0x2, 0x1, 0x7}, {0x101, 0x532, 0x8, 0x5, 0x7e, 0xfff}, {0x2, 0xd703, 0x100, 0x2, 0x3, 0x100}, {0x200000, 0xcd7, 0x7, 0xea3e, 0x9, 0x3}, {0x5, 0x7fffffff, 0x6, 0x14, 0x9, 0x400}, {0x4, 0x9, 0x9b, 0x5, 0x5}, {0x0, 0x0, 0x401, 0x5, 0x20, 0x2}, {0x9, 0xcc, 0x1000, 0x8, 0x3f, 0x3}, {0x9, 0x9, 0x4, 0x10000, 0x6, 0x6}, {0x0, 0xfffffff9, 0x7, 0x20, 0x8, 0x1}, {0xbc79, 0x400, 0x80, 0xc0000000, 0x3, 0x1}, {0xa4b, 0x7ff, 0x2, 0x4, 0x7fffffff, 0x6}, {0xffffffff, 0x6, 0x400, 0x10001, 0x3, 0x4}, {0x80000000, 0x80000001, 0x8, 0x996, 0x46a5, 0x3}, {0x4, 0x5, 0x101, 0x53, 0x0, 0x8000}, {0x6, 0x0, 0x1, 0x4, 0x1, 0x7}, {0x3, 0x1266894e, 0x5, 0x4, 0xfffffff7, 0x8}, {0x400, 0x101, 0x8, 0x7, 0xffffffff, 0x5}, {0x7f, 0x80, 0x0, 0xff, 0x0, 0x8001}, {0x200, 0x6, 0x0, 0x7, 0x0, 0x3f}, {0x3, 0x0, 0x8, 0x7ff, 0x78c8, 0x3f}, {0x8, 0x5, 0x8001, 0x0, 0xffffe6de, 0x3}, {0xffff, 0x7f, 0x80, 0x3, 0x2, 0x7}, {0xffffffff, 0x6, 0x679, 0x0, 0x6, 0x9}, {0x5, 0x1c, 0x2, 0x3, 0xfffff135, 0x32ac}, {0x40, 0x9, 0x8, 0x5, 0x9, 0x8}, {0x2, 0x0, 0x7, 0x4, 0x20000000, 0x2}, {0xffff, 0x6, 0x0, 0x3, 0x3, 0x80000001}, {0x7, 0x6, 0x7, 0x7, 0x9, 0x2c}, {0x8, 0x7, 0x9, 0x504, 0x7, 0x5}, {0x8, 0xa7c, 0x2, 0x6, 0x8001, 0x818}, {0x2, 0xfffffffa, 0x8, 0x2, 0xff, 0x9}, {0x68, 0x200, 0x6, 0x7, 0x7, 0x8}, {0x4, 0x5bc, 0x6, 0x2, 0xff, 0xffffffff}, {0x4, 0x4, 0x6, 0x3, 0x3, 0x3}, {0x3, 0x2, 0x83d, 0x7, 0x0, 0x3f}, {0x6, 0x7, 0x6, 0x1, 0x0, 0x1}, {0x0, 0x3f, 0x1, 0x3f, 0x8001, 0x8001}, {0x2, 0x100, 0x4, 0x56a, 0x401, 0x9}, {0x80000000, 0x0, 0x2, 0x2, 0x8, 0x4}, {0x57000000, 0x4, 0x40, 0x6, 0xca0e, 0x7}, {0x4, 0x1, 0xfffffff7, 0x80000001, 0x8, 0xffffd15a}, {0xffffffff, 0x9, 0x8, 0x9e, 0x7, 0x1ff}, {0x5, 0x101, 0x0, 0xd156, 0x80, 0x9}, {0xb02, 0x4, 0x0, 0x7fffffff, 0x80000000, 0x8}, {0x800000, 0x1, 0xed64, 0x80000001, 0x7, 0xffffff00}, {0x8, 0x8, 0x7, 0x2, 0x6, 0x7}, {0x9, 0xffffffff, 0x2, 0x80, 0x1, 0x80000000}, {0x7, 0x81, 0x3, 0x1, 0x0, 0x2}, {0x40, 0x1, 0x3, 0x3a48, 0x6, 0x1}, {0x459, 0x3, 0x4, 0x9, 0x3, 0x3}, {0x9, 0x7, 0xc2f, 0x3, 0x1, 0x7}, {0x9, 0x663, 0x1, 0x7, 0xfffffffe, 0x8}, {0xffffffff, 0x4, 0x2, 0x9, 0xc0c6, 0x7ff}, {0x5, 0x1, 0x8, 0x4, 0x8, 0x400}, {0x6, 0x7, 0x1, 0x6, 0x9, 0x81}, {0x1, 0x6, 0x8, 0x3, 0x8, 0x3ff}, {0x8, 0x7f, 0x2, 0x7, 0x1f, 0x2}, {0x0, 0x3, 0x2, 0x5, 0x10001, 0x7}, {0x3, 0x1f, 0x7fffffff, 0x20, 0x7, 0x4}, {0x10000, 0xfffffffc, 0x9, 0x4, 0x3, 0x5}, {0x3, 0x7, 0x2, 0x7a79, 0x4, 0x7ff}, {0xfffffffc, 0x10001, 0x80, 0x7, 0x3ff, 0x6}, {0x7f, 0x7, 0x8, 0x6, 0x3, 0x4}, {0x8, 0x36, 0x0, 0x1, 0xd177, 0x1}, {0x7fffffff, 0x4, 0x2c93, 0x1, 0x3, 0x3ff}, {0x7fffffff, 0x9, 0x882, 0x99, 0x6, 0x80000001}, {0x7, 0x6, 0x8, 0x6, 0x2, 0x1}, {0x9585, 0x6, 0x9, 0xffff8000, 0x4, 0x1}, {0x1, 0x0, 0x5, 0x4, 0x9, 0x40}, {0x6, 0x5, 0x7, 0x7, 0x0, 0x8}, {0x6f72, 0xffffffff, 0x7, 0x7, 0x2, 0x1000}, {0x7, 0x80, 0x5, 0xdce7, 0x9, 0x5}, {0x1, 0x5, 0x80000001, 0xa682, 0x7fff, 0xffffffff}, {0x400, 0x2, 0x2, 0x2000000, 0x31, 0x2}, {0x9, 0x0, 0x8001, 0x9, 0x2, 0xffffffb2}, {0x9, 0x8, 0x1000, 0x7, 0x8, 0x101}, {0x1dc6, 0x20, 0x10000, 0x0, 0x1000, 0x400}, {0x80000001, 0x87, 0x4027f771, 0x9, 0x5, 0x10000}, {0xd3, 0x2, 0x0, 0x3, 0x400, 0x9}, {0xab9, 0x8, 0xffffffe8, 0x1, 0x2, 0x1}, {0x7, 0x0, 0x43c, 0x1, 0x80000000, 0x5}, {0x3, 0x10000, 0x1, 0xa8a, 0x4, 0x4}, {0x0, 0x1, 0xeddfe41, 0x2, 0x20, 0x800}, {0xffffffff, 0x2, 0x7f, 0x785, 0x7fff, 0x51}, {0x1, 0x88, 0x7f, 0x0, 0x1, 0x2}, {0x3f, 0x9, 0x2, 0x401, 0x9, 0xf492}, {0x5, 0x2, 0x400, 0xfffffff8, 0x6, 0xff}, {0x8, 0x9, 0x80000000, 0x4, 0x3ff, 0x1}, {0xfffffffb, 0x0, 0x1, 0x3, 0x76401399, 0x3870}, {0x8, 0x5, 0x6f531936, 0x6, 0x20, 0x7}, {0xeb, 0xffffffff, 0x6d, 0x4, 0x9, 0x80000000}, {0x81, 0x3, 0x1, 0x200, 0xf75, 0x8}, {0x9, 0x2, 0xffffff61, 0x100000, 0x2, 0x100}, {0x1ff, 0x1, 0x3ff, 0xffffffff, 0x80000001, 0x6}, {0x1, 0x3ff, 0x100, 0xffff, 0x4}, {0x80000000, 0x8, 0xfff, 0x8, 0x3, 0x4}, {0x80, 0x0, 0x1, 0x0, 0x5, 0x5}, {0x4f, 0x1, 0x2, 0xe2, 0xe4, 0x4}, {0x2, 0x1f, 0x7fff, 0x50, 0x80000001, 0x2}, {0x5, 0xffffffff, 0x2, 0x800, 0x2a2, 0x7}, {0x8, 0x5, 0x8, 0x0, 0xffffff81, 0x8}, {0x5f5f, 0x0, 0x3, 0x8, 0x80, 0x8}, {0x10000, 0x0, 0x4, 0x4, 0xee, 0x5}, {0x0, 0x1, 0xff, 0x7, 0x3, 0x2}, {0x425e, 0x0, 0x5, 0x3, 0xfffffff9, 0x8001}, {0x9, 0xce6, 0x8, 0xdb3b, 0x40, 0xde}, {0x6, 0x4, 0x6, 0x1, 0x20, 0x101}, {0xc1e6, 0x8, 0x81, 0x6, 0x6, 0xaa8}, {0x3ff, 0x8, 0x9, 0x28000, 0x5, 0x101}, {0x3, 0xbab, 0x6, 0x3, 0x3, 0x401}, {0x6, 0x3, 0x3, 0x81, 0x1, 0x81}, {0x7, 0x10001, 0xfff, 0x5, 0x192, 0x7}, {0x7fff, 0x800, 0x3, 0x1, 0x9, 0x200}, {0x8, 0xfffff801, 0x6, 0x101, 0x4, 0x2a8}, {0x3, 0x4, 0x4, 0x400, 0x2, 0x1}, {0x8, 0x80000000, 0xaff0, 0x1ff, 0x9, 0x2e2}, {0x0, 0x3ff, 0x5, 0x1, 0x80000001}, {0x9, 0x100, 0x1, 0x100f, 0x4, 0x800}, {0x8001, 0x8, 0xa86, 0x7ff, 0x8001, 0x8}, {0x7, 0x20000000, 0x5, 0x8dac, 0x1ff, 0x5}, {0x7ff, 0x23, 0x6, 0x3ff, 0x7fff, 0x95}, {0x9, 0x49a, 0x1, 0x5, 0x5, 0x7fffffff}, {0x0, 0x4, 0x9, 0x9, 0x80, 0x1}, {0x0, 0x100, 0xfffffffc, 0x2, 0xd7b, 0x67}], [{0x1, 0x1}, {0x1, 0x1}, {0x2}, {0x2}, {0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x2}, {0x5, 0x1}, {0x4}, {0x4}, {0x3, 0x1}, {0x4}, {0x2, 0x1}, {0x4, 0x1}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x4}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {}, {0x2}, {0x5, 0x1}, {0x5}, {0x5}, {0x4}, {}, {0x3, 0x1}, {0x3}, {0x5}, {0x0, 0x1}, {0x5}, {}, {}, {0x4}, {0x3, 0x1}, {0x4}, {}, {0x4}, {0x0, 0x1}, {}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x6, 0x1}, {0x5, 0x1}, {0x3}, {0x5, 0xd7323245a3c06b0a}, {0x0, 0x4b5b362cfeef4511}, {0x4, 0x1}, {0x5, 0x1}, {0x4}, {}, {0x4, 0x1}, {0x0, 0x1}, {0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x3}, {0x4, 0x1}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x3}, {0x3}, {0x5}, {}, {0x5}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x7, 0x1}, {0x3}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x4, 0x1}, {0x5}, {}, {0x4, 0x1}, {0x1}, {}, {0x5, 0x1}, {0xc49f18c3e23b09ac}, {0x4}, {0x2}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x3}, {0x1}, {0x5, 0x1}, {0x4}, {0x2, 0x1}, {0x2}, {0x7, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x1}, {0x1}, {0x2, 0x1}, {0x5}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x4, 0x1}, {0x0, 0x1}]}}]}, {0x102, 0x6, "c842fac202110196707a3ee4b8c67375f7b915242a6ab8b3d4eb5c10bba066762ec74f741a3cbde008e86f657ec88e32eb8801ee51fc675566ba36eb7004554baaf1b36e27c36c4e3ad90971e2f10da3554d77a87639bbbcfbce52d21911f23f076e6195508f551185c24055e756d87e0545c2916b775dbcffa57b8b21984e3e62948b76d29376d94b0fd4a6aa80de92adec25e9d59624ee0f27931e062a0c4f8eae1797baea49106872fd411b51d1d30ebf28ceb9d60bf426b363389d8adad9169a816fd6347b0901801428aacaf1fff861b48ac45f2e33a7d533b00916645660075e1c17af91f1382d27d906e8a7d708adfcf7ee49aa1b2fdeb15d7b36"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_vlan={0x158, 0x8, 0x0, 0x0, {{0x9, 0x1, 'vlan\x00'}, {0x80, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x502, 0x522f, 0xffffffffffffffff, 0x0, 0x7ff}, 0x3}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x5a80, 0xea9, 0x20000000, 0x3f, 0xe22f6690}, 0x3}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x0, 0x4, 0x20000000, 0xc04b, 0x1}, 0x1}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x8e7}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x1}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xad6}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x369}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0xae, 0x6, "d2b08952b4dd2a12bf92acbaed7b10b9bb9dfa94153be5dcb3249977813ffb8fb34f39f5f24221bfcbc1b01231273ae77a6b3a572580311a3f1e4e46c27731ef7392db1514c4fa989f361476293dfafff426dab6171d0da9880a35b65298b5591cec95b0cabf7535df4ce3451680a009e225782923d4cecb8fb288be93b17a0c0c3460930647a30ba3c2ecc252bd86bd87c07a1199bad26cf48a7641cec7fa8b42045079a4726b650fb0"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_mirred={0x140, 0x1f, 0x0, 0x0, {{0xb, 0x1, 'mirred\x00'}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x4, 0x1, 0x9, 0x2}, 0x3}}]}, {0xf2, 0x6, "f5de228eb160c63fd783c86695cd766a468ba2c16a6b739cc5459d0f00adfe8cc189d0e28a57d1a00a61993febc224515b55961022266e70fb43a1d4f46b7a04311f9c9b05309a855928074eef2864aa18d8384d8faa8ba705fd27bf793cfd1e0146a8fceb142361334dec5be6866b66e571fe5b9b3cbdfebc6b8e3391bcf0ff6cde0eeeaab2f27a767ba615d689021e6f0e3430f053c2e779ea4732c645522804af160b7c407b2f213f182a2a13bc7137eafae10baf6684eef684ae5f78cad9b546380d2aa38319602e76a664a85b3e42759dd56826c412ef15249448f65f92c60558e881ec2242a52e7f11f5d2"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_csum={0x188, 0x2, 0x0, 0x0, {{0x9, 0x1, 'csum\x00'}, {0xe4, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x9, 0x36efdd0472e024fa, 0x4, 0x6}, 0x7}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3f, 0xffffffff, 0x7, 0x0, 0x8}, 0x14}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3ff, 0xf25, 0x1, 0x9, 0x92f}, 0x24}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x3, 0x3, 0x4, 0x6}, 0x7e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xb1e, 0x1, 0x20000000, 0x3f, 0x400}, 0x71}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x40, 0x20, 0x10000001, 0x80}, 0x31}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x80000001, 0x0, 0x10000000, 0x0, 0x4}, 0x51}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0xd002, 0x0, 0xad, 0x1ff}, 0x64}}]}, {0x79, 0x6, "f63ef15ebd79dc539d6808f1c48a5c279887915ff092f092339b11b766ec418415534a7e24ae6f27bd6769bfeb02009c8c9dc82035c0e04fecd318af6300f985487303012a43c1502aba5ea81e37d6ef5daac388309bb3dfaaecc8c8645388ac117198ad6c8409d103ba445c6fd6cb008f5109948a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_mpls={0x110, 0x2, 0x0, 0x0, {{0x9, 0x1, 'mpls\x00'}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8, 0x5, 0x90d3b}]}, {0xdc, 0x6, "294c6c2b921229fc4fce966de2f49b05c26397ff2ae99f9d5845526ef2f5da94093db5660dd2ef8455d3ca17bd405b0a2ee1f3bd030465fdd9221f73e9f19e2248695d84b8defb5fe275e9d4cba74d2608b1e240258a18335a3b5733ff7d1b32829839c05ef9ce329a4db721a6f78d3af7f2db2f4c56927225310728e3352b6397262ee0915d8f22875f611fd5b9ce6e066b7abdcdf9d2a16860f07f2e890ae2b81efdba7dc3d2af5c3a817af70c2a6727fe7184f3d1007f8441c33d37e4bc8c29d811f7107b68db9ae83a1a0bb276aabfec7282335233da"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_skbedit={0x50, 0x7, 0x0, 0x0, {{0xc, 0x1, 'skbedit\x00'}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xa, 0xa}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x80}]}, {0x13, 0x6, "eb623adfa57f0eba4b22065e738eba"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}]}, @TCA_BPF_POLICE={0x458, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x3f, 0xb, 0x800, 0x401, 0x9, {0x0, 0x1, 0x3f, 0x6, 0xfff7, 0x7ff}, {0x81, 0x0, 0x8, 0xf0, 0x9, 0x5}, 0x5, 0x4, 0x1d}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7f}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xfffffffe}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7, 0x1c, 0x1e4a, 0xa5, 0x4, 0x8, 0x3, 0x3, 0x5, 0x9, 0xff, 0xe4db, 0x200, 0x81, 0x3, 0x3, 0x2, 0x8, 0x4, 0x8, 0x6, 0x1, 0x2, 0x6, 0x864, 0x7, 0x1, 0x7ff, 0x1f, 0x4, 0x7, 0x1, 0x560f, 0x1ff, 0x300, 0x7, 0x6, 0x4, 0xb5e, 0x100, 0xf4, 0x400000, 0xffff023b, 0xffffffff, 0x3ff, 0x4, 0x30000, 0x6b, 0x8001, 0x100, 0xc8af, 0x2, 0x40, 0x80, 0xc2c, 0x0, 0xa64a, 0x5, 0x1c000, 0x101, 0x5, 0x2, 0x62e21e09, 0x8, 0x7ff, 0xe9c, 0x0, 0x7, 0x0, 0x1, 0x5, 0x3, 0x92ca, 0x1, 0x4, 0xfffffff9, 0xfff, 0x3, 0xb7, 0x9, 0x3f, 0x2, 0x8c, 0x2, 0x80000000, 0x100, 0xd91d, 0x2, 0x8, 0x4, 0x6, 0xffffffff, 0xfffff434, 0x2745, 0x81, 0x800, 0x40, 0x800, 0x3, 0x7, 0x9, 0x9, 0x8773, 0x8, 0x7, 0x6, 0x2, 0x9, 0x5, 0x2, 0x8, 0x1ff, 0x80000001, 0x5, 0x7, 0x1, 0xef40, 0x32f, 0x6, 0x4, 0x1, 0x5, 0x9, 0x0, 0x7fffffff, 0x3ff, 0x80, 0x8001, 0x8, 0x80, 0xa1, 0x400, 0x5, 0xfffffc00, 0x8, 0x6, 0xc16, 0x80, 0xffff654e, 0xf, 0x80000000, 0x7fff, 0xbf4f, 0x7fffffff, 0x6, 0x2, 0x7, 0x0, 0x80000001, 0x400, 0xab, 0x3, 0x5, 0x7, 0xbcd0, 0x7, 0x3, 0x1, 0x2, 0x0, 0x1, 0x3ff, 0x1, 0x6, 0x1ff, 0x3a, 0xff, 0x4, 0x2, 0x4, 0xbcb5cb0, 0x5, 0x7fffffff, 0xe355, 0x3, 0x3f, 0x2, 0x21, 0x8, 0x200, 0x140, 0x33, 0x8, 0x6ce, 0x1, 0x4, 0xe0, 0x5, 0x4, 0x82, 0x1, 0x544c99f2, 0x9, 0x6, 0x7, 0x9, 0x7, 0x5, 0x100, 0xffff0000, 0xff, 0x80000000, 0xf6a, 0x5, 0xf801, 0x6, 0x7fff, 0x6, 0xff, 0x2, 0x9, 0xfffffff8, 0x81, 0x10000, 0xa3bb, 0xf8d1412, 0xfffffffd, 0x1, 0x2, 0x9, 0x7, 0x26, 0x80000000, 0x80000001, 0xfffffbff, 0x1, 0x3, 0x8, 0x2, 0x40, 0x4, 0x3, 0x0, 0x6, 0xffffffff, 0xfffffffd, 0x0, 0x3, 0x2, 0x3, 0x6caa, 0x5, 0x7f, 0x40, 0x2, 0xf0000000, 0x3, 0x9, 0x9, 0xadb, 0x8, 0xdd, 0x2, 0x6, 0x400, 0xffffffff]}]}]}}, @filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x2828, 0x2, [@TCA_MATCHALL_ACT={0x2814, 0x2, [@m_pedit={0x107c, 0x4, 0x0, 0x0, {{0xa, 0x1, 'pedit\x00'}, {0xfe0, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x114, 0x5, 0x0, 0x1, [{0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x44, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}]}, {0x44, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}]}, {0x4}, {0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}]}]}, @TCA_PEDIT_PARMS_EX={0xec8, 0x4, {{{0x8, 0x8, 0xffffffffffffffff, 0x2, 0x7}, 0x2, 0x7, [{0x401, 0x7f, 0x0, 0xfff, 0x1, 0x3ff}, {0x1f, 0x5, 0x10001, 0xff, 0xff, 0x4}, {0x0, 0x3, 0x1ff, 0x0, 0x1, 0x7}, {0xba00000, 0x1, 0x6, 0x6, 0x5, 0x3}, {0xfff1, 0x101, 0x3, 0xfffffffd, 0x2}, {0x4, 0x2, 0x6, 0x1, 0x0, 0x1}, {0xaee, 0x2, 0x6, 0x4, 0x3f, 0x7}]}, [{0xf595, 0xe3, 0x1, 0x6}, {0xc253, 0x10000, 0x1, 0x9, 0x400, 0x16b3d781}, {0xfffffff9, 0x0, 0x80000000, 0x4, 0x6, 0x5}, {0x4, 0x10000, 0x4, 0x5, 0x4, 0x20}, {0x7, 0x400, 0x2, 0x7, 0x7, 0x7}, {0x8, 0x9, 0x8, 0x800, 0x3, 0x7}, {0x1c, 0x6, 0x200, 0x8, 0x7f, 0x6}, {0x2, 0x55ca, 0x1, 0x7, 0x3, 0x1f}, {0x3, 0x6, 0x2, 0x1f, 0x0, 0xfffff801}, {0x3, 0x1, 0x2, 0x7, 0x401, 0xffff}, {0x609ff4af, 0x401, 0xb07, 0x3, 0x0, 0x2}, {0x1, 0x8001, 0x5, 0x101, 0x8, 0x7fffffff}, {0x101, 0x3, 0x80, 0x8, 0x9, 0x6}, {0x9, 0xfffffffd, 0x0, 0x80000001, 0x1, 0x7f}, {0xfda4, 0x95, 0xcaf, 0x5, 0x5, 0xdd}, {0x5, 0x3, 0x9, 0xc, 0x1, 0x40}, {0x2, 0x0, 0x9, 0x1, 0x8, 0x4}, {0xeb6, 0x7, 0x80000001, 0x5, 0x1b21}, {0x6, 0x4, 0xed, 0x63, 0x48, 0x3}, {0x7f, 0x9, 0x0, 0x10000, 0x3, 0x9}, {0x7, 0x7, 0x0, 0xfff, 0x81, 0x3}, {0x1, 0x6, 0x8, 0x40, 0x0, 0x6}, {0x2, 0x1000, 0x9, 0x5f, 0x1, 0xfff}, {0x10001, 0xf97b, 0x4c97, 0x4, 0x969}, {0x5, 0x80000000, 0x1, 0x6, 0xfffff085, 0x2}, {0xffff, 0x9, 0x1, 0x2, 0x101, 0xc1a}, {0x6bd6, 0xc502, 0x3, 0xdaa, 0xffffffff, 0x6}, {0x20, 0x6, 0x3, 0x0, 0x7, 0x9}, {0x100, 0x18a, 0x7fff, 0x48e3, 0x6, 0x2}, {0x11a, 0x6, 0x3, 0x4, 0x16, 0xffff}, {0x7fff, 0xb369, 0x7fffffff, 0x2, 0x1, 0x5}, {0xffffffff, 0x40, 0x6, 0xffffffff, 0x8, 0x7}, {0xfbd8, 0x9ed5, 0x3, 0x9, 0x10000}, {0x6d64, 0x5, 0x2, 0x4, 0x0, 0x40}, {0x81, 0x0, 0xc4c, 0x9, 0x8, 0x7}, {0x2, 0x10d, 0x1, 0x7fff, 0x4}, {0x9, 0x5, 0x0, 0x0, 0x1f, 0x4659e8}, {0xb7, 0x0, 0x3a46, 0x6a, 0xffffff01, 0x1}, {0x2, 0x1ff, 0x0, 0x4, 0x59, 0x3}, {0x5, 0x401, 0x7, 0xffffffff, 0x7, 0x6}, {0x7fff, 0x40, 0x8, 0xde, 0x5, 0x1}, {0x8, 0x0, 0x1, 0x2, 0x25c8, 0xe0000000}, {0xfff, 0x101, 0x8, 0xd9, 0x3ff, 0x91}, {0x9, 0x2, 0xfffffff7, 0x9, 0x3, 0x100}, {0x101, 0xffff, 0x3, 0x2000, 0x0, 0xfa}, {0x5, 0x1dd, 0x0, 0x7, 0x8, 0x4f}, {0xfffff000, 0x0, 0x3ff, 0x8, 0x4, 0x6}, {0x1c3, 0x101, 0x400, 0xffffff33, 0x1360000, 0x6}, {0x5, 0xfffffe01, 0x0, 0xfffffffd, 0x8, 0x8}, {0xffff8001, 0x401, 0x63, 0x1, 0xea, 0x558}, {0x29e, 0x5, 0x0, 0x8001, 0xdb, 0xffffffff}, {0x8000, 0xe8, 0x6, 0x1, 0xffffff07, 0x101}, {0x9, 0x3ff, 0x1, 0x10000, 0x7, 0x1ff}, {0xffff0e37, 0x1, 0x9, 0x1, 0xfffffffe, 0x1}, {0xffff, 0x1f, 0xe0, 0x1, 0x7ff, 0xffffff7f}, {0x65062a8b, 0x0, 0x401, 0x94, 0x1, 0x9}, {0x8, 0x9, 0x0, 0x3, 0x5, 0xf40}, {0x2, 0x83, 0x3, 0x7, 0x8, 0x3c6}, {0x1000, 0x1, 0x5, 0x8, 0x0, 0x1}, {0x10001, 0x11, 0x7ff, 0x8, 0x4, 0x7}, {0x81, 0x1, 0x2, 0xca, 0x3, 0x3}, {0x7, 0x7, 0x2, 0xb0f8, 0x54, 0x6}, {0x1caf, 0x3, 0x9, 0x80000000, 0x0, 0x3}, {0x55, 0xfff, 0x5, 0x1, 0x9, 0x1}, {0x200, 0x7, 0xff, 0x10001, 0x1, 0x8}, {0x8, 0x40, 0x2, 0x80000000, 0x10001, 0x9}, {0x52b3, 0x1eb2, 0x5, 0x88, 0x2, 0x4}, {0x3f, 0x7fff, 0x4, 0xfa, 0x1, 0x4b29}, {0x19, 0xfffffffa, 0x1, 0xe97c, 0x10000, 0x7}, {0xc, 0x3ff, 0x10001, 0x2, 0x8, 0x40}, {0x400, 0x8001, 0x400, 0x2, 0x1, 0x8}, {0x20, 0xfffff403, 0x7, 0x153a5d7e, 0x400, 0x6}, {0x3, 0xcaa, 0x40, 0x8, 0xfff, 0x7}, {0x9, 0x40, 0x8, 0xffff, 0x401, 0x2}, {0x7, 0xfff, 0x75f2b901, 0x3ff, 0x8afc, 0x1f}, {0xfff, 0x401, 0x3, 0x7ff, 0x10, 0x7ff}, {0x2, 0x7, 0x37d, 0x3, 0x101, 0x5}, {0x8, 0x4, 0x5, 0x6, 0x4, 0x40}, {0x3, 0x4040000, 0x4, 0x4, 0x1, 0x5}, {0x101, 0x400, 0x9, 0xdec, 0x800, 0x3}, {0x8, 0x100, 0x410, 0xfffff189, 0x8}, {0x0, 0x2, 0xfffff3a9, 0x1, 0x1f, 0x1a3}, {0x6, 0xfff, 0x1, 0x13d, 0x6, 0x7f}, {0x53, 0xffffff80, 0x4, 0x0, 0x401, 0x4}, {0xfffffffd, 0x81, 0x2, 0x0, 0x4000000, 0x1f}, {0x2, 0x1, 0x5, 0xb7, 0x2, 0x1f}, {0x0, 0xfff, 0x9, 0x7ada, 0x4, 0x2}, {0x80000001, 0x20, 0x7f, 0x0, 0xfffffffe, 0x390d}, {0x800, 0x4, 0x4, 0x100, 0xfffff000}, {0x7fffffff, 0xffffffc0, 0x8, 0x9, 0xfffffffa, 0x1f}, {0xfffff001, 0x8, 0x5, 0x6, 0x6, 0x3ff}, {0x5, 0xffff, 0x10000, 0x27ca, 0x6, 0x3}, {0x0, 0x6, 0x1, 0x5, 0x9, 0x2}, {0x10001, 0x0, 0x8, 0xffffb395, 0x3, 0x6}, {0x8001, 0x4, 0x8, 0x4877, 0x5, 0x1f}, {0x0, 0x6, 0x3, 0x18, 0x2, 0x97}, {0x0, 0xffffffff, 0x8, 0x2, 0x9, 0x5}, {0x6, 0x0, 0xa7, 0x0, 0x1000, 0x7f}, {0x5, 0x0, 0x0, 0x6, 0x7, 0x1}, {0x4, 0x8, 0x4, 0x9, 0x7ff, 0x6}, {0x40, 0x8def, 0x1, 0x6, 0x1ee, 0x40}, {0x7fff, 0x8001, 0x7fffffff, 0x4, 0x3, 0x9}, {0x7, 0xd2e2dae, 0x4, 0x3, 0x4, 0x7}, {0x1f, 0x0, 0x1, 0x1, 0x5, 0x3f}, {0x5, 0xcd, 0x0, 0x80000001, 0x1, 0x6}, {0x0, 0x676, 0x7, 0x1, 0x5, 0xfff}, {0x8, 0x85, 0x80, 0x5, 0x0, 0xeb}, {0x8, 0x4, 0x9, 0xa7d0, 0xf17, 0x6}, {0x0, 0x0, 0x10001, 0x4, 0x2bfac8f7, 0x4}, {0x6, 0x97, 0x0, 0x5, 0x5, 0x7fff}, {0x9, 0x80000001, 0x5efe, 0x40, 0x3f}, {0x7, 0x5, 0x5139, 0x3, 0x1ff, 0x1}, {0x1, 0x5, 0x4, 0xcff6, 0x401, 0x4}, {0x9, 0x2, 0x5, 0x0, 0x3, 0xffffffe1}, {0x7fffffff, 0x5, 0x7fffffff, 0x4, 0xff, 0x6}, {0x3, 0xad, 0x20, 0x503, 0x8, 0x4}, {0x1, 0x4, 0x80000001, 0x3, 0x7, 0x47b4}, {0x3ff, 0x1000, 0x6, 0x7fffffff, 0x80000000, 0x9}, {0x1000, 0x81, 0x6, 0x8001, 0x1ff, 0x3434}, {0x5, 0x7, 0x3000, 0x1db1, 0xfffff729, 0x4}, {0x1, 0xfff, 0x1, 0x46b}, {0x6, 0x0, 0xffffffff, 0x7, 0x8001, 0x100}, {0x5, 0x8, 0x7, 0xde35, 0x4, 0x2}, {0x1c, 0x3, 0x0, 0x7, 0x0, 0x6}, {0x22, 0x1f, 0x3ff, 0x3, 0x1, 0xfffffff7}, {0x1d, 0x7fff, 0x81, 0xeaf, 0x7, 0xffffff7f}, {0x5, 0x1000, 0x2, 0x400, 0x2, 0x6}, {0x1ff, 0x400, 0x5527, 0x2, 0x4, 0x5}], [{0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x2}, {0x0, 0x1}, {0x5}, {0x0, 0x1}, {0x1}, {0x3}, {0x3}, {0x0, 0x1}, {0x4, 0x1}, {0x5}, {0x5}, {0x2, 0x1}, {}, {0x4}, {0x3, 0x1}, {0x1}, {}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x2}, {0x1}, {0x5, 0x1}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4}, {0x1}, {0x2}, {}, {0x2}, {}, {}, {0x1, 0x1}, {0x0, 0x1}, {0x4}, {0x1, 0x1}, {0x0, 0x1}, {0x5}, {0x2}, {0x5, 0x1}, {}, {0x1}, {0x1}, {0x1}, {}, {0x4}, {0x2, 0x1}, {0x4, 0x1}, {0x4}, {0x4}, {0x5, 0x1}, {0x5}, {0x2, 0x1}, {0x3}, {0x1}, {0x2}, {0x4}, {0x1}, {0x1, 0x1}, {0x5}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x4}, {0x2, 0x1}, {0x4}, {0x4, 0x1}, {0x1, 0x1}, {0x3}, {0x0, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x3}, {0x5}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0x5}, {0x5}, {0x2, 0x1}, {0x3}, {}, {0x3, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x5}, {0x3}, {0x5}, {0x1, 0x1}, {0x1}]}}]}, {0x72, 0x6, "e2ea09fd2daa671d00caa9fe8eb8ae49fe860eea3177900bd58e2510959d6bb21b4019e748fb1bb1820d76a1028079d948cab231a6f60a339d5ccbce964d9afc5838cf43aad27d2bb7de341152aa05461e42e4d6d43991325a5cf822c059ed93e6a02b607fb0c96b004819196b80"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ipt={0xec, 0x1, 0x0, 0x0, {{0x8, 0x1, 'ipt\x00'}, {0x54, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_INDEX={0x8}]}, {0x72, 0x6, "f4a077885daa456c53088bd35de0048e22efccdf3e7ed0ba6a741df745f5342ada9b6d368798ab4dc84107f2468192733db5bd3c23098d81ea93268eab26d1d77deb574c39888cac1ba5fb9596be62f24fca3ac7dc1084595ba4b9482a79deb825abff8f11ca109ea34bc992c354"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_xt={0x180, 0x5, 0x0, 0x0, {{0x7, 0x1, 'xt\x00'}, {0x120, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TARG={0xc3, 0x6, {0x5, 'filter\x00', 0x0, 0x40, "da5a2173a0223de6f20c5982e1c9ff93df67f2e33bfdd4959d1df71d544fe11ad1cee69a222d68c652f4632fa88609474cbd2debca529deea3cdb35475b5e69739deac93c82f85c8e11a434ff96a353d8b63127fa5ccb4bc96b29f4961dd3da1c48dfea81f3a652f2803abed8162d3c752c6d8b343d23680dc926ce2ace20308259d33af62d73b3b8906361eb05968d9ae9a8e4c508e8f21b7"}}, @TCA_IPT_HOOK={0x8}]}, {0x39, 0x6, "d4f8d212f7f45b5b4ea4ec17ba0dcb50de24a1a6bca16cfcf026cdf0ceee7669fc8e8912da9b363d7ef27f7e1f80386aa416c55676"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_sample={0xe8, 0x1e, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x4, 0x3, 0x20000000, 0x7, 0x40}}]}, {0x9a, 0x6, "638e2db0e06c5fe4175beef8bfa6fc8f65447df1df7438032246a7de18298c51a6ae262dc11379ad9fdb996ed32ed06eafb3740d690551a045c454bf7f1b9e3d3be6fa31f0107842146a0cc05c1933dda00ef5aceed033e36b0a8c487578a5bf82bfb83fcaacf602feeed83993180fab439583c44b92d0ace38cc5195c38ce87e763a635517389b50e350182dc46e2cb7ac2e0dea3ce"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_simple={0x104, 0x19, 0x0, 0x0, {{0xb, 0x1, 'simple\x00'}, {0x64, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x5, 0x3, 0xffff, 0x8}}, @TCA_DEF_PARMS={0x18, 0x2, {0xfff, 0x9, 0x0, 0x0, 0x5}}, @TCA_DEF_DATA={0x10, 0x3, '/dev/video#\x00'}, @TCA_DEF_DATA={0x6, 0x3, '+\x00'}, @TCA_DEF_DATA={0x10, 0x3, '/dev/video#\x00'}]}, {0x77, 0x6, "2af33495ece082393a9d2c74e49419391a965b779e6f79d6c5110c6c8449122b6022a6f027df268e65b5c16aa3ad4d26544020c91db2587e8a04fd303dfd9879a224a89852a1c626220b6dee088899590dfcef6d332b639ca698b478f7521976eadc328a212e8aa75be0edc24c92cf39fc600b"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0xf8, 0x11, 0x0, 0x0, {{0x8, 0x1, 'ife\x00'}, {0x54, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0xa622}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x3, 0x6, 0x8, 0x7ff, 0x6}}}, @TCA_IFE_METALST={0x2c, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x800}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x8, 0x3, @val=0x2}, @IFE_META_PRIO={0x8, 0x3, @val=0xf58}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}]}, {0x7e, 0x6, "8bc30e2e7fef48a03e2e8ef84e00ae1d981f1e8360e0e72f11f1867ac4b5d7d108b12c8e26aa2558ddfc184f98548db98538577bb71571fe7a196a42ad2fdc0db1a547ef4030baefb273b21b153549add3bb9bca07a2ff916d144768ec05bb1ec78b22f7dee0ada545981cd4bc7e83dfb13f747624a35a6d7b93"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_bpf={0x108, 0x16, 0x0, 0x0, {{0x8, 0x1, 'bpf\x00'}, {0x10, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0xd2, 0x6, "ac315b77bde0b640e28439d4fb64cd14564c2723744a0e2b050e65875cbe54898775cf416b44444f92a9d5833183efeb62eedea8762943a60a45056b948dbf442d6fda96eb5622e26029577672e23cb4f3ec1015735bebb687d544a2ee85cfa3d5ca25895a8ed399e217eb853e9a8fd459b57e0ba65fbdee617eab2107fefba9944b0c19f62fe8e54aeb36ebe2d342a20700e63a33cfc26af48ddfe797b02e6f64432f323a398078c5a37981ccb1fe301c416e7b4ad6056f125a0703bf8109a4d81fd10991297d21e47279c3d832"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_simple={0x70, 0x1a, 0x0, 0x0, {{0xb, 0x1, 'simple\x00'}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x10, 0x3, '/dev/video#\x00'}, @TCA_DEF_DATA={0x6, 0x3, '\\\x00'}]}, {0x29, 0x6, "b32ec34adc3de4c849eb829fdf260ee8b9c5cb1104e2f646a81c876eb396b7e2459fa31331"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_nat={0x10cc, 0x1, 0x0, 0x0, {{0x8, 0x1, 'nat\x00'}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0x8000, 0x3, 0x8000, 0x3}, @multicast2, @local}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x274, 0x98, 0x7, 0x400, 0x1ffc00}, @remote, @remote, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x7fff, 0x622e, 0x8, 0x1}, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x3f}, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x7fff, 0x6, 0x5, 0x100}, @rand_addr=0x64010100, @empty, 0xff, 0x1}}]}, {0x1004, 0x6, "16898dc8ae184d5e5f55eb8d4a3b13f850b6cb04c8e38d18587e2f0a57d653049433a69a94c032d70f3be8e6b9113acce4d6cce529ec0f056a2c033a6d9c201d66d25bf3f345b2f4ca54179f69ca753ee041f9483916d471a480d966eb61c94db78ba89bc8d97c70aa3ee08270a5d9a038edc60a5e053b34172d0dbc4166b403c6763c688ed556e286b7d9145b5fe25ddcf8307b5497bea20e362a6d7ca98be567d3eabf8fb4aa16396fb32d0d8f09d12df2da39aa3ff5ef3d3a8895419623569375995f972d563337c9062a654b92d091d0caa61369e02f0f21fc0d27caf22768484877844a83894f8f5ce64a5301831ed19544773089e4fbaf640dbba45d9de2105435e7358f3bb0e6fd28bdab64e4abd42c4b9cbdb60066e77d1975d38e05fd6e411a89d7806a75ff3797b0a358e0ae11661a570fe5e605d385c4249ed983b76776ac0c37d4c9ca353e081c64e2c839ed400e8aaa28f7936d67487556233e6ca4b7b106a53df828f1f6f9790d71c31e55ba9cb9489c8f351caee391387b4ae5c1575e90dbfa99f7e555658ccc23b0db88e6922f20b1cb51aef660e38efa1feb90a4870b98cb63e58aca69556936bf1790b888860c71d8e149846d5025f2b1f449cb11d0098bfd739fed1baf6246ae0dbd69dfe120fe8f01a5c5a91f61a8dfdf042766bb212d0a40866fbcb4c2458f254504ba7e93830c0249cc298527f41477c0cba5cb022a943956b67bb94c9459b575f6835bfe2beac69175424b7be32dab92668c87f3ac06f3e2e6caeab7ca5c8b9cc060c63f74c23bed27da38b3d24b7aa2474b6ba24c583b0afccb92be356b96cbf3d4a84729225fb0e357e8d244f952c6b6ee26d709874c7efbb284894f74f437a8809594bd957657fb4dd0cc1205f7c5ef4f5cec20abcb1d0368f4cc045f21b2a7804a9fe065c5fa1fc302acea8a82367cd9d7e2147b1f694d5f2b59ccdb60e4d8dd9ee0096fe4bff1b5ca1fb6ee4ac02b8162027c1b17c1cbf41229c52a9eba532a160c3da32a815b2f8164650c244925f7b437028446daba200802bf85d70f7f7cfe79c43c416af4eb6540a8ac621005936e29aabd7bb676d9b88ef8210752f975e5c0f267cec1ebf812dca228ce4fd58eb1b13163b3cdbbda8dde4c74fe763979f66823bb28efef0e94dcde33a5d31445ab4ac9c45198d4722e3a37f01c0fe6bf7cf4864807a017b770ef5b177beb01da093883d9095cd9a1034db6f0cd7f1252acddd86f6fca977085138e4de33652315816fe3295aeefabf028adc1165ddf475e42d2267e50e22706cd4fbcc6975eb3b81e69ab9a03033c27e5752378c3450783ffd9a8e987b2c3b64e97387f1896df82dbd83261dab96ac33be2d444055ce5cafe92b137c5a55d2c8d74abebf618e40511a5348880e6e8fca51441950adb5518650354333d3a9eae0321ab157b978b14c9dcaac70cd449549cffc03c1b988b9fdf018c06ff23c6ffaa3fed6bd263c97e71be6606bcdc9b5a588ab0e5382fb6aeaf4132087976db3c36bd2b7925ddf49b2373634297aca3d0da6c0479a98d93d92e56cb0d1ec15999224eaeb0e7b5b1c2a688bf9ebe1cd0040449118d726e5cd93423496a7e9f251de77a6282330b9a4558e4cb5156948228506f19eaa4971971ccd83a1fbd88275fc37427635ea94ae9aa9a0e307b1c75e53b39e688b96b07fbe141c85c7e5bec0e6bdec8ea2eb16cdf8c872627e439364c06c38c7028982c733f714f895c288937d540d9993354b9d1eaa95dcf3a2e992931ed955e92776283e6766b2fa843e995e630977811e3b3372ce122bd819d65f77bde818fee59356c1e39c069b8c29e680a8a4980689cfb8e1cfb194ed2f436f0c5d5dea7bffc7ad6bb14e8e762eb5effc064affa0b2fe4eeb134880dc3997eddfcbc943af9a1db6d6060b5ce368312e37986ce157e3cfbbc84ebd18283f779e892445601aa5c9a72b50e578189b62eada72d186062001f0e0b97d71726592d03695b78d8bbad020268140dbb4164285f068314edfee942633a912ad2f430b66297b391374a1d253f70f3a2ae47338c644153b5d1899475407ebb4b24351f5f39c55bab47fc805e49b7fcf7f0bf55bf49db53a6c2c25af042727107fd780719b2e4965737787bb3fba41028aeb161346778edb32dbd462f81ec92116e33e46ace0b0aa85abd1967b311d5cbaa6f4453b48fb35e9926cddc1044509a9b232385da4bdfce4edd4d66f921cd33dff32f21c36471c1d5c0a3028b7bf09c69ce4be7041301fab9d560474af10568c547614881fea7d110d185b6a54a0a27c1a37fd8aee339c3e9ae09dcdbbd10f2d1a54af724287faf286474db0b301b14135e241186385712509019aecf4f3ea0508d019664c094d59db5b0482676cc56a567e43502cb0bfcbe7b91c370b9059e48944ec9d8b1466479ecfbdfccc7309160ca183791ad52e1283fe56ea963c825c9c45a3c46b327dedf5297c6b62e824d4e84417d0fb9f53d4a59dccbbd1aac91c486a067dc260cf9b5e0c3655d96b240a3cb264770a05f766d99c54111c3b5ee8fca1ff3d6add3f4d60c29f8f43b37fdb0e4a69159781b24863152411b8294daf7c3ac5b5a1b247902a3971f50a37e9d6d0d8c5852b0facf544c2327e901e62044acb7e0ce34aa7a0b9d8997742b14c2e962ad58c3608037c06a07f1d4de0b74e08341e8e3392cba2c85a998f8d6d65ec4c5db3abcf906276e25de4a9620190377febc23d2ebe8511e8074075f04d74b63e90cdf922055cfcf3f901da8862c9b8c2979c8ae8999217bfa774d475c8b8821400d365c1d07470ed6876e94da1fb11b17f9c6debec6b344285ff379413adf4b22f15da6a22cff9a8c559a2fca3b3d8eb2ada08493cee33b349c3f054e447f86f43d03fe8fb84343d20602d551386188d6588b88c45630ff010e05bfcc0eda24af2a58b832581af1576a73aff03228bc05a3ef6cad1fdee7e12294b38d8a9252ffdc5e3ff1725cf27e5693c461cb2d4fcf42f3d14064278c9a7ba5147b135553291786ebd8dc053725043ca84af7be312db662e776be195e8e4618362479a69704081c33c3087b987aeca2b9c609b551f3e69f9e2dbbdbe812286ac687bc83d2c2e6c137d4e5a1277ec8bef9656c9c93c5318edd3af266a154f53568b3aded3e0c0128abe74d83cf84d7520b574e5d2d6b37325edccc30ab82b1939fb0ef320f40297fff36d116435ed72f43b7e28a6d4db8551e3a78cab44ad57b10fc21e0a573e7af6b8f8f8c5ecdf70cf90bec8d13d4be16b444f431303fb1d2ca05e3992ca10ee939daa57e70e570b86888f1d89e7eec700be011386d881e20a1323d80acfe82b3a962ea6a38c3addfaf601f4f19f366b9854bea273cb6e4b42976a16ff97617b39430b6d1c152db8d69c96aa320721cee33becdb311611df877e047a7a2d7bf10db039b454bb0cf629acafe716a435f6337583c0b1f2f993c45386377c3de4c394f99fd0f280c39116baca801308aa3b4f5e24ef13eb1163dea0d2755ff411ef4ee5d72b2d0a845ca1473278d7180f4e561d8a27909781dcf29e2b6122309a6f32c65043b568acc48b3b9b46631cc64fb6be788ef96b86637331a034673792c4b75730a470945687e013c97ad091e3b963905b00a87d61a3f6985930ecd210a1b33bc8c0308b7ae46ade9b7feb02567eca8ff8eeaa6cfd8e9faa2673dfb8fdc921338dfabc4c2234debdd6fcc335a9e06467845269ed403b22ef4e0a54456f665493d8e2ef942b8b90562d8294551019f77ea60b5d3d0579b5978a38e524acbd5208cd9be0b7bd5cce9aa0804ac46c72cbdfae182276d4583ef255d517047a29e54a9b42f8975c25e9d1166b34705d11d79b4c089aaa4b14d8d7f02fb2b47108e8cd2e7861643eebf87e1cc5983b5a4066bad77d04016c07bef8e1abf917a9c27a86a543af3f51ad6963398070609a94420e740ed4d7ef492cf703c8629178d9bcf5089b06e5e765f9ca0b7960ca5080a8667daab9bff7ad131ae2ad6ba0b46e77e86887f8f5e282696b7e2c17a045368f7ffec3785b94b4df69c1cc63edaa567237916d2487eff1ba1dd2cd58ab4e5fbcd8b0294f6993d34490cbe143f1b090a96d504a4f396e0fcbe1a81f379036dabaa3d6fbf6eab1583bfe8fb04ca533a3b7a1d68d19b4389bf244b51410d3fbbd7b531c44647299c77fe262bb5022ff9718ea8641945d44df4e40e747645d70027ea3fd1f0e56d2aecd53f805f295eb8654e308582db86311b16f822226e4735444d5986f8e7333c669fcf886e3142c57f0906f3c28110785b46edff8402f0ddd380e47573698d31600ef9aa5be65243f9dd1df669f98690603f78726c10cccc827e1d42c861859b606cc3f5b6d72a99f767f81aaa54e0ca8f44593c9b56aef0a8c0200091f8ac2e52084dca05cb20f780cdfc3b42c15201ff06aa024e93a2d5104fac69ac8aaeb53336a424a04fb6005a6ed7d20cda5f183e70e1bac8337bb1421047e08b7a0ed54a8252294e15831ea067364077761cf2c26d76e7ac2a3240e33b09070fa1742c83628b884cd1e9d1ce0f95dd89086a7688546ef35e0fa1353fe9d4ce03ed48877be8c4b3b8cd3c3c4965796ecb339e272f4ead69c6b02bfe3050afe6595233218b94ba86746c391d56d026189174bd002510a7d335b5f86f827aea881a30c6936880a43f70cba58f327d3413ffe82ceccf7275adf260b770bcad9ea7a00dabd41ddf41739db3215a585565a3580b4f442342381d796b7c3004a4dfc95ac1145cb91e5e18ce15f2d69813145af3861283c485a055d10f746518670ee988c0b5e5d16f42312c65203ea460d95cd80b000d51d3ed3a304557c086c249826e0c553049ed9bb774d37a632fc998c770eaa3346c026513a35269ec16a0546dc631c26ae95e893d2586cf9a645c51db508da090ce618f611300b7e49e5a122ad323469ec0951283327919accc15ed78c299ce4545966ab82cbb3ae7e687d438dc764821e7184ab23419eb67794db880819cdbf245d6e5fc93b32810d287956d60ba1134ff4b3c5dd664ae6afd2adf04ceee7dbb7876f41b8447cccc7a724e25f96c1318c10ff2d4d651191dbeec322183273ec6ea150164e2e5e965a8b2db5e8b8c47b5e3f2cba74ebc31fb390b97a14a6b3a70a3a71de31bbff3c6567d8887c481b87392be30fc3b23526d43365e77e20f51152549e2af41f832a3bcc2a3a1be5da7617a15c9a4125adf4e287fdcf4d64ed6e475a329360d23c4222350c92abf1d18f53cb9cc6bdfc44ae9b912db962f1933c1719461d7d0c85cdfea10c6fe65fe43d3c672852fb0ca001153752d1e04323b850fa150dbb7ae2b5cbc14f679f2d06f18c897bfb9cdb0d9db4f1dc84caff9690a8f5dfff7dc675acea28255c821f5c95f54d15f31ce7d85f72067641f76cb3199886d3f9b6c789aee53d1f9e2f21775f8a43c2aade9c0841532f3e01958979443676e78b984014f496d6ed28c73b748ca5aa59c76d11c023f36cfcb6dd3498d6cc68bc6005c462bb4762493b2d211fea3f147e68eafc04e25448a918770f06d88e5076b235df2940f1ae1deff848de36ef467bd806263538bf82265fbad0da1caa3b33242108e8ae4f3084937b5ebab9002d4bbf74c00fa5d3637abbdb1d2a0dc7bdd0e9d7b53296350c8fb6457e5ff0431b4c58d3df1070040c36c9e09650c95a7b4acb675088b87d49df89b2b59638572ab59c5ae31115a2555db66639505db1a2dab630c369cef7ca38b8e7d"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x4}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x3, 0xfff1}}]}}, @TCA_RATE={0x6, 0x5, {0x80, 0x7}}]}, 0x71b0}, 0x1, 0x0, 0x0, 0xc814}, 0x20000040) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x3, 0x1, "d66482336b2ae64ae8385e077bdb7207d37a37191a7804056f4fdb79c3d9e217", 0x50313134}) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x0, 0x3, {0x3, @win={{0x2001, 0x0, 0x10000, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:12 executing program 5: fanotify_init(0x10, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x80000, 0x0) fanotify_init(0x0, 0x400) read$snapshot(r0, &(0x7f0000000040)=""/242, 0xf2) 13:06:12 executing program 2: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000040)) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000080)=r1) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x8, 0x9, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0xfffffffd}) 13:06:12 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, 0x0, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:12 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000040)={0x7, [0x200, 0x9, 0x20, 0x5, 0x400, 0x400, 0x7f]}, 0x12) 13:06:12 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) getpid() r1 = socket$can_raw(0x1d, 0x3, 0x1) accept4(r1, 0x0, 0x0, 0x80800) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) socket$kcm(0x29, 0x0, 0x0) recvfrom(r3, &(0x7f00000000c0)=""/141, 0x8d, 0x2, &(0x7f00000002c0)=@nfc={0x27, 0x1, 0x1, 0x5}, 0x80) ioctl$vim2m_VIDIOC_QUERYCAP(r2, 0x80685600, &(0x7f0000000040)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0x1, 0x0, 0x0, 0x0}}}) 13:06:12 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r1, 0x3309) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000080)={0x80000001, 0x0, 0x4, 0x10, 0xf49, {r2, r3/1000+60000}, {0x4, 0x1, 0x2, 0x7d, 0x2, 0x33, "cd6fca55"}, 0xace, 0x2, @planes=&(0x7f0000000100)={0xfffffff9, 0xeec, @userptr=0x9, 0x2617}, 0x1, 0x0, r4}) 13:06:12 executing program 5: fanotify_init(0x10, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) pipe(&(0x7f00000027c0)={0xffffffffffffffff}) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000002900)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000028c0)={&(0x7f0000002840)={0x24, r1, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private1}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x8) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)) 13:06:12 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:12 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x2, @vbi={0xb1c8, 0xcd02, 0x1, 0x59565955, [0x1f, 0x2], [0x308, 0x4], 0x2}}}) 13:06:12 executing program 2: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x404640, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xfffffffd, 0x0, 0x1000}, 0x9, 0xffbffff9, 0x0, 0x200, 0x0}}}) 13:06:12 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r2, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x6}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e20}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4008000) 13:06:12 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:12 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040), 0x4) 13:06:12 executing program 5: fanotify_init(0x10, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000000)={0x38, 0x5, 0x0, 0xfffffff9, 0xffffffff, 0x7, 0xe0d, 0x77cb4489, 0xdb, 0x6}, 0x0) 13:06:12 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000040)={0x2, @pix_mp={0x8, 0x200, 0x34324d59, 0x9, 0x0, [{0x1, 0x200}, {0x9, 0x19}, {0x100, 0x7fffffff}, {}, {0x21, 0x6}, {0x7, 0x5}, {0xcca, 0x4}, {0x1000, 0x63}], 0x0, 0x0, 0x2, 0x2, 0x5}}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:12 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:12 executing program 4: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={r0}, 0xc) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) r2 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x4, 0x2000) ioctl$vim2m_VIDIOC_STREAMON(r2, 0x40045612, &(0x7f0000000100)=0x1) openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x40, 0x0) 13:06:12 executing program 2: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x4000, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xfffffffc, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0xfffffffc, 0x0, 0x1}}}) 13:06:12 executing program 5: clock_gettime(0x4, &(0x7f0000000040)) fanotify_init(0x10, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={r1}) 13:06:12 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x3f, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:12 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @vbi={0x4, 0x14ff, 0x7fffffff, 0x31324d4e, [0x7ff, 0x8], [0x1, 0x6], 0x13a}}, 0x1000}) syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) r2 = syz_open_dev$vim2m(&(0x7f0000000180)='/dev/video#\x00', 0x73aa, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000400)={0x3, @win={{0x8001, 0xce, 0x472, 0xd7c6}, 0x7, 0x8, &(0x7f00000002c0)={{0x200, 0x4, 0xc27}}, 0xfffffff7, &(0x7f0000000300)="10f34ed6d14cab98f183affb7e78ea7db44bba47a2edbbef2b701e54a851892b1e04e8f1634c6d74641f6a118766f9bf7847a58eb4e5e2692f19df99ff0cff06db12c051a310535ac7c7df8f794293695f111ae157047e3191fa4d9c43085047c956a3ef18565ca1e2da41476a1db530d6808a37e43e95892233eb419b85286cf4a6974e8831bedf6a266867207e3be18eb5bc5d0e3b7030286cb2e2e0d28569358da2551d98162ca05b4d55ad17134aae1c92f3f6fd6638e8fec3c14ee3e6a2a5c869eef14d68feccacc3feeb62f998", 0x9}}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000080)={0x3, @vbi={0x7, 0x3, 0x10001, 0x6d606b1d, [0x5, 0x20], [0x1, 0x8], 0x108}}) 13:06:12 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000600)='/dev/snapshot\x00', 0x0, 0x0) read$snapshot(r1, &(0x7f00000006c0)=""/23, 0x17) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000140)=@raw=[@btf_id={0x18, 0x5, 0x3, 0x0, 0x5}, @map={0x18, 