{{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2291.364762] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:16:46 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff\xfe\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2291.438677] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2291.477128] warn_alloc_show_mem: 1 callbacks suppressed [ 2291.477134] Mem-Info: [ 2291.486323] active_anon:142005 inactive_anon:4310 isolated_anon:0 [ 2291.486323] active_file:7878 inactive_file:68214 isolated_file:0 [ 2291.486323] unevictable:1 dirty:189 writeback:10 unstable:0 [ 2291.486323] slab_reclaimable:12637 slab_unreclaimable:123220 [ 2291.486323] mapped:55387 shmem:4487 pagetables:2135 bounce:0 [ 2291.486323] free:1165234 free_pcp:864 free_cma:0 [ 2291.565919] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2291.601553] Node 0 active_anon:565908kB inactive_anon:17236kB active_file:31516kB inactive_file:272928kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221448kB dirty:844kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 157696kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2291.646712] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2291.682161] lowmem_reserve[]: 0 2818 6321 6321 [ 2291.688104] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:1352kB free_cma:0kB [ 2291.742086] lowmem_reserve[]: 0 0 3503 3503 [ 2291.746855] Node 0 Normal free:1761856kB min:37364kB low:46704kB high:56044kB active_anon:565908kB inactive_anon:17236kB active_file:31516kB inactive_file:272928kB unevictable:4kB writepending:844kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8896kB pagetables:8364kB bounce:0kB free_pcp:2144kB local_pcp:1268kB free_cma:0kB [ 2291.782009] lowmem_reserve[]: 0 0 0 0 [ 2291.786007] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2291.806907] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2291.822409] Node 0 Normal: 1638*4kB (UME) 4400*8kB (UME) 156*16kB (UME) 11*32kB (UM) 230*64kB (ME) 153*128kB (UME) 20*256kB (UM) 4*512kB (UM) 0*1024kB 3*2048kB (UME) 409*4096kB (M) = 1767480kB [ 2291.839938] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2291.848884] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2291.848892] 80598 total pagecache pages [ 2291.848910] 0 pages in swap cache [ 2291.848921] Swap cache stats: add 0, delete 0, find 0/0 [ 2291.848933] Free swap = 0kB [ 2291.862553] Total swap = 0kB [ 2291.870717] 1965979 pages RAM [ 2291.877899] 0 pages HighMem/MovableOnly [ 2291.884439] 342853 pages reserved [ 2291.888072] 0 pages cma reserved [ 2291.891753] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2291.902781] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2291.908028] CPU: 1 PID: 25020 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2291.915411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2291.924764] Call Trace: [ 2291.927349] dump_stack+0x244/0x39d [ 2291.930966] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2291.936162] ? __video_do_ioctl+0x8b1/0x1050 [ 2291.940560] ? video_usercopy+0x5c1/0x1760 [ 2291.944791] ? video_ioctl2+0x2c/0x33 [ 2291.948615] ? do_vfs_ioctl+0x1de/0x1790 [ 2291.952690] warn_alloc.cold.116+0xb7/0x1bd [ 2291.957017] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2291.961870] ? zap_class+0x640/0x640 [ 2291.965599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2291.971144] ? check_preemption_disabled+0x48/0x280 [ 2291.976175] __vmalloc_node_range+0x472/0x750 [ 2291.980665] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2291.985676] ? vb2_vmalloc_alloc+0x123/0x380 [ 2291.990077] vmalloc_user+0x75/0x170 [ 2291.993783] ? vb2_vmalloc_alloc+0x123/0x380 [ 2291.998194] vb2_vmalloc_alloc+0x123/0x380 [ 2292.002434] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2292.007536] ? debug_mutex_wake_waiter+0x630/0x630 [ 2292.012473] ? mutex_destroy+0x200/0x200 [ 2292.016537] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2292.020850] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2292.025944] __vb2_queue_alloc+0x5e1/0xfa0 [ 2292.030183] ? vimc_cap_get_format+0x120/0x120 [ 2292.034754] vb2_core_create_bufs+0x401/0x8c0 [ 2292.039244] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2292.043647] ? debug_smp_processor_id+0x1c/0x20 [ 2292.048307] ? perf_trace_lock+0x14d/0x7a0 [ 2292.052550] ? __save_stack_trace+0x8d/0xf0 [ 2292.056913] vb2_create_bufs+0x4b6/0x8f0 [ 2292.060978] ? v4l2_ioctl+0x154/0x1b0 [ 2292.064778] ? vb2_request_queue+0x120/0x120 [ 2292.069240] ? find_held_lock+0x36/0x1c0 [ 2292.073310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2292.078849] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2292.083431] v4l_create_bufs+0x152/0x230 [ 2292.087482] __video_do_ioctl+0x8b1/0x1050 [ 2292.091720] ? v4l_s_fmt+0x990/0x990 [ 2292.095442] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2292.100978] video_usercopy+0x5c1/0x1760 [ 2292.105035] ? v4l_s_fmt+0x990/0x990 [ 2292.108788] ? v4l_enumstd+0x70/0x70 [ 2292.112517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2292.118055] ? find_held_lock+0x36/0x1c0 [ 2292.122115] ? __fget+0x4aa/0x740 [ 2292.125564] ? lock_downgrade+0x900/0x900 [ 2292.129714] ? check_preemption_disabled+0x48/0x280 [ 2292.134766] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2292.139685] ? kasan_check_read+0x11/0x20 [ 2292.143819] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2292.149137] ? rcu_softirq_qs+0x20/0x20 [ 2292.153130] ? __fget+0x4d1/0x740 [ 2292.156591] ? ksys_dup3+0x680/0x680 [ 2292.160297] ? __might_fault+0x12b/0x1e0 [ 2292.164350] ? video_usercopy+0x1760/0x1760 [ 2292.168663] video_ioctl2+0x2c/0x33 [ 2292.172313] v4l2_ioctl+0x154/0x1b0 [ 2292.175931] ? video_devdata+0xa0/0xa0 [ 2292.179811] do_vfs_ioctl+0x1de/0x1790 [ 2292.183694] ? ioctl_preallocate+0x300/0x300 [ 2292.188093] ? __fget_light+0x2e9/0x430 [ 2292.192064] ? fget_raw+0x20/0x20 [ 2292.195546] ? _copy_to_user+0xc8/0x110 [ 2292.199525] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2292.205076] ? put_timespec64+0x10f/0x1b0 [ 2292.209280] ? nsecs_to_jiffies+0x30/0x30 [ 2292.213423] ? do_syscall_64+0x9a/0x820 [ 2292.217391] ? do_syscall_64+0x9a/0x820 [ 2292.221380] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2292.225954] ? security_file_ioctl+0x94/0xc0 [ 2292.230356] ksys_ioctl+0xa9/0xd0 [ 2292.233800] __x64_sys_ioctl+0x73/0xb0 [ 2292.237685] do_syscall_64+0x1b9/0x820 [ 2292.241576] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2292.246942] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2292.251890] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2292.256741] ? trace_hardirqs_on_caller+0x310/0x310 [ 2292.261772] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2292.266797] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2292.271808] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2292.276656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2292.281849] RIP: 0033:0x457669 [ 2292.285051] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2292.303939] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2292.311634] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2292.318891] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2292.326152] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2292.333416] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2292.340689] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:16:47 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x400000000000000, 0xffffffffffffffff]}}}) 06:16:47 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x8000000000000000, r0, 0x0}]) 06:16:47 executing program 0: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000000)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300140006000000000000000000000000000000000008000500ac14141a080003000100000f010008"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x375, 0x0, 0x0, 0x0, 0x25dfdbfc}, 0x14}}, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$FUSE_IOCTL(r2, &(0x7f0000000280)={0x20, 0x0, 0x6, {0x7, 0x4, 0x200, 0x51f}}, 