0x6, 0x1, 0x0, r3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000000180)='GPL\x00', 0x8001, 0xca, &(0x7f00000002c0)=""/202, 0x41000, 0x1, [], 0x0, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000400)={0x2, 0xf, 0x101, 0x6}, 0x10, 0x0, r3}, 0x78) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x0, 0x80, 0xb1, &(0x7f00000004c0)="1c74afbbde3f3e847f10c6bdee706197e0aade4058ca9db2bfc212e1c5abd4a8efec277bbea77514ba6458ff8c2378697b40ff4e85a39beabc0c55debeb005317330ce23c9ec1dc786cb09a456740112eb3eaa556f1f56084865fb9358f2f387e303e51ab013f07f238b92f576ef967550fec5299033419b11b0bbe443160236", &(0x7f0000000540)=""/177, 0xfffffff9, 0x0, 0x1000, 0x0, &(0x7f0000000900)="918468d088987d80f218074db5fdbc9030ea6b27073c06ad4b4e3f15952ff4145467d3d3c868e0bd0a2a2146c897fc76897aa245a84b43035b0ce6e5d8d8501d1b6ce5981842b80931127fc06db540890a702fcdb5cd141f5b0cb1dc3b60f054c6b540352ec6aa40a4406ba5e6b640c4c3911056495ec370d8b21ae89785f1e2adabe9eece493835c1d5670e722916d6d1492e7f40288bb2ed238f0d652ce1a06943b6ebdb912e541f45337641b58645b27e7021686576481d34a4ffeedbf38b2e761cf76ead522613d9260750920f838d2053630461ee6f47662438a08f1a276cd50f9b4eb784205964ce052f2656bdf2a6598ce6f66623d92c3e1d3ef1946b88e01254f0ba4ce2da4c67ef0378d6f6d535fa907d185b0c542d09ce1d3dab8b070a4dc3d52ad0488e740c8d2594839f1daa6f8f7a5eab3e4e52f3373df5e42d9990e7a22356ea9c82cdb8db274014254710ba194bf4c61050df40dd0008a10ad28338cda78a286e57481e51a12316871018eedce407b2ca421973df81d02f5389e5745f483fa08d788f2e9d8d96218fa710ac2f23038979c06ac3997a24370afafb0b4520af593dc5c4223e34ab5e35a8efa81658134d783c3e83b951d66200f81960b93419ff26db129a4f488eb321bf720f9c13e25d0d055218ab876058cd72fe81ea44ae402fc71204d6f762a2fced18aab88a3adeffde00d9e3c0947f5549151ec30726f6b4a87cc728d94b47722938e643c720896facc7692f75cf817b4d49360d7cbbc2b17b7384111783393fe4fafdd4a6d80feaf9a2648cb0b02679160d40e5e07924d5ce82938e48edb1c970b0931da3ba08d32c5a4855490a7fa6a9afe043b1c975b828572df6dbbc99d2f53eaa4009ad3774bd965eb38096376beee3ebb645c5c4bcf563603c767e46b9ce2b2b1dab8c42fb9a5f750775deb43dfc8da8c472dc0dba8b3f2a304ebaae417b29c9c11335ceb44976a15d9f250025eae924d6dd0254f1b8a8e4696f919b2592096faa17f889d8d9f6fa31d43a7160cca961dde64c181ee36d608ad49d372a17a07ec213cf612e53571f6902d9030c3fa3038649b98ffe4512771b9946d931d3ba3786287e6e13e84d7cb604cdd675e9453055f11a479c49d2ceb9c185520e9ba1ad3b6f6a2a0a179fab24a131aba514f4954b8b2af8694ec8a894b2076e191f6f9926dc469cfd010d9fd180dd5939aa820483d8ef9ce31f944a4bcd200055dba4405d5b0dd6c9e632264b348748a0dd42017f6bdaf6c6e8c9238347043555155e736515f003120ee89a9d315babe049b5ce4e739528c4c9533b9c478a03fc4db6a6f4b939ec5e9acc1d2b39f0c581c4b4f7704b3ba426fd68c74280b6ad103dd9c609dd8fcd960b2c87663a9fe5240b0668b8e9b7860268089488c7f6ca187078d984e16fc6d889a606dbaf0ba8312522e69f716c0c26f275955415610eacfce7ba5b999631cc3cc9ccc8f1fb47d24a34736ba027a54a25839cc544b7ee96e8f8e244384e274cef617d551a1a53c50d1d8cf1eaaf9af21c1c76a287442d98bebfac1f866a2ad76928ac6828315cb72e3d32a14cd2fb447ac935791cc74f827290c6cca4615f48aa89c4bf1b4e9c4e9f11b1bc191ebe513c6a443dce6dc62d9ada17a8587ac4ef684d55d4346e7d4c62564454de39c6d294a177e38be3251c90ddd371087c69551f11a884a6c730adab2ef958bd2ef115b6c7c3f8e8d2c3babf6ef5011d83af61bc5c1b48d8b8219cf428900bcea24cc2fa6b68fee58058b450362313442bb32062dd0f0a677c33c6a5193d4b60ee2a5218b4d755955e4d235beee4f9d44021569d93d2357a1586f99620bd975eee88ea7421333b5a8c21d9dbbade8b6429007e4120b470ffb518bb3f49d6c891516d0bb950ec52f352446a658bdfa0c14bdded493c86797c8a506c3cc145f6d8166870eae14346af0263307266c45b1fbbe6e492f67f3a46f33d38c8a2e5b7e6ebfea81b794286456e5d37f04c4c20274429d6f1e88fe56e7913db222f26a2d251e412b811e108dba2879cbbfb7c209b7b37c8df3473f8c0e41dcf9f9560ab61a55f89e9695d75a5a71d0b51ec8c546594f8d747dc12f7803072a0fdc1ee60db1349982ae0df634d0e0d37fa688ea5fcd1b55bab95099a599161a2691e8497a96df07c739d7a57946a78817d4b0df6854d4dc41f35df10465bdf12d8525e2f3478661ebe65d652ec2726c4d35c299b262b849317fc876ddb40b12ce04372c743ea2c6886d5a87c67c9ce893418cdb738572af7b2c02b9b5e9b836a8d4b2a510ccd72d062df919cda8b374d54f61ddf8c0ae2a439b6a93442f6d4ad65e5d16483c4060b672ebbc4f135892530aae71e060e37ed0a99cf5da098336b557d3e36d0c13645f3678b162a9c12d19acf4fac0dfd284e3a64790a3a385ab6daee9dc9f396c0b19114ad90bf10668f5f6661040dc0ed0a12ae2978c441f6bc1d03a8a57324e635428b1ae165465e0d7b146946da9f03b2e580b414d1cb5a6f8d3fbc6cdfc3a44afd2278947e7fadf17f3d8f8d1412c30f8e1c22211fc41823af77a4cb257663038be22ec7e209159e81cd537cb2e4d9237ad9aeaf0a0ec31bec6368f83d73ee7eff80fa6cee33f401630457b7f3f70a8e4695df0ff89a9073a271642ea662aa42ab8915c1faabbfdf597145fe912e24106334140bb26184cd6d118d7ccd15f557c66df203c163d0af674471368d8342472c1b9fbb7909f1c96e0673786f731af13df6ebc2afe50298f6351dff82aeae7f827ae107a17b084e93e0c528c2756d132f7eab290c9d68cc1c9e49bc85d97b52a8114ff383fc482f32451e48ef0c69098355346ee62279e7086a24cfe99cfbd71ed171895b7822803da1b73b97bfb2bbc3c78990b65967166b0a5f57e8168b837e701b38799b4e4c87e0e9f032739cad79eb91c7c83ccf6a103bcc095f1e4eaadf9edaaef855aa12606f2d2e8ffc7c04035a3dfbbd1845be837a0865caf2ce9914081b54fd4fd65d20e79c0025e3747e2bc0ed737a701c0dbfaf67e97bf327c9788b9a5c1cd9be9732b7a17a77f84de2753a870133d825582997adb4a852a80d534ddacd437290b1f3da0cb520b9ebc91dd4970684489325e13cbeabd0996accb169924a5d335090e420862acdf57e105f1316bb92d8c85d44b1c05233a51aa7c9d8b3ed20e14bceb1ee02cc818ce5e28064d540290c2279d91963245727f973a252b2d506198dcf6447a0f5911fe2ee3fa9e89c256d49bd4f8d4dc439c00ded203dd1c4c8100f420408d452eea8c81c982b01da49df2aaeb2e8e4f6b1207dae5ba2645609bff8ec6eb8e03f2e45539036fa7f3ff457632526c9b608ce92af6285b86e0ec61887d3fd40e7e8286e3cccbc8c9c99d3ab41569aaf75b013e8f3029a4ee10c379394cb84637b8d60dff6b3aba6537d6631783f648634545e511bc8bb23e9920ff6f412bb9290ea2796d1a78d4dbac9013874f3b54a91ffac2b48325ffce48fa115bc3596466a640e7adb1656c72a8cf61d13a901291f1858f106e245741ec81d17a5366ed22d8d6729fce015bcdc7450f091b3122324904fc4d311fe201f4f4a1ad590804d92d2987118376a8e1462ba09b28404824723a33f9f646920b18a172ebbdd9d14b51039a7d43c6bcb66de6231dc2be04dc55a2c69fa702de71f84d7910f5df3d031d4021a2901048f104b7983a601569288c9db291d7162a883dab716d7a0c6dd054ec7804e72290f4825682e2ef3de5d98d0ffb3f1bb3dd7c5153421f8c83783a0a723af956cee2c16aa4807fda407506ddaabae89d65186544bd31044d8ae91b5c350db561e22f91fa7aa55b5778dc4f75addf630e5afa9a1b819d79694db524bb7e220aa74f24c705f00be227be5fe2fe657364353a1f0234666b4b44561a2a39610a5d47b1ccc7551a1426fcfce1b86d5df0f364f2df08920e7e1a2848d1ed8444a3b8df0e69627a497dd3fb7cd3ef9626c033ecaa0fdd872960a9996a58bac15192150fe777fdc4463df8b008e5d67e9b5534f9e151eb886bfadff8e19e31946e6114c7bd503284991fa0be87757f589fcfc8ecc53b764166507520b48f78719e9bd185c1b4a44a84701d4272e14a23e0ed46d6eb0fad31135777033fcb2af8678c7d08ae63eb20ef55fcfabb11b7a52c7a15ef10e5383206a40f46c5ce7909c1fff3fc0d0d1c549a236366ba165998356ff3ddbd79107e6c03228b3b875ac20c819c3ed714c4375635b2e314450025e9fd62344c2d458a8f29489a7df608b90c64ee9effaf46e8978def318cb95f602e82c6d909f065f844895552b615e06ae6cb0b7c49ce8b98a595bd457cf1f1d8470926dededcb26c9b95313d5fd38a307dd48199491ca8ace8fa9b49ac0c4a305061f0495729647f95c0816fad2bbebce12b134645af2930977516012b13e73690aba234b9cf4527263678a8c35092a8dfb1533f95a68191f1f178b568d8f1b2b598921817dccd45cd703de713ce425dbe5e311d93a16d9354211a35180c10ddbf07338fe7106c38aa004bdc37be3f07d6cf1a262801f9efda311424bfee5b16bc63d70a16953ab7d607ad7fc49a6b36104a47266eb1fb66f14ee2506105045abd3bad500c5376277965c2365b5e5f8260e35421271d97fa1aff03890f84d3b363e50243b754f40419abcb7a2aa805847de3e4b9089bfad09d9fe0de2ef59b8e3a59c95666e3ea0d362eff0afaa1bd700a51a0760395d2a2687dccff8d42d1ffb3d209cbb85b510f08344ee153d645bb4aadb9b2162e8e8e93cccd8e4165890cbde49006254e3137aea19d5ee308a82bea598ab09e1c398ea50a31f58ca2e6c969139e0d4f633daaf2ab9ae30e139a5354ca98899015a11373c63036ccfa3cddb2f348126f8f39d99e342a0bc349a08f3ed3cee0d01994f5484abed341a716ced7afbbdf51ae5360404f51c8b4386fe9b28de998cecaefcf37e34a10511ebe5c23571132261be31ebe7852221b9c0d6bd72a444bb3e774557d76607d5812f37bfc76c275166f4f9eae2a45c947888e95b367e10f40c3a99e377d02858074404af471b19222291a56e3b02b2c5579b7981fd688a07b3b1b4042e91203400ac7977d6c95eca3592051dba1183af595fbde549271096b0f33e88cf765cbaaa346643e0186b3a27c16c317e91f73a431c07fd7c950e9d4a0e6e6cd6bf71a50e4e0ef251128598d4088d523e63791c906e3649deaace719e81026a59de536ef5853eac54513ffb3049536d40525dd628bb72e08c6399db188bfc14ea445552faa80413ad10878b01540cb2bc0f38233d45ff6703aef4185e3405551b904ca91a5eb158244a601759c00ad3f75da6dee937c7cba5464b4d393bf474fd8ad7a3e3c69cc730aba2b6c10202e65c942a83b872ada3b169cfa77005f29cfb24ef5b7a29f3af98a71f7a48b8b8fa5e4fcd71ffbaa50853b9820542d801ba5c6108c2169c474d3cd2684f3e15294b6052f6d519f8d288ac19dcd0a3b434b50df3a17cfd9496fc356e6285e5f034d9458618073b037c44822ba9f4f9d5ca46308c73e694fc00ac9912fc7cdcebe1d05bc76e1bc0e54fb40d5873bff6ff2f152e0d5c4d4aaf6974697a665326af7285ae47f491d25139e987f072a1e3193290391937732fb986502a8dc5edbe2c06e72ec03385dc7d66a9ab581a694f9a3f5d56db670252aadb90a1e382eb4b39e42f0ec9c12de3c094fe01ace461716af84637fbca7681b712f600266d4341d7d4d8b79e470b", &(0x7f0000000600), 0x1, 0x2}, 0x48) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000080)={0x44fa, 0x3, 0x4, 0x40, 0x3, {0x0, 0x2710}, {0x4, 0x2, 0x1, 0x0, 0x3f, 0x58, "57ae2293"}, 0x7f, 0x1, @userptr=0x1000, 0x6, 0x0, r5}) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r6, 0x0, 0x480, &(0x7f0000000700), &(0x7f0000000740)=0x40) 13:06:12 executing program 3: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000080)) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) write$UHID_GET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000040)={0xa, {0x1, 0x6, 0x65}}, 0xa) 13:06:12 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @vbi={0x7f, 0x17e5, 0x8001, 0x49433553, [0x5, 0x15], [0x1, 0xfff], 0x1}}}) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x84200, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@cgroup=r2, r1, 0xf, 0x6, r1}, 0x14) ioctl$vim2m_VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f0000000080)) 13:06:12 executing program 5: ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wg1\x00'}) 13:06:12 executing program 2: ioctl$SNAPSHOT_FREE_SWAP_PAGES(0xffffffffffffffff, 0x3309) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x0, 0x0, 0x0, 0x2}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0xfd}}}) [ 1431.286815] warn_alloc: 59 callbacks suppressed [ 1431.286819] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1431.313227] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1431.318367] CPU: 1 PID: 31576 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1431.326243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.341238] Call Trace: [ 1431.343848] dump_stack+0x1b2/0x281 [ 1431.347483] warn_alloc.cold+0x96/0x1cc [ 1431.351461] ? zone_watermark_ok_safe+0x220/0x220 [ 1431.356299] ? trace_hardirqs_on+0x10/0x10 [ 1431.360536] ? deref_stack_reg+0x124/0x1a0 [ 1431.364774] ? fs_reclaim_release+0xd0/0x110 [ 1431.369186] __vmalloc_node_range+0x10e/0x150 [ 1431.373687] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1431.379050] vmalloc_user+0x47/0xa0 [ 1431.382677] ? vb2_vmalloc_alloc+0xa6/0x2d0 13:06:12 executing program 5: r0 = fanotify_init(0x20, 0x800) fanotify_init(0x48, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) socket$inet6_sctp(0xa, 0xa, 0x84) fanotify_mark(r0, 0x4a, 0x40000010, r1, &(0x7f0000000080)='./file0\x00') 13:06:12 executing program 5: fanotify_init(0x10, 0x0) write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x4d, 0x2}, 0x7) 13:06:12 executing program 5: r0 = fanotify_init(0x2, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) fanotify_mark(r0, 0x60, 0x30, r1, &(0x7f0000000000)='./file0\x00') [ 1431.386999] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1431.392544] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1431.396695] __vb2_queue_alloc+0x47a/0xd90 [ 1431.400942] vb2_core_create_bufs+0x279/0x5a0 [ 1431.405440] ? __vb2_queue_free+0x7a0/0x7a0 [ 1431.409765] ? trace_hardirqs_on+0x10/0x10 [ 1431.414004] ? __lock_acquire+0x5fc/0x3f20 [ 1431.418242] vb2_create_bufs+0x2e1/0x5b0 [ 1431.422304] ? futex_wait_queue_me+0x3bb/0x590 [ 1431.426890] ? vb2_thread_start+0x310/0x310 [ 1431.431216] ? trace_hardirqs_on+0x10/0x10 [ 1431.435462] vb2_ioctl_create_bufs+0x1f7/0x330 13:06:12 executing program 5: fanotify_init(0x1, 0x101000) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x402080, 0x0) ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x3304) 13:06:12 executing program 5: fanotify_init(0x10, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100)={r0}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) pipe2$9p(&(0x7f0000000140), 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f00000000c0)) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000200)='/dev/nvram\x00', 0x480000, 0x0) write$P9_RWRITE(r3, &(0x7f0000000240)={0xb, 0x77, 0x1, 0x3}, 0xb) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nvram\x00', 0x4080, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r4, 0x40043311, &(0x7f00000001c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="b805000000b9006000000f01c1653e0f01c30f01be007000000f20e035000004000f22e06526c428670f3266baa100ec360f2080660fdb9e004000006736640fc7bb4f3f", 0x44}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) [ 1431.440047] v4l_create_bufs+0xa4/0x150 [ 1431.444026] __video_do_ioctl+0x65b/0x6a0 [ 1431.448177] ? video_ioctl2+0x30/0x30 [ 1431.452067] ? __might_fault+0x177/0x1b0 [ 1431.456121] ? video_ioctl2+0x30/0x30 [ 1431.459915] video_usercopy+0xfd/0xe70 [ 1431.463807] ? v4l_g_ctrl+0x390/0x390 [ 1431.467609] ? lock_acquire+0x170/0x3f0 [ 1431.471586] ? lock_downgrade+0x740/0x740 [ 1431.475731] ? trace_hardirqs_on+0x10/0x10 [ 1431.479970] ? futex_exit_release+0x220/0x220 [ 1431.484498] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1431.489604] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1431.494632] v4l2_ioctl+0x1bb/0x2f0 [ 1431.498257] ? v4l2_open+0x2f0/0x2f0 [ 1431.501971] do_vfs_ioctl+0x75a/0xff0 [ 1431.505780] ? ioctl_preallocate+0x1a0/0x1a0 [ 1431.510188] ? lock_downgrade+0x740/0x740 [ 1431.514341] ? __fget+0x225/0x360 [ 1431.517797] ? do_vfs_ioctl+0xff0/0xff0 [ 1431.521779] ? security_file_ioctl+0x83/0xb0 [ 1431.526178] SyS_ioctl+0x7f/0xb0 [ 1431.529524] ? do_vfs_ioctl+0xff0/0xff0 [ 1431.533488] do_syscall_64+0x1d5/0x640 [ 1431.537367] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1431.542536] RIP: 0033:0x466459 [ 1431.545708] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1431.553404] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1431.560661] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1431.567981] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1431.575239] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1431.585720] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 [ 1431.598120] warn_alloc_show_mem: 6 callbacks suppressed [ 1431.598123] Mem-Info: [ 1431.606792] active_anon:223680 inactive_anon:6741 isolated_anon:0 [ 1431.606792] active_file:6841 inactive_file:44274 isolated_file:0 [ 1431.606792] unevictable:0 dirty:206 writeback:0 unstable:0 [ 1431.606792] slab_reclaimable:21614 slab_unreclaimable:130413 [ 1431.606792] mapped:62428 shmem:6935 pagetables:16015 bounce:0 [ 1431.606792] free:1180278 free_pcp:274 free_cma:0 [ 1431.645367] Node 0 active_anon:894676kB inactive_anon:26964kB active_file:27240kB inactive_file:177096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249732kB dirty:828kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1431.674623] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1431.700740] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1431.727030] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1431.732154] Node 0 DMA32 free:664540kB min:36200kB low:45248kB high:54296kB active_anon:894676kB inactive_anon:26964kB active_file:27240kB inactive_file:177096kB unevictable:0kB writepending:832kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27360kB pagetables:64068kB bounce:0kB free_pcp:1364kB local_pcp:748kB free_cma:0kB [ 1431.762889] lowmem_reserve[]: 0 0 0 0 0 [ 1431.766891] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1431.793000] lowmem_reserve[]: 0 0 0 0 0 [ 1431.797007] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1431.824677] lowmem_reserve[]: 0 0 0 0 0 [ 1431.828662] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1431.842571] Node 0 DMA32: 945*4kB (UME) 195*8kB (UME) 48*16kB (UME) 97*32kB (UME) 21*64kB (U) 1*128kB (M) 19*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 664252kB [ 1431.859731] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1431.870506] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1431.887860] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1431.896779] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1431.905791] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1431.914741] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1431.924165] 25504 total pagecache pages [ 1431.928145] 0 pages in swap cache [ 1431.932505] Swap cache stats: add 0, delete 0, find 0/0 [ 1431.937871] Free swap = 0kB [ 1431.940868] Total swap = 0kB [ 1431.946132] 2097051 pages RAM [ 1431.949243] 0 pages HighMem/MovableOnly [ 1431.953863] 363849 pages reserved [ 1431.957314] 0 pages cma reserved [ 1431.960763] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1431.974409] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1431.979592] CPU: 1 PID: 31580 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1431.987464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.996807] Call Trace: [ 1431.999393] dump_stack+0x1b2/0x281 [ 1432.003011] warn_alloc.cold+0x96/0x1cc [ 1432.006970] ? zone_watermark_ok_safe+0x220/0x220 [ 1432.011802] ? trace_hardirqs_on+0x10/0x10 [ 1432.016027] ? deref_stack_reg+0x124/0x1a0 [ 1432.020248] ? fs_reclaim_release+0xd0/0x110 [ 1432.024646] __vmalloc_node_range+0x10e/0x150 [ 1432.029129] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1432.034482] vmalloc_user+0x47/0xa0 [ 1432.038100] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1432.042411] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1432.047755] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1432.051901] __vb2_queue_alloc+0x47a/0xd90 [ 1432.056229] vb2_core_create_bufs+0x279/0x5a0 [ 1432.060707] ? __vb2_queue_free+0x7a0/0x7a0 [ 1432.065032] ? trace_hardirqs_on+0x10/0x10 [ 1432.069250] ? __lock_acquire+0x5fc/0x3f20 [ 1432.073476] vb2_create_bufs+0x2e1/0x5b0 [ 1432.077530] ? vb2_thread_start+0x310/0x310 [ 1432.081965] ? trace_hardirqs_on+0x10/0x10 [ 1432.086178] ? mark_held_locks+0xa6/0xf0 [ 1432.090222] ? trace_hardirqs_on+0x10/0x10 [ 1432.094447] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1432.099024] v4l_create_bufs+0xa4/0x150 [ 1432.102982] __video_do_ioctl+0x65b/0x6a0 [ 1432.107115] ? video_ioctl2+0x30/0x30 [ 1432.110914] ? __might_fault+0x177/0x1b0 [ 1432.114973] ? video_ioctl2+0x30/0x30 [ 1432.118763] video_usercopy+0xfd/0xe70 [ 1432.122635] ? v4l_g_ctrl+0x390/0x390 [ 1432.126440] ? lock_acquire+0x170/0x3f0 [ 1432.130406] ? trace_hardirqs_on+0x10/0x10 [ 1432.134643] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1432.139654] v4l2_ioctl+0x1bb/0x2f0 [ 1432.143271] ? v4l2_open+0x2f0/0x2f0 [ 1432.146981] do_vfs_ioctl+0x75a/0xff0 [ 1432.150779] ? ioctl_preallocate+0x1a0/0x1a0 [ 1432.155171] ? lock_downgrade+0x740/0x740 [ 1432.159304] ? __fget+0x225/0x360 [ 1432.162751] ? do_vfs_ioctl+0xff0/0xff0 [ 1432.166729] ? security_file_ioctl+0x83/0xb0 [ 1432.171120] SyS_ioctl+0x7f/0xb0 [ 1432.174467] ? do_vfs_ioctl+0xff0/0xff0 [ 1432.178425] do_syscall_64+0x1d5/0x640 [ 1432.182317] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1432.187499] RIP: 0033:0x466459 [ 1432.190673] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1432.198449] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1432.205703] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000005 [ 1432.213041] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1432.220384] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1432.227642] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:06:13 executing program 2: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wg0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000a00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=@deltfilter={0x73c, 0x2d, 0x300, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xd, 0xb}, {0xd, 0x1}, {0xffff, 0x5}}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x210, 0x2, [@TCA_ROUTE4_ACT={0x1a0, 0x6, [@m_skbmod={0xf8, 0xf, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x38, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x2}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x2}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x8, 0xc0000, 0x0, 0x3f, 0x7}, 0x1}}]}, {0x96, 0x6, "284096e59a6c1a4006edde1fec49a2cd946f4d7471ece55140a005e27f3c621d7da98ae684a1b14cd3aa882bd0d244c17b66be7b9688be4e68c643909dede89a48841d34380f889fe486dd66707ec262d96fd1ead4efdf2f493d32f50df22bbc93f871f861f01f6120c5226d75ab866f0906d188db2689615e0ffb3c2fc86fae428b0f9a5c37a5da29a9c064575551f3c58a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0xa4, 0x1c, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}, @TCA_SKBMOD_DMAC={0xa, 0x3, @multicast}]}, {0x60, 0x6, "78f814679cf4d45993ce2a472624957be03e605aa15b3296183e988920142f220df815da6c5c861a8c910ec7b8c8ea509e71a85d1bddff424318704d83c408280baa08973877653aa2cfec966e48395b7ab2bd7aedc341f4a980a4b3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}, @TCA_ROUTE4_TO={0x8, 0x2, 0x2a}, @TCA_ROUTE4_FROM={0x8, 0x3, 0xaa}, @TCA_ROUTE4_POLICE={0x54, 0x5, [@TCA_POLICE_RESULT={0x8, 0x5, 0xfffffffc}, @TCA_POLICE_TBF={0x3c, 0x1, {0xc854, 0x0, 0x20, 0x4, 0x9, {0xd4, 0x2, 0x81, 0x400, 0x1}, {0x40, 0x1, 0x8000, 0x5, 0x4, 0x1000}, 0x4, 0x3a00000, 0x7}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5f72512b}]}, @TCA_ROUTE4_TO={0x8, 0x2, 0x3a}]}}, @TCA_RATE={0x6, 0x5, {0x4, 0x6}}, @TCA_RATE={0x6, 0x5, {0x20, 0x4}}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4e0, 0x2, [@TCA_RSVP_PINFO={0x20, 0x4, {{0x9, 0x5, 0x4}, {0x3d5d, 0x305, 0x11}, 0x73, 0x1, 0x6}}, @TCA_RSVP_POLICE={0x474, 0x5, [@TCA_POLICE_RESULT={0x8, 0x5, 0x4}, @TCA_POLICE_RATE64={0xc, 0x8, 0x1}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x2}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x200}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6, 0x8001, 0x5, 0x7, 0x5, 0x1ff, 0x4ca5, 0x81, 0x9, 0x8, 0x9, 0xb67b, 0x101, 0x1ff, 0xff, 0x1000, 0x8, 0x1, 0x80, 0x5, 0xff, 0x401, 0x8, 0x9, 0xcde2, 0x7fff, 0x401, 0xfaf, 0x5e, 0x7, 0xb0c5, 0x2, 0x3, 0x8, 0x1, 0xfffffff7, 0x6, 0x4, 0x5, 0x200, 0x8, 0xcb3, 0x80, 0x1, 0x380, 0x3ff, 0xb01, 0x1, 0x7b, 0xfffffffa, 0x8, 0x0, 0x66bd, 0x401, 0x400, 0x800, 0x3f, 0xce9, 0x6, 0x5, 0x1ff, 0x7, 0x3, 0x20, 0x10001, 0x86b, 0x80000000, 0x9, 0x4, 0x43f, 0x0, 0x8, 0x8000, 0x7, 0x9, 0x7ff, 0x3, 0x80000001, 0x8, 0x51ce2e5e, 0xffffff10, 0xffffffff, 0x1ff, 0x2, 0x6, 0xa5, 0x4, 0xffffffff, 0x7fff, 0x401, 0x3, 0x8, 0x1, 0x8, 0x101, 0x6, 0x9, 0xc8d, 0x101, 0x9, 0x7, 0x1f, 0xffff, 0x76, 0x1, 0x800, 0x0, 0x80, 0x4, 0xfffffff7, 0xffff, 0x80, 0x6, 0x4, 0x3, 0xfffffffa, 0x0, 0x7fff, 0x6, 0x7fff, 0x4, 0x1000, 0x8, 0x2, 0xd899, 0xb3, 0x6, 0x2, 0x4, 0x7fff, 0x84, 0x1f, 0xed5, 0x4, 0xad5, 0x3, 0x8, 0x1, 0x0, 0x0, 0x80000000, 0x8, 0x90, 0x800, 0x87, 0xffffffff, 0x0, 0x0, 0xd5, 0x7, 0xf5b, 0x7f, 0x8, 0x0, 0x4, 0x9, 0x2, 0x95aa, 0x6, 0x7, 0x1, 0x80000001, 0x1fa8bdd, 0x5, 0xffffa123, 0x10000, 0x3, 0x8, 0x5, 0x4, 0x400, 0x80000000, 0x5729aedd, 0x7, 0x0, 0xffff, 0x5, 0xfffffff7, 0xa7, 0x10001, 0x4, 0x80000000, 0x4, 0x80, 0x5, 0x1ce8, 0x0, 0x7, 0x8, 0x4, 0x2, 0x7, 0x1, 0x2, 0xb730, 0x53a0, 0x76, 0x2, 0xf2, 0x1, 0x3ff, 0x4, 0x2, 0xf8c, 0x1f, 0x6b4, 0x7f, 0x712, 0x8, 0x9, 0x40, 0x9, 0xffffffff, 0x2, 0x80, 0x6, 0x2, 0x6, 0x100, 0x9, 0x1, 0x5, 0x0, 0x401, 0x7, 0x80000001, 0xfbd, 0x200, 0xffffff80, 0x3, 0x3, 0x6, 0x7fff, 0x8, 0xcc3, 0x4, 0xac, 0x100, 0xffffffff, 0x80000000, 0x8, 0x303, 0x0, 0x101, 0x2, 0x3, 0x6bd, 0xfff, 0x6, 0x8, 0x2, 0xa1, 0x0, 0x0, 0x3, 0x2ab]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8001}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x5, 0xa29, 0x5, 0xf6e, {0xfd, 0x2, 0x3b5, 0x7fff, 0x0, 0x2}, {0x5, 0x2, 0xb74, 0x63, 0x4, 0xd0}, 0xadc, 0x8001, 0x200000}}]}, @TCA_RSVP_PINFO={0x20, 0x4, {{0xffffffff, 0x10000, 0x1}, {0x3, 0x192a, 0x3}, 0x32, 0x0, 0x5}}, @TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_SRC={0x14, 0x3, @empty}]}}]}, 0x73c}, 0x1, 0x0, 0x0, 0x80}, 0x4080) r2 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:13 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @sdr={0x2036315a, 0xb29b}}, 0x3}) 13:06:13 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @pix={0xfff, 0xb31, 0x3631564e, 0x6, 0x58, 0x9, 0xc, 0x9, 0x0, 0x0, 0x1, 0x4}}}) 13:06:13 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) r1 = syz_open_dev$vim2m(&(0x7f0000000140)='/dev/video#\x00', 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f00000002c0)={0x1, @pix_mp={0x800, 0x9, 0x36314d59, 0x1, 0x5, [{0xfffffff8, 0x7ff}, {0x0, 0x3}, {0x9, 0xfffffffe}, {0x8, 0xff}, {0x1, 0x9}, {0x8e4e, 0x3}, {0x1000, 0x9}, {0x0, 0x7ff}], 0xe1, 0x0, 0x7, 0x2, 0x6}}) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x3, @vbi={0x9, 0x6, 0x10001, 0x35315241, [0x8001, 0x3f], [0xd3, 0x6], 0x1}}) 13:06:13 executing program 5: fanotify_init(0x10, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000100)={0x3, @win={{0xff, 0x3, 0x0, 0x9}, 0x0, 0xb384, &(0x7f0000000080)={{0xfffffffb, 0x7}, &(0x7f0000000040)={{0x8, 0x7f, 0x7, 0x2}, &(0x7f0000000000)={{0x2, 0x5, 0x8, 0x8}}}}, 0x2, &(0x7f00000000c0)="aaa3c755fe7a43082bd1e16fe29963a2f3b16b204d", 0x50}}) 13:06:13 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1432.334455] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1432.346023] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1432.351175] CPU: 1 PID: 31619 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1432.359053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1432.368406] Call Trace: [ 1432.371001] dump_stack+0x1b2/0x281 [ 1432.374639] warn_alloc.cold+0x96/0x1cc [ 1432.378738] ? zone_watermark_ok_safe+0x220/0x220 [ 1432.383580] ? trace_hardirqs_on+0x10/0x10 [ 1432.387819] ? deref_stack_reg+0x124/0x1a0 [ 1432.392072] ? fs_reclaim_release+0xd0/0x110 [ 1432.396503] __vmalloc_node_range+0x10e/0x150 [ 1432.401018] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1432.406414] vmalloc_user+0x47/0xa0 [ 1432.410046] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1432.414369] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1432.419733] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1432.423884] __vb2_queue_alloc+0x47a/0xd90 [ 1432.428122] vb2_core_create_bufs+0x279/0x5a0 13:06:13 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040), 0x4) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000), 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x1, 0x44, &(0x7f00000000c0)=""/68, 0x41100, 0x16, [], 0x0, 0x10, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0xc, 0x69, 0x3}, 0x10, 0xffffffffffffffff}, 0x78) 13:06:13 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000)='nl80211\x00', r0) sendmsg$L2TP_CMD_TUNNEL_GET(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000008}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x3}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xffff}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x20}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x44) fanotify_init(0x20, 0x0) bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r1, 0x4) [ 1432.432613] ? __vb2_queue_free+0x7a0/0x7a0 [ 1432.436938] ? trace_hardirqs_on+0x10/0x10 [ 1432.441171] ? __lock_acquire+0x5fc/0x3f20 [ 1432.445411] vb2_create_bufs+0x2e1/0x5b0 [ 1432.449566] ? futex_wait_queue_me+0x3bb/0x590 [ 1432.454148] ? vb2_thread_start+0x310/0x310 [ 1432.458472] ? trace_hardirqs_on+0x10/0x10 [ 1432.462712] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1432.467304] v4l_create_bufs+0xa4/0x150 [ 1432.471282] __video_do_ioctl+0x65b/0x6a0 [ 1432.475444] ? video_ioctl2+0x30/0x30 [ 1432.479247] ? __might_fault+0x177/0x1b0 13:06:13 executing program 5: fanotify_init(0x40, 0x1000) 13:06:13 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$sock(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{0x0}, {0x0}], 0x2}, 0x0) fanotify_init(0x20, 0x1) [ 1432.483395] ? video_ioctl2+0x30/0x30 [ 1432.487195] video_usercopy+0xfd/0xe70 [ 1432.491085] ? v4l_g_ctrl+0x390/0x390 [ 1432.494885] ? lock_acquire+0x170/0x3f0 [ 1432.498859] ? lock_downgrade+0x740/0x740 [ 1432.503011] ? trace_hardirqs_on+0x10/0x10 [ 1432.507246] ? futex_exit_release+0x220/0x220 [ 1432.511743] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1432.516940] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1432.521956] v4l2_ioctl+0x1bb/0x2f0 [ 1432.525581] ? v4l2_open+0x2f0/0x2f0 [ 1432.529298] do_vfs_ioctl+0x75a/0xff0 13:06:14 executing program 5: fanotify_init(0x10, 0x0) fanotify_init(0x2, 0x800) 13:06:14 executing program 5: fanotify_init(0x10, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_FREE(r0, 0x3305) sendmsg$802154_raw(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x14, &(0x7f0000000100)={&(0x7f0000000080)="81df53312bbd90a586ff712a0cd51f4df8a8cd83784f732b9728f9d29079dc959ad35c507552263f41851e16af0450a020fd5ad8bacf1d67273023d3e21d755bea72b15935462b3ae61722f98454be83f39a411d216ac4b77fb34aaca77782149d744d8c", 0x64}, 0x1, 0x0, 0x0, 0x2}, 0x0) [ 1432.533099] ? ioctl_preallocate+0x1a0/0x1a0 [ 1432.537504] ? lock_downgrade+0x740/0x740 [ 1432.541655] ? __fget+0x225/0x360 [ 1432.545106] ? do_vfs_ioctl+0xff0/0xff0 [ 1432.549079] ? security_file_ioctl+0x83/0xb0 [ 1432.553500] SyS_ioctl+0x7f/0xb0 [ 1432.556864] ? do_vfs_ioctl+0xff0/0xff0 [ 1432.560927] do_syscall_64+0x1d5/0x640 [ 1432.564819] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1432.570006] RIP: 0033:0x466459 [ 1432.573191] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1432.580896] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1432.588167] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000005 [ 1432.595431] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1432.602698] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1432.609959] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1432.618438] warn_alloc_show_mem: 1 callbacks suppressed [ 1432.618441] Mem-Info: [ 1432.631859] active_anon:223659 inactive_anon:6741 isolated_anon:0 [ 1432.631859] active_file:6841 inactive_file:44282 isolated_file:0 [ 1432.631859] unevictable:0 dirty:224 writeback:0 unstable:0 [ 1432.631859] slab_reclaimable:21614 slab_unreclaimable:130026 [ 1432.631859] mapped:62433 shmem:6935 pagetables:15996 bounce:0 [ 1432.631859] free:1180646 free_pcp:238 free_cma:0 [ 1432.669318] Node 0 active_anon:894636kB inactive_anon:26964kB active_file:27240kB inactive_file:177128kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249732kB dirty:896kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 763904kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1432.698724] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1432.725371] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1432.751963] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1432.757189] Node 0 DMA32 free:666428kB min:36200kB low:45248kB high:54296kB active_anon:894636kB inactive_anon:26964kB active_file:27240kB inactive_file:177128kB unevictable:0kB writepending:916kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27360kB pagetables:63984kB bounce:0kB free_pcp:1076kB local_pcp:360kB free_cma:0kB [ 1432.787771] lowmem_reserve[]: 0 0 0 0 0 [ 1432.791850] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1432.817440] lowmem_reserve[]: 0 0 0 0 0 [ 1432.821414] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1432.849085] lowmem_reserve[]: 0 0 0 0 0 [ 1432.853126] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1432.866808] Node 0 DMA32: 981*4kB (UME) 351*8kB (UME) 75*16kB (UME) 97*32kB (UME) 21*64kB (U) 1*128kB (M) 19*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 666076kB [ 1432.883965] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1432.894745] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1432.912418] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1432.921260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1432.929897] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1432.938889] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1432.947526] 25519 total pagecache pages [ 1432.951564] 0 pages in swap cache [ 1432.955016] Swap cache stats: add 0, delete 0, find 0/0 [ 1432.960376] Free swap = 0kB [ 1432.963443] Total swap = 0kB [ 1432.966453] 2097051 pages RAM [ 1432.969541] 0 pages HighMem/MovableOnly [ 1432.973595] 363849 pages reserved [ 1432.977037] 0 pages cma reserved [ 1432.980553] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1432.994998] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1433.000271] CPU: 1 PID: 31627 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1433.008142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1433.017501] Call Trace: [ 1433.020080] dump_stack+0x1b2/0x281 [ 1433.023701] warn_alloc.cold+0x96/0x1cc [ 1433.027672] ? zone_watermark_ok_safe+0x220/0x220 [ 1433.032507] ? trace_hardirqs_on+0x10/0x10 [ 1433.036729] ? deref_stack_reg+0x124/0x1a0 [ 1433.040956] ? fs_reclaim_release+0xd0/0x110 [ 1433.045448] __vmalloc_node_range+0x10e/0x150 [ 1433.049931] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1433.055278] vmalloc_user+0x47/0xa0 [ 1433.058952] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1433.063256] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1433.068608] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1433.072749] __vb2_queue_alloc+0x47a/0xd90 [ 1433.076969] vb2_core_create_bufs+0x279/0x5a0 [ 1433.081449] ? __vb2_queue_free+0x7a0/0x7a0 [ 1433.085899] ? trace_hardirqs_on+0x10/0x10 [ 1433.090114] ? __lock_acquire+0x5fc/0x3f20 [ 1433.094332] vb2_create_bufs+0x2e1/0x5b0 [ 1433.098531] ? vb2_thread_start+0x310/0x310 [ 1433.102841] ? trace_hardirqs_on+0x10/0x10 [ 1433.107067] ? mark_held_locks+0xa6/0xf0 [ 1433.111193] ? trace_hardirqs_on+0x10/0x10 [ 1433.115414] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1433.120098] v4l_create_bufs+0xa4/0x150 [ 1433.124069] __video_do_ioctl+0x65b/0x6a0 [ 1433.128254] ? video_ioctl2+0x30/0x30 [ 1433.132038] ? __might_fault+0x177/0x1b0 [ 1433.136091] ? video_ioctl2+0x30/0x30 [ 1433.139878] video_usercopy+0xfd/0xe70 [ 1433.143788] ? v4l_g_ctrl+0x390/0x390 [ 1433.147580] ? lock_acquire+0x170/0x3f0 [ 1433.151547] ? trace_hardirqs_on+0x10/0x10 [ 1433.155794] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1433.160797] v4l2_ioctl+0x1bb/0x2f0 [ 1433.164405] ? v4l2_open+0x2f0/0x2f0 [ 1433.168100] do_vfs_ioctl+0x75a/0xff0 [ 1433.171989] ? ioctl_preallocate+0x1a0/0x1a0 [ 1433.176386] ? lock_downgrade+0x740/0x740 [ 1433.180524] ? __fget+0x225/0x360 [ 1433.183960] ? do_vfs_ioctl+0xff0/0xff0 [ 1433.187919] ? security_file_ioctl+0x83/0xb0 [ 1433.192371] SyS_ioctl+0x7f/0xb0 [ 1433.195718] ? do_vfs_ioctl+0xff0/0xff0 [ 1433.199833] do_syscall_64+0x1d5/0x640 [ 1433.203706] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1433.208877] RIP: 0033:0x466459 [ 1433.212181] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1433.219871] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1433.227126] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1433.234388] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1433.241650] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1433.249011] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1433.262870] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1433.277900] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1433.283521] CPU: 1 PID: 31649 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1433.291405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1433.300753] Call Trace: [ 1433.303339] dump_stack+0x1b2/0x281 [ 1433.306973] warn_alloc.cold+0x96/0x1cc [ 1433.310951] ? zone_watermark_ok_safe+0x220/0x220 [ 1433.315795] ? trace_hardirqs_on+0x10/0x10 [ 1433.320034] ? deref_stack_reg+0x124/0x1a0 [ 1433.324266] ? fs_reclaim_release+0xd0/0x110 [ 1433.328664] __vmalloc_node_range+0x10e/0x150 [ 1433.333145] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1433.338487] vmalloc_user+0x47/0xa0 [ 1433.342105] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1433.346515] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1433.351860] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1433.355993] __vb2_queue_alloc+0x47a/0xd90 [ 1433.360289] vb2_core_create_bufs+0x279/0x5a0 [ 1433.364768] ? __vb2_queue_free+0x7a0/0x7a0 [ 1433.369080] ? trace_hardirqs_on+0x10/0x10 [ 1433.373357] ? __lock_acquire+0x5fc/0x3f20 [ 1433.377680] vb2_create_bufs+0x2e1/0x5b0 [ 1433.381743] ? vb2_thread_start+0x310/0x310 [ 1433.386059] ? trace_hardirqs_on+0x10/0x10 [ 1433.390282] ? mark_held_locks+0xa6/0xf0 [ 1433.394323] ? trace_hardirqs_on+0x10/0x10 [ 1433.398539] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1433.403104] v4l_create_bufs+0xa4/0x150 [ 1433.407062] __video_do_ioctl+0x65b/0x6a0 [ 1433.411201] ? video_ioctl2+0x30/0x30 [ 1433.414985] ? __might_fault+0x177/0x1b0 [ 1433.419034] ? video_ioctl2+0x30/0x30 [ 1433.422814] video_usercopy+0xfd/0xe70 [ 1433.426686] ? v4l_g_ctrl+0x390/0x390 [ 1433.430490] ? lock_acquire+0x170/0x3f0 [ 1433.434447] ? trace_hardirqs_on+0x10/0x10 [ 1433.438667] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1433.443667] v4l2_ioctl+0x1bb/0x2f0 [ 1433.447274] ? v4l2_open+0x2f0/0x2f0 [ 1433.450971] do_vfs_ioctl+0x75a/0xff0 [ 1433.454765] ? ioctl_preallocate+0x1a0/0x1a0 [ 1433.459340] ? lock_downgrade+0x740/0x740 [ 1433.463471] ? __fget+0x225/0x360 [ 1433.466905] ? do_vfs_ioctl+0xff0/0xff0 [ 1433.470861] ? security_file_ioctl+0x83/0xb0 [ 1433.475249] SyS_ioctl+0x7f/0xb0 [ 1433.478598] ? do_vfs_ioctl+0xff0/0xff0 [ 1433.482570] do_syscall_64+0x1d5/0x640 13:06:15 executing program 2: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x80000000000, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) socket$inet6_udp(0xa, 0x2, 0x0) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x60) 13:06:15 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000440)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0xa00, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xd4) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) unshare(0x40100) 13:06:15 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1433.486442] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1433.491618] RIP: 0033:0x466459 [ 1433.494786] RSP: 002b:00007f5883d97188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1433.502476] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 1433.509743] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1433.516995] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1433.524245] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c158 [ 1433.531497] R13: 00007fff3377dd0f R14: 00007f5883d97300 R15: 0000000000022000 13:06:15 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x80, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x8) 13:06:15 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) socket$inet6(0xa, 0x4, 0x0) 13:06:15 executing program 3: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x1000000000001fa, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:15 executing program 5: fanotify_init(0x4, 0x0) [ 1433.607372] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1433.619680] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1433.641799] CPU: 1 PID: 31659 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1433.649732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1433.659196] Call Trace: [ 1433.661790] dump_stack+0x1b2/0x281 [ 1433.665426] warn_alloc.cold+0x96/0x1cc [ 1433.669406] ? zone_watermark_ok_safe+0x220/0x220 [ 1433.674250] ? trace_hardirqs_on+0x10/0x10 [ 1433.678487] ? deref_stack_reg+0x124/0x1a0 [ 1433.682830] ? fs_reclaim_release+0xd0/0x110 [ 1433.687244] __vmalloc_node_range+0x10e/0x150 [ 1433.691743] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1433.697104] vmalloc_user+0x47/0xa0 [ 1433.700734] ? vb2_vmalloc_alloc+0xa6/0x2d0 13:06:15 executing program 5: fanotify_init(0x10, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x8, 0x5, 0xfb, 0x38, 0x0, 0x0, 0x20284, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000000), 0xb}, 0xb087604e70dbc8f8, 0x0, 0x4, 0x0, 0xd6, 0x20, 0xffff}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x1) 13:06:15 executing program 3: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000040), 0x10) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) write$UHID_CREATE2(r0, &(0x7f00000002c0)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0xc6, 0x400, 0xffffb489, 0x3ff, 0x5a8, 0xfff, "9e695a82d8fff8a61c74db5e93cc74a95459598ee1a4df374ccce0f300b062b50dc98fc7f3bdcc4ee47e499d14fb515b407d65ffba0d131157ed3c8d8383f18fc01d5a5f91e9098de70c065a24090d99329fce47a10ba5c04504ad602f5ae5a9513669f61c932aa22d5029d2d4e3d1cbe27e6e4fc18489deb88fbc0b3f5087b464e9a2a07345967295763444ad7ea70ab0a19076115fffc2c510c98aee82a55421ba8d8a4f425abd52fd032608e86f5598e28b663edc8f9ff8327202bb60470e6f0282c352a3"}}, 0x1de) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) write$UHID_CREATE2(r1, &(0x7f00000004c0)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0x7b, 0x1, 0x59e919e1, 0x5, 0x7, 0x4, "6a866a8dd8c4890432d9c3c93d036ac26019795c8dc2f0b641ce1290d62f8497fc3e3625db1f6eeeac09075c144f746ec197744a7536bf00c9bc8d3eb3c45fc475a458e8b747fb49f4b2700b0d67d416ff06cd73fcb541d8fd58a6c59626bec6ce7dcf2a4af21f524ac54d2f2ee84f0a9c2ed629ce6b5f746979a9"}}, 0x193) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000080)={0x2, 0x0, 0x1, "fbe8e4cee35b2cf48409fedae37396fd2d30958f06eb71375c2af140ac8f07db", 0x1d740d17}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @pix_mp={0xfffffdc4, 0x2, 0x59555956, 0x5, 0x6, [{0x8, 0x6}, {0x7fffffff, 0x16e}, {0x10001, 0x7ff}, {0x9, 0x2}, {0x1, 0x6}, {0x2, 0x4}, {0x6, 0x44980000}, {0x1, 0x5}], 0x1, 0xfa, 0x4, 0x1, 0x4}}, 0x3}) [ 1433.705056] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1433.710419] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1433.714571] __vb2_queue_alloc+0x47a/0xd90 [ 1433.718824] vb2_core_create_bufs+0x279/0x5a0 [ 1433.723320] ? __vb2_queue_free+0x7a0/0x7a0 [ 1433.727650] ? trace_hardirqs_on+0x10/0x10 [ 1433.731885] ? __lock_acquire+0x5fc/0x3f20 [ 1433.736120] vb2_create_bufs+0x2e1/0x5b0 [ 1433.740185] ? futex_wait_queue_me+0x3bb/0x590 [ 1433.744766] ? vb2_thread_start+0x310/0x310 [ 1433.749092] ? trace_hardirqs_on+0x10/0x10 [ 1433.753335] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1433.757921] v4l_create_bufs+0xa4/0x150 [ 1433.761901] __video_do_ioctl+0x65b/0x6a0 [ 1433.766044] ? video_ioctl2+0x30/0x30 [ 1433.769833] ? __might_fault+0x177/0x1b0 [ 1433.773911] ? video_ioctl2+0x30/0x30 [ 1433.777723] video_usercopy+0xfd/0xe70 [ 1433.781623] ? v4l_g_ctrl+0x390/0x390 [ 1433.785430] ? lock_acquire+0x170/0x3f0 [ 1433.789403] ? lock_downgrade+0x740/0x740 [ 1433.793593] ? trace_hardirqs_on+0x10/0x10 [ 1433.797833] ? futex_exit_release+0x220/0x220 [ 1433.802328] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1433.807432] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1433.812450] v4l2_ioctl+0x1bb/0x2f0 [ 1433.816072] ? v4l2_open+0x2f0/0x2f0 [ 1433.819785] do_vfs_ioctl+0x75a/0xff0 [ 1433.823588] ? ioctl_preallocate+0x1a0/0x1a0 [ 1433.827995] ? lock_downgrade+0x740/0x740 [ 1433.832157] ? __fget+0x225/0x360 [ 1433.835609] ? do_vfs_ioctl+0xff0/0xff0 [ 1433.839588] ? security_file_ioctl+0x83/0xb0 [ 1433.843999] SyS_ioctl+0x7f/0xb0 [ 1433.847357] ? do_vfs_ioctl+0xff0/0xff0 [ 1433.851318] do_syscall_64+0x1d5/0x640 13:06:15 executing program 5: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) write$snapshot(r0, &(0x7f0000000000)="0a0dca787cf80310e9039a2ba792dd4204060baf3891557eb2bb7303465bea9d8f6a645107b68cbae2924187a0b04d41a18d30e52bcc2bad59b90894c699480666d2bf1d3e714eba5fa8eab228e8a2b8086b4d5753d75fea922493c00a995d11c73349c4e4e12d35f419c292820475564ed01b7132694cad9c1c59aeb4c93d28", 0x80) fanotify_init(0x10, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001740)='/dev/mISDNtimer\x00', 0x2000, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x2, 0x6c7b, &(0x7f0000000080)=0x400}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f0000000180), 0x10) sendmsg$sock(r1, &(0x7f0000001780)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001ac0)="0f78f3172bb2dbbd77e99c1782662e3285557710d97132ba3c5947cb43995d6e37bc491d7b99b122ccb0d09ad5cb78734193c66716b9d9552d6c0a904cfca5960d057b56345aecc78374b0c9715f1217558a316de0ebb5cbfba584560cd84ab5f9e3bedc02be530cc4467329581a3f75a4608d875e9273793a4974140d983e5ef6b4000026f0b7544685e4cfe8f6496dbb754efe00db1d72c5a11b856cd1c85af52289d37b670901d7805cc109c372c48d1d2f580000000000004bf57f2befa053311159fa43b2d89c0a54b9114b18918b6e10a46d3e895c553416035eda56c6560f040c1905f2bcca67b5659a8faa5480a6ca50dca0db39e1cfd4238ff00e5a86166eb26658bec472cf4a9cdb1750fa8f34b22926c44b3ef1c88760b4da17200533259b58259bec3f239be97d42f9953042897e8cc6e96571fe911a7a247157fbed376fa343b3514f9c73584b35b2cb7082c93eeb58033188b2540af6cfebd680fc2237571037214409e7b4afde94647f2f275d2476daa9685543e93a50c03f9b12116515e67805c32a4d952abc63b180d22659b4e103b57e1cbc870de26d9cf8d137c424abfa1ad5605d9f7f891140aca665bc3721b3131a88e3bc3777f2a40e26071ecb76d0c1255235bca837a616bb834088fd09be6835610f2467eb38fcaef693f58e08e563e339fc86c07c6cf3a7048bcc04fb94d12dfc", 0x1fa}, {&(0x7f0000000100)="5edf1a31c6bb81b3136844e55a6c2d937503bc30750071bb396d5fc0a2c4d05cbdf9f0264a1c8ce160b48aea4474280526e870d52ddc98ad1eff4a099c50e931410efaa892c4032333443090e71373bc646bc021c3d421c25e8a72e8bb", 0x5d}, {&(0x7f00000004c0)="52fc971a0b615ea268654ea30159aa7f31e845743bf21e012403d7c22b0b9afc63a98cd4110791160e6a49dc5ef314954d502998447a68c8fc4fec4429752277c11a1446a5959566a8e07a18232d80065aee30a80aa7eb446a99ab5806e6d3210096be4210128c841b991fa2b4f508d81b118d89fd649dd9ebb78a0e1bec82d5ee4e8d7b4e04ae282f69eece977e2787fca6010bd0e7f8d77b", 0x99}, {&(0x7f0000000240)="0adf3ebe02a3d2eced7c41c247b882aa99e7efbc2e925fde3f9f8eeaa29e88d945e4f35d48bb7f56ddcb1eb8b16349a5f0d06d5cbf2a3544e1261d", 0x3b}, {&(0x7f0000000280)="6eec45f8cb6a895dfaec267fb6dc1c16de1f91d54822d7c5d4c2140c771e831de6089f94f16c3ad6b2db1d4ab681d0ab593afd33187c4880f9d404c5307f8447ea0b081f89516fd00a8641b2bfff34d65a9f2fcb1e6015f4fb193fc1d2c5ccbc6a284c4a6a111850b6b380a2f53713e610ba07975c0927e8dc7c969b4c5c6090ea87077b37b2e577e99e66f625f31296e58db9e7285bcebf99536d51998a97a7ead63e0d9b3a98446d", 0xa9}, {&(0x7f00000018c0)="0dcf6b26551bf0709cbef7de5052a4e75d0e6528c5cd8be7314b5851c20235f4b06241111e9eaf1eecd7fd609987ba92a2327a9cfe078f69d0e6059c4ed42d3da06907156429f4ca50c525a2b1a1dfe79ef1bc115df4d4b2d931cf84b752163261757dab8763383a77f6592ab12cfd8079f98ef4b2e8734ae6933a685142d3b97ab5a7df731b1ea3f2cbd7012cc2ea01000000000000007ee62ce48d6554406294c42392fd6ab27dd359845cd91571f9aa2e4e88fbe5dbd248780c4cd743d2fe29646185d510acff609112899e9cec7658a4e46a4526a5b7f9caccd1b29b", 0xde}, {&(0x7f0000000400)="824078600b7adac3bfcf91ac4a120f7df824fca5bcbbac7e149fdf408e68c7f8ad3d929804e4f88811635952046ad436460e8fa27f0abb8f4d5779c38f0a58b1c721b1ad5c283e963d5860a52bd77778efa9b0f1ef188991c11c629aad18d1ca73dc1c26c85c0ec03e70079885e69b7179f7fb67228187ab2840baaf45b97caa5f8fc00948f3af2d9b4495ec78576b717c5657c433458595b77778bdb43b98fd20aa44fe9d", 0xa5}, {&(0x7f00000019c0)="f892216a6e4ce0ffbccdff92d78ae7850b91e4cb9bab555f10ed7f3b81544e2ac37b9c596af5b9de3fe64b43612e28357eace7bc0400fd61d2e6914277f97a992c169ea83f42c1b2119f4cd0630715269a4790e261a31c542fb8b90012003b8742580a8d09d85979aa90cdf062dba6561ad1477b5edeb34ff12dbd58d7e46421b9bbb72b01ee2b93d7438e7a04de8343e962f44c05864a169445310a7f0985bb2cf651335ec33f779dbbeba5e29f488dd698860310472b7e89bf89dcf8b22cbacce579ad6747dfa158ebd7ab4e4a49e0bc0d789e86bd36a15c80dd9e87de046871336e2711f424873b7a1daf5889b202fe7f8bae", 0xf4}, {&(0x7f00000005c0)="514a9215dd3a4917c7857fa695a485e3fce29d4a7d0762e410ab5ca1535450cbe60e4dc52fa40a80820c39874424660b6c097c1c4b7bb42bdeefd7404b2c7b152083b6795be1a30c713374ad867af880e1db6c66420a7f7196b02e4ff7da33b3d1304b71bd5eb1182eb5a0490db1756f74ce82cbaa32b859ac8451d826dd38e438f12bfa946bd69f657fca93aa2a0e6ce879ddd45c5ed65565f8d0ce3e8ed2e6b837a5fb7d2046c0b7d8609818ec952c36adc6bb2d2989b064d41fc214348b86299745d04d90bec03e0cbcc46b91769b6cb0e1650c1c71123834a7a9397cf8f329b46768cfd04bef059b698c8d3e65fdc50a24788bdb1976094d6abb7f8b6a4728f10fb163bee82c310cba0fd8050dc84c5ba243ddffebf773f0c315e3ee042a0fd359153a26b853d32935ee6270b6eb78ffdf18380cc03148df1af9c5b42cfe9053a5ee9643761b4e607682688ce72a5bd90060d8eba2ad5565e3a149cb0fe4f83946dee3986144a4db35c4066f53f0670cc9489167a2b0b57c608042a0d2dfddc1aed82bba1f37942ed89f02e959d43da2e7e5d8d45222e2c7adf3c828d7f529ed79d6352f446897ddf24a676aa4718ff77a67ad8ec092901ae075beb333250f9750e30f5ce142b077d55a49568c9514326f9f49f8218bb1a1e7631b8563bd16ca8f94b5fe492f6b10190bcaf237af1f2ba292fca714d9690979ecd077a0594aca906e8f20214aa3009e9d1a43cae2e5e3ddb59303077502ca92be1f1f318c510be57f3c902ba6c4596a717c2acda682fbaa056485709810e1a2d4741fa65848f8dd7d9f171129a37c4d410abad8b33a0b71544620f5791acdeb25166d483875edefde9a22026a32d50c7846cfae0bc69683c4e6457c72ef017c8918573a3affb5d2f8ed9ce825bcee04a5a5a8ab3fe959defa53e0e6fd276b6e24cc7dff7958f31b43c67ce1c3555774336dc1a9b9d09653bce1b5a0da18c62ce9259b1d75a1da6937c55fa6ee473064ee273422a7f49263fb15c8b58ec6014ffc38813ac4863f2d040a1f97860b7c34918e29f24b36f39eecf28c53af273bde57999cd9f0e6c52620b34267cbb2caa192d865a3d6061186bd9818d0861fc3c2b2d1a5c9f37a2ab42b4652c44582bf8efd4f95bb9e3c3271f29bada264da6b02a3ed751ef75aea647ad5af757534796d2f12da1d6c626c716859b98d1a760d37cdcc750201a54abcd4122e4c2785d5ddc32b243694941731cddd8619755af6ebef664bf9bedf20abbeeb9e99509c25f0dffacf42b339dfce0b05adcd3104d6e8ca59d2a73c938e48743dcafc345e9eeed7b1b4a85b535953f42e6829362938f8befe7da5a2f21774375443f945b64e8b3359798c85826b23fa9e680f5c6ba8b1a78efa13ff68a26a8fb635004abd9fa152e6915677676d2506d85c427a4eb870fdba651f1b38b0cad41b37f4eb8d1a8646c13d0d68e8602dd4af73d4f7e6924060450c8bb36e57f4961a7a5b80fdf51d0b095e3bdd26e9c9fd2367de76e66a22aa82b352d168ccc726f1e4dd0d74f376cc9625243e22fd7c6022ea88df7fad663da6b3346736f2da01897a04311b15ab52119758e7e583ff50d819a44ff11893fde35cb087a07a976e5d092cddcfc567671a34f17cb98a2510435b37a9323ef965ffa1278bac165c6e2216d670ad5218f3853285e14704e38e953343160249c30544faed1d494237ee1731d25b0b35b13e8dad886c3876db5a7dd1b5e94732d8a38b93b48b3b54631096868dcc4b6f4d574f393afd59479dbd6f9c3328b52bc46dd0e60aaf6b82b1eb82b92097d1c3ebddbe631ef0b18c6cab89bb110cb2ba04ace1dfb3af425197f33455611c284b80679467b37f45d2520a5ed00822814df2568d4322c21d54edd41dbbeee9f21bfcb0d374fe89c507b8b9b244940549524b0f696f160a04491e30a389b63aa921403ea34a8a3b78bdb07319590123f4ddc77df8db8bd31299ae46a39d5f260e8016e2929efaedba126d321cff6d0749d16854dd392b4c661d05fbbfb9d16b22a06e0c3f1c0d8af71e7fb627b0314d7ee520e56987342b2c04d9f5bde15ac9ecdf0cee297a8e82357a0f157531a62d52f625188a876b678ce434c7f91622520f3712d273ce47ed6b095f68bd64b892a33439a729f776cd8ba1bbda886bd091c6a402752278415d08be77df54abef4acfca81ea5a6405110726c3c1ee8201c75a3ded5d256d65361a664c365b43b2cdc4daf20f62a8671c22af61083f5f1ac5c1229fd8e7e4bb8930435ac6315f353ca26219b616f290363990dbd4f0a730211fd0980d4d77d7ff6b311ecda377819dcde982854a2efdf9926d54cbed75dafe1912e8d0db33b9b2bcdb97d1ae82134690312a9995e56f63ba81385e17f90de2fbbf9eff7a01774d4ae37e27e54798501988de14c07484447cd21f09312be14c622937327cc26f1aaf2c55b10f61314be17fdcef4bda022ffccce86c1ea10f76f3b95e404c7c0425f2b2f4782230bf5590089c12739a59f404c878817f94d565e5bb27bedaafd9bed16e30510ecc82d2da8aa9476f0f958aa040ad8f102707fb8081090f97e3d03e87e3804193a46c48fa32e178f1daf9a08a7e76e2bde90ffd3c123242499ca5c063bf6dd0a57387d0f186906fbff293260ce12fdd8051f707008e40d81935e342c3a63b648f02b4e3db237d7aec01271a51032452230594aae84e5117ecfead42cce577b39bf6975c4c0b687614fef6d706aab0b48c9d6b05618de2fd0d946f356a723beba3abfe573546cf086f900c7c97681321b09c82417259c7815f4baffc012d453963324fd6292aa6300d089581b45e72f94e6f883fccf8626f8e46c8bc4169fe046c8ca958485c0e3b7977c86b43f7adb431f49ce2f5fe15dc2e80255112847e9f31b0e2534a06a191460edb05c3aa64ed3368956eb2e779d3c2fe91ca04af5522c0b7555af2a5999397034b5d23bbaa7a57b5f67b7f0d05554638c864aaeae73447757cb23275b95b39bf6a31621f9af53b75044e74f4fcb2e700509be484c083896f9cc7d181789b3c1f46ea6887672ae791ca0e21c980a3e7513742819d3a8096d5d25984da5db3bf541bd0f22eedb712b6bc597fece4505acf88261a6171e114c2da0e687a43f8f09ecba8c546472c92d3cd1d28ce531d80469078adb535b79932394f2bf4df12af5d45426a55f833ae3d3169e912fb8263c6ba525d4b2f207b62b51970f691f755feaa823e7ac816fe796ea418e75b883df1c5124ec11e93fcc944b66bd313d651b3c4a123318eafcb13fc447d81381e53b5288a32195c744f64b477ed8fd7c5aec42e8e97ed1c73c4cf2d481350e6e50f9b283d0f1734cdab170b87841c1f78efa02ccd2c226c66c91cda626e5934930b137e3b9f9270a9c2bd48dfd81e3b6cc17d8af0db9213d1ab916b1c48da91107e0d5ecdcee9c8face54d9c4410342717de1f2c2c0f780f869a5d30e6bb71ca65065147f905fff922a9987ade00f5ba342edf59507493ef1330bc9da9ca8525d2ed4e08e4f01abd72e46b6a941a548401ea861e17bd10758bc2ddc219d7d0bcb115da01127e108942946997d75528810805a9ec1fd0d00bcbde76716a652f49f8cc43315f579656bc2fcd1a4ebe8efca19496d5c7b62e2cf2f7e0bb7103254732200b0c6cf696af1e11aea266f24b14526e937dde8a412abe3d8a3806f4fff650c76816ff795f288ff6d2875a4218c5f5dd8066c35bdcb65c148f900869af94ef915f13e51abc19e16ab7025680feb7aa2e71941e6037fa311572cfbc752f2fe6b53488fa030b4d48901eb5dc2e16d2813ca6b818979631fb0c5cf59d1475889aa45469caca82cc76ee658058425135665ba96769e2a543b082fe7fba2dcc243a49289da19c8cdc861cfd29a5c15438f7c75be4815b72b9368f855d872c248309256eae27fb6519d2e8f8661fcfa31cb202c2d924015991b4be59f186959a2e3df0880b8226eef147f97f5d091ea4be53d576df95b3ca6f83e8f1af9723e057011aac21a12b01a7c0269cd37abef4504d067431a1cc79c192e1384d3386ba7150ce03c942818c48d0d98f1147701475463b6f9bfeac0acf0026e12405cffaac95122ea552d5351c72f06fe65d499704a01bdb71570df5a8cb113f0eea7a02e3f30cb714b5a4378cf08c6cf198b9e17a0c299e1df7dbca478a3b649feaea8c67dc43c087b98bd470e37bc4c5476f0bf4829d71273be190ef6e44948c75fb9b91e69e4f636090fd317f9510ec01add4984c12f83656c2d997859ccec1a75ed25c29ddb428d32ddb1f9e741bd97dbb434c5128419abdaffaebb43019df21818a0813134abbdf13fa8c3b4d2937f28c5fde5d1d59d87026160221f48719278e4477ab91ee5bcfa0613d43ff5385b9eba7f2418728b3eec1a09d6a9de8b6bb4b7bb566170796bfc245cc65fc890f926c17b276faba239a228d5827475af98676ba0d31897cbef39502b6eecd312fd284ccac413be7f66b8102381463bbd0e98280c924bb183867edbd13ca79c39601358e6542867a85aef6cef5ba7ab473f688a0424174409d9757044a4e6cc2cee203a082455caa83d386423095630bcd2ee6f3fb85d1a16641e7fb725a2556eb0d74a335b058325dd3a89b3e56f254dd6120cdcb4d709bf239620012379442aaefce215398c085ccc0795fd62bfb79b8fdf333ede0a5821c55307c71da29c0722172c6f063cc8ab4ae8467ab1f39cce355cea09a2785bb0b750cf29c1f2f2e3cda7bc73c4ef7866fb7326997bcd95cdab1de6eb127b02550bf43eb8376530408765e683db828f02b981953fa7abfee1fa53c9a55b30f063c4a8913d541a69454182b350de2a8691262bdf496afe07cd853c2ebcdb6ed5d99116d28c25ea147369fddd2dddfa8ecc9f4e1bf4ff4f2b7072cbba6ef33564fbd073b4f9fdf499c0be40b0de68da1003f39921604712f80c89eecb035946401fd690892c530f5496906c5fb94076142f8644780c6938924315510589642777ce8021b258bbac3e3ed8742aac9e4db8e83cdf3b99a4d9c343d857c360da769583f5894ea3341e0b0b117f9e7b67b51ccbdfdf62fdac66ea6466dbd04ad9eb32feb559bc5d7303025ce813a56ecad1fcc01ce4ea48838ede0c58bbcd7e109f320598d9252081bd8a2da96052acfd9694ae300aa3fafb390323599f0667b4102e4cf4f92959f4793e7e09c050af7630ce78652608b35d9d8cfcbe25ca2d0afc10428c2d3fb4895f37626b40bb52d54efa13c6ac20a83504757f2821b9338e4e73fac8c4aae153c8e024963446e1de9ed79e9df949376e73a332282ae183f700a5ff3d44c48f4d1a25f535d6b88f1718c6a6d8e6b40a738ecd632eb979f204f2fa9aae6215b5b40572f3566e385ab2cbcfd2beec100eff67f47ea762794ec3e257925dac24df807006b163125fe7b5a41fd2bb5aad57fa65dbdefa80be57d882cb80e95f9687a001d49b3bb10f2c505c1010393e0da2cc9850d86ff4ef5946d4911f573de50dc2c7b88d083bd1070b19fbfe0c2ed688df38591a0cdc9e30b655b75a0138d2c09c9840253a850e0da47cbb78353a73db4c904774dbf4c9f327d1e085c83550caa54f815aa37a998e1c82630cb6b2c7bb811e2de280522bcdcdd7a405080564570e6645fce50ea494b61d502d7b5e04518d52a9db7760d9a212cf029c462f379d51d7b9e5b5db7bbfae7d91cc2b1c8d2e8e54e8aa32639394fdedf258bdaa72daf5870137610be756ec93be99e8", 0x1000}], 0x9, &(0x7f0000001680)=[@timestamping={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0xff}}, @txtime={{0x18, 0x1, 0x3d, 0x100000001}}, @mark={{0x14, 0x1, 0x24, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x5}}], 0x78}, 0x20008040) 13:06:15 executing program 5: sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x1f}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x8004) fanotify_init(0x10, 0x0) 13:06:15 executing program 5: setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000180)=[@window={0x3, 0xc5, 0x628}], 0x1) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x13, 0x1, {0x80, 0x2, 0x6}}, 0x14) fanotify_init(0x10, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x1, 0x2) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r1, 0x3309) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x2, @raw_data="985f8715c3e39f86452b79664be7cfaf6b9fcb9a58a0e6b6f17263995e6529289beb224c8d0e8108620f0b1b93bbf3375ab226b632e389090cd4a23e292647bdb3a3488dc477c5e84b39d576640e4f27815a3b3fa55e60d5c41042d61531884bb577ec7fe57abf8faafd7f26d9fcd36e42dced133be693d5b79e54b40a798107389c43af927904cccc3d96313c6571e8c7a60cd2d32568edbe961c57102a0ad6365f6fbc6a2f5666a390bf029bd1646f48b62672ac5a68d4d5d5a230b93023062a1b001960950d82"}) [ 1433.855192] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1433.860367] RIP: 0033:0x466459 [ 1433.863554] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1433.871262] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1433.878538] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1433.885909] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1433.893178] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1433.900459] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 [ 1433.927502] warn_alloc_show_mem: 2 callbacks suppressed [ 1433.927506] Mem-Info: [ 1433.937805] active_anon:223651 inactive_anon:6741 isolated_anon:0 [ 1433.937805] active_file:6841 inactive_file:44285 isolated_file:0 [ 1433.937805] unevictable:0 dirty:231 writeback:0 unstable:0 [ 1433.937805] slab_reclaimable:21614 slab_unreclaimable:129841 [ 1433.937805] mapped:62474 shmem:6935 pagetables:16017 bounce:0 [ 1433.937805] free:1180838 free_pcp:247 free_cma:0 [ 1433.974345] Node 0 active_anon:894660kB inactive_anon:26964kB active_file:27240kB inactive_file:177216kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249848kB dirty:1004kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1434.003208] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1434.029590] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1434.056295] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1434.061507] Node 0 DMA32 free:666392kB min:36200kB low:45248kB high:54296kB active_anon:894660kB inactive_anon:26964kB active_file:27240kB inactive_file:177216kB unevictable:0kB writepending:1004kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27392kB pagetables:64068kB bounce:0kB free_pcp:1140kB local_pcp:664kB free_cma:0kB [ 1434.091827] lowmem_reserve[]: 0 0 0 0 0 [ 1434.095815] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1434.122383] lowmem_reserve[]: 0 0 0 0 0 [ 1434.126389] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1434.154704] lowmem_reserve[]: 0 0 0 0 0 [ 1434.158883] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1434.172768] Node 0 DMA32: 913*4kB (UME) 320*8kB (UME) 68*16kB (UME) 101*32kB (UME) 22*64kB (U) 1*128kB (M) 20*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 665892kB [ 1434.190166] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1434.200984] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1434.218340] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1434.227223] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1434.235865] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1434.244747] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1434.253415] 25533 total pagecache pages [ 1434.257380] 0 pages in swap cache [ 1434.260812] Swap cache stats: add 0, delete 0, find 0/0 [ 1434.267404] Free swap = 0kB [ 1434.270417] Total swap = 0kB [ 1434.274480] 2097051 pages RAM [ 1434.277583] 0 pages HighMem/MovableOnly [ 1434.283038] 363849 pages reserved [ 1434.286482] 0 pages cma reserved [ 1434.289978] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1434.301623] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1434.306805] CPU: 0 PID: 31660 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1434.314674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1434.324035] Call Trace: [ 1434.326623] dump_stack+0x1b2/0x281 [ 1434.330247] warn_alloc.cold+0x96/0x1cc [ 1434.334216] ? zone_watermark_ok_safe+0x220/0x220 [ 1434.339050] ? trace_hardirqs_on+0x10/0x10 [ 1434.343275] ? deref_stack_reg+0x124/0x1a0 [ 1434.347539] ? fs_reclaim_release+0xd0/0x110 [ 1434.351934] __vmalloc_node_range+0x10e/0x150 [ 1434.356418] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1434.361760] vmalloc_user+0x47/0xa0 [ 1434.365370] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1434.369674] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1434.375051] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1434.379214] __vb2_queue_alloc+0x47a/0xd90 [ 1434.383446] vb2_core_create_bufs+0x279/0x5a0 [ 1434.387924] ? __vb2_queue_free+0x7a0/0x7a0 [ 1434.392256] ? trace_hardirqs_on+0x10/0x10 [ 1434.396479] ? __lock_acquire+0x5fc/0x3f20 [ 1434.400705] vb2_create_bufs+0x2e1/0x5b0 [ 1434.404751] ? vb2_thread_start+0x310/0x310 [ 1434.409053] ? trace_hardirqs_on+0x10/0x10 [ 1434.413267] ? mark_held_locks+0xa6/0xf0 [ 1434.417321] ? trace_hardirqs_on+0x10/0x10 [ 1434.421555] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1434.426130] v4l_create_bufs+0xa4/0x150 [ 1434.430087] __video_do_ioctl+0x65b/0x6a0 [ 1434.434222] ? video_ioctl2+0x30/0x30 [ 1434.438005] ? __might_fault+0x177/0x1b0 [ 1434.442075] ? video_ioctl2+0x30/0x30 [ 1434.446226] video_usercopy+0xfd/0xe70 [ 1434.450099] ? v4l_g_ctrl+0x390/0x390 [ 1434.453888] ? lock_acquire+0x170/0x3f0 [ 1434.457873] ? trace_hardirqs_on+0x10/0x10 [ 1434.462099] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1434.467097] v4l2_ioctl+0x1bb/0x2f0 [ 1434.470708] ? v4l2_open+0x2f0/0x2f0 [ 1434.474415] do_vfs_ioctl+0x75a/0xff0 [ 1434.478199] ? ioctl_preallocate+0x1a0/0x1a0 [ 1434.482589] ? lock_downgrade+0x740/0x740 [ 1434.486742] ? __fget+0x225/0x360 [ 1434.490177] ? do_vfs_ioctl+0xff0/0xff0 [ 1434.494145] ? security_file_ioctl+0x83/0xb0 [ 1434.498548] SyS_ioctl+0x7f/0xb0 [ 1434.501911] ? do_vfs_ioctl+0xff0/0xff0 [ 1434.505877] do_syscall_64+0x1d5/0x640 [ 1434.509759] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1434.514936] RIP: 0033:0x466459 [ 1434.518105] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1434.525814] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1434.533065] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 1434.540318] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1434.547569] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1434.554828] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1434.581842] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1434.593109] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1434.598252] CPU: 0 PID: 31677 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1434.606223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1434.615734] Call Trace: [ 1434.618324] dump_stack+0x1b2/0x281 [ 1434.621940] warn_alloc.cold+0x96/0x1cc [ 1434.625901] ? zone_watermark_ok_safe+0x220/0x220 [ 1434.630747] ? trace_hardirqs_on+0x10/0x10 [ 1434.634968] ? deref_stack_reg+0x124/0x1a0 [ 1434.639190] ? fs_reclaim_release+0xd0/0x110 [ 1434.643674] __vmalloc_node_range+0x10e/0x150 [ 1434.648158] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1434.653512] vmalloc_user+0x47/0xa0 [ 1434.657132] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1434.661447] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1434.666800] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1434.670956] __vb2_queue_alloc+0x47a/0xd90 [ 1434.675184] vb2_core_create_bufs+0x279/0x5a0 [ 1434.679664] ? __vb2_queue_free+0x7a0/0x7a0 [ 1434.683978] ? trace_hardirqs_on+0x10/0x10 [ 1434.688197] ? __lock_acquire+0x5fc/0x3f20 [ 1434.692527] vb2_create_bufs+0x2e1/0x5b0 [ 1434.696574] ? vb2_thread_start+0x310/0x310 [ 1434.700882] ? trace_hardirqs_on+0x10/0x10 [ 1434.705112] ? mark_held_locks+0xa6/0xf0 [ 1434.709152] ? trace_hardirqs_on+0x10/0x10 [ 1434.713459] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1434.718025] v4l_create_bufs+0xa4/0x150 [ 1434.721983] __video_do_ioctl+0x65b/0x6a0 [ 1434.726117] ? video_ioctl2+0x30/0x30 [ 1434.729911] ? __might_fault+0x177/0x1b0 [ 1434.733961] ? video_ioctl2+0x30/0x30 [ 1434.737748] video_usercopy+0xfd/0xe70 [ 1434.741646] ? v4l_g_ctrl+0x390/0x390 [ 1434.745441] ? lock_acquire+0x170/0x3f0 [ 1434.749407] ? trace_hardirqs_on+0x10/0x10 [ 1434.753636] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1434.758639] v4l2_ioctl+0x1bb/0x2f0 [ 1434.762248] ? v4l2_open+0x2f0/0x2f0 [ 1434.765958] do_vfs_ioctl+0x75a/0xff0 [ 1434.769821] ? ioctl_preallocate+0x1a0/0x1a0 [ 1434.774220] ? lock_downgrade+0x740/0x740 [ 1434.778358] ? __fget+0x225/0x360 [ 1434.781806] ? do_vfs_ioctl+0xff0/0xff0 [ 1434.785785] ? security_file_ioctl+0x83/0xb0 [ 1434.790191] SyS_ioctl+0x7f/0xb0 [ 1434.793545] ? do_vfs_ioctl+0xff0/0xff0 [ 1434.797510] do_syscall_64+0x1d5/0x640 [ 1434.801390] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1434.806565] RIP: 0033:0x466459 [ 1434.809735] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1434.817424] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1434.824691] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1434.831941] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1434.839193] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1434.846445] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1434.876807] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1434.906291] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1434.911677] CPU: 0 PID: 31692 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1434.919560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1434.928920] Call Trace: [ 1434.931516] dump_stack+0x1b2/0x281 [ 1434.935152] warn_alloc.cold+0x96/0x1cc [ 1434.939129] ? zone_watermark_ok_safe+0x220/0x220 [ 1434.944082] ? trace_hardirqs_on+0x10/0x10 [ 1434.948324] ? deref_stack_reg+0x124/0x1a0 [ 1434.952567] ? fs_reclaim_release+0xd0/0x110 [ 1434.956983] __vmalloc_node_range+0x10e/0x150 [ 1434.961506] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1434.966871] vmalloc_user+0x47/0xa0 [ 1434.970516] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1434.974933] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1434.980297] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1434.984446] __vb2_queue_alloc+0x47a/0xd90 [ 1434.988697] vb2_core_create_bufs+0x279/0x5a0 [ 1434.993276] ? __vb2_queue_free+0x7a0/0x7a0 [ 1434.997580] ? trace_hardirqs_on+0x10/0x10 [ 1435.001793] ? __lock_acquire+0x5fc/0x3f20 [ 1435.006007] vb2_create_bufs+0x2e1/0x5b0 [ 1435.010049] ? futex_wait_queue_me+0x3bb/0x590 [ 1435.014654] ? vb2_thread_start+0x310/0x310 [ 1435.018957] ? trace_hardirqs_on+0x10/0x10 [ 1435.023225] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1435.027798] v4l_create_bufs+0xa4/0x150 [ 1435.031839] __video_do_ioctl+0x65b/0x6a0 [ 1435.035966] ? video_ioctl2+0x30/0x30 [ 1435.039753] ? __might_fault+0x177/0x1b0 [ 1435.043791] ? video_ioctl2+0x30/0x30 [ 1435.047569] video_usercopy+0xfd/0xe70 [ 1435.051438] ? v4l_g_ctrl+0x390/0x390 [ 1435.055216] ? lock_downgrade+0x740/0x740 [ 1435.059341] ? trace_hardirqs_on+0x10/0x10 [ 1435.063555] ? futex_exit_release+0x220/0x220 [ 1435.068031] v4l2_ioctl+0x1bb/0x2f0 [ 1435.071724] ? v4l2_open+0x2f0/0x2f0 [ 1435.075459] do_vfs_ioctl+0x75a/0xff0 [ 1435.079245] ? ioctl_preallocate+0x1a0/0x1a0 [ 1435.083631] ? lock_downgrade+0x740/0x740 [ 1435.087761] ? __fget+0x225/0x360 [ 1435.091200] ? do_vfs_ioctl+0xff0/0xff0 [ 1435.095157] ? security_file_ioctl+0x83/0xb0 [ 1435.099651] SyS_ioctl+0x7f/0xb0 [ 1435.102996] ? do_vfs_ioctl+0xff0/0xff0 [ 1435.106950] do_syscall_64+0x1d5/0x640 [ 1435.110829] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1435.116016] RIP: 0033:0x466459 [ 1435.119183] RSP: 002b:00007ff0a6d72188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1435.126869] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 1435.134136] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 1435.141383] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1435.148631] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1435.155879] R13: 00007ffea9384a6f R14: 00007ff0a6d72300 R15: 0000000000022000 [ 1435.164606] warn_alloc_show_mem: 2 callbacks suppressed [ 1435.164609] Mem-Info: [ 1435.172762] active_anon:221529 inactive_anon:6741 isolated_anon:0 [ 1435.172762] active_file:6841 inactive_file:44314 isolated_file:0 [ 1435.172762] unevictable:0 dirty:265 writeback:0 unstable:0 [ 1435.172762] slab_reclaimable:21615 slab_unreclaimable:130148 [ 1435.172762] mapped:62482 shmem:6935 pagetables:15912 bounce:0 [ 1435.172762] free:1182929 free_pcp:317 free_cma:0 [ 1435.206944] Node 0 active_anon:886116kB inactive_anon:26964kB active_file:27240kB inactive_file:177256kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249948kB dirty:1060kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 753664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1435.235730] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1435.261628] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1435.287843] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1435.293553] Node 0 DMA32 free:673756kB min:36200kB low:45248kB high:54296kB active_anon:886116kB inactive_anon:26964kB active_file:27240kB inactive_file:177256kB unevictable:0kB writepending:1064kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27104kB pagetables:63648kB bounce:0kB free_pcp:1364kB local_pcp:676kB free_cma:0kB [ 1435.323868] lowmem_reserve[]: 0 0 0 0 0 [ 1435.327856] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1435.353440] lowmem_reserve[]: 0 0 0 0 0 [ 1435.357556] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1435.385356] lowmem_reserve[]: 0 0 0 0 0 [ 1435.389341] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1435.403018] Node 0 DMA32: 1027*4kB (UME) 102*8kB (UME) 84*16kB (UME) 114*32kB (UME) 22*64kB (U) 1*128kB (M) 20*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 4*2048kB (UM) 156*4096kB (UM) = 673468kB [ 1435.420355] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1435.431672] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1435.448987] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1435.457881] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1435.466520] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 13:06:16 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000040)={0x3, @sdr={0x756f6703, 0x20}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000380)={0x1, @sdr={0x34565559, 0xe9}}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r2, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4000010) 13:06:16 executing program 5: fanotify_init(0x10, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x9, 0x7, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffc}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @ldst={0x2, 0x2, 0x6, 0x5, 0x8, 0x100}, @ldst={0x0, 0x2, 0x0, 0x1, 0x3, 0xfffffffffffffea9, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0xa, 0x0, 0x9, 0xfffffffffffffff4, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0xffff58cc, 0xe7, &(0x7f0000000080)=""/231, 0x41100, 0x0, [], 0x0, 0x192a46fa8208eda, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0xa, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x1, 0x7, 0x8, 0x4}, 0x10}, 0x78) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000280)={0xffffffffffffffff}, 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@map=0x1, r0, 0x11, 0xe809c033c3a34fbf, r1}, 0x14) 13:06:16 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:16 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x7, @vbi={0x5, 0x0, 0x1f, 0x0, [0x2, 0x9], [0x1ff, 0x101], 0x108}}) 13:06:16 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000100)={0x3, 0x2, 0x4, 0x800, 0x838f, {0x77359400}, {0x1, 0x8, 0x0, 0x1, 0x2, 0xc7, "3ca5988a"}, 0x80000000, 0x3, @userptr=0x5, 0xedc7, 0x0, r1}) ioctl$vim2m_VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000040)) ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f00000000c0)=0x2) 13:06:16 executing program 1: r0 = accept4(0xffffffffffffffff, &(0x7f00000002c0)=@tipc=@id, &(0x7f0000000180)=0x80, 0x80800) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380)='nl80211\x00', 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x84, r1, 0x400, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xffffff52, 0x64}}}}, [@NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "d5d43582a4d5b7a088c6dfaa470564f3"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "f3b9b49353b19c3e752a3735316b8ed9"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "ecb6a3335633fa4d430b4bb25722863d"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMK={0x14, 0xfe, "8edef082fe7d55f53387236af3d890b1"}]}, 0x84}, 0x1, 0x0, 0x0, 0x840}, 0x14) r3 = socket$inet6_udp(0xa, 0x2, 0x0) recvfrom(r3, &(0x7f0000000540)=""/171, 0xab, 0x40000100, &(0x7f0000000600)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x4, 0x3}}, 0x80) r4 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x0) ioctl$KVM_X86_SET_MCE(r6, 0x4040ae9e, &(0x7f0000000140)={0x0, 0x5000, 0x3fc0000000000, 0x2, 0x1a}) ioctl$vim2m_VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000000040)={0x3, @raw_data="b7860a931103af4eaab2d94039865d5ad3c9ab96b0f9f14e036c690dbf989505bf45db1f999e67bceb4700530ae0eb9bd859dbfa6a37a65331b2e4f7001a66ec434dab52d24b919f6cdc1d322362f48d6015a2908cfc04cc97a6e7e611caac0b0c83bcad3599a81370e8c1ed753569570c101c1f4e219dae91ba13b16c6eda599e10e221cfb1ae9ee3525374e7e9d8533eaa503a3d33419f3fd4aafe29c4f552450e1875bca61b17ada820b21f2c53e358e1cf0b8b44d61f6fdbcbb61064a0b1f58363b9b075a857"}) [ 1435.475409] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1435.484054] 25548 total pagecache pages [ 1435.488020] 0 pages in swap cache [ 1435.491509] Swap cache stats: add 0, delete 0, find 0/0 [ 1435.496864] Free swap = 0kB [ 1435.499862] Total swap = 0kB [ 1435.502935] 2097051 pages RAM [ 1435.506028] 0 pages HighMem/MovableOnly [ 1435.509979] 363849 pages reserved [ 1435.513480] 0 pages cma reserved [ 1435.535717] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1435.551850] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1435.558200] CPU: 0 PID: 31714 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1435.566118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1435.575466] Call Trace: [ 1435.578057] dump_stack+0x1b2/0x281 [ 1435.581686] warn_alloc.cold+0x96/0x1cc [ 1435.585655] ? __lock_acquire+0x5fc/0x3f20 [ 1435.589873] ? zone_watermark_ok_safe+0x220/0x220 [ 1435.594709] ? trace_hardirqs_on+0x10/0x10 [ 1435.598941] ? deref_stack_reg+0x124/0x1a0 [ 1435.603182] ? fs_reclaim_release+0xd0/0x110 [ 1435.607595] __vmalloc_node_range+0x10e/0x150 [ 1435.612097] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1435.617455] vmalloc_user+0x47/0xa0 [ 1435.621069] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1435.625382] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1435.630745] vb2_vmalloc_alloc+0xa6/0x2d0 13:06:17 executing program 5: fanotify_init(0x10, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r0}, 0x10) 13:06:17 executing program 5: setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000180)=[@window={0x3, 0xc5, 0x628}], 0x1) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x13, 0x1, {0x80, 0x2, 0x6}}, 0x14) fanotify_init(0x10, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x1, 0x2) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r1, 0x3309) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x2, @raw_data="985f8715c3e39f86452b79664be7cfaf6b9fcb9a58a0e6b6f17263995e6529289beb224c8d0e8108620f0b1b93bbf3375ab226b632e389090cd4a23e292647bdb3a3488dc477c5e84b39d576640e4f27815a3b3fa55e60d5c41042d61531884bb577ec7fe57abf8faafd7f26d9fcd36e42dced133be693d5b79e54b40a798107389c43af927904cccc3d96313c6571e8c7a60cd2d32568edbe961c57102a0ad6365f6fbc6a2f5666a390bf029bd1646f48b62672ac5a68d4d5d5a230b93023062a1b001960950d82"}) 