0x20) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0xd00}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000004080)='./file0\x00', 0xfffffffffffdffff) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) clock_gettime(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003dc0), 0x0, 0x0, &(0x7f0000003f40)) mount(&(0x7f0000000040)=@nullb='[d::]:/llb:\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)='\x00') openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0xf, 0x1fffff) lseek(r4, 0x0, 0x3) getpgrp(0xffffffffffffffff) ioctl$TCSBRK(r2, 0x5409, 0x7fff) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC(r5, 0x29, 0xcd, 0x0, 0x0) 06:16:47 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:47 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x600000000000000, 0xffffffffffffffff]}}}) 06:16:47 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\t\xa1\xa9[\x03Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2292.433243] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2292.443446] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2292.469898] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2292.478740] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2292.484329] CPU: 0 PID: 25066 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2292.491709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2292.501073] Call Trace: [ 2292.503714] dump_stack+0x244/0x39d [ 2292.507378] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2292.512616] ? __video_do_ioctl+0x8b1/0x1050 [ 2292.513412] kvm [25058]: vcpu0, guest rIP: 0x2db disabled perfctr wrmsr: 0xc2 data 0x4000 [ 2292.517052] ? video_usercopy+0x5c1/0x1760 [ 2292.517068] ? video_ioctl2+0x2c/0x33 [ 2292.517086] ? do_vfs_ioctl+0x1de/0x1790 [ 2292.517110] warn_alloc.cold.116+0xb7/0x1bd [ 2292.517159] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2292.517182] ? zap_class+0x640/0x640 [ 2292.517205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2292.556051] ? check_preemption_disabled+0x48/0x280 [ 2292.561126] __vmalloc_node_range+0x472/0x750 [ 2292.565658] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2292.570696] ? vb2_vmalloc_alloc+0x123/0x380 [ 2292.575144] vmalloc_user+0x75/0x170 [ 2292.578881] ? vb2_vmalloc_alloc+0x123/0x380 [ 2292.583305] vb2_vmalloc_alloc+0x123/0x380 [ 2292.587576] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2292.592701] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2292.597065] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2292.602187] __vb2_queue_alloc+0x5e1/0xfa0 [ 2292.606463] ? vimc_cap_get_format+0x120/0x120 [ 2292.606481] vb2_core_create_bufs+0x401/0x8c0 [ 2292.606504] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2292.620014] ? debug_smp_processor_id+0x1c/0x20 [ 2292.624702] ? perf_trace_lock+0x14d/0x7a0 [ 2292.628955] ? __save_stack_trace+0x8d/0xf0 [ 2292.633353] vb2_create_bufs+0x4b6/0x8f0 [ 2292.637428] ? v4l2_ioctl+0x154/0x1b0 [ 2292.641259] ? vb2_request_queue+0x120/0x120 [ 2292.645795] ? find_held_lock+0x36/0x1c0 [ 2292.649873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2292.655435] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2292.660061] v4l_create_bufs+0x152/0x230 [ 2292.664140] __video_do_ioctl+0x8b1/0x1050 [ 2292.668399] ? v4l_s_fmt+0x990/0x990 [ 2292.672160] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2292.677740] video_usercopy+0x5c1/0x1760 [ 2292.681820] ? v4l_s_fmt+0x990/0x990 [ 2292.685571] ? v4l_enumstd+0x70/0x70 [ 2292.689306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2292.694872] ? find_held_lock+0x36/0x1c0 [ 2292.698956] ? __fget+0x4aa/0x740 [ 2292.702422] ? lock_downgrade+0x900/0x900 [ 2292.706590] ? check_preemption_disabled+0x48/0x280 [ 2292.711625] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2292.716579] ? kasan_check_read+0x11/0x20 [ 2292.720748] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2292.726037] ? rcu_softirq_qs+0x20/0x20 [ 2292.730046] ? __fget+0x4d1/0x740 [ 2292.733540] ? ksys_dup3+0x680/0x680 [ 2292.737301] ? __might_fault+0x12b/0x1e0 [ 2292.741390] ? video_usercopy+0x1760/0x1760 [ 2292.745733] video_ioctl2+0x2c/0x33 [ 2292.749379] v4l2_ioctl+0x154/0x1b0 [ 2292.753026] ? video_devdata+0xa0/0xa0 [ 2292.756931] do_vfs_ioctl+0x1de/0x1790 [ 2292.760842] ? ioctl_preallocate+0x300/0x300 [ 2292.765262] ? __fget_light+0x2e9/0x430 [ 2292.769273] ? fget_raw+0x20/0x20 [ 2292.772736] ? _copy_to_user+0xc8/0x110 [ 2292.776727] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2292.782276] ? put_timespec64+0x10f/0x1b0 [ 2292.786434] ? nsecs_to_jiffies+0x30/0x30 [ 2292.790594] ? do_syscall_64+0x9a/0x820 [ 2292.794581] ? do_syscall_64+0x9a/0x820 [ 2292.798578] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2292.803173] ? security_file_ioctl+0x94/0xc0 [ 2292.807602] ksys_ioctl+0xa9/0xd0 [ 2292.811071] __x64_sys_ioctl+0x73/0xb0 [ 2292.814976] do_syscall_64+0x1b9/0x820 [ 2292.818873] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2292.824251] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2292.829189] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2292.834049] ? trace_hardirqs_on_caller+0x310/0x310 [ 2292.839118] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2292.844156] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2292.849192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2292.854081] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2292.859290] RIP: 0033:0x457669 [ 2292.862493] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 06:16:47 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = dup3(r0, r0, 0x80000) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000540)={'filter\x00', 0x7, 0x4, 0x480, 0x280, 0x0, 0x280, 0x398, 0x398, 0x398, 0x4, &(0x7f0000000080), {[{{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={[], 0x10}, @empty, @rand_addr=0x6, @multicast2, 0xf, 0xffffffff}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @local, @local, 0x2, 0xffffffff}}}, {{@uncond, 0xf0, 0x118}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x5}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4d0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x10000, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x1000000002e, &(0x7f0000000300)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x3a000000}, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "093a06", 0x8, 0x3a, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) 06:16:47 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x802) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[]) r2 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000500)='/dev/midi#\x00', 0x0, 0x200000) r4 = syz_open_dev$vcsn(&(0x7f0000000280)='/dev/vcs#\x00', 0x0, 0x20000) r5 = syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0x97b, 0x0) ioctl$EVIOCGKEYCODE(r3, 0x80084504, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='vmnet1security@systemem1:\x00'}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f0000000080), &(0x7f0000000480)=0x4) rmdir(&(0x7f0000001540)='./file0/file0\x00') perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r2, 0x1) mkdirat(r1, &(0x7f0000000580)='./file0/file0\x00', 0x10c) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=0000000000\t\x00\x00\x000ser_id=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',blksize=0x0000000000001c00,allow_other,max_read=0x0000000000000003,measure,\x00']) ppoll(&(0x7f00000001c0)=[{r6}], 0x2000000000000127, &(0x7f0000000240)={0x77359400}, &(0x7f0000001340), 0x8) umount2(&(0x7f0000000340)='./file0\x00', 0x0) r7 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r8 = openat$cgroup_procs(r7, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) stat(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r7, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r3, r9, r10) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r5, 0x84, 0x74, &(0x7f00000005c0)=""/227, &(0x7f0000000440)=0xe3) rmdir(&(0x7f0000000400)='./file0\x00') write$cgroup_pid(r8, &(0x7f00000000c0), 0x12) [ 