13:06:17 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000440)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0xa00, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xd4) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) unshare(0x40100) 13:06:17 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000440)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0xa00, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xd4) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) unshare(0x40100) 13:06:17 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000440)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0xa00, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xd4) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) unshare(0x40100) [ 1435.634889] __vb2_queue_alloc+0x47a/0xd90 [ 1435.639136] vb2_core_create_bufs+0x279/0x5a0 [ 1435.643635] ? __vb2_queue_free+0x7a0/0x7a0 [ 1435.647958] ? trace_hardirqs_on+0x10/0x10 [ 1435.652200] ? __lock_acquire+0x5fc/0x3f20 [ 1435.656439] vb2_create_bufs+0x2e1/0x5b0 [ 1435.660500] ? ___preempt_schedule+0x16/0x18 [ 1435.664907] ? vb2_thread_start+0x310/0x310 [ 1435.669226] ? trace_hardirqs_on+0x10/0x10 [ 1435.673461] ? _raw_spin_unlock_irqrestore+0xaf/0xe0 [ 1435.678570] vb2_ioctl_create_bufs+0x1f7/0x330 13:06:17 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000440)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0xa00, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xd4) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) [ 1435.683154] v4l_create_bufs+0xa4/0x150 [ 1435.687132] __video_do_ioctl+0x65b/0x6a0 [ 1435.691285] ? video_ioctl2+0x30/0x30 [ 1435.695121] ? __might_fault+0x177/0x1b0 [ 1435.699226] ? video_ioctl2+0x30/0x30 [ 1435.703025] video_usercopy+0xfd/0xe70 [ 1435.706919] ? v4l_g_ctrl+0x390/0x390 [ 1435.710721] ? lock_acquire+0x170/0x3f0 [ 1435.714696] ? lock_downgrade+0x740/0x740 [ 1435.718846] ? trace_hardirqs_on+0x10/0x10 [ 1435.723087] ? futex_exit_release+0x220/0x220 [ 1435.727593] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1435.732698] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1435.737718] v4l2_ioctl+0x1bb/0x2f0 [ 1435.741332] ? v4l2_open+0x2f0/0x2f0 [ 1435.745029] do_vfs_ioctl+0x75a/0xff0 [ 1435.748812] ? ioctl_preallocate+0x1a0/0x1a0 [ 1435.753210] ? lock_downgrade+0x740/0x740 [ 1435.757346] ? __fget+0x225/0x360 [ 1435.760786] ? do_vfs_ioctl+0xff0/0xff0 [ 1435.764775] ? security_file_ioctl+0x83/0xb0 [ 1435.769276] SyS_ioctl+0x7f/0xb0 [ 1435.772632] ? do_vfs_ioctl+0xff0/0xff0 [ 1435.776603] do_syscall_64+0x1d5/0x640 [ 1435.780503] entry_SYSCALL_64_after_hwframe+0x46/0xbb 13:06:17 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x4a, 0x2) ioctl$vim2m_VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000080)=0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x4, {0x2, @win={{0x0, 0xffffffff, 0x0, 0x1000}, 0x9, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:17 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000440)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0xa00, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xd4) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) [ 1435.785772] RIP: 0033:0x466459 [ 1435.788971] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1435.796666] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1435.803981] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1435.811241] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1435.818499] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1435.825780] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:06:17 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:17 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x2, {0x3, @win={{}, 0x9, 0xffffdffd, 0x0, 0x0, 0x0, 0x2}}}) 13:06:17 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x30b000, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x2, 0x2, 0x0, "93979362cf86b82a7b32e7a1785daf309b31e82ad0b89397325d5a3853292b56", 0x34325842}) [ 1436.569006] warn_alloc: 10 callbacks suppressed [ 1436.569009] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1436.585084] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1436.590208] CPU: 1 PID: 31740 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1436.598071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1436.607406] Call Trace: [ 1436.609980] dump_stack+0x1b2/0x281 [ 1436.613591] warn_alloc.cold+0x96/0x1cc [ 1436.617545] ? zone_watermark_ok_safe+0x220/0x220 [ 1436.622375] ? trace_hardirqs_on+0x10/0x10 [ 1436.626597] ? deref_stack_reg+0x124/0x1a0 [ 1436.630815] ? fs_reclaim_release+0xd0/0x110 [ 1436.635208] __vmalloc_node_range+0x10e/0x150 [ 1436.639688] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1436.645029] vmalloc_user+0x47/0xa0 [ 1436.648638] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1436.652939] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1436.658280] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1436.662419] __vb2_queue_alloc+0x47a/0xd90 [ 1436.666649] vb2_core_create_bufs+0x279/0x5a0 [ 1436.671124] ? __vb2_queue_free+0x7a0/0x7a0 [ 1436.675427] ? trace_hardirqs_on+0x10/0x10 [ 1436.679641] ? __lock_acquire+0x5fc/0x3f20 [ 1436.683866] vb2_create_bufs+0x2e1/0x5b0 [ 1436.687923] ? futex_wait_queue_me+0x3bb/0x590 [ 1436.692499] ? vb2_thread_start+0x310/0x310 [ 1436.696813] ? unwind_get_return_address+0x51/0x90 [ 1436.701730] ? trace_hardirqs_on+0x10/0x10 [ 1436.705958] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1436.710522] v4l_create_bufs+0xa4/0x150 [ 1436.714479] __video_do_ioctl+0x65b/0x6a0 [ 1436.718617] ? video_ioctl2+0x30/0x30 [ 1436.722410] ? __might_fault+0x177/0x1b0 [ 1436.726461] ? video_ioctl2+0x30/0x30 [ 1436.730248] video_usercopy+0xfd/0xe70 [ 1436.734118] ? v4l_g_ctrl+0x390/0x390 [ 1436.737947] ? __dentry_kill+0x3f7/0x550 [ 1436.741996] ? trace_hardirqs_on+0x10/0x10 [ 1436.746215] ? trace_hardirqs_on+0x10/0x10 [ 1436.750430] ? futex_exit_release+0x220/0x220 [ 1436.754906] ? dentry_free+0xc6/0x120 [ 1436.758685] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1436.763689] ? kmem_cache_free+0x23a/0x2b0 [ 1436.767933] v4l2_ioctl+0x1bb/0x2f0 [ 1436.771543] ? v4l2_open+0x2f0/0x2f0 [ 1436.775241] do_vfs_ioctl+0x75a/0xff0 [ 1436.779034] ? ioctl_preallocate+0x1a0/0x1a0 [ 1436.783433] ? lock_downgrade+0x740/0x740 [ 1436.787574] ? __fget+0x225/0x360 [ 1436.791081] ? do_vfs_ioctl+0xff0/0xff0 [ 1436.795039] ? security_file_ioctl+0x83/0xb0 [ 1436.799437] SyS_ioctl+0x7f/0xb0 [ 1436.802790] ? do_vfs_ioctl+0xff0/0xff0 [ 1436.806758] do_syscall_64+0x1d5/0x640 [ 1436.810680] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1436.815852] RIP: 0033:0x466459 [ 1436.819021] RSP: 002b:00007f5883dd9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1436.826713] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 1436.833971] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1436.841230] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1436.848491] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1436.855746] R13: 00007fff3377dd0f R14: 00007f5883dd9300 R15: 0000000000022000 [ 1436.864096] warn_alloc_show_mem: 1 callbacks suppressed [ 1436.864099] Mem-Info: [ 1436.872000] active_anon:221532 inactive_anon:6741 isolated_anon:0 [ 1436.872000] active_file:6841 inactive_file:44325 isolated_file:0 [ 1436.872000] unevictable:0 dirty:280 writeback:0 unstable:0 [ 1436.872000] slab_reclaimable:21633 slab_unreclaimable:130132 [ 1436.872000] mapped:62498 shmem:6935 pagetables:15912 bounce:0 [ 1436.872000] free:1183089 free_pcp:321 free_cma:0 [ 1436.907054] Node 0 active_anon:886128kB inactive_anon:26964kB active_file:27240kB inactive_file:177300kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250012kB dirty:1136kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 753664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1436.936497] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1436.962572] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1436.988847] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1436.993965] Node 0 DMA32 free:674956kB min:36200kB low:45248kB high:54296kB active_anon:886128kB inactive_anon:26964kB active_file:27240kB inactive_file:177300kB unevictable:0kB writepending:1140kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27008kB pagetables:63648kB bounce:0kB free_pcp:1280kB local_pcp:648kB free_cma:0kB [ 1437.024238] lowmem_reserve[]: 0 0 0 0 0 [ 1437.028221] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1437.053943] lowmem_reserve[]: 0 0 0 0 0 [ 1437.057929] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1437.085632] lowmem_reserve[]: 0 0 0 0 0 [ 1437.089627] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1437.103255] Node 0 DMA32: 1047*4kB (UME) 228*8kB (UME) 86*16kB (UE) 122*32kB (UE) 23*64kB (UM) 1*128kB (M) 19*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 4*2048kB (UM) 156*4096kB (UM) = 674652kB [ 1437.120515] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1437.131305] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1437.148661] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1437.157655] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 13:06:18 executing program 1: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/bsg\x00', 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r0, 0x8008330e, &(0x7f0000000300)) socketpair(0x28, 0x2, 0x1, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x4, 0x0, &(0x7f0000000580), &(0x7f0000000600)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x1, [], 0x0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x3, 0x9, 0x800, 0x10000}, 0x10, 0x0, r0}, 0x78) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000740)={r1, r2}) r3 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) sendmsg$nl_route(r0, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="1aa82ea87f63dc6c9b866e970000542cb0367950f293132b256d39ab5c8ae811c2b7b5182616ab413a287353ddfaa1f47ca619a05fc56900af922941ace09b773fcc5518a304fede68282d0013528d185a86a29b07802600b0c8b44a209b7fa0892fa894d678cecb98d44ec8dd45857b1945b1d087d54d854afec3f07555e1babc4c62accd75a2d3a793c9c265920680a528c715faf307", @ANYRES32=0x0, @ANYBLOB="0100000000000000140014007866716d300000000000000000000000050011007f000000140012800b51d7f08c2f5a69b1b081110001006c6f7770616e00000400028020002400edbab484d3f50c0000ff1be2d1c209dd6bac04ef335bac28569d644714001400776c616e30000000000000000000000024000e00faffffffffffffff040000000000000002000000000000000500022000000000050027000000000005002700070000008366d4920263684a69f23c10398d5bfa74496acc8e0bbe39b8b757a4b7a364b974b7b6160bf9ac3e45600b205ebff7e7c23956901899adc6a78cd7fd62ff980213528c499e3f67f6bdea6825bdb832bca93896c613f13992121c40735df0ed0413b9c7db267221372d983eabaa585a11fb3505bc439de67fb2a6e608b10f691336f4206a5011df56c6af02661cfbbb6a2ac4b0b2eabfc0b1fe7d5e4c83a111a5b0b3b032c30a903cc2"], 0xb8}, 0x1, 0x0, 0x0, 0x4000}, 0x4040) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000340)={0x8, 0x8, 0x4, {0x3, @vbi={0x0, 0x9, 0x8, 0x3432564e, [0x1800, 0x6b6], [0x1000, 0xffffffff], 0x2}}, 0xc4}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000800)='l2tp\x00', r5) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000780), &(0x7f00000007c0)=0x40) ioctl$vim2m_VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f00000000c0)={0x1, @vbi={0x4, 0x3, 0x0, 0x30b1400, [0x0, 0xac], [0x9, 0x4025], 0x108}}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r6, 0x330f, 0xbdb) ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000900)={0x0, @vbi={0x8, 0x7, 0x9, 0x4c314356, [0x1, 0x1], [0xb7, 0x5], 0x108}}) ioctl$SNAPSHOT_ATOMIC_RESTORE(r6, 0x3304) 13:06:18 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x5}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:18 executing program 2: r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$sock(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@timestamping={{0x14}}, @timestamping={{0x14}}], 0x30}, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:18 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000440)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0xa00, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xd4) 13:06:18 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x10) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00'}, 0x10) 13:06:18 executing program 3: ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) [ 1437.166301] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1437.175195] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1437.183894] 25557 total pagecache pages [ 1437.187866] 0 pages in swap cache [ 1437.191365] Swap cache stats: add 0, delete 0, find 0/0 [ 1437.196714] Free swap = 0kB [ 1437.199781] Total swap = 0kB [ 1437.202856] 2097051 pages RAM [ 1437.205947] 0 pages HighMem/MovableOnly [ 1437.209898] 363849 pages reserved [ 1437.213394] 0 pages cma reserved [ 1437.256684] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1437.281897] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1437.287095] CPU: 0 PID: 31771 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1437.294975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1437.304344] Call Trace: 13:06:18 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000440)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) 13:06:18 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002d80)='NLBL_CALIPSO\x00', r2) [ 1437.306943] dump_stack+0x1b2/0x281 [ 1437.310579] warn_alloc.cold+0x96/0x1cc [ 1437.314558] ? zone_watermark_ok_safe+0x220/0x220 [ 1437.319401] ? trace_hardirqs_on+0x10/0x10 [ 1437.323637] ? deref_stack_reg+0x124/0x1a0 [ 1437.327877] ? fs_reclaim_release+0xd0/0x110 [ 1437.332293] __vmalloc_node_range+0x10e/0x150 [ 1437.336778] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1437.342122] vmalloc_user+0x47/0xa0 [ 1437.345733] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1437.350034] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1437.355380] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1437.359510] __vb2_queue_alloc+0x47a/0xd90 [ 1437.363739] vb2_core_create_bufs+0x279/0x5a0 [ 1437.368214] ? __vb2_queue_free+0x7a0/0x7a0 [ 1437.372538] ? trace_hardirqs_on+0x10/0x10 [ 1437.376786] ? __lock_acquire+0x5fc/0x3f20 [ 1437.381004] vb2_create_bufs+0x2e1/0x5b0 [ 1437.385049] ? futex_wait_queue_me+0x3bb/0x590 [ 1437.389872] ? vb2_thread_start+0x310/0x310 [ 1437.394176] ? trace_hardirqs_on+0x10/0x10 [ 1437.398394] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1437.402969] v4l_create_bufs+0xa4/0x150 [ 1437.406929] __video_do_ioctl+0x65b/0x6a0 [ 1437.411063] ? video_ioctl2+0x30/0x30 [ 1437.414844] ? __might_fault+0x177/0x1b0 [ 1437.418886] ? video_ioctl2+0x30/0x30 [ 1437.422668] video_usercopy+0xfd/0xe70 [ 1437.426540] ? v4l_g_ctrl+0x390/0x390 [ 1437.430332] ? lock_acquire+0x170/0x3f0 [ 1437.434286] ? lock_downgrade+0x740/0x740 [ 1437.438419] ? trace_hardirqs_on+0x10/0x10 [ 1437.442633] ? futex_exit_release+0x220/0x220 [ 1437.447110] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1437.452193] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1437.457205] v4l2_ioctl+0x1bb/0x2f0 [ 1437.460811] ? v4l2_open+0x2f0/0x2f0 [ 1437.464503] do_vfs_ioctl+0x75a/0xff0 [ 1437.468292] ? ioctl_preallocate+0x1a0/0x1a0 [ 1437.472679] ? lock_downgrade+0x740/0x740 [ 1437.476808] ? __fget+0x225/0x360 [ 1437.480241] ? do_vfs_ioctl+0xff0/0xff0 [ 1437.484198] ? security_file_ioctl+0x83/0xb0 [ 1437.488584] SyS_ioctl+0x7f/0xb0 [ 1437.491947] ? do_vfs_ioctl+0xff0/0xff0 [ 1437.495907] do_syscall_64+0x1d5/0x640 [ 1437.499778] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1437.504946] RIP: 0033:0x466459 [ 1437.508135] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1437.515824] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1437.523073] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 1437.530324] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1437.537573] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1437.544836] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:06:19 executing program 3: ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000080)={0x0, @pix_mp={0x1b8f, 0xe6a38261, 0x30314247, 0x5, 0x6, [{0x5, 0x4}, {0x1, 0x401}, {0x32c0, 0x1}, {0xffffff54, 0x1}, {0x80000001, 0xa4}, {0x6, 0x5}, {0x8, 0x1}, {0xfffffffb, 0x80}], 0x0, 0x26, 0x1, 0x0, 0x5}}) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000040)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) [ 1437.570921] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1437.598349] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1437.608003] CPU: 0 PID: 31779 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1437.615989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1437.625340] Call Trace: [ 1437.627931] dump_stack+0x1b2/0x281 [ 1437.631560] warn_alloc.cold+0x96/0x1cc [ 1437.635533] ? zone_watermark_ok_safe+0x220/0x220 [ 1437.640369] ? trace_hardirqs_on+0x10/0x10 [ 1437.644600] ? deref_stack_reg+0x124/0x1a0 [ 1437.648835] ? fs_reclaim_release+0xd0/0x110 [ 1437.653252] __vmalloc_node_range+0x10e/0x150 [ 1437.657778] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1437.663134] vmalloc_user+0x47/0xa0 [ 1437.666758] ? vb2_vmalloc_alloc+0xa6/0x2d0 13:06:19 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) [ 1437.671071] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1437.676428] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1437.680572] __vb2_queue_alloc+0x47a/0xd90 [ 1437.684812] vb2_core_create_bufs+0x279/0x5a0 [ 1437.689304] ? __vb2_queue_free+0x7a0/0x7a0 [ 1437.693628] ? trace_hardirqs_on+0x10/0x10 [ 1437.697863] ? __lock_acquire+0x5fc/0x3f20 [ 1437.702109] vb2_create_bufs+0x2e1/0x5b0 [ 1437.706171] ? vb2_thread_start+0x310/0x310 [ 1437.710494] ? trace_hardirqs_on+0x10/0x10 [ 1437.714731] ? mark_held_locks+0xa6/0xf0 13:06:19 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) unshare(0x880) [ 1437.718835] ? trace_hardirqs_on+0x10/0x10 [ 1437.723072] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1437.727646] v4l_create_bufs+0xa4/0x150 [ 1437.731724] __video_do_ioctl+0x65b/0x6a0 [ 1437.735879] ? video_ioctl2+0x30/0x30 [ 1437.739682] ? __might_fault+0x177/0x1b0 [ 1437.743743] ? video_ioctl2+0x30/0x30 [ 1437.747540] video_usercopy+0xfd/0xe70 [ 1437.751432] ? v4l_g_ctrl+0x390/0x390 [ 1437.755239] ? lock_acquire+0x170/0x3f0 [ 1437.759220] ? trace_hardirqs_on+0x10/0x10 [ 1437.763469] ? debug_check_no_obj_freed+0x2c0/0x680 13:06:19 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) pipe(&(0x7f00000008c0)) unshare(0x880) [ 1437.768493] v4l2_ioctl+0x1bb/0x2f0 [ 1437.772122] ? v4l2_open+0x2f0/0x2f0 [ 1437.775840] do_vfs_ioctl+0x75a/0xff0 [ 1437.779649] ? ioctl_preallocate+0x1a0/0x1a0 [ 1437.784060] ? lock_downgrade+0x740/0x740 [ 1437.788216] ? __fget+0x225/0x360 [ 1437.791666] ? do_vfs_ioctl+0xff0/0xff0 [ 1437.795794] ? security_file_ioctl+0x83/0xb0 [ 1437.800185] SyS_ioctl+0x7f/0xb0 [ 1437.803545] ? do_vfs_ioctl+0xff0/0xff0 [ 1437.807505] do_syscall_64+0x1d5/0x640 [ 1437.811381] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1437.816551] RIP: 0033:0x466459 [ 1437.819722] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1437.827486] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1437.834738] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1437.841993] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1437.849250] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1437.856503] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 [ 1437.875128] warn_alloc_show_mem: 1 callbacks suppressed [ 1437.875131] Mem-Info: [ 1437.891674] active_anon:223672 inactive_anon:6741 isolated_anon:0 [ 1437.891674] active_file:6841 inactive_file:44334 isolated_file:0 [ 1437.891674] unevictable:0 dirty:298 writeback:0 unstable:0 [ 1437.891674] slab_reclaimable:21633 slab_unreclaimable:130017 [ 1437.891674] mapped:62503 shmem:6935 pagetables:16009 bounce:0 [ 1437.891674] free:1180755 free_pcp:217 free_cma:0 [ 1437.926768] Node 0 active_anon:894688kB inactive_anon:26964kB active_file:27240kB inactive_file:177336kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250032kB dirty:1204kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1437.956620] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1437.982943] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1438.009954] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1438.015383] Node 0 DMA32 free:668200kB min:36200kB low:45248kB high:54296kB active_anon:894672kB inactive_anon:26964kB active_file:27240kB inactive_file:177348kB unevictable:0kB writepending:1236kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27392kB pagetables:64068kB bounce:0kB free_pcp:1372kB local_pcp:660kB free_cma:0kB [ 1438.045994] lowmem_reserve[]: 0 0 0 0 0 [ 1438.050041] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1438.075837] lowmem_reserve[]: 0 0 0 0 0 [ 1438.079823] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1438.107569] lowmem_reserve[]: 0 0 0 0 0 [ 1438.111721] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1438.125419] Node 0 DMA32: 761*4kB (UME) 651*8kB (UME) 147*16kB (UE) 116*32kB (UME) 24*64kB (UM) 1*128kB (M) 19*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 669548kB [ 1438.142844] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1438.153689] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1438.171680] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1438.180528] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1438.189708] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1438.199073] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1438.207860] 25570 total pagecache pages [ 1438.211969] 0 pages in swap cache [ 1438.215439] Swap cache stats: add 0, delete 0, find 0/0 [ 1438.220794] Free swap = 0kB [ 1438.223932] Total swap = 0kB [ 1438.226968] 2097051 pages RAM [ 1438.230058] 0 pages HighMem/MovableOnly [ 1438.234076] 363849 pages reserved [ 1438.237517] 0 pages cma reserved [ 1438.240992] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1438.252904] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1438.258033] CPU: 0 PID: 31793 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1438.265985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1438.275323] Call Trace: [ 1438.277899] dump_stack+0x1b2/0x281 [ 1438.281514] warn_alloc.cold+0x96/0x1cc [ 1438.285474] ? zone_watermark_ok_safe+0x220/0x220 [ 1438.290303] ? trace_hardirqs_on+0x10/0x10 [ 1438.294521] ? deref_stack_reg+0x124/0x1a0 [ 1438.298743] ? fs_reclaim_release+0xd0/0x110 [ 1438.303135] __vmalloc_node_range+0x10e/0x150 [ 1438.307616] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1438.312959] vmalloc_user+0x47/0xa0 [ 1438.316569] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1438.320876] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1438.326246] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1438.330376] __vb2_queue_alloc+0x47a/0xd90 [ 1438.334687] vb2_core_create_bufs+0x279/0x5a0 [ 1438.339171] ? __vb2_queue_free+0x7a0/0x7a0 [ 1438.343473] ? trace_hardirqs_on+0x10/0x10 [ 1438.347693] ? __lock_acquire+0x5fc/0x3f20 [ 1438.351918] vb2_create_bufs+0x2e1/0x5b0 [ 1438.355982] ? vb2_thread_start+0x310/0x310 [ 1438.360285] ? trace_hardirqs_on+0x10/0x10 [ 1438.364502] ? mark_held_locks+0xa6/0xf0 [ 1438.368542] ? trace_hardirqs_on+0x10/0x10 [ 1438.372780] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1438.377347] v4l_create_bufs+0xa4/0x150 [ 1438.381303] __video_do_ioctl+0x65b/0x6a0 [ 1438.385436] ? video_ioctl2+0x30/0x30 [ 1438.389267] ? __might_fault+0x177/0x1b0 [ 1438.393310] ? video_ioctl2+0x30/0x30 [ 1438.397091] video_usercopy+0xfd/0xe70 [ 1438.400961] ? v4l_g_ctrl+0x390/0x390 [ 1438.404762] ? trace_hardirqs_on+0x10/0x10 [ 1438.408978] ? trace_hardirqs_on+0x10/0x10 [ 1438.413199] ? lock_acquire+0x170/0x3f0 [ 1438.417163] v4l2_ioctl+0x1bb/0x2f0 [ 1438.420778] ? v4l2_open+0x2f0/0x2f0 [ 1438.424480] do_vfs_ioctl+0x75a/0xff0 [ 1438.428264] ? ioctl_preallocate+0x1a0/0x1a0 [ 1438.432652] ? lock_downgrade+0x740/0x740 [ 1438.436782] ? __fget+0x225/0x360 [ 1438.440216] ? do_vfs_ioctl+0xff0/0xff0 [ 1438.444185] ? security_file_ioctl+0x83/0xb0 [ 1438.448608] SyS_ioctl+0x7f/0xb0 [ 1438.451964] ? do_vfs_ioctl+0xff0/0xff0 [ 1438.455938] do_syscall_64+0x1d5/0x640 [ 1438.459831] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1438.465007] RIP: 0033:0x466459 [ 1438.468202] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:06:20 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x3, 0x7, 0x3, {0x2, @pix_mp={0x2b9, 0x1f, 0x31384142, 0x1, 0x6, [{0x1, 0x67fe}, {0xa5, 0x5}, {0x54, 0x4}, {0x4, 0x4}, {0x13cd, 0x8}, {0x2, 0xfff}, {0xfff, 0x2}, {0xfff, 0x5}], 0x7, 0x2, 0x6, 0x0, 0x2}}}) 13:06:20 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x100, 0x70bd26, 0x25dfdbfc, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000084}, 0x4000) unshare(0x880) 13:06:20 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$sock_netdev_private(r2, 0x89fa, &(0x7f00000002c0)="3218926765ca12916f4146227a373b0af8a38598e612338ba9916f6442880c03d22daa1c71cbba9d734524d8088f4fbceabce312ea342879c2a79a761b07a79110f73713314db3e8e5fda3102653bdd1a2") ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x6c, 0x31, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@TCA_ACT_TAB={0x58, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf672}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x401}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x64, 0x2, 0x1, "29e118f778a48b10f88001f8de33cf649c347cd305953766f0e0a52693088985", 0x4f565559}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x81, 0x0, 0x80000000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:20 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x7ff, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) [ 1438.475899] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1438.483182] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1438.490471] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1438.497722] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1438.504971] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:06:20 executing program 4: socket$vsock_stream(0x28, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f0000000080)={r0, r1/1000+60000}, 0x10) r4 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) accept4$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x2711, @my=0x0}, 0x10, 0xc00) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x7}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f00000002c0)=""/235, &(0x7f0000000140)=0xeb) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0x4}, @sack_perm, @timestamp, @sack_perm, @timestamp, @mss={0x2, 0x1}, @mss={0x2, 0xd4c}], 0x7) 13:06:20 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) [ 1438.571527] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1438.586384] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1438.595250] CPU: 0 PID: 31806 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1438.603270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1438.612625] Call Trace: [ 1438.615220] dump_stack+0x1b2/0x281 [ 1438.618860] warn_alloc.cold+0x96/0x1cc [ 1438.622836] ? __lock_acquire+0x5fc/0x3f20 [ 1438.627075] ? zone_watermark_ok_safe+0x220/0x220 [ 1438.631919] ? trace_hardirqs_on+0x10/0x10 [ 1438.636163] ? deref_stack_reg+0x124/0x1a0 [ 1438.640405] ? fs_reclaim_release+0xd0/0x110 [ 1438.644822] __vmalloc_node_range+0x10e/0x150 [ 1438.649323] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1438.654810] vmalloc_user+0x47/0xa0 [ 1438.658437] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1438.662759] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 13:06:20 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x141800) unshare(0x880) [ 1438.668147] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1438.672302] __vb2_queue_alloc+0x47a/0xd90 [ 1438.676551] vb2_core_create_bufs+0x279/0x5a0 [ 1438.681049] ? __vb2_queue_free+0x7a0/0x7a0 [ 1438.685381] ? trace_hardirqs_on+0x10/0x10 [ 1438.689616] ? __lock_acquire+0x5fc/0x3f20 [ 1438.693852] vb2_create_bufs+0x2e1/0x5b0 [ 1438.697914] ? ___preempt_schedule+0x16/0x18 [ 1438.702322] ? vb2_thread_start+0x310/0x310 [ 1438.706642] ? trace_hardirqs_on+0x10/0x10 [ 1438.710884] ? _raw_spin_unlock_irqrestore+0xaf/0xe0 [ 1438.715991] vb2_ioctl_create_bufs+0x1f7/0x330 13:06:20 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x10000800) unshare(0x880) 13:06:20 executing program 5: fanotify_init(0x20, 0x101000) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/203, 0xcb}, 0x10000) unshare(0x880) [ 1438.720579] v4l_create_bufs+0xa4/0x150 [ 1438.724558] __video_do_ioctl+0x65b/0x6a0 [ 1438.728712] ? video_ioctl2+0x30/0x30 [ 1438.732513] ? __might_fault+0x177/0x1b0 [ 1438.736605] ? video_ioctl2+0x30/0x30 [ 1438.740407] video_usercopy+0xfd/0xe70 [ 1438.744300] ? v4l_g_ctrl+0x390/0x390 [ 1438.748097] ? __fget+0x1fe/0x360 [ 1438.751641] ? trace_hardirqs_on+0x10/0x10 [ 1438.755874] ? lock_downgrade+0x740/0x740 [ 1438.760022] ? futex_exit_release+0x220/0x220 [ 1438.764526] v4l2_ioctl+0x1bb/0x2f0 [ 1438.768157] ? v4l2_open+0x2f0/0x2f0 13:06:20 executing program 5: fanotify_init(0x20, 0x101000) unshare(0x880) 13:06:20 executing program 5: unshare(0x880) [ 1438.771885] do_vfs_ioctl+0x75a/0xff0 [ 1438.775686] ? ioctl_preallocate+0x1a0/0x1a0 [ 1438.780090] ? lock_downgrade+0x740/0x740 [ 1438.784240] ? __fget+0x225/0x360 [ 1438.787694] ? do_vfs_ioctl+0xff0/0xff0 [ 1438.791669] ? security_file_ioctl+0x83/0xb0 [ 1438.796078] SyS_ioctl+0x7f/0xb0 [ 1438.799464] ? do_vfs_ioctl+0xff0/0xff0 [ 1438.803444] do_syscall_64+0x1d5/0x640 [ 1438.807335] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1438.812519] RIP: 0033:0x466459 13:06:20 executing program 5: unshare(0x0) [ 1438.815705] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1438.823412] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1438.830680] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1438.837944] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1438.845328] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1438.852597] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1438.871190] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1438.884907] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1438.890211] CPU: 0 PID: 31816 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1438.898091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1438.907434] Call Trace: [ 1438.910010] dump_stack+0x1b2/0x281 [ 1438.913642] warn_alloc.cold+0x96/0x1cc [ 1438.917602] ? zone_watermark_ok_safe+0x220/0x220 [ 1438.922428] ? trace_hardirqs_on+0x10/0x10 [ 1438.926664] ? deref_stack_reg+0x124/0x1a0 [ 1438.930884] ? fs_reclaim_release+0xd0/0x110 [ 1438.935292] __vmalloc_node_range+0x10e/0x150 [ 1438.939791] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1438.945150] vmalloc_user+0x47/0xa0 [ 1438.948766] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1438.953124] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1438.958473] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1438.962603] __vb2_queue_alloc+0x47a/0xd90 [ 1438.966829] vb2_core_create_bufs+0x279/0x5a0 [ 1438.971446] ? __vb2_queue_free+0x7a0/0x7a0 [ 1438.975787] ? trace_hardirqs_on+0x10/0x10 [ 1438.980004] ? __lock_acquire+0x5fc/0x3f20 [ 1438.984222] vb2_create_bufs+0x2e1/0x5b0 [ 1438.988266] ? vb2_thread_start+0x310/0x310 [ 1438.992572] ? trace_hardirqs_on+0x10/0x10 [ 1438.996788] ? mark_held_locks+0xa6/0xf0 [ 1439.000828] ? trace_hardirqs_on+0x10/0x10 [ 1439.005046] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1439.009647] v4l_create_bufs+0xa4/0x150 [ 1439.013612] __video_do_ioctl+0x65b/0x6a0 [ 1439.017803] ? video_ioctl2+0x30/0x30 [ 1439.021588] ? __might_fault+0x177/0x1b0 [ 1439.025656] ? video_ioctl2+0x30/0x30 [ 1439.029436] video_usercopy+0xfd/0xe70 [ 1439.033315] ? v4l_g_ctrl+0x390/0x390 [ 1439.037115] ? lock_acquire+0x170/0x3f0 [ 1439.041081] ? trace_hardirqs_on+0x10/0x10 [ 1439.045334] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1439.050333] v4l2_ioctl+0x1bb/0x2f0 [ 1439.053943] ? v4l2_open+0x2f0/0x2f0 [ 1439.057650] do_vfs_ioctl+0x75a/0xff0 [ 1439.061521] ? ioctl_preallocate+0x1a0/0x1a0 [ 1439.065911] ? lock_downgrade+0x740/0x740 [ 1439.070063] ? __fget+0x225/0x360 [ 1439.073497] ? do_vfs_ioctl+0xff0/0xff0 [ 1439.077470] ? security_file_ioctl+0x83/0xb0 [ 1439.081864] SyS_ioctl+0x7f/0xb0 [ 1439.085231] ? do_vfs_ioctl+0xff0/0xff0 [ 1439.089190] do_syscall_64+0x1d5/0x640 [ 1439.093061] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1439.098232] RIP: 0033:0x466459 [ 1439.101400] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1439.109089] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1439.116349] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1439.123620] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1439.130875] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1439.138130] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 [ 1439.164400] warn_alloc_show_mem: 2 callbacks suppressed [ 1439.164404] Mem-Info: [ 1439.173260] active_anon:223668 inactive_anon:6741 isolated_anon:0 [ 1439.173260] active_file:6841 inactive_file:44348 isolated_file:0 [ 1439.173260] unevictable:0 dirty:324 writeback:0 unstable:0 [ 1439.173260] slab_reclaimable:21635 slab_unreclaimable:129131 [ 1439.173260] mapped:62538 shmem:6935 pagetables:16017 bounce:0 [ 1439.173260] free:1181683 free_pcp:359 free_cma:0 [ 1439.207705] Node 0 active_anon:894672kB inactive_anon:26964kB active_file:27240kB inactive_file:177392kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250156kB dirty:1296kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1439.237620] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1439.263933] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1439.290153] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1439.295250] Node 0 DMA32 free:668756kB min:36200kB low:45248kB high:54296kB active_anon:894672kB inactive_anon:26964kB active_file:27240kB inactive_file:177392kB unevictable:0kB writepending:1292kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27328kB pagetables:64068kB bounce:0kB free_pcp:1432kB local_pcp:736kB free_cma:0kB [ 1439.325527] lowmem_reserve[]: 0 0 0 0 0 [ 1439.329517] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1439.355378] lowmem_reserve[]: 0 0 0 0 0 [ 1439.359369] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1439.387046] lowmem_reserve[]: 0 0 0 0 0 [ 1439.391137] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1439.404782] Node 0 DMA32: 969*4kB (UME) 422*8kB (UME) 135*16kB (UME) 126*32kB (UE) 24*64kB (U) 1*128kB (M) 18*256kB (UM) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 668420kB [ 1439.422078] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1439.433246] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1439.450984] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1439.460250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1439.469333] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1439.478595] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1439.487581] 25585 total pagecache pages [ 1439.492022] 0 pages in swap cache [ 1439.495469] Swap cache stats: add 0, delete 0, find 0/0 [ 1439.500814] Free swap = 0kB [ 1439.505130] Total swap = 0kB [ 1439.508155] 2097051 pages RAM [ 1439.512115] 0 pages HighMem/MovableOnly [ 1439.516088] 363849 pages reserved [ 1439.519534] 0 pages cma reserved [ 1439.526344] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1439.537659] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1439.547608] CPU: 0 PID: 31818 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1439.555502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1439.564855] Call Trace: [ 1439.567441] dump_stack+0x1b2/0x281 [ 1439.571061] warn_alloc.cold+0x96/0x1cc [ 1439.575017] ? zone_watermark_ok_safe+0x220/0x220 [ 1439.579852] ? trace_hardirqs_on+0x10/0x10 [ 1439.584074] ? deref_stack_reg+0x124/0x1a0 [ 1439.588347] ? fs_reclaim_release+0xd0/0x110 [ 1439.592741] __vmalloc_node_range+0x10e/0x150 [ 1439.597221] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1439.602564] vmalloc_user+0x47/0xa0 [ 1439.606173] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1439.610476] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1439.615819] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1439.619947] __vb2_queue_alloc+0x47a/0xd90 [ 1439.624186] vb2_core_create_bufs+0x279/0x5a0 [ 1439.628662] ? __vb2_queue_free+0x7a0/0x7a0 [ 1439.632965] ? trace_hardirqs_on+0x10/0x10 [ 1439.637178] ? __lock_acquire+0x5fc/0x3f20 [ 1439.641393] vb2_create_bufs+0x2e1/0x5b0 [ 1439.645434] ? vb2_thread_start+0x310/0x310 [ 1439.649854] ? trace_hardirqs_on+0x10/0x10 [ 1439.654069] ? mark_held_locks+0xa6/0xf0 [ 1439.658117] ? trace_hardirqs_on+0x10/0x10 [ 1439.662331] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1439.666894] v4l_create_bufs+0xa4/0x150 [ 1439.670849] __video_do_ioctl+0x65b/0x6a0 [ 1439.674978] ? video_ioctl2+0x30/0x30 [ 1439.678756] ? __might_fault+0x177/0x1b0 [ 1439.682905] ? video_ioctl2+0x30/0x30 [ 1439.686684] video_usercopy+0xfd/0xe70 [ 1439.690558] ? v4l_g_ctrl+0x390/0x390 [ 1439.694345] ? lock_acquire+0x170/0x3f0 [ 1439.698309] ? trace_hardirqs_on+0x10/0x10 [ 1439.702534] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1439.707540] v4l2_ioctl+0x1bb/0x2f0 [ 1439.711147] ? v4l2_open+0x2f0/0x2f0 [ 1439.714844] do_vfs_ioctl+0x75a/0xff0 [ 1439.718629] ? ioctl_preallocate+0x1a0/0x1a0 [ 1439.723016] ? lock_downgrade+0x740/0x740 [ 1439.727148] ? __fget+0x225/0x360 [ 1439.730583] ? do_vfs_ioctl+0xff0/0xff0 [ 1439.734539] ? security_file_ioctl+0x83/0xb0 [ 1439.738929] SyS_ioctl+0x7f/0xb0 [ 1439.742274] ? do_vfs_ioctl+0xff0/0xff0 [ 1439.746231] do_syscall_64+0x1d5/0x640 [ 1439.750125] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1439.755298] RIP: 0033:0x466459 [ 1439.758479] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1439.766166] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1439.773414] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1439.780663] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1439.787912] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1439.795161] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 [ 1439.805103] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1439.816344] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1439.821647] CPU: 0 PID: 31840 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1439.829530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1439.838877] Call Trace: [ 1439.841461] dump_stack+0x1b2/0x281 [ 1439.845192] warn_alloc.cold+0x96/0x1cc [ 1439.849152] ? __lock_acquire+0x5fc/0x3f20 [ 1439.853437] ? zone_watermark_ok_safe+0x220/0x220 [ 1439.858489] ? trace_hardirqs_on+0x10/0x10 [ 1439.862711] ? deref_stack_reg+0x124/0x1a0 [ 1439.866956] ? fs_reclaim_release+0xd0/0x110 [ 1439.871358] __vmalloc_node_range+0x10e/0x150 [ 1439.875951] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1439.881409] vmalloc_user+0x47/0xa0 [ 1439.887193] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1439.891507] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1439.896859] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1439.901005] __vb2_queue_alloc+0x47a/0xd90 [ 1439.905229] vb2_core_create_bufs+0x279/0x5a0 [ 1439.909732] ? __vb2_queue_free+0x7a0/0x7a0 [ 1439.914038] ? trace_hardirqs_on+0x10/0x10 [ 1439.918277] ? __lock_acquire+0x5fc/0x3f20 [ 1439.922493] vb2_create_bufs+0x2e1/0x5b0 [ 1439.926536] ? ___preempt_schedule+0x16/0x18 [ 1439.930945] ? vb2_thread_start+0x310/0x310 [ 1439.935258] ? trace_hardirqs_on+0x10/0x10 [ 1439.939485] ? _raw_spin_unlock_irqrestore+0xaf/0xe0 [ 1439.944707] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1439.949294] v4l_create_bufs+0xa4/0x150 [ 1439.953260] __video_do_ioctl+0x65b/0x6a0 [ 1439.957392] ? video_ioctl2+0x30/0x30 [ 1439.961175] ? __might_fault+0x177/0x1b0 [ 1439.965216] ? video_ioctl2+0x30/0x30 [ 1439.969061] video_usercopy+0xfd/0xe70 [ 1439.972938] ? v4l_g_ctrl+0x390/0x390 [ 1439.976720] ? __fget+0x1fe/0x360 [ 1439.980159] ? trace_hardirqs_on+0x10/0x10 [ 1439.984372] ? lock_downgrade+0x740/0x740 [ 1439.988507] ? futex_exit_release+0x220/0x220 [ 1439.993049] v4l2_ioctl+0x1bb/0x2f0 [ 1439.996708] ? v4l2_open+0x2f0/0x2f0 [ 1440.000409] do_vfs_ioctl+0x75a/0xff0 [ 1440.004193] ? ioctl_preallocate+0x1a0/0x1a0 [ 1440.008583] ? lock_downgrade+0x740/0x740 [ 1440.012714] ? __fget+0x225/0x360 [ 1440.016147] ? do_vfs_ioctl+0xff0/0xff0 [ 1440.020189] ? security_file_ioctl+0x83/0xb0 [ 1440.024577] SyS_ioctl+0x7f/0xb0 [ 1440.027922] ? do_vfs_ioctl+0xff0/0xff0 [ 1440.031878] do_syscall_64+0x1d5/0x640 [ 1440.035872] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1440.041053] RIP: 0033:0x466459 [ 1440.044324] RSP: 002b:00007ff0a6d72188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1440.052057] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 1440.059466] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 13:06:21 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0, 0xff}}}) 13:06:21 executing program 5: unshare(0x0) 13:06:21 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x0, &(0x7f00000000c0)="6bae68b3844a151b41ffeb7dd0ce0c4d7e1291698e593d6cd2e57c1bc15910dece926aed0f7f22993cf8f74da54f0013c6b4790edb88ff2e09f1e5327cf0ac829df2d3fb230bf35d2ccc89868d3f51bbf37e669650f875a1451f0a3fec7805f85f0a168d15de44fc21ebc6c3bb99ffc02a88506d407db70a0cd8ba3d4ca1fc192cd155e3949b3772731870b1dbb2409e2e0cbf9571e3debe4403314ba2729f130abcf02436729947a2cfd19ee3b0a776d30f877dd2c384ad741879a194f574571e8c5495493fad49c3861db4e09df1925f866effaffa7d1b1a18719a3055a49d94d1f6046d7a06956e8952b9f344ba451ccc70f3a7e593d029"}}, 0x3}) 13:06:21 executing program 3: r0 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="000329bd7000ffdbdf250000000006001b004e24000006001b004e000000080011000180000005000d000000000006001d00ff0f0000"], 0x3c}, 0x1, 0x0, 0x0, 0x89}, 0x800) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x8000, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, &(0x7f0000000040)=0x1, 0x4) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000440)='/dev/bsg\x00', 0x1c083, 0x0) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r3, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x42}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x8}]}, 0x2c}}, 0x8001) [ 1440.066765] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1440.074202] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1440.081499] R13: 00007ffea9384a6f R14: 00007ff0a6d72300 R15: 0000000000022000 13:06:21 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x3ff, 0x0}}}) 13:06:21 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x3, @win={{}, 0x0, 0xfffffffd, 0x0, 0xfffffffe, 0x0}}}) [ 1440.151926] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1440.176130] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1440.205322] CPU: 1 PID: 31843 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1440.213240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1440.222600] Call Trace: [ 1440.225234] dump_stack+0x1b2/0x281 [ 1440.228853] warn_alloc.cold+0x96/0x1cc [ 1440.232814] ? zone_watermark_ok_safe+0x220/0x220 [ 1440.237642] ? trace_hardirqs_on+0x10/0x10 [ 1440.241860] ? deref_stack_reg+0x124/0x1a0 [ 1440.246086] ? fs_reclaim_release+0xd0/0x110 [ 1440.250480] __vmalloc_node_range+0x10e/0x150 [ 1440.254961] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1440.260304] vmalloc_user+0x47/0xa0 [ 1440.263912] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1440.268325] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1440.273668] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1440.277798] __vb2_queue_alloc+0x47a/0xd90 [ 1440.282026] vb2_core_create_bufs+0x279/0x5a0 [ 1440.286500] ? __vb2_queue_free+0x7a0/0x7a0 [ 1440.290816] ? trace_hardirqs_on+0x10/0x10 [ 1440.295038] ? __lock_acquire+0x5fc/0x3f20 [ 1440.299344] vb2_create_bufs+0x2e1/0x5b0 [ 1440.303388] ? futex_wait_queue_me+0x3bb/0x590 [ 1440.307951] ? vb2_thread_start+0x310/0x310 [ 1440.312254] ? trace_hardirqs_on+0x10/0x10 [ 1440.316475] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1440.321044] v4l_create_bufs+0xa4/0x150 [ 1440.324999] __video_do_ioctl+0x65b/0x6a0 [ 1440.329133] ? video_ioctl2+0x30/0x30 [ 1440.332915] ? __might_fault+0x177/0x1b0 [ 1440.336974] ? video_ioctl2+0x30/0x30 [ 1440.340756] video_usercopy+0xfd/0xe70 [ 1440.344627] ? v4l_g_ctrl+0x390/0x390 [ 1440.348408] ? lock_acquire+0x170/0x3f0 [ 1440.352448] ? lock_downgrade+0x740/0x740 [ 1440.356576] ? trace_hardirqs_on+0x10/0x10 [ 1440.360790] ? futex_exit_release+0x220/0x220 [ 1440.365266] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1440.370351] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1440.375349] v4l2_ioctl+0x1bb/0x2f0 [ 1440.378985] ? v4l2_open+0x2f0/0x2f0 [ 1440.382692] do_vfs_ioctl+0x75a/0xff0 [ 1440.386475] ? ioctl_preallocate+0x1a0/0x1a0 [ 1440.390862] ? lock_downgrade+0x740/0x740 [ 1440.394998] ? __fget+0x225/0x360 [ 1440.398434] ? do_vfs_ioctl+0xff0/0xff0 [ 1440.402393] ? security_file_ioctl+0x83/0xb0 [ 1440.406783] SyS_ioctl+0x7f/0xb0 [ 1440.410129] ? do_vfs_ioctl+0xff0/0xff0 [ 1440.414085] do_syscall_64+0x1d5/0x640 [ 1440.417956] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1440.423126] RIP: 0033:0x466459 [ 1440.426296] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1440.433985] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1440.441236] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1440.448486] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1440.455736] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1440.462984] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1440.472147] warn_alloc_show_mem: 2 callbacks suppressed [ 1440.472150] Mem-Info: [ 1440.480224] active_anon:223156 inactive_anon:6741 isolated_anon:0 [ 1440.480224] active_file:6841 inactive_file:44356 isolated_file:0 [ 1440.480224] unevictable:0 dirty:329 writeback:0 unstable:0 [ 1440.480224] slab_reclaimable:21635 slab_unreclaimable:129100 13:06:21 executing program 5: unshare(0x0) [ 1440.480224] mapped:62574 shmem:6935 pagetables:16028 bounce:0 [ 1440.480224] free:1181804 free_pcp:205 free_cma:0 [ 1440.515473] Node 0 active_anon:894820kB inactive_anon:26964kB active_file:27240kB inactive_file:177424kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250296kB dirty:1316kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1440.547638] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1440.573524] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1440.600104] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1440.605293] Node 0 DMA32 free:667760kB min:36200kB low:45248kB high:54296kB active_anon:894712kB inactive_anon:26964kB active_file:27240kB inactive_file:177436kB unevictable:0kB writepending:1324kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27392kB pagetables:63976kB bounce:0kB free_pcp:884kB local_pcp:272kB free_cma:0kB [ 1440.635485] lowmem_reserve[]: 0 0 0 0 0 [ 1440.639477] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1440.665170] lowmem_reserve[]: 0 0 0 0 0 [ 1440.669168] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1440.696925] lowmem_reserve[]: 0 0 0 0 0 [ 1440.701013] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1440.714687] Node 0 DMA32: 922*4kB (UME) 289*8kB (UME) 160*16kB (UME) 127*32kB (UME) 26*64kB (U) 2*128kB (UM) 16*256kB (M) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 667344kB [ 1440.732101] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1440.742885] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1440.760239] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1440.769140] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1440.777783] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1440.786680] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1440.795304] 25592 total pagecache pages [ 1440.799323] 0 pages in swap cache [ 1440.802953] Swap cache stats: add 0, delete 0, find 0/0 [ 1440.808317] Free swap = 0kB [ 1440.811463] Total swap = 0kB [ 1440.814482] 2097051 pages RAM [ 1440.817636] 0 pages HighMem/MovableOnly [ 1440.821668] 363849 pages reserved [ 1440.825111] 0 pages cma reserved [ 1440.828601] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1440.841440] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1440.846569] CPU: 0 PID: 31855 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1440.854431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1440.863767] Call Trace: [ 1440.866343] dump_stack+0x1b2/0x281 [ 1440.869965] warn_alloc.cold+0x96/0x1cc [ 1440.873929] ? zone_watermark_ok_safe+0x220/0x220 [ 1440.878760] ? trace_hardirqs_on+0x10/0x10 [ 1440.882988] ? deref_stack_reg+0x124/0x1a0 [ 1440.887269] ? fs_reclaim_release+0xd0/0x110 [ 1440.891720] __vmalloc_node_range+0x10e/0x150 [ 1440.896204] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1440.901574] vmalloc_user+0x47/0xa0 [ 1440.905189] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1440.909501] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1440.914846] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1440.918982] __vb2_queue_alloc+0x47a/0xd90 [ 1440.923315] vb2_core_create_bufs+0x279/0x5a0 [ 1440.927805] ? __vb2_queue_free+0x7a0/0x7a0 [ 1440.932121] ? trace_hardirqs_on+0x10/0x10 [ 1440.936342] ? __lock_acquire+0x5fc/0x3f20 [ 1440.940620] vb2_create_bufs+0x2e1/0x5b0 [ 1440.944668] ? vb2_thread_start+0x310/0x310 [ 1440.948980] ? trace_hardirqs_on+0x10/0x10 [ 1440.953196] ? mark_held_locks+0xa6/0xf0 [ 1440.957245] ? trace_hardirqs_on+0x10/0x10 [ 1440.961468] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1440.966043] v4l_create_bufs+0xa4/0x150 [ 1440.970004] __video_do_ioctl+0x65b/0x6a0 [ 1440.974144] ? video_ioctl2+0x30/0x30 [ 1440.977936] ? __might_fault+0x177/0x1b0 [ 1440.981989] ? video_ioctl2+0x30/0x30 [ 1440.985788] video_usercopy+0xfd/0xe70 [ 1440.989670] ? v4l_g_ctrl+0x390/0x390 [ 1440.993454] ? lock_acquire+0x170/0x3f0 [ 1440.997410] ? trace_hardirqs_on+0x10/0x10 [ 1441.001628] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1441.006628] v4l2_ioctl+0x1bb/0x2f0 [ 1441.010232] ? v4l2_open+0x2f0/0x2f0 [ 1441.013943] do_vfs_ioctl+0x75a/0xff0 [ 1441.017730] ? ioctl_preallocate+0x1a0/0x1a0 [ 1441.022120] ? lock_downgrade+0x740/0x740 [ 1441.026253] ? __fget+0x225/0x360 [ 1441.029686] ? do_vfs_ioctl+0xff0/0xff0 [ 1441.033643] ? security_file_ioctl+0x83/0xb0 [ 1441.038040] SyS_ioctl+0x7f/0xb0 [ 1441.041385] ? do_vfs_ioctl+0xff0/0xff0 [ 1441.045339] do_syscall_64+0x1d5/0x640 [ 1441.049209] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1441.054379] RIP: 0033:0x466459 13:06:22 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x4, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0x2, 0x0, 0x0, 0x0}}}) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) 13:06:22 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) [ 1441.057546] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1441.065233] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1441.072484] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1441.079732] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1441.086982] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1441.094233] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 13:06:22 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x0, 0x0}}, 0x3}) 13:06:22 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r1}, 0xffffffffffffff73) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000100)={0x1, 0x2, 0x4, 0xe000, 0x6, {0x77359400}, {0x1, 0xc, 0x8, 0x3f, 0x4, 0x40, "4e21122c"}, 0xbc09, 0x4, @fd=r3, 0xffffffff}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) sendmsg$nl_route_sched(r4, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@gettclass={0x24, 0x2a, 0x300, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x4, 0x9}, {0x0, 0xe}, {0x8, 0xc}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x9091}, 0x20000044) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4) 13:06:22 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000100)='/dev/video#\x00', 0xf8, 0x2) r1 = socket$phonet(0x23, 0x2, 0x1) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x100000000, 0x40800) ioctl$vim2m_VIDIOC_QUERYCAP(r3, 0x80685600, &(0x7f0000000140)) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000080), &(0x7f00000000c0)=0x40) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$KVM_ARM_SET_DEVICE_ADDR(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000040)={0xadb8, 0xd000}) 13:06:22 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000080)={0x0, 0x2, 0x0, {0x2, @vbi={0x2, 0x98, 0x80000000, 0x59455247, [0x7, 0xc990], [0x9, 0x3c0b], 0x2}}, 0x200}) 13:06:22 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0, 0x2}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0xfffffffffffffeff) ioctl$vim2m_VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f0000000040)) 13:06:22 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x0, 0x0}}, 0x3}) 13:06:22 executing program 3: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000080)) write$UHID_GET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000040)={0xa, {0x3, 0x8}}, 0xa) syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x2, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:22 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000012c0)={0xffffffffffffffff, 0x0, 0xf, 0x1000, &(0x7f0000000040)="325c000b326041f6e69c67952ba0db", &(0x7f00000002c0)=""/4096, 0x9, 0x0, 0x5a, 0x51, &(0x7f0000000080)="3bf4b6ca0f754d6d139e60df5552d578fdea8b9a396e11a410d080f0f11587a419910a6e779e58605e1bf4f6a6902766b38a842755b02b3c12b74e647c8e9e8ffed4804e0c2c366ee63eb32fab1351a5591b7d0700c74be68160", &(0x7f0000000100)="c631fc859e534f723901912217ea400afbac0e5d66754ec8ac9e6d11d7504de178db8d554bd843ecd7a3196e28abad23ca8d27c194c4dad346266aae6d84eb58cc35311c2f99fbed101b423358160de27c", 0x0, 0x10000}, 0x48) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000001340), &(0x7f0000000180)=0x60) 13:06:22 executing program 2: ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f0000000040)={0x1001, 0x6000, 0x8, 0xe0, 0x3f}) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x40, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="400000faff3113069aa9a74641a454007000000829bd7000fbdbdf25070000c36e3cdbcc3ca4399c00145eff344da3a757fbfde0e348dd2f7e22f5f344dde008dc29d44a4c3ded92f9ecd304dbc3144633d559afb300000000b4b5", @ANYRES32=0x0, @ANYBLOB="0c00018008000100100004000c000180060002000d000000100001800c0004800800020000000000"], 0x40}}, 0x4000001) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:22 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0xfffffffc, 0x0, 0x8}}}) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x10000, 0x100, &(0x7f0000000140)=0x985}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000040)={0x1, @sdr={0x47524247, 0x3}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000180)={0xffffffffffffffff, r2}) 13:06:22 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000040)=""/152, &(0x7f0000000100)=0x98) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:22 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x200000, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:22 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x4, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000040)=0x2) 13:06:22 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x1, @win={{0x5, 0x0, 0x3, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:22 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x4000f8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @pix_mp={0x1f, 0x5, 0x50323234, 0x4, 0x0, [{0x10000, 0x81}, {0x3, 0x81}, {0x4, 0x2}, {0x10001}, {0x0, 0x7}, {0x3, 0x7}, {0x1, 0x7}, {0x5, 0x800}], 0x20, 0x9, 0x0, 0x2, 0x5}}}) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000000c0)={0x0, 0x1, 0x3, "73a3aa0d6c909045f19621df38a3c9e8b13e6edd319b9fb181e6bb15aad05f02", 0x31435750}) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000080)={0x1ff, 0x0, 0x0, "4a9d40634bfc5d094dfc50d78134152563bf63d038282b2f36aa07d0199df36f", 0x3147504d}) 13:06:22 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x0, 0x0}}, 0x3}) 13:06:22 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x4, 0x1, {0x2, @pix={0x4, 0x10001, 0x32315258, 0x5, 0x7, 0x8, 0xb, 0x5, 0x1, 0x8, 0x0, 0x2}}}) r1 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x9, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f00000002c0)={0x0, 0x0, 0x4, 0xe000, 0x8000, {r3, r4/1000+10000}, {0x5, 0x2, 0xff, 0x0, 0x4a, 0x4, "2f6822e7"}, 0x5, 0x373427047c39125f, @fd=r1, 0x1, 0x0, r1}) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000340)={0xe5c, 0x0, 0x4, 0x800, 0x8, {0x77359400}, {0x1, 0xc, 0x80, 0x7, 0x9, 0x90, "81e6d3aa"}, 0x9, 0x2, @fd=r5, 0x9, 0x0, r1}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000180)={0x4, 0x5393, 0x3, {0x2, @raw_data="27d46ee4e585ba0cfe0369d87fff4622a3060dc5a6fba5d70fdba61a2ef349efbaca80d7bc2b5aedc34d4c46cb8331b981a01ae7e50fbc580a64721f1599f88c6ded506851a7f05cbba3dd12b8aedb7a0ef86616b7f87e9aea0c19530a15fd46e9b9a7d052f9cb7a84176abdf038b7c1a626e905a1d3795e4e5aebdadf142197c5200edca5b5a2cb6fb205d0a009efe5667e5ade939f5aa31448ef129cd6bbcc093f7d7aea6969c4eb7f90c80290d7932a61c55b2b23938cfaff3f0ede38bd6b7e98de8f2e422efd"}, 0x200}) 13:06:23 executing program 3: bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={0xffffffffffffffff}, 0x4) syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf5, 0x2) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xe8d, 0x1, 0x4, 0x1, 0x4000004, {}, {0x5, 0x2, 0x80, 0x6, 0x81, 0x1, "46a8e111"}, 0x1, 0x4, @fd, 0x6}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000100)={'wg1\x00'}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000002c0)={0x1, 0x81, 0x1, {0x2, @sdr={0x59565955, 0x9}}, 0x3}) 13:06:23 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000080)={0x1, 0x3, 0x4, 0x1000, 0xafe, {0x0, 0xea60}, {0x4, 0x2, 0xe2, 0x8, 0x1f, 0x9, ';r=%'}, 0x1ff, 0x2, @fd=r2, 0x6}) syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0xffff, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:23 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x0, &(0x7f00000000c0)}}, 0x3}) 13:06:23 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x0, 0x1, 0x3, "be93576389b3f6a0ffc645814ea29b271fab3695091061608063978cd5fc40c4", 0x3436324d}) socket$inet_udplite(0x2, 0x2, 0x88) r1 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @host}, 0x10, 0x80000) getpeername(r1, &(0x7f00000000c0)=@l2tp6, &(0x7f0000000140)=0x80) 13:06:23 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x8, 0x1, 0x1, "4989d3e7cfece93e8fe36828c9fc5734c7c962c540eb1a5fc0d8cde148a55c97", 0x584e4f53}) [ 1441.609545] warn_alloc: 28 callbacks suppressed [ 1441.609550] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1441.657318] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1441.662928] CPU: 1 PID: 31956 Comm: syz-executor.0 Not tainted 4.14.231-syzkaller #0 [ 1441.670813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1441.680165] Call Trace: [ 1441.682758] dump_stack+0x1b2/0x281 [ 1441.686386] warn_alloc.cold+0x96/0x1cc [ 1441.690456] ? zone_watermark_ok_safe+0x220/0x220 [ 1441.695282] ? trace_hardirqs_on+0x10/0x10 [ 1441.699495] ? deref_stack_reg+0x124/0x1a0 [ 1441.703722] ? fs_reclaim_release+0xd0/0x110 [ 1441.708127] __vmalloc_node_range+0x10e/0x150 [ 1441.712627] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1441.717977] vmalloc_user+0x47/0xa0 [ 1441.721595] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1441.725972] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1441.731330] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1441.735467] __vb2_queue_alloc+0x47a/0xd90 [ 1441.739687] vb2_core_create_bufs+0x279/0x5a0 [ 1441.744164] ? __vb2_queue_free+0x7a0/0x7a0 [ 1441.748469] ? trace_hardirqs_on+0x10/0x10 [ 1441.752692] ? __lock_acquire+0x5fc/0x3f20 [ 1441.756915] vb2_create_bufs+0x2e1/0x5b0 [ 1441.760970] ? futex_wait_queue_me+0x3bb/0x590 [ 1441.765545] ? vb2_thread_start+0x310/0x310 [ 1441.769896] ? trace_hardirqs_on+0x10/0x10 [ 1441.774129] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1441.778699] v4l_create_bufs+0xa4/0x150 [ 1441.782667] __video_do_ioctl+0x65b/0x6a0 [ 1441.786810] ? video_ioctl2+0x30/0x30 [ 1441.790594] ? __might_fault+0x177/0x1b0 [ 1441.794640] ? video_ioctl2+0x30/0x30 [ 1441.798433] video_usercopy+0xfd/0xe70 [ 1441.802312] ? v4l_g_ctrl+0x390/0x390 [ 1441.806102] ? lock_acquire+0x170/0x3f0 [ 1441.810057] ? lock_downgrade+0x740/0x740 [ 1441.814186] ? trace_hardirqs_on+0x10/0x10 [ 1441.818404] ? futex_exit_release+0x220/0x220 [ 1441.822894] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1441.827986] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1441.832993] v4l2_ioctl+0x1bb/0x2f0 [ 1441.836606] ? v4l2_open+0x2f0/0x2f0 [ 1441.840300] do_vfs_ioctl+0x75a/0xff0 [ 1441.844091] ? ioctl_preallocate+0x1a0/0x1a0 [ 1441.848491] ? lock_downgrade+0x740/0x740 [ 1441.852630] ? __fget+0x225/0x360 [ 1441.856062] ? do_vfs_ioctl+0xff0/0xff0 [ 1441.860032] ? security_file_ioctl+0x83/0xb0 [ 1441.864475] SyS_ioctl+0x7f/0xb0 [ 1441.867825] ? do_vfs_ioctl+0xff0/0xff0 [ 1441.871782] do_syscall_64+0x1d5/0x640 [ 1441.875675] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1441.880851] RIP: 0033:0x466459 [ 1441.884041] RSP: 002b:00007fcbc30ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1441.891740] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1441.898992] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 13:06:23 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x0, @win={{0x0, 0x3, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) [ 1441.906254] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1441.913513] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1441.920765] R13: 00007ffe1717ac5f R14: 00007fcbc30ae300 R15: 0000000000022000 [ 1441.943012] warn_alloc_show_mem: 1 callbacks suppressed [ 1441.943016] Mem-Info: [ 1441.960204] active_anon:223158 inactive_anon:6741 isolated_anon:0 [ 1441.960204] active_file:6841 inactive_file:44377 isolated_file:0 [ 1441.960204] unevictable:0 dirty:349 writeback:0 unstable:0 [ 1441.960204] slab_reclaimable:21635 slab_unreclaimable:129355 [ 1441.960204] mapped:62594 shmem:6935 pagetables:16028 bounce:0 [ 1441.960204] free:1182015 free_pcp:242 free_cma:0 [ 1441.995748] Node 0 active_anon:894672kB inactive_anon:26964kB active_file:27240kB inactive_file:177524kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250276kB dirty:1396kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1442.026208] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1442.052374] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1442.078683] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1442.083879] Node 0 DMA32 free:667724kB min:36200kB low:45248kB high:54296kB active_anon:894672kB inactive_anon:26964kB active_file:27240kB inactive_file:177524kB unevictable:0kB writepending:1396kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27392kB pagetables:64068kB bounce:0kB free_pcp:1116kB local_pcp:492kB free_cma:0kB [ 1442.114781] lowmem_reserve[]: 0 0 0 0 0 [ 1442.118797] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1442.145967] lowmem_reserve[]: 0 0 0 0 0 [ 1442.150060] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1442.178901] lowmem_reserve[]: 0 0 0 0 0 [ 1442.183393] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1442.197423] Node 0 DMA32: 839*4kB (UME) 182*8kB (UME) 133*16kB (UME) 161*32kB (UME) 34*64kB (U) 2*128kB (UM) 16*256kB (M) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 667324kB [ 1442.215126] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1442.226394] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1442.244145] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1442.253635] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1442.262833] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1442.272192] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1442.280799] 25610 total pagecache pages [ 1442.285627] 0 pages in swap cache [ 1442.289060] Swap cache stats: add 0, delete 0, find 0/0 [ 1442.295184] Free swap = 0kB [ 1442.298201] Total swap = 0kB [ 1442.302640] 2097051 pages RAM [ 1442.305743] 0 pages HighMem/MovableOnly [ 1442.309719] 363849 pages reserved [ 1442.314118] 0 pages cma reserved [ 1442.317572] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1442.331316] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1442.336527] CPU: 1 PID: 31959 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1442.344419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1442.353760] Call Trace: [ 1442.356340] dump_stack+0x1b2/0x281 [ 1442.360013] warn_alloc.cold+0x96/0x1cc [ 1442.363974] ? __lock_acquire+0x5fc/0x3f20 [ 1442.368202] ? zone_watermark_ok_safe+0x220/0x220 [ 1442.373046] ? trace_hardirqs_on+0x10/0x10 [ 1442.377271] ? deref_stack_reg+0x124/0x1a0 [ 1442.381499] ? fs_reclaim_release+0xd0/0x110 [ 1442.385906] __vmalloc_node_range+0x10e/0x150 [ 1442.390389] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1442.395747] vmalloc_user+0x47/0xa0 [ 1442.399372] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1442.403683] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1442.409030] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1442.413195] __vb2_queue_alloc+0x47a/0xd90 [ 1442.417420] vb2_core_create_bufs+0x279/0x5a0 [ 1442.421903] ? __vb2_queue_free+0x7a0/0x7a0 [ 1442.426218] ? trace_hardirqs_on+0x10/0x10 [ 1442.430440] ? __lock_acquire+0x5fc/0x3f20 [ 1442.434669] vb2_create_bufs+0x2e1/0x5b0 [ 1442.438797] ? vb2_thread_start+0x310/0x310 [ 1442.443105] ? trace_hardirqs_on+0x10/0x10 [ 1442.447327] ? mark_held_locks+0xa6/0xf0 [ 1442.451388] ? trace_hardirqs_on+0x10/0x10 [ 1442.455620] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1442.460189] v4l_create_bufs+0xa4/0x150 [ 1442.464156] __video_do_ioctl+0x65b/0x6a0 [ 1442.468326] ? video_ioctl2+0x30/0x30 [ 1442.472122] ? __might_fault+0x177/0x1b0 [ 1442.476174] ? video_ioctl2+0x30/0x30 [ 1442.479962] video_usercopy+0xfd/0xe70 [ 1442.483851] ? v4l_g_ctrl+0x390/0x390 [ 1442.487649] ? lock_acquire+0x170/0x3f0 [ 1442.491616] ? trace_hardirqs_on+0x10/0x10 [ 1442.495845] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1442.500864] v4l2_ioctl+0x1bb/0x2f0 [ 1442.504488] ? v4l2_open+0x2f0/0x2f0 [ 1442.508198] do_vfs_ioctl+0x75a/0xff0 [ 1442.512020] ? ioctl_preallocate+0x1a0/0x1a0 [ 1442.516425] ? lock_downgrade+0x740/0x740 [ 1442.520567] ? __fget+0x225/0x360 [ 1442.524010] ? do_vfs_ioctl+0xff0/0xff0 [ 1442.528102] ? security_file_ioctl+0x83/0xb0 [ 1442.532492] SyS_ioctl+0x7f/0xb0 [ 1442.535841] ? do_vfs_ioctl+0xff0/0xff0 [ 1442.539803] do_syscall_64+0x1d5/0x640 [ 1442.543691] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1442.548868] RIP: 0033:0x466459 [ 1442.552039] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1442.559732] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1442.566989] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1442.574272] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1442.581532] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1442.588925] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1442.607902] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1442.619146] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1442.625200] CPU: 0 PID: 31963 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1442.633092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1442.642432] Call Trace: [ 1442.645006] dump_stack+0x1b2/0x281 [ 1442.648617] warn_alloc.cold+0x96/0x1cc [ 1442.652573] ? zone_watermark_ok_safe+0x220/0x220 [ 1442.657399] ? trace_hardirqs_on+0x10/0x10 [ 1442.661669] ? deref_stack_reg+0x124/0x1a0 [ 1442.665889] ? fs_reclaim_release+0xd0/0x110 [ 1442.670393] __vmalloc_node_range+0x10e/0x150 [ 1442.674872] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1442.680217] vmalloc_user+0x47/0xa0 [ 1442.683847] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1442.688147] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1442.693488] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1442.697617] __vb2_queue_alloc+0x47a/0xd90 [ 1442.701835] vb2_core_create_bufs+0x279/0x5a0 [ 1442.706311] ? __vb2_queue_free+0x7a0/0x7a0 [ 1442.710616] ? trace_hardirqs_on+0x10/0x10 [ 1442.714829] ? __lock_acquire+0x5fc/0x3f20 [ 1442.719060] vb2_create_bufs+0x2e1/0x5b0 [ 1442.723110] ? vb2_thread_start+0x310/0x310 [ 1442.727429] ? trace_hardirqs_on+0x10/0x10 [ 1442.731643] ? mark_held_locks+0xa6/0xf0 [ 1442.735684] ? trace_hardirqs_on+0x10/0x10 [ 1442.739915] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1442.744600] v4l_create_bufs+0xa4/0x150 [ 1442.748568] __video_do_ioctl+0x65b/0x6a0 [ 1442.752701] ? video_ioctl2+0x30/0x30 [ 1442.756493] ? __might_fault+0x177/0x1b0 [ 1442.760535] ? video_ioctl2+0x30/0x30 [ 1442.764324] video_usercopy+0xfd/0xe70 [ 1442.768203] ? v4l_g_ctrl+0x390/0x390 [ 1442.771988] ? lock_acquire+0x170/0x3f0 [ 1442.775969] ? trace_hardirqs_on+0x10/0x10 [ 1442.780197] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1442.785201] v4l2_ioctl+0x1bb/0x2f0 [ 1442.788809] ? v4l2_open+0x2f0/0x2f0 [ 1442.792505] do_vfs_ioctl+0x75a/0xff0 [ 1442.796349] ? ioctl_preallocate+0x1a0/0x1a0 [ 1442.800773] ? lock_downgrade+0x740/0x740 [ 1442.804912] ? __fget+0x225/0x360 [ 1442.808372] ? do_vfs_ioctl+0xff0/0xff0 [ 1442.812330] ? security_file_ioctl+0x83/0xb0 [ 1442.816720] SyS_ioctl+0x7f/0xb0 [ 1442.820071] ? do_vfs_ioctl+0xff0/0xff0 [ 1442.824031] do_syscall_64+0x1d5/0x640 [ 1442.827904] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1442.833075] RIP: 0033:0x466459 [ 1442.836255] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1442.843948] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1442.851199] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1442.858499] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 13:06:24 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x0, &(0x7f00000000c0)}}}) [ 1442.865770] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1442.873072] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 13:06:24 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x2, 0x1, {0x2, @pix={0x1001, 0x3531ebf1, 0x59565955, 0x9, 0xfffffffa, 0x104, 0x4, 0xfffffff8, 0x0, 0x7, 0x1, 0x5}}}) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x1}) 13:06:24 executing program 1: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x3, {0x2, @pix={0x7, 0x5, 0x50424752, 0x7, 0x400, 0x102, 0xe44f42b5b9b4e5f, 0x4a, 0x0, 0x4, 0x2, 0x2}}}) 13:06:24 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000040)={0x2, @pix={0xfffffc01, 0x4, 0x31324d59, 0x4, 0xc5f3, 0x5, 0xa, 0x292c, 0x0, 0x8}}) 13:06:24 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x3, 0x2, "c899d01fe7a83f895ad6df64b8a01546d650bc77400e40ffe004e4b921b032f6", 0x39565559}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x1) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x5}, @WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_IFINDEX={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x40080) [ 1442.991515] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1443.006687] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1443.015380] CPU: 1 PID: 31993 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1443.023277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1443.032631] Call Trace: [ 1443.035219] dump_stack+0x1b2/0x281 [ 1443.038847] warn_alloc.cold+0x96/0x1cc [ 1443.042826] ? zone_watermark_ok_safe+0x220/0x220 [ 1443.047671] ? trace_hardirqs_on+0x10/0x10 [ 1443.051917] ? deref_stack_reg+0x124/0x1a0 [ 1443.056149] ? fs_reclaim_release+0xd0/0x110 [ 1443.060542] __vmalloc_node_range+0x10e/0x150 [ 1443.065022] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1443.070368] vmalloc_user+0x47/0xa0 [ 1443.073977] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1443.078277] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1443.083620] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1443.087751] __vb2_queue_alloc+0x47a/0xd90 [ 1443.091993] vb2_core_create_bufs+0x279/0x5a0 [ 1443.096486] ? __vb2_queue_free+0x7a0/0x7a0 [ 1443.100798] ? trace_hardirqs_on+0x10/0x10 [ 1443.105017] ? __lock_acquire+0x5fc/0x3f20 [ 1443.109237] vb2_create_bufs+0x2e1/0x5b0 [ 1443.113296] ? futex_wait_queue_me+0x3bb/0x590 [ 1443.117865] ? vb2_thread_start+0x310/0x310 [ 1443.122171] ? trace_hardirqs_on+0x10/0x10 [ 1443.126404] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1443.130983] v4l_create_bufs+0xa4/0x150 [ 1443.134944] __video_do_ioctl+0x65b/0x6a0 [ 1443.139077] ? video_ioctl2+0x30/0x30 [ 1443.142860] ? __might_fault+0x177/0x1b0 [ 1443.146947] ? video_ioctl2+0x30/0x30 [ 1443.150730] video_usercopy+0xfd/0xe70 [ 1443.154713] ? v4l_g_ctrl+0x390/0x390 [ 1443.158495] ? lock_acquire+0x170/0x3f0 [ 1443.162451] ? trace_hardirqs_on+0x10/0x10 [ 1443.166669] ? futex_exit_release+0x220/0x220 [ 1443.171149] ? wait_for_completion_io+0x10/0x10 [ 1443.175801] v4l2_ioctl+0x1bb/0x2f0 [ 1443.179410] ? v4l2_open+0x2f0/0x2f0 [ 1443.183111] do_vfs_ioctl+0x75a/0xff0 [ 1443.186894] ? ioctl_preallocate+0x1a0/0x1a0 [ 1443.191289] ? lock_downgrade+0x740/0x740 [ 1443.195441] ? __fget+0x225/0x360 [ 1443.198881] ? do_vfs_ioctl+0xff0/0xff0 [ 1443.202980] ? security_file_ioctl+0x83/0xb0 [ 1443.207378] SyS_ioctl+0x7f/0xb0 [ 1443.210735] ? do_vfs_ioctl+0xff0/0xff0 [ 1443.214710] do_syscall_64+0x1d5/0x640 [ 1443.218729] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1443.223902] RIP: 0033:0x466459 [ 1443.227073] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1443.234766] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1443.242020] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1443.249376] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1443.256635] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1443.263897] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1443.278595] warn_alloc_show_mem: 2 callbacks suppressed [ 1443.278599] Mem-Info: [ 1443.286786] active_anon:223654 inactive_anon:6741 isolated_anon:0 [ 1443.286786] active_file:6841 inactive_file:44382 isolated_file:0 [ 1443.286786] unevictable:0 dirty:360 writeback:0 unstable:0 [ 1443.286786] slab_reclaimable:21635 slab_unreclaimable:129428 [ 1443.286786] mapped:62584 shmem:6935 pagetables:16023 bounce:0 [ 1443.286786] free:1181377 free_pcp:243 free_cma:0 [ 1443.322897] Node 0 active_anon:894672kB inactive_anon:26964kB active_file:27240kB inactive_file:177568kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250380kB dirty:1440kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1443.352188] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1443.378206] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1443.405021] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1443.410130] Node 0 DMA32 free:666820kB min:36200kB low:45248kB high:54296kB active_anon:894672kB inactive_anon:26964kB active_file:27240kB inactive_file:177568kB unevictable:0kB writepending:1448kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27424kB pagetables:64068kB bounce:0kB free_pcp:1180kB local_pcp:712kB free_cma:0kB [ 1443.440546] lowmem_reserve[]: 0 0 0 0 0 [ 1443.444610] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1443.470258] lowmem_reserve[]: 0 0 0 0 0 [ 1443.484348] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1443.512039] lowmem_reserve[]: 0 0 0 0 0 [ 1443.516026] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1443.529676] Node 0 DMA32: 866*4kB (UME) 270*8kB (UME) 113*16kB (UE) 171*32kB (UE) 36*64kB (UM) 1*128kB (U) 16*256kB (M) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 668136kB [ 1443.547310] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1443.558056] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1443.575437] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1443.584437] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1443.593071] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1443.601979] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1443.610550] 25623 total pagecache