2292.881506] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2292.889243] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2292.896522] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2292.903859] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2292.911136] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2292.918413] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:16:48 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2293.002187] warn_alloc_show_mem: 1 callbacks suppressed [ 2293.002192] Mem-Info: [ 2293.010347] active_anon:142551 inactive_anon:4311 isolated_anon:0 [ 2293.010347] active_file:7878 inactive_file:68245 isolated_file:0 [ 2293.010347] unevictable:1 dirty:236 writeback:0 unstable:0 [ 2293.010347] slab_reclaimable:12620 slab_unreclaimable:124343 [ 2293.010347] mapped:55363 shmem:4487 pagetables:2166 bounce:0 [ 2293.010347] free:1163577 free_pcp:579 free_cma:0 06:16:48 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfcfdffff, r0, 0x0}]) [ 2293.049392] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2293.068758] Node 0 active_anon:572356kB inactive_anon:17244kB active_file:31512kB inactive_file:272980kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221452kB dirty:944kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 165888kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 06:16:48 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2293.115863] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2293.146018] lowmem_reserve[]: 0 2818 6321 6321 [ 2293.151093] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:1352kB free_cma:0kB [ 2293.197311] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:16:48 executing program 0: r0 = socket(0x1e, 0x805, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x100) ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f00000000c0)={0x80, 0x9, 0x1, 0x7fffffff, 0x1, 0x101}) r2 = socket$inet(0x2, 0x840000000003, 0x2) setsockopt$inet_int(r2, 0x0, 0x5, &(0x7f0000000040)=0x1000800, 0x4) setsockopt$inet_int(r2, 0x0, 0xc8, &(0x7f0000bcf000), 0x4) r3 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) r4 = socket(0x1000000001e, 0x805, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x57) r5 = socket$inet6(0xa, 0x803, 0x3) ioctl(r5, 0x1000008912, &(0x7f0000000300)="0a5c2d023c126285718070") sendmsg$nl_route(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x818802}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@getrule={0x14, 0x22, 0x400, 0x70bd26, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc881}, 0x40) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000100)=@req3={0x80000000, 0x1}, 0x159) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x2, 0x3ff}, 0x94) sendmsg(r0, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000000)='memory.events\x00', 0x0, 0x0) close(r0) [ 2293.369564] lowmem_reserve[]: 0 0 3503 3503 [ 2293.374611] Node 0 Normal free:1748200kB min:37364kB low:46704kB high:56044kB active_anon:572284kB inactive_anon:17244kB active_file:31512kB inactive_file:272980kB unevictable:4kB writepending:944kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:9056kB pagetables:8516kB bounce:0kB free_pcp:2100kB local_pcp:1120kB free_cma:0kB [ 2293.410649] lowmem_reserve[]: 0 0 0 0 [ 2293.415000] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2293.429177] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2293.447796] Node 0 Normal: 1652*4kB (UE) 4435*8kB (UE) 85*16kB (UME) 4*32kB (UM) 230*64kB (ME) 152*128kB (UME) 17*256kB (UM) 4*512kB (UM) 0*1024kB 1*2048kB (E) 406*4096kB (M) = 1749176kB [ 2293.483944] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2293.493281] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2293.501972] 80620 total pagecache pages [ 2293.507178] 0 pages in swap cache [ 2293.510733] Swap cache stats: add 0, delete 0, find 0/0 [ 2293.519353] Free swap = 0kB [ 2293.522801] Total swap = 0kB [ 2293.526709] 1965979 pages RAM [ 2293.540151] 0 pages HighMem/MovableOnly [ 2293.558295] 342853 pages reserved [ 2293.564527] 0 pages