pages [ 1443.614595] 0 pages in swap cache [ 1443.618041] Swap cache stats: add 0, delete 0, find 0/0 [ 1443.623570] Free swap = 0kB [ 1443.626575] Total swap = 0kB [ 1443.629573] 2097051 pages RAM [ 1443.632735] 0 pages HighMem/MovableOnly [ 1443.636776] 363849 pages reserved [ 1443.640214] 0 pages cma reserved [ 1443.643866] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1443.655034] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1443.660321] CPU: 0 PID: 31996 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1443.668199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1443.677535] Call Trace: [ 1443.680120] dump_stack+0x1b2/0x281 [ 1443.683743] warn_alloc.cold+0x96/0x1cc [ 1443.687703] ? zone_watermark_ok_safe+0x220/0x220 [ 1443.692537] ? trace_hardirqs_on+0x10/0x10 [ 1443.696779] ? deref_stack_reg+0x124/0x1a0 [ 1443.701012] ? fs_reclaim_release+0xd0/0x110 [ 1443.705418] __vmalloc_node_range+0x10e/0x150 [ 1443.709902] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1443.715255] vmalloc_user+0x47/0xa0 [ 1443.718874] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1443.724158] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1443.729510] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1443.733648] __vb2_queue_alloc+0x47a/0xd90 [ 1443.737869] vb2_core_create_bufs+0x279/0x5a0 [ 1443.742345] ? __vb2_queue_free+0x7a0/0x7a0 [ 1443.746651] ? trace_hardirqs_on+0x10/0x10 [ 1443.750866] ? __lock_acquire+0x5fc/0x3f20 [ 1443.755095] vb2_create_bufs+0x2e1/0x5b0 [ 1443.759150] ? vb2_thread_start+0x310/0x310 [ 1443.763451] ? trace_hardirqs_on+0x10/0x10 [ 1443.767664] ? mark_held_locks+0xa6/0xf0 [ 1443.771709] ? trace_hardirqs_on+0x10/0x10 [ 1443.775934] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1443.780506] v4l_create_bufs+0xa4/0x150 [ 1443.784463] __video_do_ioctl+0x65b/0x6a0 [ 1443.788596] ? video_ioctl2+0x30/0x30 [ 1443.792379] ? __might_fault+0x177/0x1b0 [ 1443.796425] ? video_ioctl2+0x30/0x30 [ 1443.800207] video_usercopy+0xfd/0xe70 [ 1443.804081] ? v4l_g_ctrl+0x390/0x390 [ 1443.807922] ? lock_acquire+0x170/0x3f0 [ 1443.812027] ? trace_hardirqs_on+0x10/0x10 [ 1443.816262] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1443.821264] v4l2_ioctl+0x1bb/0x2f0 [ 1443.824876] ? v4l2_open+0x2f0/0x2f0 [ 1443.828573] do_vfs_ioctl+0x75a/0xff0 [ 1443.832361] ? ioctl_preallocate+0x1a0/0x1a0 [ 1443.836844] ? lock_downgrade+0x740/0x740 [ 1443.840984] ? __fget+0x225/0x360 [ 1443.844432] ? do_vfs_ioctl+0xff0/0xff0 [ 1443.848470] ? security_file_ioctl+0x83/0xb0 [ 1443.852863] SyS_ioctl+0x7f/0xb0 [ 1443.856213] ? do_vfs_ioctl+0xff0/0xff0 [ 1443.860169] do_syscall_64+0x1d5/0x640 [ 1443.864056] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1443.869235] RIP: 0033:0x466459 [ 1443.872411] RSP: 002b:00007efc3f322188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1443.880106] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1443.887518] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 13:06:25 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0xffffffff, 0x0, 0x1, {0x2, @raw_data="17e42d9e61b119c2e11cf3da56b8d0be030147288e88803c14d8e26c8f437d15498ed8809d0ef10a6d5a25e9edf07ff4f3a196a9821c4baaa03537a6b09c272b1e1cd327d086d7cac7fbf2bc9c49cc3983f62e05329142973e680fccce611de46aeea2be8136abbe0688655b68199a13c4483fb29ee56259cc2525a3be8d50116f1505409f939416864cc19a898649aea007f9fd733b7e9147b9c1a49d6fd8e52377fac30b3a26256732c10fd24ef7c081fe27cf1e8aa158e19865e2a012f01230a2c1f5b7bfb9bd"}, 0x20}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}, 0x1}) ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000040)) ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000080)={0x2, @pix={0x1, 0x8, 0x43353039, 0x7, 0xf8, 0x0, 0xc, 0x5394, 0x0, 0x8, 0x1, 0x2}}) [ 1443.894779] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1443.902034] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1443.909287] R13: 00007ffd57a131af R14: 00007efc3f322300 R15: 0000000000022000 13:06:25 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x0, {0x2, @pix={0x0, 0x2, 0x3032344d, 0x6, 0x9, 0x1, 0x1, 0x1f, 0x0, 0x3, 0x0, 0x6}}, 0x7ff}) r1 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000080)={0x0, @raw_data="8e4e6824c13003f19be73a8b4a0fd65892f21807cef3e9658eb6134257af56cb246dd230e8a5c4b9bbff07b20818cd590dfb287be90ed525e4e31446c215670710b179061c9a1f457c0ee27e436ee347e78f94259f38e5d3ec59e9ef7cc0124bb90a007331b0d9d5ac4c6e14a154e3acab66e8be1298028c7a446f5706db3ccf6cf3fe64c44d32344c201928b27be17cd8c5c545a7f0f55e7018a3cfe7b385f860b799fefd7a0085fb05285b433c6912cb1c1f3797362918c33fbbfa05d7a42a201f77a04e7c1386"}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001d0002002dbd7000fbdbdf251c000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\b\x00', @ANYRES32=0x0, @ANYBLOB="08000800a48adfcc020c22a4f94c3c081c460d49264cd65d1f428be6f7603d7c5ec6b33b5ba5c0088937cf9c1898cecc9aa2dee81452c9e88a43b74cbb25f2a7e49b81d3c260652b74a85d461e5f7734e0c00002ebed31d8bb20d9ee3a9c5bba9fca0ccea0052eef2c5e8aec61e5e2aa21a3ad69c70f2af78fdc0c5c6c7fd7c61736a33f900795934438325b5ee3d22b97c1a21ad90c34ab", @ANYRES32=0x0, @ANYBLOB], 0x2c}}, 0x24000010) [ 1443.961904] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1443.976813] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1443.982978] CPU: 0 PID: 32014 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1443.990868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1444.000229] Call Trace: [ 1444.002824] dump_stack+0x1b2/0x281 [ 1444.006457] warn_alloc.cold+0x96/0x1cc [ 1444.010435] ? zone_watermark_ok_safe+0x220/0x220 [ 1444.015327] ? trace_hardirqs_on+0x10/0x10 [ 1444.019548] ? deref_stack_reg+0x124/0x1a0 [ 1444.023773] ? fs_reclaim_release+0xd0/0x110 [ 1444.028165] __vmalloc_node_range+0x10e/0x150 [ 1444.032644] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1444.038002] vmalloc_user+0x47/0xa0 [ 1444.041624] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1444.045930] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1444.051280] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1444.055464] __vb2_queue_alloc+0x47a/0xd90 [ 1444.059684] vb2_core_create_bufs+0x279/0x5a0 [ 1444.064163] ? __vb2_queue_free+0x7a0/0x7a0 [ 1444.068471] ? trace_hardirqs_on+0x10/0x10 [ 1444.072687] ? __lock_acquire+0x5fc/0x3f20 [ 1444.076906] vb2_create_bufs+0x2e1/0x5b0 [ 1444.080956] ? futex_wait_queue_me+0x3bb/0x590 [ 1444.085527] ? vb2_thread_start+0x310/0x310 [ 1444.089835] ? trace_hardirqs_on+0x10/0x10 [ 1444.094052] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1444.098617] v4l_create_bufs+0xa4/0x150 [ 1444.102727] __video_do_ioctl+0x65b/0x6a0 [ 1444.106875] ? video_ioctl2+0x30/0x30 [ 1444.110658] ? __might_fault+0x177/0x1b0 [ 1444.114709] ? video_ioctl2+0x30/0x30 [ 1444.118490] video_usercopy+0xfd/0xe70 [ 1444.122360] ? v4l_g_ctrl+0x390/0x390 [ 1444.126140] ? lock_acquire+0x170/0x3f0 [ 1444.130095] ? trace_hardirqs_on+0x10/0x10 [ 1444.134317] ? futex_exit_release+0x220/0x220 [ 1444.138945] ? wait_for_completion_io+0x10/0x10 [ 1444.143597] v4l2_ioctl+0x1bb/0x2f0 [ 1444.147225] ? v4l2_open+0x2f0/0x2f0 [ 1444.150921] do_vfs_ioctl+0x75a/0xff0 [ 1444.154705] ? ioctl_preallocate+0x1a0/0x1a0 [ 1444.159091] ? lock_downgrade+0x740/0x740 [ 1444.163240] ? __fget+0x225/0x360 [ 1444.166675] ? do_vfs_ioctl+0xff0/0xff0 [ 1444.170627] ? security_file_ioctl+0x83/0xb0 [ 1444.175022] SyS_ioctl+0x7f/0xb0 [ 1444.178375] ? do_vfs_ioctl+0xff0/0xff0 [ 1444.182329] do_syscall_64+0x1d5/0x640 [ 1444.186204] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1444.191373] RIP: 0033:0x466459 [ 1444.194589] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1444.202305] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 13:06:25 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000080)={0x2, 0x2, 0x4, 0x1, 0x200, {r1, r2/1000+60000}, {0x1, 0x8, 0x1, 0x5, 0x27, 0x0, "2fe14132"}, 0xfffffffd, 0x4, @offset=0x10001, 0x6}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:25 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x0, &(0x7f00000000c0)}}}) 13:06:25 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x207, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1003}, 0x6, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) r5 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x5, 0x18000) ioctl$vim2m_VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f00000000c0)={0x7f, 0x2, 0x4, 0x0, 0x4, {r3, r4/1000+60000}, {0x2, 0x0, 0x0, 0x20, 0xff, 0x40, "56936d16"}, 0x9, 0x3, @userptr=0x1, 0x0, 0x0, r5}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r6, 0x330f, 0x0) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00', r2) sendmsg$L2TP_CMD_NOOP(r6, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x50, r7, 0x400, 0x1ff, 0x25dfdbff, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x8}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e22}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ip_vti0\x00'}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000007) waitid(0x2, 0xffffffffffffffff, 0x0, 0x2, &(0x7f00000002c0)) 13:06:25 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000004c0)={0x3, @vbi={0x401, 0x5, 0x0, 0x49323159, [0x0, 0xb04], [0x1, 0x1], 0x1}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000640), 0x4) r2 = accept4(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3in6, &(0x7f00000000c0)=0x80, 0x800) syz_open_dev$vim2m(&(0x7f0000000480)='/dev/video#\x00', 0x6, 0x2) sendmsg$sock(r2, &(0x7f0000000440)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000180)=[{&(0x7f00000002c0)="a21545bbb589703bf26df107cb6c9f8b85720a6d0ef4d6d727b5035ca906a997c5d3aebb4dcf799628ecddea779469234be2cf97fcf27e7250af6c803be5bdef47f075eae8819b0fddc0649a8daeb1a4fb6b2d6c3342b89ecd03e4c4ec607e711101fd27de48e20f566c4114ff9a4b9df82a5655935b9a65c39f3b9815337318b544c1f1104ba0207c9cb51bb4fbdda0f297956214e39706794168e90119643531dcd9b95500b79eb10f229f6b883eb27b198e82f02fa6c50573ed710975b11c507c51512fd988b04f102e66092fb90dfde12918f97f4014190f9f16f564983140a6aa729e944f1bf34fe08f6c81394057dac84bef", 0xf5}], 0x1, &(0x7f00000003c0)=[@txtime={{0x18, 0x1, 0x3d, 0x2}}, @timestamping={{0x14, 0x1, 0x25, 0x401}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @mark={{0x14}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x78}, 0x4010) ioctl$SNAPSHOT_GET_IMAGE_SIZE(0xffffffffffffffff, 0x8008330e, &(0x7f00000005c0)) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff, 0x4}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f00000006c0)={&(0x7f0000000680)='./file0\x00', 0x0, 0x8}, 0x10) [ 1444.209557] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1444.216814] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1444.224071] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1444.231319] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1444.284873] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1444.329950] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1444.335521] CPU: 1 PID: 32014 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1444.343407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1444.352791] Call Trace: [ 1444.355370] dump_stack+0x1b2/0x281 [ 1444.358988] warn_alloc.cold+0x96/0x1cc [ 1444.362954] ? zone_watermark_ok_safe+0x220/0x220 [ 1444.367789] ? trace_hardirqs_on+0x10/0x10 [ 1444.372006] ? deref_stack_reg+0x124/0x1a0 [ 1444.376229] ? fs_reclaim_release+0xd0/0x110 [ 1444.380629] __vmalloc_node_range+0x10e/0x150 [ 1444.385119] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1444.390477] vmalloc_user+0x47/0xa0 [ 1444.394094] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1444.398404] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1444.403759] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1444.407930] __vb2_queue_alloc+0x47a/0xd90 [ 1444.412159] vb2_core_create_bufs+0x279/0x5a0 [ 1444.416636] ? __vb2_queue_free+0x7a0/0x7a0 [ 1444.420951] ? trace_hardirqs_on+0x10/0x10 [ 1444.425172] ? __lock_acquire+0x5fc/0x3f20 [ 1444.429389] vb2_create_bufs+0x2e1/0x5b0 [ 1444.433435] ? futex_wait_queue_me+0x3bb/0x590 [ 1444.437997] ? vb2_thread_start+0x310/0x310 [ 1444.442308] ? trace_hardirqs_on+0x10/0x10 [ 1444.446535] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1444.451100] v4l_create_bufs+0xa4/0x150 [ 1444.455054] __video_do_ioctl+0x65b/0x6a0 [ 1444.459186] ? video_ioctl2+0x30/0x30 [ 1444.462973] ? __might_fault+0x177/0x1b0 [ 1444.467021] ? video_ioctl2+0x30/0x30 [ 1444.470801] video_usercopy+0xfd/0xe70 [ 1444.474673] ? v4l_g_ctrl+0x390/0x390 [ 1444.478452] ? lock_acquire+0x170/0x3f0 [ 1444.482415] ? lock_downgrade+0x740/0x740 [ 1444.486565] ? trace_hardirqs_on+0x10/0x10 [ 1444.490814] ? futex_exit_release+0x220/0x220 [ 1444.495293] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1444.500481] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1444.505482] v4l2_ioctl+0x1bb/0x2f0 [ 1444.509089] ? v4l2_open+0x2f0/0x2f0 [ 1444.512793] do_vfs_ioctl+0x75a/0xff0 [ 1444.516575] ? ioctl_preallocate+0x1a0/0x1a0 [ 1444.520969] ? lock_downgrade+0x740/0x740 [ 1444.525105] ? __fget+0x225/0x360 [ 1444.528540] ? do_vfs_ioctl+0xff0/0xff0 [ 1444.532494] ? security_file_ioctl+0x83/0xb0 [ 1444.536884] SyS_ioctl+0x7f/0xb0 [ 1444.540256] ? do_vfs_ioctl+0xff0/0xff0 [ 1444.544213] do_syscall_64+0x1d5/0x640 [ 1444.548087] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1444.553274] RIP: 0033:0x466459 [ 1444.556442] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1444.564238] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1444.571488] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1444.578737] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1444.585987] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1444.593239] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1444.612158] warn_alloc_show_mem: 2 callbacks suppressed [ 1444.612162] Mem-Info: [ 1444.619992] active_anon:223657 inactive_anon:6741 isolated_anon:0 [ 1444.619992] active_file:6841 inactive_file:44403 isolated_file:0 [ 1444.619992] unevictable:0 dirty:371 writeback:0 unstable:0 [ 1444.619992] slab_reclaimable:21636 slab_unreclaimable:129549 [ 1444.619992] mapped:62602 shmem:6935 pagetables:16023 bounce:0 [ 1444.619992] free:1181379 free_pcp:188 free_cma:0 [ 1444.654539] Node 0 active_anon:894628kB inactive_anon:26964kB active_file:27240kB inactive_file:177612kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250420kB dirty:1484kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 757760kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1444.684648] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1444.711008] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1444.737178] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1444.743147] Node 0 DMA32 free:666508kB min:36200kB low:45248kB high:54296kB active_anon:894628kB inactive_anon:26964kB active_file:27240kB inactive_file:177612kB unevictable:0kB writepending:1484kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27392kB pagetables:64092kB bounce:0kB free_pcp:736kB local_pcp:440kB free_cma:0kB [ 1444.773844] lowmem_reserve[]: 0 0 0 0 0 [ 1444.777846] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1444.804242] lowmem_reserve[]: 0 0 0 0 0 [ 1444.808255] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1444.836775] lowmem_reserve[]: 0 0 0 0 0 [ 1444.841324] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1444.855501] Node 0 DMA32: 933*4kB (UME) 99*8kB (ME) 32*16kB (UME) 181*32kB (UE) 37*64kB (UM) 1*128kB (U) 16*256kB (M) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 666124kB [ 1444.872897] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1444.884222] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1444.902442] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1444.911770] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1444.920341] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1444.930074] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1444.939121] 25640 total pagecache pages [ 1444.943615] 0 pages in swap cache [ 1444.947070] Swap cache stats: add 0, delete 0, find 0/0 [ 1444.953148] Free swap = 0kB [ 1444.956166] Total swap = 0kB [ 1444.959171] 2097051 pages RAM [ 1444.963435] 0 pages HighMem/MovableOnly [ 1444.967406] 363849 pages reserved [ 1444.971553] 0 pages cma reserved 13:06:26 executing program 1: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) getsockname$l2tp6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x20) [ 1444.975053] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1445.001115] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1445.006455] CPU: 0 PID: 32024 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1445.014336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1445.023691] Call Trace: [ 1445.026334] dump_stack+0x1b2/0x281 [ 1445.029958] warn_alloc.cold+0x96/0x1cc [ 1445.033927] ? __lock_acquire+0x5fc/0x3f20 [ 1445.038148] ? zone_watermark_ok_safe+0x220/0x220 [ 1445.042974] ? trace_hardirqs_on+0x10/0x10 [ 1445.047199] ? deref_stack_reg+0x124/0x1a0 [ 1445.051425] ? fs_reclaim_release+0xd0/0x110 [ 1445.055820] __vmalloc_node_range+0x10e/0x150 [ 1445.060300] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1445.065643] vmalloc_user+0x47/0xa0 [ 1445.069323] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1445.073627] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1445.078975] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1445.083193] __vb2_queue_alloc+0x47a/0xd90 [ 1445.087430] vb2_core_create_bufs+0x279/0x5a0 [ 1445.091926] ? __vb2_queue_free+0x7a0/0x7a0 [ 1445.096242] ? trace_hardirqs_on+0x10/0x10 [ 1445.100614] ? __lock_acquire+0x5fc/0x3f20 [ 1445.104839] vb2_create_bufs+0x2e1/0x5b0 [ 1445.108885] ? vb2_thread_start+0x310/0x310 [ 1445.113188] ? trace_hardirqs_on+0x10/0x10 [ 1445.117411] ? mark_held_locks+0xa6/0xf0 [ 1445.121461] ? trace_hardirqs_on+0x10/0x10 [ 1445.125680] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1445.130248] v4l_create_bufs+0xa4/0x150 [ 1445.134204] __video_do_ioctl+0x65b/0x6a0 [ 1445.138349] ? video_ioctl2+0x30/0x30 [ 1445.142137] ? __might_fault+0x177/0x1b0 [ 1445.146187] ? video_ioctl2+0x30/0x30 [ 1445.149973] video_usercopy+0xfd/0xe70 [ 1445.153843] ? v4l_g_ctrl+0x390/0x390 [ 1445.157623] ? lock_acquire+0x170/0x3f0 [ 1445.161583] ? trace_hardirqs_on+0x10/0x10 [ 1445.165809] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1445.170817] v4l2_ioctl+0x1bb/0x2f0 [ 1445.174436] ? v4l2_open+0x2f0/0x2f0 [ 1445.178137] do_vfs_ioctl+0x75a/0xff0 [ 1445.181925] ? ioctl_preallocate+0x1a0/0x1a0 [ 1445.186458] ? lock_downgrade+0x740/0x740 [ 1445.190596] ? __fget+0x225/0x360 [ 1445.194043] ? do_vfs_ioctl+0xff0/0xff0 [ 1445.198008] ? security_file_ioctl+0x83/0xb0 [ 1445.202396] SyS_ioctl+0x7f/0xb0 [ 1445.205759] ? do_vfs_ioctl+0xff0/0xff0 [ 1445.209727] do_syscall_64+0x1d5/0x640 [ 1445.213603] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1445.218776] RIP: 0033:0x466459 [ 1445.221949] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1445.229644] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1445.236900] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1445.244150] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1445.251399] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1445.258682] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:06:26 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0xa1}, 0x8, 0xfffffffd, &(0x7f0000000080)={{0x0, 0x0, 0x9}}, 0x0, &(0x7f00000000c0)}}}) 13:06:26 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) bpf$LINK_DETACH(0x22, &(0x7f0000000040), 0x4) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) [ 1445.294587] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1445.308468] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1445.314134] CPU: 0 PID: 32024 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1445.324111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1445.333467] Call Trace: [ 1445.336060] dump_stack+0x1b2/0x281 [ 1445.339704] warn_alloc.cold+0x96/0x1cc 13:06:26 executing program 3: ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x6, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x4}) 13:06:26 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$L2TP_CMD_TUNNEL_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, 0x0, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@L2TP_ATTR_COOKIE={0xc, 0xf, 0xdf2}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ip6gre0\x00'}, @L2TP_ATTR_UDP_CSUM={0x5}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e24}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x6}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x4804) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) [ 1445.343681] ? zone_watermark_ok_safe+0x220/0x220 [ 1445.348524] ? trace_hardirqs_on+0x10/0x10 [ 1445.352760] ? deref_stack_reg+0x124/0x1a0 [ 1445.357001] ? fs_reclaim_release+0xd0/0x110 [ 1445.361416] __vmalloc_node_range+0x10e/0x150 [ 1445.365918] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1445.371280] vmalloc_user+0x47/0xa0 [ 1445.374908] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1445.379228] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1445.384593] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1445.388743] __vb2_queue_alloc+0x47a/0xd90 [ 1445.392990] vb2_core_create_bufs+0x279/0x5a0 [ 1445.397493] ? __vb2_queue_free+0x7a0/0x7a0 [ 1445.401855] ? trace_hardirqs_on+0x10/0x10 [ 1445.406090] ? __lock_acquire+0x5fc/0x3f20 [ 1445.410328] vb2_create_bufs+0x2e1/0x5b0 [ 1445.414391] ? futex_wait_queue_me+0x3bb/0x590 [ 1445.418975] ? vb2_thread_start+0x310/0x310 [ 1445.423289] ? trace_hardirqs_on+0x10/0x10 [ 1445.427616] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1445.432202] v4l_create_bufs+0xa4/0x150 [ 1445.436174] __video_do_ioctl+0x65b/0x6a0 [ 1445.440328] ? video_ioctl2+0x30/0x30 13:06:26 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000040)={0x10000, 0x80000000, 0x4, {0x3, @pix={0x9, 0x5e, 0x38415262, 0x3, 0x3, 0x400, 0xc, 0x6, 0x0, 0x7, 0x0, 0x5}}, 0x9a6}) [ 1445.444134] ? __might_fault+0x177/0x1b0 [ 1445.448201] ? video_ioctl2+0x30/0x30 [ 1445.452027] video_usercopy+0xfd/0xe70 [ 1445.455916] ? v4l_g_ctrl+0x390/0x390 [ 1445.459717] ? lock_acquire+0x170/0x3f0 [ 1445.463701] ? lock_downgrade+0x740/0x740 [ 1445.467848] ? trace_hardirqs_on+0x10/0x10 [ 1445.472091] ? futex_exit_release+0x220/0x220 [ 1445.476579] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1445.481686] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1445.486714] v4l2_ioctl+0x1bb/0x2f0 [ 1445.490427] ? v4l2_open+0x2f0/0x2f0 [ 1445.494143] do_vfs_ioctl+0x75a/0xff0 [ 1445.497949] ? ioctl_preallocate+0x1a0/0x1a0 [ 1445.502357] ? lock_downgrade+0x740/0x740 [ 1445.506494] ? __fget+0x225/0x360 [ 1445.509929] ? do_vfs_ioctl+0xff0/0xff0 [ 1445.513887] ? security_file_ioctl+0x83/0xb0 [ 1445.518277] SyS_ioctl+0x7f/0xb0 [ 1445.521626] ? do_vfs_ioctl+0xff0/0xff0 [ 1445.525605] do_syscall_64+0x1d5/0x640 [ 1445.529481] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1445.534690] RIP: 0033:0x466459 [ 1445.537861] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1445.545549] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1445.552814] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1445.560083] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1445.567334] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1445.574583] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1445.583396] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1445.594590] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1445.599713] CPU: 0 PID: 32053 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1445.607591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1445.616962] Call Trace: [ 1445.619549] dump_stack+0x1b2/0x281 [ 1445.623165] warn_alloc.cold+0x96/0x1cc [ 1445.627126] ? zone_watermark_ok_safe+0x220/0x220 [ 1445.631950] ? trace_hardirqs_on+0x10/0x10 [ 1445.636166] ? deref_stack_reg+0x124/0x1a0 [ 1445.640385] ? fs_reclaim_release+0xd0/0x110 [ 1445.644776] __vmalloc_node_range+0x10e/0x150 [ 1445.649257] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1445.654602] vmalloc_user+0x47/0xa0 [ 1445.658219] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1445.662550] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1445.667927] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1445.672066] __vb2_queue_alloc+0x47a/0xd90 [ 1445.676299] vb2_core_create_bufs+0x279/0x5a0 [ 1445.680775] ? __vb2_queue_free+0x7a0/0x7a0 [ 1445.685081] ? trace_hardirqs_on+0x10/0x10 [ 1445.689298] ? __lock_acquire+0x5fc/0x3f20 [ 1445.693524] vb2_create_bufs+0x2e1/0x5b0 [ 1445.697575] ? vb2_thread_start+0x310/0x310 [ 1445.701878] ? trace_hardirqs_on+0x10/0x10 [ 1445.706097] ? mark_held_locks+0xa6/0xf0 [ 1445.710150] ? trace_hardirqs_on+0x10/0x10 [ 1445.714368] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1445.718939] v4l_create_bufs+0xa4/0x150 [ 1445.722896] __video_do_ioctl+0x65b/0x6a0 [ 1445.727030] ? video_ioctl2+0x30/0x30 [ 1445.730833] ? __might_fault+0x177/0x1b0 [ 1445.734886] ? video_ioctl2+0x30/0x30 [ 1445.738683] video_usercopy+0xfd/0xe70 [ 1445.742559] ? v4l_g_ctrl+0x390/0x390 [ 1445.746346] ? __might_fault+0x104/0x1b0 [ 1445.750532] ? trace_hardirqs_on+0x10/0x10 [ 1445.754770] v4l2_ioctl+0x1bb/0x2f0 [ 1445.758389] ? v4l2_open+0x2f0/0x2f0 [ 1445.762092] do_vfs_ioctl+0x75a/0xff0 [ 1445.765884] ? ioctl_preallocate+0x1a0/0x1a0 [ 1445.770277] ? lock_downgrade+0x740/0x740 [ 1445.774415] ? __fget+0x225/0x360 [ 1445.777915] ? do_vfs_ioctl+0xff0/0xff0 [ 1445.781883] ? security_file_ioctl+0x83/0xb0 [ 1445.786289] SyS_ioctl+0x7f/0xb0 [ 1445.789653] ? do_vfs_ioctl+0xff0/0xff0 [ 1445.793684] do_syscall_64+0x1d5/0x640 [ 1445.797574] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1445.802752] RIP: 0033:0x466459 [ 1445.805921] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1445.813609] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1445.821053] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1445.828314] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1445.835569] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1445.842821] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1445.851214] warn_alloc_show_mem: 2 callbacks suppressed [ 1445.851218] Mem-Info: [ 1445.858993] active_anon:223679 inactive_anon:6741 isolated_anon:0 [ 1445.858993] active_file:6841 inactive_file:44417 isolated_file:0 [ 1445.858993] unevictable:0 dirty:386 writeback:0 unstable:0 [ 1445.858993] slab_reclaimable:21637 slab_unreclaimable:130200 [ 1445.858993] mapped:62625 shmem:6935 pagetables:16032 bounce:0 [ 1445.858993] free:1180444 free_pcp:269 free_cma:0 [ 1445.893355] Node 0 active_anon:894716kB inactive_anon:26964kB active_file:27240kB inactive_file:177668kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250532kB dirty:1556kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 765952kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1445.922187] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1445.948466] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1445.974827] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1445.979868] Node 0 DMA32 free:666152kB min:36200kB low:45248kB high:54296kB active_anon:894700kB inactive_anon:26964kB active_file:27240kB inactive_file:177672kB unevictable:0kB writepending:1576kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27296kB pagetables:64068kB bounce:0kB free_pcp:1300kB local_pcp:648kB free_cma:0kB [ 1446.010921] lowmem_reserve[]: 0 0 0 0 0 [ 1446.014925] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1446.040942] lowmem_reserve[]: 0 0 0 0 0 [ 1446.044945] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1446.072793] lowmem_reserve[]: 0 0 0 0 0 [ 1446.076782] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1446.090412] Node 0 DMA32: 864*4kB (UME) 279*8kB (UME) 8*16kB (UME) 141*32kB (UE) 40*64kB (UM) 1*128kB (U) 16*256kB (M) 13*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 155*4096kB (UM) = 665816kB [ 1446.107674] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1446.118451] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1446.135815] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1446.145078] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1446.153725] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1446.162675] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1446.171950] 25653 total pagecache pages [ 1446.175932] 0 pages in swap cache [ 1446.179374] Swap cache stats: add 0, delete 0, find 0/0 [ 1446.185744] Free swap = 0kB [ 1446.188762] Total swap = 0kB [ 1446.192612] 2097051 pages RAM 13:06:27 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000040)={0x2, @vbi={0x200, 0xffff, 0x3, 0x20303159, [0x0, 0xffffffff], [0x3f, 0x22], 0x108}}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:27 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) socket$can_raw(0x1d, 0x3, 0x1) 13:06:27 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x42000, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000000c0)={0x1, @vbi={0xfffffff7, 0xf9d, 0x81, 0x41414270, [0x40, 0x2], [0x40, 0x66], 0x2}}) 13:06:27 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x8}) [ 1446.195726] 0 pages HighMem/MovableOnly [ 1446.199683] 363849 pages reserved [ 1446.204115] 0 pages cma reserved 13:06:27 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x5, 0x1, {0x2, @sliced={0x20, [0x13, 0xa1, 0x400, 0x6, 0xfffb, 0x8, 0x6, 0x3ff, 0x1, 0x81, 0x4, 0x8, 0x7fff, 0x101, 0x20, 0x5, 0x0, 0x471, 0x101, 0x4, 0xffff, 0x439, 0x800, 0x73c, 0x0, 0x8, 0x2, 0xb9, 0xff, 0x9, 0x5, 0xcf1b, 0x1000, 0x800, 0xfc01, 0x6, 0x9, 0x5, 0x9, 0x0, 0x9, 0x9, 0x6dd, 0x7fff, 0x0, 0x0, 0x2, 0x1000], 0xfffffe01}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) ioctl$vim2m_VIDIOC_STREAMON(r4, 0x40045612, &(0x7f0000000140)=0x3) read$snapshot(0xffffffffffffffff, &(0x7f00000003c0)=""/186, 0xba) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x17, 0x4, 0x6, 0x80000001, 0x80, r1, 0x401, [], 0x0, r3, 0x1, 0x2, 0x4}, 0x40) read$snapshot(r2, &(0x7f00000002c0)=""/246, 0xf6) write$UHID_INPUT2(r1, &(0x7f0000000080)={0xc, {0x75, "0f275512b9743941afef6c53b87d8fcef3dc9f7da19f11e2ccd0aa25fe50e85a1bdd640a884a0168fb5ba2cb9ba840f98ac9e6d58cec06cae772d9a7227578c0840e04c7cb2d0870b90a5d639cafe92c4ea04da4dbb07a255a660858f78d228cc7e468c6d145e251c87df3347d8096c66ca1a43f6d"}}, 0x7b) syz_genetlink_get_family_id$l2tp(&(0x7f0000000100)='l2tp\x00', r3) 13:06:27 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) socket$kcm(0x29, 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000040)={0x1, 0x0, [{}]}) 13:06:27 executing program 1: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0xcd, 0x92, &(0x7f0000000040)="6ebd656308b71af66eeac98dfca9aee1f35ebc73f4550d483ea8043005cc725b3af6c188a4468c5cef1bc809f434ca81056807139e57bc0b91562fffa411a81fbf492ad7fde29ac8d8adf04852efea7a58343b175dcb695a83f258f8ea9a6a07e75fc085f6645e6a364f533e3d1252c30fac0d207d33764ddaf72be3ef17eedc9bbb7cf5bbfa26c741857ce371b8a1aedafda4cd5413fc888e446c75fb677c7d5e68167780768a4d57984acb1cdae444efb4efb93ac81fae6ca8a94beabdee1c6badbc5a7180dd9805185d190e", &(0x7f00000002c0)=""/146, 0xffffffff, 0x0, 0xb8, 0x2b, &(0x7f0000000380)="1289a4d51f9fc119d17a1d5d3f0143d37b9329f259ee5de6f0164120fce8b77f790ab3ce37516693eea26a30fd145a8a02af814180e034ceefd537ff4a1cc1af9177704644f07ff383c224071335ae3d28446b95cfcda8989d3b56312d126fdd8c60c9a2bef471b1925072aa83af97f1912068558589d0a8d5dff3419e77a7948e072d7f8e4c2c71f61c3351a5bf1353b05bf931c3f890679bd45ed8d1edadb4649dcd1592efd200b77b7aa21d643e59ec1e8486c170f8e7", &(0x7f0000000140)="f2a1d66468b19bff45e07134b1c76bc947cf98d15b7eef6b296caf0ea1ff55e0904259af757db5babe9965", 0x0, 0x9}, 0x48) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) pipe(&(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x8, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6}, [@btf_id={0x18, 0x2, 0x3, 0x0, 0x3}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x5}, @ldst={0x0, 0x1, 0x2, 0x3, 0x4, 0x6, 0xffffffffffffffff}]}, &(0x7f0000000500)='syzkaller\x00', 0x3, 0x6e, &(0x7f0000000540)=""/110, 0x0, 0x0, [], 0x0, 0x1d, r2, 0x8, &(0x7f0000000600)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000640)={0x2, 0x2, 0x4}, 0x10, 0x0, r1}, 0x78) connect$vsock_stream(r0, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) r3 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:27 executing program 2: ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000180)={0xa, 0xfffffffa, 0x66a6, 0x1000}) syz_open_dev$vim2m(&(0x7f0000000140)='/dev/video#\x00', 0x9, 0x2) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000240), 0x8) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x68040, 0x0) ioctl$KVM_TRANSLATE(r4, 0xc018ae85, &(0x7f0000000480)={0x3000, 0x6000, 0x7f, 0x0, 0x3}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f00000002c0)={0x0, 0x1, 0x4, 0x100000, 0xad, {0x0, 0x2710}, {0x4, 0x8, 0x3f, 0x40, 0xff, 0x6, "956ec5c9"}, 0x10001, 0x3, @offset=0x1, 0x5, 0x0, r1}) ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000340)={0x4, 0x1, 0x4, 0x100, 0x6, {}, {0x0, 0x8, 0x80, 0x3, 0x0, 0x8, "b95b8b90"}, 0x3, 0x4, @planes=&(0x7f0000000280)={0x4, 0x0, @fd=r3, 0x8000}, 0xe000000, 0x0, r5}) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f00000001c0)=""/15, &(0x7f0000000200)=0xf) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000440)={r0}, 0x8) ioctl$vim2m_VIDIOC_QUERYBUF(r6, 0xc0585609, &(0x7f0000000500)={0x4, 0x2, 0x4, 0x74008, 0x1f, {0x0, 0xea60}, {0x3, 0xc, 0x8, 0x2, 0x3, 0xbd, "289d5a57"}, 0x7, 0x1, @planes=&(0x7f0000000400)={0x10000, 0x0, @userptr=0x88b1, 0x81}, 0x5, 0x0, r7}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000040)={0x6, 0x7, 0x2, {0x2, @vbi={0x9, 0x0, 0x6, 0x38303553, [0x9, 0x3], [0x4, 0x8], 0x1}}, 0x1}) 13:06:27 executing program 4: bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040), 0x8) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x6}, 0x0, 0xfffffffd, 0x0, 0x1ff, 0x0}}}) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0x3, 0x1, 0x4, 0x4000, 0x7f, {}, {0x5, 0xc, 0xc, 0xdc, 0xff, 0xff, "903a1527"}, 0xfffffffd, 0x4, @offset=0x3ff, 0x1}) 13:06:27 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) write$P9_RMKNOD(r1, &(0x7f0000000080)={0x14, 0x13, 0x2, {0x4, 0x3}}, 0x14) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f00000000c0)={0x6, [0x7, 0x7, 0x2, 0x7, 0x2bb8, 0x6]}, 0x10) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:27 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:27 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x6}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x44010) 13:06:27 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x2, 0x7, 0x1, {0x2, @win={{0x0, 0x2, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = socket(0x7, 0x7020486dbd73c904, 0x7) connect$nfc_llcp(r1, &(0x7f0000000140)={0x27, 0x0, 0x0, 0x7, 0x3, 0x0, "98fc109063f00df5ed0722471a603be7ed78f9e42a74ab4d5713e9f850031ca2ceb94e917ee64527d23d42b6b37e4dd4754bc061b38023e30340c3792893c2", 0xb}, 0x60) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x40, 0x326f259f, 0x4, {0x2, @raw_data="23e52f4d207d1dbedc4ac54facd6d735a642240fa350a3a3a91e901c2484241068d118e8aae8eb34def8bb7e209bd29dbe6e52282f7ea213a1d24130cf90a42a02ae24b8d75445876aaa81683f3c1baac361264f3a3c2d1c6b8d0bb9f47f6d94827a542ffe0edb7651706d284355c610277744ce56a379475b87c5c543e9be26bf1f08764cda15855f5d64ddb3d409c3ff3ece8656c17386abd1a3b263a493a6b482f0f235bfa84bd73655974dafdf4f7f2bd1efffd04009881fc1faf3e6bbeb6fd39220f690f210"}, 0x3}) ioctl$sock_netdev_private(r1, 0x89f4, &(0x7f00000002c0)="f007c96c31f3b5ea5917a65ad855e25607c7931ede9cd2c999084ba0e229aed3b78795a34c6f672cd39f0d1757b7051f73") 13:06:27 executing program 3: pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000040)={0x1, 0xffffffffffffffff, 0x1}) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0xa8180, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x800, 0x0) ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000100)=r3) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x1a58cf43, 0x20000000, 0x400, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x3, 0x0, 0x4}}, 0x6bd}) 13:06:27 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x3, {0x1, @win={{0x0, 0x0, 0x101, 0x8}, 0x4, 0xfffffff9, 0x0, 0x0, 0x0}}}) 13:06:27 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000040)={0x5, 0xec}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x10001}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:28 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0xfff, 0x1ff, 0x3, {0x2, @win={{0x1, 0x0, 0x0, 0x1000}, 0x5, 0xfffffffd, 0x0, 0xd47, 0x0, 0x80}}, 0x7}) 13:06:28 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x101041, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000080)={0x401, 0x3, 0x4, 0x800, 0x29, {}, {0x5, 0xc, 0xff, 0x1, 0xc5, 0x4, "4ef23f4e"}, 0x2, 0x4, @offset=0x8, 0x0, 0x0, r1}) r2 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) 13:06:28 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x1, 0xffffffffffffffff, 0x1}) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f00000000c0)={0x0, 0x5, 0x5, &(0x7f0000000080)=0x800}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) 13:06:28 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) r2 = socket$l2tp6(0xa, 0x2, 0x73) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r2, r3}) 13:06:28 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000040)) [ 1446.618009] warn_alloc: 28 callbacks suppressed [ 1446.618013] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1446.643615] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1446.648922] CPU: 0 PID: 32145 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1446.656796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1446.666324] Call Trace: [ 1446.668901] dump_stack+0x1b2/0x281 [ 1446.672520] warn_alloc.cold+0x96/0x1cc [ 1446.676475] ? __lock_acquire+0x5fc/0x3f20 [ 1446.680976] ? zone_watermark_ok_safe+0x220/0x220 [ 1446.685805] ? trace_hardirqs_on+0x10/0x10 [ 1446.690019] ? deref_stack_reg+0x124/0x1a0 [ 1446.694235] ? fs_reclaim_release+0xd0/0x110 [ 1446.698628] __vmalloc_node_range+0x10e/0x150 [ 