cma reserved [ 2293.570920] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2293.582396] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2293.587750] CPU: 0 PID: 25071 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2293.595105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2293.604444] Call Trace: [ 2293.607043] dump_stack+0x244/0x39d [ 2293.610666] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2293.615851] ? __video_do_ioctl+0x8b1/0x1050 [ 2293.620250] ? video_usercopy+0x5c1/0x1760 [ 2293.624474] ? video_ioctl2+0x2c/0x33 [ 2293.628270] ? do_vfs_ioctl+0x1de/0x1790 [ 2293.632326] warn_alloc.cold.116+0xb7/0x1bd [ 2293.636641] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2293.641484] ? zap_class+0x640/0x640 [ 2293.645199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2293.650740] ? check_preemption_disabled+0x48/0x280 [ 2293.655762] __vmalloc_node_range+0x472/0x750 [ 2293.660263] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2293.665270] ? vb2_vmalloc_alloc+0x123/0x380 [ 2293.669669] vmalloc_user+0x75/0x170 [ 2293.673374] ? vb2_vmalloc_alloc+0x123/0x380 [ 2293.677771] vb2_vmalloc_alloc+0x123/0x380 [ 2293.682013] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2293.687140] ? debug_mutex_wake_waiter+0x630/0x630 [ 2293.692067] ? mutex_destroy+0x200/0x200 [ 2293.696167] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2293.700479] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2293.705583] __vb2_queue_alloc+0x5e1/0xfa0 [ 2293.709838] ? vimc_cap_get_format+0x120/0x120 [ 2293.714410] vb2_core_create_bufs+0x401/0x8c0 [ 2293.718900] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2293.723315] ? debug_smp_processor_id+0x1c/0x20 [ 2293.727975] ? perf_trace_lock+0x14d/0x7a0 [ 2293.732203] ? __save_stack_trace+0x8d/0xf0 [ 2293.736586] vb2_create_bufs+0x4b6/0x8f0 [ 2293.740646] ? v4l2_ioctl+0x154/0x1b0 [ 2293.744458] ? vb2_request_queue+0x120/0x120 [ 2293.748876] ? find_held_lock+0x36/0x1c0 [ 2293.752943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2293.758473] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2293.763051] v4l_create_bufs+0x152/0x230 [ 2293.767106] __video_do_ioctl+0x8b1/0x1050 [ 2293.771336] ? v4l_s_fmt+0x990/0x990 [ 2293.775063] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2293.780608] video_usercopy+0x5c1/0x1760 [ 2293.784665] ? v4l_s_fmt+0x990/0x990 [ 2293.788373] ? v4l_enumstd+0x70/0x70 [ 2293.792076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2293.797627] ? find_held_lock+0x36/0x1c0 [ 2293.801687] ? __fget+0x4aa/0x740 [ 2293.805133] ? lock_downgrade+0x900/0x900 [ 2293.809286] ? check_preemption_disabled+0x48/0x280 [ 2293.814295] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2293.819226] ? kasan_check_read+0x11/0x20 [ 2293.823373] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2293.828653] ? rcu_softirq_qs+0x20/0x20 [ 2293.832623] ? __fget+0x4d1/0x740 [ 2293.836069] ? ksys_dup3+0x680/0x680 [ 2293.839789] ? __might_fault+0x12b/0x1e0 [ 2293.843866] ? video_usercopy+0x1760/0x1760 [ 2293.848186] video_ioctl2+0x2c/0x33 [ 2293.851823] v4l2_ioctl+0x154/0x1b0 [ 2293.855440] ? video_devdata+0xa0/0xa0 [ 2293.859323] do_vfs_ioctl+0x1de/0x1790 [ 2293.863202] ? ioctl_preallocate+0x300/0x300 [ 2293.867615] ? __fget_light+0x2e9/0x430 [ 2293.871578] ? fget_raw+0x20/0x20 [ 2293.875036] ? _copy_to_user+0xc8/0x110 [ 2293.879017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2293.884560] ? put_timespec64+0x10f/0x1b0 [ 2293.888714] ? nsecs_to_jiffies+0x30/0x30 [ 2293.892858] ? do_syscall_64+0x9a/0x820 [ 2293.896823] ? do_syscall_64+0x9a/0x820 [ 2293.900789] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2293.905363] ? security_file_ioctl+0x94/0xc0 [ 2293.909765] ksys_ioctl+0xa9/0xd0 [ 2293.913211] __x64_sys_ioctl+0x73/0xb0 [ 2293.917088] do_syscall_64+0x1b9/0x820 [ 2293.920965] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2293.926326] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2293.931248] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2293.936087] ? trace_hardirqs_on_caller+0x310/0x310 [ 2293.941091] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2293.946110] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2293.951152] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2293.956001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2293.961179] RIP: 0033:0x457669 [ 2293.964361] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2293.983249] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2293.990944] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2293.998213] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2294.005482] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2294.012757] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2294.020034] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2294.027977] Mem-Info: [ 2294.030449] active_anon:141487 inactive_anon:4311 isolated_anon:0 [ 2294.030449] active_file:7878 inactive_file:68255 isolated_file:0 [ 2294.030449] unevictable:1 dirty:239 writeback:0 unstable:0 [ 2294.030449] slab_reclaimable:12621 slab_unreclaimable:122052 [ 2294.030449] mapped:55364 shmem:4487 pagetables:2059 bounce:0 [ 2294.030449] free:1166786 free_pcp:1082 free_cma:0 [ 2294.064736] Node 0 active_anon:565948kB inactive_anon:17244kB active_file:31512kB inactive_file:273020kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221456kB dirty:956kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 165888kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2294.093328] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2294.119571] lowmem_reserve[]: 0 2818 6321 6321 [ 2294.124244] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:72kB free_cma:0kB [ 2294.152059] lowmem_reserve[]: 0 0 3503 3503 [ 2294.156401] Node 0 Normal free:1763880kB min:37364kB low:46704kB high:56044kB active_anon:565948kB inactive_anon:17244kB active_file:31512kB inactive_file:273020kB unevictable:4kB writepending:956kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8928kB pagetables:8236kB bounce:0kB free_pcp:2900kB local_pcp:1464kB free_cma:0kB [ 2294.186715] lowmem_reserve[]: 0 0 0 0 [ 2294.190540] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2294.204214] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2294.219438] Node 0 Normal: 1652*4kB (UE) 4977*8kB (UE) 293*16kB (UME) 13*32kB (UM) 230*64kB (ME) 152*128kB (UME) 19*256kB (UM) 4*512kB (UM) 0*1024kB 4*2048kB (ME) 406*4096kB (M) = 1763784kB 06:16:49 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x6c00000000000000, 0xffffffffffffffff]}}}) 06:16:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:49 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x8000000, r0, 0x0}]) 06:16:49 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x06\xa1\xa9[\x03Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2294.236574] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2294.245449] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2294.254094] 80620 total pagecache pages [ 2294.258076] 0 pages in swap cache [ 2294.261545] Swap cache stats: add 0, delete 0, find 0/0 [ 2294.266944] Free swap = 0kB [ 2294.269981] Total swap = 0kB [ 2294.273067] 1965979 pages RAM [ 2294.276167] 0 pages HighMem/MovableOnly [ 2294.280122] 342853 pages reserved [ 2294.283642] 0 pages cma reserved 06:16:49 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x20000000, 0xffffffffffffffff]}}}) 06:16:49 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) getsockopt$inet6_int(r0, 0x29, 0x50, &(0x7f00000000c0), &(0x7f0000000000)=0x32c) pwritev(r0, &(0x7f0000000100)=[{&(0x7f00000001c0)="67a80ea72dc502a8d3a5188e1cb7e68f8750ffd0de67d5c844f54202adf6389b6c30bd7ff030479d543fd54daf22c74f8c6e3a0da45f320742ffbc02dd5f84f5110446f1b324e1c0e4ed10142352b584b58d419ae6b94c63ea91c9518c935b957299711360b90db0d9341544f8fd56930a915596e1e4bb3cb4beae4d3a5b679c381f68b02ad25f984a8562b346d9efcf699ca5c24aea8809c8232af7caf64e93e346cf1e435185b65861ed5060d337a1c382f114874f634679cfef45002b5ee775c23f80cb3549504e12dc1db13d64dbdbdd314ab25ce6645948d2e5c4d16ca571d8c9b2a56310142dc846bc0b5122ebef8ac88e4abcbce7", 