1446.703177] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1446.708596] vmalloc_user+0x47/0xa0 [ 1446.712206] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1446.716514] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1446.721857] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1446.726014] __vb2_queue_alloc+0x47a/0xd90 [ 1446.730237] vb2_core_create_bufs+0x279/0x5a0 [ 1446.734714] ? __vb2_queue_free+0x7a0/0x7a0 [ 1446.739015] ? trace_hardirqs_on+0x10/0x10 [ 1446.743233] ? __lock_acquire+0x5fc/0x3f20 [ 1446.747455] vb2_create_bufs+0x2e1/0x5b0 [ 1446.751509] ? ___preempt_schedule+0x16/0x18 [ 1446.755914] ? vb2_thread_start+0x310/0x310 [ 1446.760223] ? trace_hardirqs_on+0x10/0x10 [ 1446.764446] ? _raw_spin_unlock_irqrestore+0xaf/0xe0 [ 1446.769655] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1446.774221] v4l_create_bufs+0xa4/0x150 [ 1446.778174] __video_do_ioctl+0x65b/0x6a0 [ 1446.782303] ? video_ioctl2+0x30/0x30 [ 1446.786083] ? __might_fault+0x177/0x1b0 [ 1446.790126] ? video_ioctl2+0x30/0x30 [ 1446.793907] video_usercopy+0xfd/0xe70 [ 1446.797775] ? v4l_g_ctrl+0x390/0x390 [ 1446.801553] ? lock_acquire+0x170/0x3f0 [ 1446.805519] ? lock_downgrade+0x740/0x740 [ 1446.809646] ? trace_hardirqs_on+0x10/0x10 [ 1446.813925] ? futex_exit_release+0x220/0x220 [ 1446.818404] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1446.823491] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1446.828497] v4l2_ioctl+0x1bb/0x2f0 [ 1446.832107] ? v4l2_open+0x2f0/0x2f0 [ 1446.835813] do_vfs_ioctl+0x75a/0xff0 [ 1446.839613] ? ioctl_preallocate+0x1a0/0x1a0 [ 1446.844001] ? lock_downgrade+0x740/0x740 [ 1446.848138] ? __fget+0x225/0x360 [ 1446.851599] ? do_vfs_ioctl+0xff0/0xff0 [ 1446.855569] ? security_file_ioctl+0x83/0xb0 [ 1446.859960] SyS_ioctl+0x7f/0xb0 [ 1446.863306] ? do_vfs_ioctl+0xff0/0xff0 [ 1446.867278] do_syscall_64+0x1d5/0x640 [ 1446.871252] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1446.876424] RIP: 0033:0x466459 [ 1446.879591] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1446.887278] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1446.894529] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1446.901780] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1446.909029] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 13:06:28 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000000c0)={0x5, 0x3, 0x4, 0x4, 0x101, {}, {0x5, 0x2, 0x80, 0x2, 0x1, 0x6, "29d1520e"}, 0x40, 0x3, @fd, 0x1, 0x0, 0xffffffffffffffff}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000140)={0x81, 0x2, 0x4, 0xe000, 0x7fffffff, {r1, r2/1000+60000}, {0x4, 0x8, 0x80, 0x20, 0x6, 0x3f, "1bd0df7f"}, 0x4, 0x2, @planes=&(0x7f0000000080)={0x4, 0x798, @mem_offset=0x9, 0x6}, 0xffffffaa, 0x0, r3}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) [ 1446.916286] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1446.928829] Mem-Info: [ 1446.931313] active_anon:222600 inactive_anon:6741 isolated_anon:0 [ 1446.931313] active_file:6841 inactive_file:44418 isolated_file:0 [ 1446.931313] unevictable:0 dirty:394 writeback:0 unstable:0 [ 1446.931313] slab_reclaimable:21637 slab_unreclaimable:129818 [ 1446.931313] mapped:62659 shmem:6935 pagetables:15943 bounce:0 [ 1446.931313] free:1182054 free_pcp:345 free_cma:0 [ 1446.980018] Node 0 active_anon:892360kB inactive_anon:26964kB active_file:27240kB inactive_file:177672kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250636kB dirty:1576kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 761856kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1447.009607] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1447.035602] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1447.062384] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1447.067432] Node 0 DMA32 free:667332kB min:36200kB low:45248kB high:54296kB active_anon:892508kB inactive_anon:26964kB active_file:27240kB inactive_file:177732kB unevictable:0kB writepending:1604kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27328kB pagetables:63964kB bounce:0kB free_pcp:1268kB local_pcp:612kB free_cma:0kB [ 1447.097977] lowmem_reserve[]: 0 0 0 0 0 [ 1447.102063] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1447.127665] lowmem_reserve[]: 0 0 0 0 0 [ 1447.131891] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1447.159631] lowmem_reserve[]: 0 0 0 0 0 [ 1447.163694] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1447.177383] Node 0 DMA32: 891*4kB (UME) 182*8kB (UME) 27*16kB (UME) 156*32kB (UME) 44*64kB (UM) 2*128kB (UM) 15*256kB (M) 13*512kB (UME) 3*1024kB (ME) 1*2048kB (U) 156*4096kB (UM) = 668108kB [ 1447.195183] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1447.205974] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1447.223427] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1447.232331] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1447.240991] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1447.249826] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1447.258474] 25663 total pagecache pages [ 1447.262550] 0 pages in swap cache [ 1447.266000] Swap cache stats: add 0, delete 0, find 0/0 [ 1447.271420] Free swap = 0kB [ 1447.274436] Total swap = 0kB [ 1447.277442] 2097051 pages RAM [ 1447.280615] 0 pages HighMem/MovableOnly [ 1447.284574] 363849 pages reserved [ 1447.288003] 0 pages cma reserved [ 1447.291668] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1447.303109] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1447.308394] CPU: 0 PID: 32149 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1447.316270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1447.325622] Call Trace: [ 1447.328209] dump_stack+0x1b2/0x281 [ 1447.331823] warn_alloc.cold+0x96/0x1cc [ 1447.335785] ? zone_watermark_ok_safe+0x220/0x220 [ 1447.340608] ? trace_hardirqs_on+0x10/0x10 [ 1447.344845] ? deref_stack_reg+0x124/0x1a0 [ 1447.349116] ? fs_reclaim_release+0xd0/0x110 [ 1447.353511] __vmalloc_node_range+0x10e/0x150 [ 1447.357992] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1447.363337] vmalloc_user+0x47/0xa0 [ 1447.366948] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1447.371253] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1447.376599] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1447.380730] __vb2_queue_alloc+0x47a/0xd90 [ 1447.384966] vb2_core_create_bufs+0x279/0x5a0 [ 1447.389464] ? __vb2_queue_free+0x7a0/0x7a0 [ 1447.393779] ? trace_hardirqs_on+0x10/0x10 [ 1447.398001] ? __lock_acquire+0x5fc/0x3f20 [ 1447.402217] vb2_create_bufs+0x2e1/0x5b0 [ 1447.406261] ? vb2_thread_start+0x310/0x310 [ 1447.410570] ? trace_hardirqs_on+0x10/0x10 [ 1447.414790] ? mark_held_locks+0xa6/0xf0 [ 1447.418828] ? trace_hardirqs_on+0x10/0x10 [ 1447.423103] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1447.427668] v4l_create_bufs+0xa4/0x150 [ 1447.431635] __video_do_ioctl+0x65b/0x6a0 [ 1447.435777] ? video_ioctl2+0x30/0x30 [ 1447.439557] ? __might_fault+0x177/0x1b0 [ 1447.443597] ? video_ioctl2+0x30/0x30 [ 1447.447398] video_usercopy+0xfd/0xe70 [ 1447.451270] ? v4l_g_ctrl+0x390/0x390 [ 1447.455051] ? lock_acquire+0x170/0x3f0 [ 1447.459028] ? trace_hardirqs_on+0x10/0x10 [ 1447.463246] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1447.468295] v4l2_ioctl+0x1bb/0x2f0 [ 1447.471913] ? v4l2_open+0x2f0/0x2f0 [ 1447.475620] do_vfs_ioctl+0x75a/0xff0 [ 1447.479414] ? ioctl_preallocate+0x1a0/0x1a0 [ 1447.483815] ? lock_downgrade+0x740/0x740 [ 1447.487953] ? __fget+0x225/0x360 [ 1447.491388] ? do_vfs_ioctl+0xff0/0xff0 [ 1447.495348] ? security_file_ioctl+0x83/0xb0 [ 1447.499749] SyS_ioctl+0x7f/0xb0 [ 1447.503195] ? do_vfs_ioctl+0xff0/0xff0 [ 1447.507163] do_syscall_64+0x1d5/0x640 [ 1447.511043] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1447.516219] RIP: 0033:0x466459 [ 1447.519389] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1447.527076] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1447.534326] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1447.541577] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1447.548845] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1447.556098] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1447.564861] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1447.575970] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1447.581455] CPU: 0 PID: 32156 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1447.589338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1447.598682] Call Trace: [ 1447.601256] dump_stack+0x1b2/0x281 [ 1447.604868] warn_alloc.cold+0x96/0x1cc [ 1447.608827] ? zone_watermark_ok_safe+0x220/0x220 [ 1447.613653] ? trace_hardirqs_on+0x10/0x10 [ 1447.617884] ? deref_stack_reg+0x124/0x1a0 [ 1447.622120] ? fs_reclaim_release+0xd0/0x110 [ 1447.626513] __vmalloc_node_range+0x10e/0x150 [ 1447.631014] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1447.636363] vmalloc_user+0x47/0xa0 [ 1447.639975] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1447.644304] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1447.649656] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1447.653788] __vb2_queue_alloc+0x47a/0xd90 [ 1447.658011] vb2_core_create_bufs+0x279/0x5a0 [ 1447.662490] ? __vb2_queue_free+0x7a0/0x7a0 [ 1447.666804] ? trace_hardirqs_on+0x10/0x10 [ 1447.671021] ? __lock_acquire+0x5fc/0x3f20 [ 1447.675237] vb2_create_bufs+0x2e1/0x5b0 [ 1447.679353] ? vb2_thread_start+0x310/0x310 [ 1447.683659] ? trace_hardirqs_on+0x10/0x10 [ 1447.687938] ? mark_held_locks+0xa6/0xf0 [ 1447.691984] ? trace_hardirqs_on+0x10/0x10 [ 1447.696200] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1447.700765] v4l_create_bufs+0xa4/0x150 [ 1447.704785] __video_do_ioctl+0x65b/0x6a0 [ 1447.708973] ? video_ioctl2+0x30/0x30 [ 1447.712762] ? __might_fault+0x177/0x1b0 [ 1447.716804] ? video_ioctl2+0x30/0x30 [ 1447.720585] video_usercopy+0xfd/0xe70 [ 1447.724455] ? v4l_g_ctrl+0x390/0x390 [ 1447.728250] ? io_schedule_timeout+0x140/0x140 [ 1447.732903] ? trace_hardirqs_on+0x10/0x10 [ 1447.737120] ? ___preempt_schedule+0x16/0x18 [ 1447.741509] v4l2_ioctl+0x1bb/0x2f0 [ 1447.745124] ? v4l2_open+0x2f0/0x2f0 [ 1447.748823] do_vfs_ioctl+0x75a/0xff0 [ 1447.752607] ? ioctl_preallocate+0x1a0/0x1a0 [ 1447.756994] ? lock_downgrade+0x740/0x740 [ 1447.761124] ? __fget+0x225/0x360 [ 1447.764559] ? do_vfs_ioctl+0xff0/0xff0 [ 1447.768524] ? security_file_ioctl+0x83/0xb0 [ 1447.772929] SyS_ioctl+0x7f/0xb0 [ 1447.776291] ? do_vfs_ioctl+0xff0/0xff0 [ 1447.780250] do_syscall_64+0x1d5/0x640 [ 1447.784124] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1447.789296] RIP: 0033:0x466459 [ 1447.792464] RSP: 002b:00007efc3f301188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1447.800153] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 1447.807405] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1447.814660] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1447.822012] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1447.829268] R13: 00007ffd57a131af R14: 00007efc3f301300 R15: 0000000000022000 [ 1447.837789] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1447.848898] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1447.854924] CPU: 0 PID: 32145 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1447.862816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1447.872177] Call Trace: [ 1447.874763] dump_stack+0x1b2/0x281 [ 1447.878394] warn_alloc.cold+0x96/0x1cc [ 1447.882358] ? zone_watermark_ok_safe+0x220/0x220 [ 1447.887185] ? trace_hardirqs_on+0x10/0x10 [ 1447.891411] ? deref_stack_reg+0x124/0x1a0 [ 1447.895638] ? fs_reclaim_release+0xd0/0x110 [ 1447.900035] __vmalloc_node_range+0x10e/0x150 [ 1447.904532] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1447.909881] vmalloc_user+0x47/0xa0 [ 1447.913493] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1447.917823] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1447.923193] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1447.927351] __vb2_queue_alloc+0x47a/0xd90 [ 1447.931670] vb2_core_create_bufs+0x279/0x5a0 [ 1447.936346] ? __vb2_queue_free+0x7a0/0x7a0 [ 1447.940665] ? trace_hardirqs_on+0x10/0x10 [ 1447.944894] ? __lock_acquire+0x5fc/0x3f20 [ 1447.949130] vb2_create_bufs+0x2e1/0x5b0 [ 1447.953190] ? futex_wait_queue_me+0x3bb/0x590 [ 1447.957759] ? vb2_thread_start+0x310/0x310 [ 1447.962069] ? trace_hardirqs_on+0x10/0x10 [ 1447.966298] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1447.970874] v4l_create_bufs+0xa4/0x150 [ 1447.974856] __video_do_ioctl+0x65b/0x6a0 [ 1447.978994] ? video_ioctl2+0x30/0x30 [ 1447.982781] ? __might_fault+0x177/0x1b0 [ 1447.986823] ? video_ioctl2+0x30/0x30 [ 1447.990713] video_usercopy+0xfd/0xe70 [ 1447.994599] ? v4l_g_ctrl+0x390/0x390 [ 1447.998403] ? lock_acquire+0x170/0x3f0 [ 1448.002392] ? lock_downgrade+0x740/0x740 [ 1448.006529] ? trace_hardirqs_on+0x10/0x10 [ 1448.010749] ? futex_exit_release+0x220/0x220 [ 1448.015230] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1448.020338] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1448.025371] v4l2_ioctl+0x1bb/0x2f0 [ 1448.028985] ? v4l2_open+0x2f0/0x2f0 [ 1448.032684] do_vfs_ioctl+0x75a/0xff0 [ 1448.036469] ? ioctl_preallocate+0x1a0/0x1a0 [ 1448.040861] ? lock_downgrade+0x740/0x740 [ 1448.045022] ? __fget+0x225/0x360 [ 1448.048467] ? do_vfs_ioctl+0xff0/0xff0 [ 1448.052428] ? security_file_ioctl+0x83/0xb0 [ 1448.056842] SyS_ioctl+0x7f/0xb0 [ 1448.060192] ? do_vfs_ioctl+0xff0/0xff0 [ 1448.064151] do_syscall_64+0x1d5/0x640 [ 1448.068031] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1448.073203] RIP: 0033:0x466459 [ 1448.076374] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1448.084063] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1448.091314] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1448.098583] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1448.105838] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1448.113116] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1448.122194] warn_alloc_show_mem: 2 callbacks suppressed [ 1448.122198] Mem-Info: [ 1448.129994] active_anon:223138 inactive_anon:6741 isolated_anon:0 [ 1448.129994] active_file:6841 inactive_file:44436 isolated_file:0 [ 1448.129994] unevictable:0 dirty:411 writeback:0 unstable:0 [ 1448.129994] slab_reclaimable:21638 slab_unreclaimable:129838 [ 1448.129994] mapped:62650 shmem:6935 pagetables:15992 bounce:0 [ 1448.129994] free:1181528 free_pcp:315 free_cma:0 [ 1448.164202] Node 0 active_anon:892552kB inactive_anon:26964kB active_file:27240kB inactive_file:177744kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250628kB dirty:1660kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1448.192965] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1448.218864] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1448.245211] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1448.250246] Node 0 DMA32 free:668496kB min:36200kB low:45248kB high:54296kB active_anon:892552kB inactive_anon:26964kB active_file:27240kB inactive_file:177744kB unevictable:0kB writepending:1660kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27232kB pagetables:63968kB bounce:0kB free_pcp:1228kB local_pcp:620kB free_cma:0kB [ 1448.281118] lowmem_reserve[]: 0 0 0 0 0 [ 1448.285124] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1448.310747] lowmem_reserve[]: 0 0 0 0 0 [ 1448.314760] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1448.342584] lowmem_reserve[]: 0 0 0 0 0 [ 1448.346574] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1448.360464] Node 0 DMA32: 912*4kB (UME) 180*8kB (UME) 56*16kB (UME) 144*32kB (UME) 44*64kB (UM) 2*128kB (UM) 15*256kB (M) 13*512kB (UME) 3*1024kB (ME) 1*2048kB (U) 156*4096kB (UM) = 668256kB [ 1448.377702] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1448.388581] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1448.405917] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1448.415026] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1448.423914] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 13:06:29 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x1, @win={{}, 0x0, 0xfffffffd, 0x0, 0x9, 0x0}}}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000080)={0x8000, 0x2, 0x4, 0x103038, 0x5, {}, {0x0, 0x8, 0x6, 0x8, 0xa0, 0x1, "47f1caf3"}, 0x0, 0x2, @planes=&(0x7f0000000040)={0x4, 0x1, @userptr=0xffffffff, 0x8}, 0x1}) 13:06:29 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) socket$inet_udp(0x2, 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0xfffffffd, 0x0}}}) 13:06:29 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000002c0)={0x1, @win={{0xd7db, 0x99c9, 0xfffffffd, 0x100}, 0x7, 0x3, &(0x7f0000000080)={{0x9, 0x200, 0x6}, &(0x7f0000000040)={{0x800, 0x6, 0x7f, 0xf994}}}, 0x3, &(0x7f00000000c0)="25301e46b38b9254661c101d420810633282ca36aee1b9493648d56d44d37d4c101efe9cd8c468587dd8bccdd14e30ddc0b8ffb72c20533e8bbcef33d40a8de0ed82eb18352ba1796b75bd910d065730c12e12ce2f228b72fef6d736aa041208bf0d12de0061be7314ea3a60", 0x7}}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) r1 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x39e3, 0x2100) r2 = syz_mount_image$adfs(&(0x7f0000000180)='adfs\x00', &(0x7f00000003c0)='./file0\x00', 0xfffffffffffffffd, 0x4, &(0x7f00000005c0)=[{&(0x7f0000000400)="b9994a1062de5e2f78d7055fbe050fba838cb9bb4a38d00d839f2945fe8010a207c088b22db60f5c9df750b42e4be5be8a6b2dc4765bc705e0cd1e41636415916c1c39", 0x43, 0x4}, {&(0x7f0000000480)="4b2e3d54e69548c446006fe86bc591ba", 0x10, 0x97c}, {&(0x7f00000004c0)="d0087818985602593d21a129da6e6fe0f70daec81996cfd8198de9f51e803925e3873b33c09c0a556b2b958111dd2d11d25154957259db98254c96e7e7158210b96eca28325749f32123bbb5ed3bd4092dd89e8d50e2bf6e96a6df9cac65ebf8940dbb04d216d275563ea6f3bdbb2944a29fbf2f012dea6cab4b7533a153ef357202fa22fcd69f8e9f2b2506dbb92e76844cc44e35ea4cc673d83bff50f3708f306c188e317d6688ff103c9e", 0xac, 0x7}, {&(0x7f0000000580)="cd6e5320d36ce7d661c9fc5736cf45", 0xf, 0x1}], 0x28000, &(0x7f0000000640)={[{'/'}, {'/dev/video#\x00'}, {')^\x10-'}, {'/dev/video#\x00'}], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@appraise='appraise'}, {@permit_directio='permit_directio'}, {@measure='measure'}, {@permit_directio='permit_directio'}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}]}) fanotify_mark(r1, 0x4, 0x40000009, r2, &(0x7f00000006c0)='./file0\x00') write$UHID_INPUT2(r1, &(0x7f0000000700)={0xc, {0x65, "1163bd7d9d45f621f215a4005ebb4e8f9a3703709b49feeb2ffe425cb429ef26e6423c3900d61310932a69f929f9c0b9211a4bd73b65154a18eb6f63ac6dfa96c8b84d0c7331f3691000132edac8c7480a31248bd8652dcf63d721080641a8ab1ff6a115c9"}}, 0x6b) 13:06:29 executing program 1: accept4(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f00000000c0)=0x80, 0x80000) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000140)=0x8) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000600)={0x1, 0x6000, 0x4, 0x1, 0x20}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/nvram\x00', 0x140, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000000500)={0x1, @raw_data="db6e4734d9d9c1e3f91cba26221aadf059cb704296ffaa27f9f029667ae9a802e0168519d18f64f30ed81d3162dfde1a00bd3c85d8b10587d487532ab3269f69f738e5c506270eb344de1abff1556cab25315d7e28dcc03ce4eb3b77d0457c900afc93fe7b8f18bb220eec2138d8b0a581484a2a76c479e18e56f94917efcf7a71cc97cefa8df12cc25e2aa96099f1f397c833924074b1b5b72a70039cbf02de3e884e4ca077973df3822ed6b3194ab4f9c5b80777026eefb639ef8251118c416f3fb5c0fc58e68b"}) write$UHID_INPUT2(r4, &(0x7f0000000400)={0xc, {0xae, "9fd8488e17cabf2401390cc472b8df2df3c688ff4e5e4efa9ab2700cc8ea9e067ee3ddef2237e7fd91aa12d796eabde26964d2881cb2f72bcfa0c14dd89d959e1216ab4bb7d83c746e835826e3875a474b52ba3c51cbc8dd44172f4fced0cbccf2e85f4a9e51c7674be69d4cc6fac7bb1957834c53da6d2073e2adff539f300eb3d4cba5e0a23a4f4918527a4ab5955a120acdab8c0549688beab9627c28129d8d95a3cdc074ec65ecc12ebf01c9"}}, 0xb4) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x330f, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000003c0)={0x0, 0x3f, 0x2, &(0x7f0000000180)=0x39a}) ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f00000002c0)={0x2, @pix_mp={0x10000, 0x0, 0x32314752, 0x9, 0x4, [{0xfd, 0xf6}, {0xffffffff, 0x7d8}, {0x2}, {0x8, 0x4}, {0x10001, 0x4}, {0x0, 0xffff0000}, {0x10001, 0x62b}, {0x4, 0x5aca98c8}], 0x3, 0xff, 0x1}}) [ 1448.433001] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1448.441654] 25674 total pagecache pages [ 1448.445622] 0 pages in swap cache [ 1448.449056] Swap cache stats: add 0, delete 0, find 0/0 [ 1448.454443] Free swap = 0kB [ 1448.457508] Total swap = 0kB [ 1448.460575] 2097051 pages RAM [ 1448.463672] 0 pages HighMem/MovableOnly [ 1448.467632] 363849 pages reserved [ 1448.471106] 0 pages cma reserved [ 1448.531736] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1448.545590] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1448.556006] CPU: 1 PID: 32167 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1448.563899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1448.573242] Call Trace: [ 1448.575819] dump_stack+0x1b2/0x281 [ 1448.579432] warn_alloc.cold+0x96/0x1cc [ 1448.583393] ? zone_watermark_ok_safe+0x220/0x220 [ 1448.588218] ? trace_hardirqs_on+0x10/0x10 [ 1448.592437] ? deref_stack_reg+0x124/0x1a0 [ 1448.596679] ? fs_reclaim_release+0xd0/0x110 [ 1448.601076] __vmalloc_node_range+0x10e/0x150 [ 1448.605556] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1448.610900] vmalloc_user+0x47/0xa0 [ 1448.614518] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1448.618849] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1448.624193] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1448.628323] __vb2_queue_alloc+0x47a/0xd90 [ 1448.632542] vb2_core_create_bufs+0x279/0x5a0 [ 1448.637025] ? __vb2_queue_free+0x7a0/0x7a0 [ 1448.641336] ? trace_hardirqs_on+0x10/0x10 [ 1448.645551] ? __lock_acquire+0x5fc/0x3f20 [ 1448.649768] vb2_create_bufs+0x2e1/0x5b0 [ 1448.653817] ? futex_wait_queue_me+0x3bb/0x590 [ 1448.658378] ? vb2_thread_start+0x310/0x310 [ 1448.662680] ? trace_hardirqs_on+0x10/0x10 [ 1448.666925] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1448.671518] v4l_create_bufs+0xa4/0x150 [ 1448.675487] __video_do_ioctl+0x65b/0x6a0 [ 1448.679635] ? video_ioctl2+0x30/0x30 [ 1448.683429] ? __might_fault+0x177/0x1b0 [ 1448.687474] ? video_ioctl2+0x30/0x30 [ 1448.691256] video_usercopy+0xfd/0xe70 [ 1448.695125] ? v4l_g_ctrl+0x390/0x390 [ 1448.698907] ? apparmor_file_alloc_security+0x129/0x800 [ 1448.704253] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1448.709696] ? trace_hardirqs_on+0x10/0x10 [ 1448.713920] ? futex_exit_release+0x220/0x220 [ 1448.718411] ? __fd_install+0x1ec/0x5c0 [ 1448.722379] v4l2_ioctl+0x1bb/0x2f0 [ 1448.725989] ? v4l2_open+0x2f0/0x2f0 [ 1448.729692] do_vfs_ioctl+0x75a/0xff0 [ 1448.733488] ? ioctl_preallocate+0x1a0/0x1a0 [ 1448.737877] ? lock_downgrade+0x740/0x740 [ 1448.742010] ? __fget+0x225/0x360 [ 1448.745445] ? do_vfs_ioctl+0xff0/0xff0 [ 1448.749401] ? security_file_ioctl+0x83/0xb0 [ 1448.753847] SyS_ioctl+0x7f/0xb0 [ 1448.757199] ? do_vfs_ioctl+0xff0/0xff0 [ 1448.761162] do_syscall_64+0x1d5/0x640 [ 1448.765032] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1448.770205] RIP: 0033:0x466459 [ 1448.773376] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1448.781069] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1448.788327] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1448.795580] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1448.802831] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1448.810082] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 [ 1448.818586] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1448.832149] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1448.837307] CPU: 1 PID: 32172 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1448.845188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1448.854540] Call Trace: [ 1448.857126] dump_stack+0x1b2/0x281 [ 1448.860752] warn_alloc.cold+0x96/0x1cc [ 1448.864770] ? zone_watermark_ok_safe+0x220/0x220 [ 1448.869657] ? trace_hardirqs_on+0x10/0x10 [ 1448.873882] ? deref_stack_reg+0x124/0x1a0 [ 1448.878109] ? fs_reclaim_release+0xd0/0x110 [ 1448.882513] __vmalloc_node_range+0x10e/0x150 [ 1448.887003] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1448.892348] vmalloc_user+0x47/0xa0 [ 1448.895959] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1448.900427] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1448.905779] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1448.909912] __vb2_queue_alloc+0x47a/0xd90 [ 1448.914149] vb2_core_create_bufs+0x279/0x5a0 [ 1448.918645] ? __vb2_queue_free+0x7a0/0x7a0 [ 1448.922967] ? trace_hardirqs_on+0x10/0x10 [ 1448.927193] ? __lock_acquire+0x5fc/0x3f20 [ 1448.931625] vb2_create_bufs+0x2e1/0x5b0 [ 1448.935671] ? vb2_thread_start+0x310/0x310 [ 1448.939981] ? trace_hardirqs_on+0x10/0x10 [ 1448.944221] ? mark_held_locks+0xa6/0xf0 [ 1448.948340] ? trace_hardirqs_on+0x10/0x10 [ 1448.952574] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1448.957153] v4l_create_bufs+0xa4/0x150 [ 1448.961264] __video_do_ioctl+0x65b/0x6a0 [ 1448.965412] ? video_ioctl2+0x30/0x30 [ 1448.969195] ? __might_fault+0x177/0x1b0 [ 1448.973243] ? video_ioctl2+0x30/0x30 [ 1448.977085] video_usercopy+0xfd/0xe70 [ 1448.980969] ? v4l_g_ctrl+0x390/0x390 [ 1448.984759] ? lock_acquire+0x170/0x3f0 [ 1448.988717] ? trace_hardirqs_on+0x10/0x10 [ 1448.993034] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1448.998039] v4l2_ioctl+0x1bb/0x2f0 [ 1449.001653] ? v4l2_open+0x2f0/0x2f0 [ 1449.005404] do_vfs_ioctl+0x75a/0xff0 [ 1449.009198] ? ioctl_preallocate+0x1a0/0x1a0 [ 1449.013721] ? lock_downgrade+0x740/0x740 [ 1449.017865] ? __fget+0x225/0x360 [ 1449.021421] ? do_vfs_ioctl+0xff0/0xff0 [ 1449.025501] ? security_file_ioctl+0x83/0xb0 [ 1449.029890] SyS_ioctl+0x7f/0xb0 [ 1449.033237] ? do_vfs_ioctl+0xff0/0xff0 [ 1449.037198] do_syscall_64+0x1d5/0x640 [ 1449.041080] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1449.046257] RIP: 0033:0x466459 [ 1449.049432] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1449.057124] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1449.064388] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1449.071784] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1449.079034] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1449.086288] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 [ 1449.098771] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1449.114501] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1449.121057] CPU: 1 PID: 32176 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 [ 1449.128954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1449.138296] Call Trace: [ 1449.140881] dump_stack+0x1b2/0x281 [ 1449.144500] warn_alloc.cold+0x96/0x1cc [ 1449.148458] ? zone_watermark_ok_safe+0x220/0x220 [ 1449.153289] ? trace_hardirqs_on+0x10/0x10 [ 1449.157510] ? deref_stack_reg+0x124/0x1a0 [ 1449.161745] ? fs_reclaim_release+0xd0/0x110 [ 1449.166136] __vmalloc_node_range+0x10e/0x150 [ 1449.170621] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1449.175970] vmalloc_user+0x47/0xa0 [ 1449.179579] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1449.183882] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1449.189223] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1449.193362] __vb2_queue_alloc+0x47a/0xd90 [ 1449.197591] vb2_core_create_bufs+0x279/0x5a0 [ 1449.202069] ? __vb2_queue_free+0x7a0/0x7a0 [ 1449.206379] ? trace_hardirqs_on+0x10/0x10 [ 1449.211208] ? __lock_acquire+0x5fc/0x3f20 [ 1449.215431] vb2_create_bufs+0x2e1/0x5b0 [ 1449.219473] ? vb2_thread_start+0x310/0x310 [ 1449.223773] ? trace_hardirqs_on+0x10/0x10 [ 1449.227984] ? mark_held_locks+0xa6/0xf0 [ 1449.232029] ? trace_hardirqs_on+0x10/0x10 [ 1449.236257] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1449.240828] v4l_create_bufs+0xa4/0x150 [ 1449.244789] __video_do_ioctl+0x65b/0x6a0 [ 1449.248918] ? video_ioctl2+0x30/0x30 [ 1449.252710] ? __might_fault+0x177/0x1b0 [ 1449.256757] ? video_ioctl2+0x30/0x30 [ 1449.260542] video_usercopy+0xfd/0xe70 [ 1449.264432] ? v4l_g_ctrl+0x390/0x390 [ 1449.268214] ? __lock_acquire+0x5fc/0x3f20 [ 1449.272435] ? kcov_ioctl+0x4d/0x190 [ 1449.276136] ? trace_hardirqs_on+0x10/0x10 [ 1449.280358] ? lock_downgrade+0x740/0x740 [ 1449.284494] v4l2_ioctl+0x1bb/0x2f0 [ 1449.288533] ? v4l2_open+0x2f0/0x2f0 [ 1449.292234] do_vfs_ioctl+0x75a/0xff0 [ 1449.296026] ? ioctl_preallocate+0x1a0/0x1a0 [ 1449.300417] ? lock_downgrade+0x740/0x740 [ 1449.304554] ? __fget+0x225/0x360 [ 1449.307982] ? do_vfs_ioctl+0xff0/0xff0 [ 1449.312552] ? security_file_ioctl+0x83/0xb0 [ 1449.316973] SyS_ioctl+0x7f/0xb0 [ 1449.320324] ? do_vfs_ioctl+0xff0/0xff0 [ 1449.324283] do_syscall_64+0x1d5/0x640 [ 1449.328153] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1449.333326] RIP: 0033:0x466459 [ 1449.336502] RSP: 002b:00007efc3f301188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1449.344189] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 1449.351441] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1449.358696] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1449.365946] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1449.373193] R13: 00007ffd57a131af R14: 00007efc3f301300 R15: 0000000000022000 [ 1449.394036] warn_alloc_show_mem: 2 callbacks suppressed [ 1449.394040] Mem-Info: [ 1449.403538] active_anon:223153 inactive_anon:6741 isolated_anon:0 [ 1449.403538] active_file:6841 inactive_file:44444 isolated_file:0 [ 1449.403538] unevictable:0 dirty:421 writeback:0 unstable:0 [ 1449.403538] slab_reclaimable:21620 slab_unreclaimable:130142 [ 1449.403538] mapped:62666 shmem:6936 pagetables:16002 bounce:0 [ 1449.403538] free:1181188 free_pcp:277 free_cma:0 [ 1449.439562] Node 0 active_anon:892628kB inactive_anon:26964kB active_file:27240kB inactive_file:177804kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250736kB dirty:1716kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1449.468582] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1449.495150] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1449.521763] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1449.526850] Node 0 DMA32 free:666124kB min:36200kB low:45248kB high:54296kB active_anon:892628kB inactive_anon:26964kB active_file:27240kB inactive_file:177804kB unevictable:0kB writepending:1716kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27264kB pagetables:64064kB bounce:0kB free_pcp:1020kB local_pcp:400kB free_cma:0kB [ 1449.557243] lowmem_reserve[]: 0 0 0 0 0 [ 1449.561323] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1449.587120] lowmem_reserve[]: 0 0 0 0 0 [ 1449.591209] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1449.619297] lowmem_reserve[]: 0 0 0 0 0 [ 1449.623681] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1449.637764] Node 0 DMA32: 903*4kB (UME) 109*8kB (UME) 7*16kB (UME) 109*32kB (UME) 45*64kB (UM) 2*128kB (UM) 15*256kB (M) 13*512kB (UME) 3*1024kB (ME) 1*2048kB (U) 156*4096kB (UM) = 665812kB [ 1449.655388] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1449.666511] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1449.684175] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1449.693853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1449.703575] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1449.712898] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1449.721942] 25686 total pagecache pages [ 1449.725913] 0 pages in swap cache [ 1449.729345] Swap cache stats: add 0, delete 0, find 0/0 [ 1449.735516] Free swap = 0kB [ 1449.738578] Total swap = 0kB [ 1449.741725] 2097051 pages RAM [ 1449.744825] 0 pages HighMem/MovableOnly [ 1449.748781] 363849 pages reserved [ 1449.752293] 0 pages cma reserved [ 1449.756322] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1449.768267] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1449.773532] CPU: 0 PID: 32172 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 [ 1449.781412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1449.790757] Call Trace: [ 1449.793333] dump_stack+0x1b2/0x281 [ 1449.796944] warn_alloc.cold+0x96/0x1cc [ 1449.800911] ? zone_watermark_ok_safe+0x220/0x220 [ 1449.805746] ? trace_hardirqs_on+0x10/0x10 [ 1449.809964] ? deref_stack_reg+0x124/0x1a0 [ 1449.814379] ? fs_reclaim_release+0xd0/0x110 [ 1449.818799] __vmalloc_node_range+0x10e/0x150 [ 1449.823298] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1449.828673] vmalloc_user+0x47/0xa0 [ 1449.832295] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1449.836603] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1449.841959] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1449.846116] __vb2_queue_alloc+0x47a/0xd90 [ 1449.850355] vb2_core_create_bufs+0x279/0x5a0 [ 1449.854888] ? __vb2_queue_free+0x7a0/0x7a0 [ 1449.859197] ? trace_hardirqs_on+0x10/0x10 [ 1449.863421] ? __lock_acquire+0x5fc/0x3f20 [ 1449.867648] vb2_create_bufs+0x2e1/0x5b0 [ 1449.871749] ? futex_wait_queue_me+0x3bb/0x590 [ 1449.876319] ? vb2_thread_start+0x310/0x310 [ 1449.880636] ? trace_hardirqs_on+0x10/0x10 [ 1449.884862] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1449.889431] v4l_create_bufs+0xa4/0x150 [ 1449.893389] __video_do_ioctl+0x65b/0x6a0 [ 1449.897529] ? video_ioctl2+0x30/0x30 [ 1449.901330] ? __might_fault+0x177/0x1b0 [ 1449.905390] ? video_ioctl2+0x30/0x30 [ 1449.909210] video_usercopy+0xfd/0xe70 [ 1449.913090] ? v4l_g_ctrl+0x390/0x390 [ 1449.916874] ? lock_downgrade+0x740/0x740 [ 1449.921014] ? trace_hardirqs_on+0x10/0x10 [ 1449.925241] ? futex_exit_release+0x220/0x220 [ 1449.929716] ? __fget+0x1fe/0x360 [ 1449.933153] v4l2_ioctl+0x1bb/0x2f0 [ 1449.936766] ? v4l2_open+0x2f0/0x2f0 [ 1449.940477] do_vfs_ioctl+0x75a/0xff0 [ 1449.944290] ? ioctl_preallocate+0x1a0/0x1a0 [ 1449.948692] ? lock_downgrade+0x740/0x740 [ 1449.952827] ? __fget+0x225/0x360 [ 1449.956274] ? do_vfs_ioctl+0xff0/0xff0 [ 1449.960526] ? security_file_ioctl+0x83/0xb0 [ 1449.965013] SyS_ioctl+0x7f/0xb0 [ 1449.968362] ? do_vfs_ioctl+0xff0/0xff0 [ 1449.972321] do_syscall_64+0x1d5/0x640 [ 1449.976194] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1449.981370] RIP: 0033:0x466459 [ 1449.984546] RSP: 002b:00007f5883dfa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:06:31 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @sliced={0xef9a, [0x9, 0x8, 0x401, 0xe8, 0x5fa8, 0x2, 0x8001, 0xa97b, 0x5, 0x7ff, 0x1, 0x4, 0x6, 0x21e, 0x9, 0xff, 0x7, 0x5, 0xdb4, 0x9, 0x8947, 0x5, 0x8, 0x101, 0xfc4b, 0x6, 0x6, 0x3, 0x7, 0x3, 0x9aab, 0x7f, 0x6, 0x1, 0x69cb, 0xffff, 0x1, 0x1000, 0x8, 0x401, 0xfffd, 0x5, 0x200, 0x3ff, 0x8, 0x1, 0x4], 0x80}}, 0x3}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RLERROR(r1, &(0x7f0000000180)={0xb, 0x7, 0x1, {0x2, '@\\'}}, 0xb) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nvram\x00', 0x14001, 0x0) ioctl$vim2m_VIDIOC_QUERYCAP(r3, 0x80685600, &(0x7f00000002c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000080)="410f01cac461dd683d0d000000360fc7390f30c4a1e573f78b0f3548b800000000000000000f23c80f21f835000040000f23f866baa000b000ee440f01d146cc", 0x40}], 0x1, 0x40, &(0x7f0000000100)=[@vmwrite={0x8, 0x0, 0xe, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1}, @flags={0x3, 0x10}], 0x2) 13:06:31 executing program 2: ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x3, 0x7, 0x1, {0x2, @win={{0x1, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) read$snapshot(0xffffffffffffffff, &(0x7f0000000000)=""/192, 0xc0) [ 1449.992233] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1449.999481] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1450.006733] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1450.013985] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1450.021243] R13: 00007fff3377dd0f R14: 00007f5883dfa300 R15: 0000000000022000 13:06:31 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x1, @win={{0x0, 0x65, 0x0, 0x1000}, 0x4, 0xfffffffd, 0x0, 0x40, 0x0}}, 0xdc}) socket$nl_generic(0x10, 0x3, 0x10) 13:06:31 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000040)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:31 executing program 1: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x10000000, 0xffffffff}, 0x0, 0xffffeffd, 0x0, 0x803, 0x0, 0x2}}}) 13:06:31 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x2, 0x7, 0x1, {0x3, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) ioctl$vim2m_VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f00000000c0)) 13:06:31 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) r1 = socket(0x18, 0xc, 0x401) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wg2\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@newchain={0x3c, 0x64, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x1, 0xf}, {0xfffa, 0xc}, {0x0, 0x4}}, [@TCA_RATE={0x6, 0x5, {0x5}}, @TCA_RATE={0x6, 0x5, {0x5, 0x40}}, @TCA_CHAIN={0x8, 0xb, 0x7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x24000004) [ 1450.145815] syz-executor.2: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1450.159672] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1450.166454] CPU: 1 PID: 32209 Comm: syz-executor.2 Not tainted 4.14.231-syzkaller #0 [ 1450.174352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1450.183997] Call Trace: [ 1450.186593] dump_stack+0x1b2/0x281 [ 1450.190223] warn_alloc.cold+0x96/0x1cc [ 1450.194199] ? __lock_acquire+0x5fc/0x3f20 [ 1450.198560] ? zone_watermark_ok_safe+0x220/0x220 [ 1450.203413] ? trace_hardirqs_on+0x10/0x10 [ 1450.207633] ? deref_stack_reg+0x124/0x1a0 [ 1450.211945] ? fs_reclaim_release+0xd0/0x110 [ 1450.216352] __vmalloc_node_range+0x10e/0x150 [ 1450.220829] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1450.226173] vmalloc_user+0x47/0xa0 [ 1450.229788] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1450.234088] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1450.239435] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1450.243581] __vb2_queue_alloc+0x47a/0xd90 [ 1450.247823] vb2_core_create_bufs+0x279/0x5a0 [ 1450.252307] ? __vb2_queue_free+0x7a0/0x7a0 [ 1450.256615] ? trace_hardirqs_on+0x10/0x10 [ 1450.260836] ? __lock_acquire+0x5fc/0x3f20 [ 1450.265057] vb2_create_bufs+0x2e1/0x5b0 [ 1450.269109] ? ___preempt_schedule+0x16/0x18 [ 1450.273501] ? vb2_thread_start+0x310/0x310 [ 1450.278065] ? trace_hardirqs_on+0x10/0x10 [ 1450.282286] ? _raw_spin_unlock_irqrestore+0xaf/0xe0 [ 1450.287372] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1450.291956] v4l_create_bufs+0xa4/0x150 [ 1450.295931] __video_do_ioctl+0x65b/0x6a0 [ 1450.300074] ? video_ioctl2+0x30/0x30 [ 1450.303865] ? __might_fault+0x177/0x1b0 [ 1450.307910] ? video_ioctl2+0x30/0x30 [ 1450.311820] video_usercopy+0xfd/0xe70 [ 1450.315693] ? v4l_g_ctrl+0x390/0x390 [ 1450.319476] ? lock_acquire+0x170/0x3f0 [ 1450.323438] ? lock_downgrade+0x740/0x740 [ 1450.327572] ? trace_hardirqs_on+0x10/0x10 [ 1450.331788] ? futex_exit_release+0x220/0x220 [ 1450.336265] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1450.341347] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1450.346347] v4l2_ioctl+0x1bb/0x2f0 [ 1450.349954] ? v4l2_open+0x2f0/0x2f0 [ 1450.353651] do_vfs_ioctl+0x75a/0xff0 [ 1450.357431] ? ioctl_preallocate+0x1a0/0x1a0 [ 1450.361844] ? lock_downgrade+0x740/0x740 [ 1450.365983] ? __fget+0x225/0x360 [ 1450.369418] ? do_vfs_ioctl+0xff0/0xff0 [ 1450.373378] ? security_file_ioctl+0x83/0xb0 [ 1450.377777] SyS_ioctl+0x7f/0xb0 [ 1450.381124] ? do_vfs_ioctl+0xff0/0xff0 [ 1450.385080] do_syscall_64+0x1d5/0x640 [ 1450.388969] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1450.394137] RIP: 0033:0x466459 [ 1450.397309] RSP: 002b:00007ff0a6d93188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1450.405113] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1450.412380] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1450.419738] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1450.427096] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1450.434346] R13: 00007ffea9384a6f R14: 00007ff0a6d93300 R15: 0000000000022000 13:06:31 executing program 1: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x40000, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x1, 0x5}, 0xb) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) [ 1450.446621] warn_alloc_show_mem: 1 callbacks suppressed [ 1450.446625] Mem-Info: [ 1450.454558] active_anon:222590 inactive_anon:6741 isolated_anon:0 [ 1450.454558] active_file:6841 inactive_file:44460 isolated_file:0 [ 1450.454558] unevictable:0 dirty:436 writeback:0 unstable:0 [ 1450.454558] slab_reclaimable:21572 slab_unreclaimable:130477 [ 1450.454558] mapped:62687 shmem:6935 pagetables:15973 bounce:0 [ 1450.454558] free:1181441 free_pcp:293 free_cma:0 [ 1450.498926] Node 0 active_anon:890460kB inactive_anon:26964kB active_file:27240kB inactive_file:177840kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250848kB dirty:1744kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 763904kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1450.527774] Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1450.554024] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1450.580283] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1450.585332] Node 0 DMA32 free:666124kB min:36200kB low:45248kB high:54296kB active_anon:892468kB inactive_anon:26964kB active_file:27240kB inactive_file:177840kB unevictable:0kB writepending:1744kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27296kB pagetables:63908kB bounce:0kB free_pcp:1104kB local_pcp:368kB free_cma:0kB [ 1450.615704] lowmem_reserve[]: 0 0 0 0 0 [ 1450.619726] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1450.645499] lowmem_reserve[]: 0 0 0 0 0 [ 1450.649485] Node 1 Normal free:4041948kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1450.677164] lowmem_reserve[]: 0 0 0 0 0 [ 1450.681236] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1450.694958] Node 0 DMA32: 921*4kB (UME) 209*8kB (UME) 13*16kB (UME) 76*32kB (UME) 45*64kB (UM) 2*128kB (UM) 15*256kB (M) 13*512kB (UME) 3*1024kB (ME) 1*2048kB (U) 156*4096kB (UM) = 665724kB [ 1450.712137] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1450.723026] Node 1 Normal: 77*4kB (UME) 385*8kB (UME) 280*16kB (UME) 93*32kB (UME) 34*64kB (UME) 16*128kB (UE) 8*256kB (UME) 5*512kB (UE) 2*1024kB (ME) 3*2048kB (M) 980*4096kB (M) = 4041948kB [ 1450.740390] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1450.749836] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1450.758467] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1450.767512] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1450.776161] 25698 total pagecache pages [ 1450.780139] 0 pages in swap cache [ 1450.783775] Swap cache stats: add 0, delete 0, find 0/0 [ 1450.789196] Free swap = 0kB [ 1450.792270] Total swap = 0kB [ 1450.795315] 2097051 pages RAM [ 1450.798408] 0 pages HighMem/MovableOnly [ 1450.802457] 363849 pages reserved [ 1450.806029] 0 pages cma reserved [ 1450.809481] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1450.822966] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1450.828256] CPU: 1 PID: 32214 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1450.836134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1450.845493] Call Trace: [ 1450.848116] dump_stack+0x1b2/0x281 [ 1450.851750] warn_alloc.cold+0x96/0x1cc [ 1450.855707] ? zone_watermark_ok_safe+0x220/0x220 [ 1450.860535] ? trace_hardirqs_on+0x10/0x10 [ 1450.864825] ? deref_stack_reg+0x124/0x1a0 [ 1450.869045] ? fs_reclaim_release+0xd0/0x110 [ 1450.873439] __vmalloc_node_range+0x10e/0x150 [ 1450.878075] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1450.883464] vmalloc_user+0x47/0xa0 [ 1450.887096] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1450.891412] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1450.896756] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1450.900884] __vb2_queue_alloc+0x47a/0xd90 [ 1450.905124] vb2_core_create_bufs+0x279/0x5a0 [ 1450.909598] ? __vb2_queue_free+0x7a0/0x7a0 [ 1450.913923] ? trace_hardirqs_on+0x10/0x10 [ 1450.918139] ? __lock_acquire+0x5fc/0x3f20 [ 1450.922367] vb2_create_bufs+0x2e1/0x5b0 [ 1450.926439] ? vb2_thread_start+0x310/0x310 [ 1450.930869] ? trace_hardirqs_on+0x10/0x10 [ 1450.935093] ? mark_held_locks+0xa6/0xf0 [ 1450.939140] ? trace_hardirqs_on+0x10/0x10 [ 1450.943366] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1450.947936] v4l_create_bufs+0xa4/0x150 [ 1450.951894] __video_do_ioctl+0x65b/0x6a0 [ 1450.956028] ? video_ioctl2+0x30/0x30 [ 1450.959811] ? __might_fault+0x177/0x1b0 [ 1450.963855] ? video_ioctl2+0x30/0x30 [ 1450.967692] video_usercopy+0xfd/0xe70 [ 1450.971620] ? v4l_g_ctrl+0x390/0x390 [ 1450.975403] ? lock_acquire+0x170/0x3f0 [ 1450.979360] ? trace_hardirqs_on+0x10/0x10 [ 1450.983577] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1450.988610] v4l2_ioctl+0x1bb/0x2f0 [ 1450.992217] ? v4l2_open+0x2f0/0x2f0 [ 1450.995925] do_vfs_ioctl+0x75a/0xff0 [ 1450.999705] ? ioctl_preallocate+0x1a0/0x1a0 [ 1451.004093] ? lock_downgrade+0x740/0x740 [ 1451.008225] ? __fget+0x225/0x360 [ 1451.011671] ? do_vfs_ioctl+0xff0/0xff0 [ 1451.015638] ? security_file_ioctl+0x83/0xb0 [ 1451.020030] SyS_ioctl+0x7f/0xb0 [ 1451.023380] ? do_vfs_ioctl+0xff0/0xff0 [ 1451.027348] do_syscall_64+0x1d5/0x640 [ 1451.031754] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1451.036922] RIP: 0033:0x466459 [ 1451.040119] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:06:32 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x341800, 0x0) read$snapshot(r2, &(0x7f0000000900)=""/4096, 0x1000) ioctl$vim2m_VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000040)=0x1) 13:06:32 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000100)={0x20, 0x3, 0x3f, 0x9, 0x6, 0x2, 0x1, 0x8, 0x2, 0x6, 0x50, 0x9, 0xc0, 0x2}, 0xe) ioctl$vim2m_VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f0000000080)) 13:06:32 executing program 1: setpriority(0x2, 0x0, 0x9) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) [ 1451.047817] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1451.055074] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1451.062323] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1451.069573] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1451.076908] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 13:06:32 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r2, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, @rand_addr=0x64010102}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'syzkaller1\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004001}, 0x4000) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:32 executing program 3: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}, 0x3}) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x3, @pix={0x2006, 0x1, 0x34343452, 0x3, 0x1ff, 0x7, 0x2, 0x2, 0x0, 0x3, 0x0, 0xa}}) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/bsg\x00', 0x801, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000340)={0x0, 0x1ff, 0x3, &(0x7f0000000300)=0x10000}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000380)='/dev/video#\x00', 0x8001, 0x2) ioctl$vim2m_VIDIOC_QUERYCAP(r3, 0x80685600, &(0x7f00000003c0)) 13:06:32 executing program 2: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x4, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) ioctl$vim2m_VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) 13:06:32 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000040)=[@timestamp, @mss={0x2, 0x3}], 0x2) pipe(&(0x7f0000000080)) openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nvram\x00', 0x541200, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) ioctl$vim2m_VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f00000000c0)) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @raw_data="3e836af23b379aa13f6d67f60860928ed3ecdecfaf23692ea7f97f58ddac046947394b70234e742cd6721cd235f35d59cdfdbdc5574184144a761f559de087d5ed3cedb3af462d546c7e6b7ffe7ee31edd6b241c6cab48a421b39f65564cf70377126b142f18381334f8c5af0f546a8bf0e284d54df5ccd7111a93a3b04c86b6183e9a394453d14439276b8d96b5aeb79efd3d6cc53a6ef502bbcf8d07d8a1ec61fdafb5ffd0d8fa3d27f5e62c85720b5b55f177e634081a5bdd58d3699a94d189d898bf60b8fd1c"}}) 13:06:32 executing program 2: ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000002c0)={0x0, @sliced={0x5, [0x6, 0x5, 0x8, 0x2, 0xfffc, 0xfff9, 0x0, 0xfa, 0xffff, 0x2, 0x8, 0x401, 0x4, 0xa6e9, 0x7, 0x5605, 0x9, 0x3, 0x100, 0xff, 0xbcc3, 0x7bb, 0x3, 0x8001, 0xffff, 0x1ff, 0x401, 0x8000, 0x5, 0x8, 0x1, 0x2, 0x6, 0x8000, 0x51, 0x7ff, 0x8f44, 0x8001, 0x9, 0x1ff, 0xffff, 0x1f, 0x3, 0x0, 0x8a, 0x3, 0x3], 0x3}}) r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x8, 0xfffffffd, 0x0, 0x0, 0x0}}}) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000080)={0x3, 0x1, 0x4, 0x10000, 0x7, {r1, r2/1000+60000}, {0x1, 0x1, 0x7f, 0x0, 0x7, 0xf7, "f96376a5"}, 0x1, 0x1, @fd=0xffffffffffffffff, 0x400}) ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000100)={0xffffffff, 0x0, 0x4, 0xe000, 0x40, {}, {0x0, 0x1, 0x0, 0xf2, 0x3, 0x9, "6a5b688c"}, 0x7ff, 0x0, @fd=r3, 0x2}) 13:06:32 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0xf8, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x7, 0x1, {0x2, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x0}}}) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f0000000080)=0xffffffffffffffff) [ 1457.722961] oom_reaper: reaped process 32249 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1457.794202] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1457.807202] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1457.812478] CPU: 1 PID: 10590 Comm: syz-fuzzer Not tainted 4.14.231-syzkaller #0 [ 1457.820008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1457.829422] Call Trace: [ 1457.831995] dump_stack+0x1b2/0x281 [ 1457.835603] dump_header+0x178/0x82f [ 1457.839297] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1457.844462] ? ___ratelimit+0x2cd/0x530 [ 1457.848414] oom_kill_process.cold+0x10/0xa40 [ 1457.852893] out_of_memory+0xe3e/0x1190 [ 1457.856845] ? oom_killer_disable+0x1c0/0x1c0 [ 1457.861318] ? mutex_trylock+0x152/0x1a0 [ 1457.865358] __alloc_pages_nodemask+0x23e1/0x2720 [ 1457.870185] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1457.875064] alloc_pages_current+0x155/0x260 [ 1457.879452] filemap_fault+0x11a1/0x1ad0 [ 1457.883515] ext4_filemap_fault+0x84/0xb0 [ 1457.887644] __do_fault+0xfa/0x380 [ 1457.891160] __handle_mm_fault+0x2497/0x4620 [ 1457.895545] ? vm_insert_page+0x7c0/0x7c0 [ 1457.899674] ? mark_held_locks+0xa6/0xf0 [ 1457.903720] handle_mm_fault+0x455/0x9c0 [ 1457.907760] __do_page_fault+0x549/0xad0 [ 1457.911798] ? spurious_fault+0x640/0x640 [ 1457.915943] ? do_page_fault+0x60/0x500 [ 1457.919898] ? page_fault+0x2f/0x50 [ 1457.923518] page_fault+0x45/0x50 [ 1457.926951] RIP: 479b00:0x15d903f50f5 [ 1457.930733] RSP: 0000:000000c0066d9f28 EFLAGS: 00000003 [ 1457.930831] Mem-Info: [ 1457.938565] active_anon:244484 inactive_anon:6741 isolated_anon:0 [ 1457.938565] active_file:23 inactive_file:3 isolated_file:0 [ 1457.938565] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1457.938565] slab_reclaimable:21406 slab_unreclaimable:124670 [ 1457.938565] mapped:55265 shmem:6935 pagetables:15993 bounce:0 [ 1457.938565] free:13780 free_pcp:61 free_cma:0 [ 1457.950903] warn_alloc: 13 callbacks suppressed [ 1457.950908] syz-executor.4: [ 1457.972013] Node 0 active_anon:977912kB inactive_anon:26964kB active_file:52kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221056kB dirty:0kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 743424kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1457.985611] vmalloc: allocation failure, allocated 236974080 of 778649600 bytes [ 1458.007829] Node 1 active_anon:28kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1458.007833] Node 0 DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1458.007848] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1458.007865] Node 0 DMA32 free:18000kB min:36200kB low:45248kB high:54296kB active_anon:977912kB inactive_anon:26964kB active_file:52kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27168kB pagetables:63972kB bounce:0kB free_pcp:128kB local_pcp:0kB free_cma:0kB [ 1458.007881] lowmem_reserve[]: 0 0 0 0 0 [ 1458.007898] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1458.007913] lowmem_reserve[]: 0 0 0 0 0 [ 1458.007932] Node 1 Normal free:26396kB min:53696kB low:67120kB high:80544kB active_anon:28kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1458.007949] lowmem_reserve[]: 0 0 0 0 0 [ 1458.023972] , mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask= [ 1458.076430] (null) [ 1458.101588] Node 0 DMA: 0*4kB 1*8kB (U) 1*16kB (U) 0*32kB 1*64kB (U) 1*128kB (U) [ 1458.114072] syz-executor.4 cpuset= [ 1458.131172] 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10968kB [ 1458.131200] Node 0 DMA32: 2586*4kB (MEH) 512*8kB (UMEH) 93*16kB (MEH) 15*32kB (UMH) 5*64kB (UH) 4*128kB (UH) 1*256kB (H) 1*512kB (H) 0*1024kB [ 1458.143799] / [ 1458.162856] 0*2048kB [ 1458.175570] mems_allowed=0-1 [ 1458.182516] 0*4096kB = 18008kB [ 1458.182525] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB [ 1458.191116] CPU: 0 PID: 32249 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0 [ 1458.193313] 0*1024kB [ 1458.206173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1458.206177] Call Trace: [ 1458.206198] dump_stack+0x1b2/0x281 [ 1458.206211] warn_alloc.cold+0x96/0x1cc [ 1458.207900] 0*2048kB [ 1458.210293] ? zone_watermark_ok_safe+0x220/0x220 [ 1458.210318] __vmalloc_area_node+0x48a/0x680 [ 1458.213397] 0*4096kB [ 1458.216591] ? __vmalloc_node_range+0x150/0x150 [ 1458.224504] = 0kB [ 1458.232313] ? __get_vm_area_node+0x27d/0x340 [ 1458.232328] __vmalloc_node_range+0xbe/0x150 [ 1458.232343] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1458.232349] vmalloc_user+0x47/0xa0 [ 1458.232357] ? vb2_vmalloc_alloc+0xa6/0x2d0 [ 1458.232366] ? vb2_vmalloc_dmabuf_ops_release+0x40/0x40 [ 1458.232375] vb2_vmalloc_alloc+0xa6/0x2d0 [ 1458.232385] __vb2_queue_alloc+0x47a/0xd90 [ 1458.232405] vb2_core_create_bufs+0x279/0x5a0 [ 1458.234791] Node 1 [ 1458.244269] ? __vb2_queue_free+0x7a0/0x7a0 [ 1458.244281] ? trace_hardirqs_on+0x10/0x10 [ 1458.244289] ? __lock_acquire+0x5fc/0x3f20 [ 1458.244300] vb2_create_bufs+0x2e1/0x5b0 [ 1458.244313] ? futex_wait_queue_me+0x3bb/0x590 [ 1458.246870] Normal: [ 1458.250479] ? vb2_thread_start+0x310/0x310 [ 1458.250488] ? trace_hardirqs_on+0x10/0x10 [ 1458.250500] vb2_ioctl_create_bufs+0x1f7/0x330 [ 1458.250511] v4l_create_bufs+0xa4/0x150 [ 1458.250522] __video_do_ioctl+0x65b/0x6a0 [ 1458.254565] 5*4kB [ 1458.256960] ? video_ioctl2+0x30/0x30 [ 1458.261816] (ME) [ 1458.266163] ? __might_fault+0x177/0x1b0 [ 1458.268545] 3*8kB [ 1458.273194] ? video_ioctl2+0x30/0x30 [ 1458.273203] video_usercopy+0xfd/0xe70 [ 1458.273216] ? v4l_g_ctrl+0x390/0x390 [ 1458.273228] ? trace_hardirqs_on+0x10/0x10 [ 1458.275273] (ME) [ 1458.279749] ? trace_hardirqs_on+0x10/0x10 [ 1458.279760] ? futex_exit_release+0x220/0x220 [ 1458.279771] ? lock_acquire+0x170/0x3f0 [ 1458.279780] v4l2_ioctl+0x1bb/0x2f0 [ 1458.284178] 5*16kB [ 1458.289528] ? v4l2_open+0x2f0/0x2f0 [ 1458.293151] (UME) [ 1458.297437] do_vfs_ioctl+0x75a/0xff0 [ 1458.302795] 5*32kB [ 1458.306904] ? ioctl_preallocate+0x1a0/0x1a0 [ 1458.311219] (ME) [ 1458.315680] ? lock_downgrade+0x740/0x740 [ 1458.317888] 4*64kB [ 1458.322194] ? __fget+0x225/0x360 [ 1458.322204] ? do_vfs_ioctl+0xff0/0xff0 [ 1458.322214] ? security_file_ioctl+0x83/0xb0 [ 1458.322223] SyS_ioctl+0x7f/0xb0 [ 1458.322231] ? do_vfs_ioctl+0xff0/0xff0 [ 1458.326439] (UME) [ 1458.330657] do_syscall_64+0x1d5/0x640 [ 1458.330673] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1458.330682] RIP: 0033:0x466459 [ 1458.334712] 2*128kB [ 1458.339268] RSP: 002b:00007f491b244188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1458.341607] (UE) [ 1458.345878] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 1458.350107] 2*256kB [ 1458.354647] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 1458.354653] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 1458.358599] (ME) [ 1458.362723] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1458.362729] R13: 00007ffef79ecfdf R14: 00007f491b244300 R15: 0000000000022000 [ 1458.372824] warn_alloc_show_mem: 1 callbacks suppressed [ 1458.372828] Mem-Info: [ 1458.374781] 1*512kB [ 1458.376926] active_anon:244485 inactive_anon:6741 isolated_anon:0 [ 1458.376926] active_file:14 inactive_file:12 isolated_file:0 [ 1458.376926] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1458.376926] slab_reclaimable:21406 slab_unreclaimable:124670 [ 1458.376926] mapped:55264 shmem:6935 pagetables:15993 bounce:0 [ 1458.376926] free:13841 free_pcp:62 free_cma:0 [ 1458.380729] (E) 2*1024kB (ME) 3*2048kB (M) 4*4096kB (M) = 26396kB [ 1458.380758] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1458.380764] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1458.380770] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1458.380775] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1458.380779] 6961 total pagecache pages [ 1458.380788] 0 pages in swap cache [ 1458.380792] Swap cache stats: add 0, delete 0, find 0/0 [ 1458.380795] Free swap = 0kB [ 1458.380801] Total swap = 0kB [ 1458.391649] Node 0 active_anon:977912kB inactive_anon:26964kB active_file:52kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221056kB dirty:0kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 743424kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1458.392779] 2097051 pages RAM [ 1458.394713] Node 1 active_anon:28kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1458.398919] 0 pages HighMem/MovableOnly [ 1458.398924] 363849 pages reserved [ 1458.411985] Node 0 [ 1458.413300] 0 pages cma reserved [ 1458.417008] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1458.419128] Out of memory (oom_kill_allocating_task): Kill process 10590 (syz-fuzzer) score 0 or sacrifice child [ 1458.430191] lowmem_reserve[]: [ 1458.432238] Killed process 7977 (syz-executor.5) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 1458.753551] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1458.768249] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1458.771395] 0 2717 2718 2718 2718 [ 1458.774870] CPU: 1 PID: 10590 Comm: syz-fuzzer Not tainted 4.14.231-syzkaller #0 [ 1458.776568] Node 0 [ 1458.784077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1458.784080] Call Trace: [ 1458.784096] dump_stack+0x1b2/0x281 [ 1458.784108] dump_header+0x178/0x82f [ 1458.784117] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1458.784125] ? ___ratelimit+0x2cd/0x530 [ 1458.784135] oom_kill_process.cold+0x10/0xa40 [ 1458.784153] out_of_memory+0xe3e/0x1190 [ 1458.784169] ? oom_killer_disable+0x1c0/0x1c0 [ 1458.791363] DMA32 free:18000kB min:36200kB low:45248kB high:54296kB active_anon:977912kB inactive_anon:26964kB active_file:152kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27168kB pagetables:63972kB bounce:0kB free_pcp:128kB local_pcp:128kB free_cma:0kB [ 1458.796248] ? mutex_trylock+0x152/0x1a0 [ 1458.798827] lowmem_reserve[]: [ 1458.802439] __alloc_pages_nodemask+0x23e1/0x2720 [ 1458.802461] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1458.806147] 0 [ 1458.811243] alloc_pages_current+0x155/0x260 [ 1458.811255] filemap_fault+0x11a1/0x1ad0 [ 1458.815225] 0 [ 1458.819719] ext4_filemap_fault+0x84/0xb0 [ 1458.819731] __do_fault+0xfa/0x380 [ 1458.823679] 0 [ 1458.828156] __handle_mm_fault+0x2497/0x4620 [ 1458.856687] 0 [ 1458.860739] ? vm_insert_page+0x7c0/0x7c0 [ 1458.860758] ? mark_held_locks+0xa6/0xf0 [ 1458.863844] 0 [ 1458.868685] handle_mm_fault+0x455/0x9c0 [ 1458.875409] __do_page_fault+0x549/0xad0 [ 1458.879802] Node 0 [ 1458.883849] ? spurious_fault+0x640/0x640 [ 1458.885641] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1458.889771] ? do_page_fault+0x60/0x500 [ 1458.889780] ? page_fault+0x2f/0x50 [ 1458.889787] page_fault+0x45/0x50 [ 1458.889799] RIP: 479b00:0x15d903f50f5 [ 1458.893331] lowmem_reserve[]: [ 1458.895114] RSP: 0000:000000c0066d9f28 EFLAGS: 00000003 [ 1458.901509] Mem-Info: [ 1458.912609] 0 [ 1458.916666] active_anon:244485 inactive_anon:6741 isolated_anon:0 [ 1458.916666] active_file:24 inactive_file:2 isolated_file:0 [ 1458.916666] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1458.916666] slab_reclaimable:21406 slab_unreclaimable:124670 [ 1458.916666] mapped:55264 shmem:6935 pagetables:15993 bounce:0 [ 1458.916666] free:13841 free_pcp:76 free_cma:0 [ 1458.919578] 0 [ 1458.924260] Node 0 active_anon:977912kB inactive_anon:26964kB active_file:96kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221056kB dirty:0kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 743424kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1458.928757] 0 [ 1458.954502] Node 1 active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1458.960029] 0 [ 1458.962053] Node 0 [ 1458.965802] 0 [ 1458.968901] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1458.981481] Node 1 [ 1459.015056] lowmem_reserve[]: [ 1459.022628] Normal free:26396kB min:53696kB low:67120kB high:80544kB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 1459.045240] 0 [ 1459.052484] lowmem_reserve[]: [ 1459.073092] 2717 [ 1459.079950] 0 [ 1459.104561] 2718 [ 1459.111861] 0 [ 1459.137515] 2718 [ 1459.146642] 0 0 [ 1459.148427] 2718 [ 1459.153512] 0 [ 1459.157361] Node 0 [ 1459.157363] Node 0 DMA: [ 1459.159590] DMA32 free:18008kB min:36200kB low:45248kB high:54296kB active_anon:977912kB inactive_anon:26964kB active_file:48kB inactive_file:52kB unevictable:0kB writepending:0kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:27168kB pagetables:63972kB bounce:0kB free_pcp:184kB local_pcp:56kB free_cma:0kB [ 1459.163576] 0*4kB [ 1459.192846] lowmem_reserve[]: 0 0 0 0 0 [ 1459.198520] 1*8kB [ 1459.198966] Node 0 [ 1459.198969] (U) 1*16kB [ 1459.201135] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1459.201140] lowmem_reserve[]: [ 1459.203364] (U) [ 1459.205926] 0 0 [ 1459.237925] 0*32kB 1*64kB (U) 1*128kB (U) [ 1459.239926] 0 0 [ 1459.244146] 0*256kB [ 1459.244152] 0 [ 1459.246139] 1*512kB [ 1459.254569] Node 1 Normal free:26396kB min:53696kB low:67120kB high:80544kB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1459.257308] (U) [ 1459.284293] lowmem_reserve[]: 0 0 0 0 0 [ 1459.289331] 0*1024kB 1*2048kB (M) 2*4096kB [ 1459.290341] Node 0 DMA: [ 1459.294649] (M) [ 1459.294656] 0*4kB [ 1459.297304] = 10968kB [ 1459.299256] 1*8kB (U) 1*16kB (U) 0*32kB 1*64kB (U) 1*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10968kB [ 1459.308456] Node 0 DMA32: 2586*4kB [ 1459.317542] Node 0 DMA32: 2586*4kB (MEH) 518*8kB (UMEH) 93*16kB (MEH) 15*32kB (UMH) 5*64kB (UH) 4*128kB (UH) 1*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 18056kB [ 1459.328697] (MEH) [ 1459.338631] Node 0 Normal: 0*4kB 0*8kB 0*16kB [ 1459.340900] 518*8kB (UMEH) 93*16kB (MEH) 15*32kB (UMH) 5*64kB (UH) 4*128kB (UH) 1*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 18056kB [ 1459.347067] 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1459.365105] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB [ 1459.366293] Node 1 Normal: 5*4kB (ME) 3*8kB (ME) 5*16kB (UME) 5*32kB (ME) 4*64kB (UME) 2*128kB (UE) 2*256kB (ME) 1*512kB (E) 2*1024kB (ME) 3*2048kB (M) 4*4096kB (M) = 26396kB [ 1459.380562] 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1459.393355] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1459.397686] Node 1 [ 1459.405386] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1459.405393] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1459.405398] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1459.405402] 6961 total pagecache pages [ 1459.405411] 0 pages in swap cache [ 1459.405416] Swap cache stats: add 0, delete 0, find 0/0 [ 1459.405419] Free swap = 0kB [ 1459.405423] Total swap = 0kB [ 1459.405429] 2097051 pages RAM [ 1459.405432] 0 pages HighMem/MovableOnly [ 1459.405435] 363849 pages reserved [ 1459.405437] 0 pages cma reserved [ 1459.405444] Out of memory (oom_kill_allocating_task): Kill process 10590 (syz-fuzzer) score 0 or sacrifice child [ 1459.405496] Killed process 7976 (syz-executor.2) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 1459.489262] Normal: 5*4kB (ME) 3*8kB (ME) 5*16kB (UME) 5*32kB (ME) 4*64kB (UME) 2*128kB (UE) 2*256kB (ME) 1*512kB (E) 2*1024kB (ME) 3*2048kB (M) 4*4096kB (M) = 26396kB [ 1459.506578] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1459.525181] oom_reaper: reaped process 7976 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 1459.535114] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1459.545844] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 1459.558518] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1459.583066] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 1459.587865] CPU: 0 PID: 7964 Comm: syz-fuzzer Not tainted 4.14.231-syzkaller #0 [ 1459.595292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1459.604623] Call Trace: [ 1459.607196] dump_stack+0x1b2/0x281 [ 1459.610925] dump_header+0x178/0x82f [ 1459.614619] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1459.619700] ? ___ratelimit+0x2cd/0x530 [ 1459.623653] oom_kill_process.cold+0x10/0xa40 [ 1459.628133] out_of_memory+0xe3e/0x1190 [ 1459.632350] ? oom_killer_disable+0x1c0/0x1c0 [ 1459.636824] ? mutex_trylock+0x152/0x1a0 [ 1459.640889] __alloc_pages_nodemask+0x23e1/0x2720 [ 1459.645717] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1459.650549] alloc_pages_current+0x155/0x260 [ 1459.654940] filemap_fault+0x11a1/0x1ad0 [ 1459.658987] ext4_filemap_fault+0x84/0xb0 [ 1459.663118] __do_fault+0xfa/0x380 [ 1459.666638] __handle_mm_fault+0x2497/0x4620 [ 1459.671029] ? vm_insert_page+0x7c0/0x7c0 [ 1459.675158] ? lock_downgrade+0x740/0x740 [ 1459.679289] ? mark_held_locks+0xa6/0xf0 [ 1459.683339] handle_mm_fault+0x455/0x9c0 [ 1459.687380] __do_page_fault+0x549/0xad0 [ 1459.691423] ? spurious_fault+0x640/0x640 [ 1459.695547] ? do_page_fault+0x60/0x500 [ 1459.699610] ? page_fault+0x2f/0x50 [ 1459.703213] page_fault+0x45/0x50 [ 1459.706642] RIP: 0000:0x9414d4 [ 1459.709813] RSP: 2e000:000000c00003df00 EFLAGS: 0043b6a0 [ 1460.328946] Mem-Info: [ 1460.660974] active_anon:200741 inactive_anon:6741 isolated_anon:0 [ 1460.660974] active_file:241 inactive_file:894 isolated_file:0 [ 1460.660974] unevictable:0 dirty:50 writeback:0 unstable:0 [ 1460.660974] slab_reclaimable:21326 slab_unreclaimable:114389 [ 1460.660974] mapped:55890 shmem:6935 pagetables:11748 bounce:0 [ 1460.660974] free:67793 free_pcp:349 free_cma:0 [ 1460.731430] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1460.875926] 8301 total pagecache pages [ 1460.880165] 0 pages in swap cache [ 1460.883627] Swap cache stats: add 0, delete 0, find 0/0 [ 1460.888987] Free swap = 0kB [ 1460.894502] Total swap = 0kB [ 1460.897531] 2097051 pages RAM [ 1460.902973] 0 pages HighMem/MovableOnly [ 1460.906962] 363849 pages reserved [ 1460.911955] 0 pages cma reserved [ 1460.915360] Node 0 active_anon:720952kB inactive_anon:26964kB active_file:964kB inactive_file:4372kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:197860kB dirty:400kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 446464kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1460.990083] Node 1 active_anon:24kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1461.020690] Node 0 DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1461.036839] ================================================================== [ 1461.054737] BUG: KASAN: use-after-free in hci_chan_del+0x1a7/0x1e0 [ 1461.061050] Read of size 8 at addr ffff8880a5436c18 by task syz-executor.5/27746 [ 1461.061184] lowmem_reserve[]: [ 1461.068566] [ 1461.068575] CPU: 0 PID: 27746 Comm: syz-executor.5 Not tainted 4.14.231-syzkaller #0 [ 1461.073518] 0 [ 1461.081130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1461.081134] Call Trace: [ 1461.081150] dump_stack+0x1b2/0x281 [ 1461.081164] print_address_description.cold+0x54/0x1d3 [ 1461.081175] kasan_report_error.cold+0x8a/0x191 [ 1461.081187] ? hci_chan_del+0x1a7/0x1e0 [ 1461.081194] __asan_report_load8_noabort+0x68/0x70 [ 1461.081202] ? hci_chan_del+0x1a7/0x1e0 [ 1461.085740] 2717 [ 1461.092847] hci_chan_del+0x1a7/0x1e0 [ 1461.092858] l2cap_conn_del+0x426/0x690 [ 1461.092869] ? __mutex_unlock_slowpath+0x75/0x770 [ 1461.092877] ? l2cap_conn_del+0x690/0x690 [ 1461.092883] l2cap_disconn_cfm+0x7c/0xb0 [ 1461.092891] hci_conn_hash_flush+0x127/0x260 [ 1461.092902] hci_dev_do_close+0x535/0xca0 [ 1461.092913] ? __fsnotify_inode_delete+0x20/0x20 [ 1461.098107] 2718 [ 1461.099208] hci_unregister_dev+0x17f/0x8c0 [ 1461.106439] 2718 [ 1461.109108] ? fcntl_setlk+0xdb0/0xdb0 [ 1461.114781] 2718 [ 1461.117980] ? vhci_close_dev+0x50/0x50 [ 1461.123970] vhci_release+0x70/0xe0 [ 1461.127743] Node 0 [ 1461.131709] __fput+0x25f/0x7a0 [ 1461.131722] task_work_run+0x11f/0x190 [ 1461.131735] do_exit+0xa44/0x2850 [ 1461.131745] ? do_raw_spin_unlock+0x164/0x220 [ 1461.131753] ? mm_update_next_owner+0x5b0/0x5b0 [ 1461.131762] ? get_signal+0x323/0x1ca0 [ 1461.141537] DMA32 free:356332kB min:36200kB low:45248kB high:54296kB active_anon:720668kB inactive_anon:26964kB active_file:1124kB inactive_file:5052kB unevictable:0kB writepending:408kB present:3129332kB managed:2788128kB mlocked:0kB kernel_stack:19904kB pagetables:40280kB bounce:0kB free_pcp:1408kB local_pcp:676kB free_cma:0kB [ 1461.144766] ? lock_acquire+0x170/0x3f0 [ 1461.149147] lowmem_reserve[]: [ 1461.153294] ? lock_downgrade+0x740/0x740 [ 1461.153304] do_group_exit+0x100/0x2e0 [ 1461.153315] get_signal+0x38d/0x1ca0 [ 1461.153323] ? do_futex+0x12b/0x1570 [ 1461.153331] ? lock_downgrade+0x740/0x740 [ 1461.153337] ? alloc_set_pte+0x44f/0x1610 [ 1461.153350] do_signal+0x7c/0x1550 [ 1461.153358] ? __handle_mm_fault+0x80f/0x4620 [ 1461.153369] ? setup_sigcontext+0x820/0x820 [ 1461.153374] ? vm_insert_page+0x7c0/0x7c0 [ 1461.153388] ? __do_page_fault+0x571/0xad0 [ 1461.153399] ? SyS_futex+0x1da/0x290 [ 1461.170641] 0 [ 1461.172479] ? SyS_futex+0x1e3/0x290 [ 1461.176425] 0 [ 1461.180041] ? exit_to_usermode_loop+0x41/0x200 [ 1461.180050] exit_to_usermode_loop+0x160/0x200 [ 1461.180060] do_syscall_64+0x4a3/0x640 [ 1461.180073] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1461.180080] RIP: 0033:0x466459 [ 1461.180084] RSP: 002b:00007f8e665f1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1461.180093] RAX: fffffffffffffe00 RBX: 000000000056bf68 RCX: 0000000000466459 [ 1461.180097] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf68 [ 1461.180101] RBP: 000000000056bf60 R08: 0000000000000000 R09: 0000000000000000 [ 1461.180105] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf6c [ 1461.180108] R13: 00007ffc8baee27f R14: 00007f8e665f1300 R15: 0000000000022000 [ 1461.180121] [ 1461.184538] 0 [ 1461.185592] Allocated by task 1354: [ 1461.190934] 0 [ 1461.192897] kasan_kmalloc+0xeb/0x160 [ 1461.197448] 0 [ 1461.202123] kmem_cache_alloc_trace+0x131/0x3d0 [ 1461.202130] sock_alloc_inode+0x5f/0x250 [ 1461.202137] alloc_inode+0x5d/0x170 [ 1461.202142] new_inode_pseudo+0x14/0xe0 [ 1461.202148] sock_alloc+0x3c/0x270 [ 1461.202154] __sock_create+0x8a/0x620 [ 1461.202159] SyS_socket+0xd1/0x1b0 [ 1461.202170] do_syscall_64+0x1d5/0x640 [ 1461.202177] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1461.202179] [ 1461.202183] Freed by task 17: [ 1461.202189] kasan_slab_free+0xc3/0x1a0 [ 1461.202194] kfree+0xc9/0x250 [ 1461.202200] rcu_process_callbacks+0x88b/0x1180 [ 1461.202209] __do_softirq+0x24d/0x9ff [ 1461.208266] Node 0 [ 1461.235280] [ 1461.235286] The buggy address belongs to the object at ffff8880a5436c00 [ 1461.235286] which belongs to the cache kmalloc-128 of size 128 [ 1461.235291] The buggy address is located 24 bytes inside of [ 1461.235291] 128-byte region [ffff8880a5436c00, ffff8880a5436c80) [ 1461.235294] The buggy address belongs to the page: [ 1461.235300] page:ffffea0002950d80 count:1 mapcount:0 mapping:ffff8880a5436000 index:0xffff8880a54366c0 [ 1461.235307] flags: 0xfff00000000100(slab) [ 1461.235316] raw: 00fff00000000100 ffff8880a5436000 ffff8880a54366c0 0000000100000007 [ 1461.235323] raw: ffffea0002aa5060 ffffea00024093e0 ffff88813fe80640 0000000000000000 [ 1461.235326] page dumped because: kasan: bad access detected [ 1461.235328] [ 1461.235330] Memory state around the buggy address: [ 1461.235336] ffff8880a5436b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1461.235342] ffff8880a5436b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1461.235347] >ffff8880a5436c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1461.235350] ^ [ 1461.235354] ffff8880a5436c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1461.235360] ffff8880a5436d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1461.235362] ================================================================== [ 1461.235365] Disabling lock debugging due to kernel taint [ 1461.271483] Kernel panic - not syncing: panic_on_warn set ... [ 1461.271483] [ 1461.289501] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1461.290798] CPU: 0 PID: 27746 Comm: syz-executor.5 Tainted: G B 4.14.231-syzkaller #0 [ 1461.292580] lowmem_reserve[]: [ 1461.296268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1461.298044] 0 [ 1461.302687] Call Trace: [ 1461.302704] dump_stack+0x1b2/0x281 [ 1461.302712] panic+0x1f9/0x42d [ 1461.302718] ? add_taint.cold+0x16/0x16 [ 1461.302726] ? ___preempt_schedule+0x16/0x18 [ 1461.302740] kasan_end_report+0x43/0x49 [ 1461.307900] 0 [ 1461.311164] kasan_report_error.cold+0xa7/0x191 [ 1461.311171] ? hci_chan_del+0x1a7/0x1e0 [ 1461.311179] __asan_report_load8_noabort+0x68/0x70 [ 1461.311184] ? hci_chan_del+0x1a7/0x1e0 [ 1461.311189] hci_chan_del+0x1a7/0x1e0 [ 1461.311197] l2cap_conn_del+0x426/0x690 [ 1461.316446] 0 [ 1461.319555] ? __mutex_unlock_slowpath+0x75/0x770 [ 1461.319562] ? l2cap_conn_del+0x690/0x690 [ 1461.319568] l2cap_disconn_cfm+0x7c/0xb0 [ 1461.319574] hci_conn_hash_flush+0x127/0x260 [ 1461.319583] hci_dev_do_close+0x535/0xca0 [ 1461.329489] 0 [ 1461.334530] ? __fsnotify_inode_delete+0x20/0x20 [ 1461.341864] 0 [ 1461.349050] hci_unregister_dev+0x17f/0x8c0 [ 1461.363543] ? fcntl_setlk+0xdb0/0xdb0 [ 1461.363551] ? vhci_close_dev+0x50/0x50 [ 1461.363558] vhci_release+0x70/0xe0 [ 1461.369564] Node 1 [ 1461.370559] __fput+0x25f/0x7a0 [ 1461.372343] Normal free:26396kB min:53696kB low:67120kB high:80544kB active_anon:24kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:124kB local_pcp:4kB free_cma:0kB [ 1461.376112] task_work_run+0x11f/0x190 [ 1461.377882] lowmem_reserve[]: [ 1461.382552] do_exit+0xa44/0x2850 [ 1461.382560] ? do_raw_spin_unlock+0x164/0x220 [ 1461.382567] ? mm_update_next_owner+0x5b0/0x5b0 [ 1461.382575] ? get_signal+0x323/0x1ca0 [ 1461.382583] ? lock_acquire+0x170/0x3f0 [ 1461.386702] 0 [ 1461.390225] ? lock_downgrade+0x740/0x740 [ 1461.390232] do_group_exit+0x100/0x2e0 [ 1461.390240] get_signal+0x38d/0x1ca0 [ 1461.390247] ? do_futex+0x12b/0x1570 [ 1461.390254] ? lock_downgrade+0x740/0x740 [ 1461.390262] ? alloc_set_pte+0x44f/0x1610 [ 1461.394275] 0 [ 1461.397735] do_signal+0x7c/0x1550 [ 1461.401563] 0 [ 1461.405026] ? __handle_mm_fault+0x80f/0x4620 [ 1461.408882] 0 [ 1461.414048] ? setup_sigcontext+0x820/0x820 [ 1461.414053] ? vm_insert_page+0x7c0/0x7c0 [ 1461.414063] ? __do_page_fault+0x571/0xad0 [ 1461.414072] ? SyS_futex+0x1da/0x290 [ 1461.828933] ? SyS_futex+0x1e3/0x290 [ 1461.832633] ? exit_to_usermode_loop+0x41/0x200 [ 1461.837281] exit_to_usermode_loop+0x160/0x200 [ 1461.841842] do_syscall_64+0x4a3/0x640 [ 1461.845711] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1461.850876] RIP: 0033:0x466459 [ 1461.854041] RSP: 002b:00007f8e665f1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1461.861725] RAX: fffffffffffffe00 RBX: 000000000056bf68 RCX: 0000000000466459 [ 1461.868973] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf68 [ 1461.876222] RBP: 000000000056bf60 R08: 0000000000000000 R09: 0000000000000000 [ 1461.883471] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf6c [ 1461.890722] R13: 00007ffc8baee27f R14: 00007f8e665f1300 R15: 0000000000022000 [ 1461.898576] Kernel Offset: disabled [ 1461.902189] Rebooting in 86400 seconds..