0xf8}, {&(0x7f0000000300)="6febd0108e15f04cc3364a2de4eb6c4331ed145532f8a349e0a3421c2cb31410cf5cd6e6b9d9166d80d306b5ab28d83e5cc405398a354f0c0d0686000f68577bc7150b2269552a249dee79bdc192fc2750b9d4b3bb1b308f89562c8eae2d202386e2694d10369770a45d025095f903ebca07886a318139c054908ec46eeee30f87e209a6df7b447b0eaa0769f180c77a7c7ddad29a4b251cf4ee0de92f71a7441fd5e0494f7569fdd06177a4751ee1da3d146efc47363c6847c73fb4544a651436c40b0095a8a266b9f870", 0xcb}, {&(0x7f0000000040)="763e3daf15a9feeb5f706ba236eec9d6b1012d0b6d1153d55ea3b4c55a60f04d86ff0ada6c22b05db12efdc3071cd22e02aa9bc8fb8f6440b7b1674d9626455e54f7a63e12cad5f14274bc152bbbaca4632f", 0x52}, {&(0x7f0000000400)="4c7832289fe8f3dd611221e057336a4c32856038f4056606b9c98dbcd2fa114c57b24eb96c43697f9cf69afa694e3961c933d663cc440c19162085cc8f9f8865cc1a632ad8bc4f59d4615445ae403ec8f8d46136674e0b32ca958b3c0698c03f24d7623eb8b185d72b18adc331bea9aa59334db551206edc0fabf13cca57dc02d0e39e9217cf19d0cece1d81bc67718b64ffdcb703e38aaddb8e06e73366d070046ee1a84fc901d4f08e885faa0d331b9f0b26fd39489db4ac69e500c4799917b1e11d540f9a3d01cf394e39644807fb3c7aef7b21", 0xd5}], 0x4, 0x0) [ 2294.339528] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2294.374926] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2294.386810] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2294.405051] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2294.410722] CPU: 0 PID: 25115 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2294.418099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2294.427577] Call Trace: [ 2294.430195] dump_stack+0x244/0x39d [ 2294.433926] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2294.433950] ? __video_do_ioctl+0x8b1/0x1050 [ 2294.433976] ? video_usercopy+0x5c1/0x1760 [ 2294.443560] ? video_ioctl2+0x2c/0x33 [ 2294.443579] ? do_vfs_ioctl+0x1de/0x1790 [ 2294.443605] warn_alloc.cold.116+0xb7/0x1bd [ 2294.443623] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2294.443647] ? zap_class+0x640/0x640 [ 2294.468604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2294.474164] ? check_preemption_disabled+0x48/0x280 [ 2294.479214] __vmalloc_node_range+0x472/0x750 [ 2294.483734] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2294.488770] ? vb2_vmalloc_alloc+0x123/0x380 [ 2294.493194] vmalloc_user+0x75/0x170 [ 2294.496937] ? vb2_vmalloc_alloc+0x123/0x380 [ 2294.501358] vb2_vmalloc_alloc+0x123/0x380 [ 2294.505613] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2294.507389] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2294.510740] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2294.510761] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2294.510780] __vb2_queue_alloc+0x5e1/0xfa0 [ 2294.510818] ? vimc_cap_get_format+0x120/0x120 06:16:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2294.537173] vb2_core_create_bufs+0x401/0x8c0 [ 2294.541688] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2294.546144] ? debug_smp_processor_id+0x1c/0x20 [ 2294.550833] ? perf_trace_lock+0x14d/0x7a0 [ 2294.555092] ? __save_stack_trace+0x8d/0xf0 [ 2294.559461] vb2_create_bufs+0x4b6/0x8f0 [ 2294.563553] ? v4l2_ioctl+0x154/0x1b0 [ 2294.567379] ? vb2_request_queue+0x120/0x120 [ 2294.571808] ? find_held_lock+0x36/0x1c0 [ 2294.575892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2294.579746] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:16:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2294.581453] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2294.581481] v4l_create_bufs+0x152/0x230 [ 2294.581518] __video_do_ioctl+0x8b1/0x1050 [ 2294.602561] ? v4l_s_fmt+0x990/0x990 [ 2294.606297] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2294.611884] video_usercopy+0x5c1/0x1760 [ 2294.615963] ? v4l_s_fmt+0x990/0x990 [ 2294.619696] ? v4l_enumstd+0x70/0x70 [ 2294.623421] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2294.623446] ? find_held_lock+0x36/0x1c0 [ 2294.623473] ? __fget+0x4aa/0x740 [ 2294.623491] ? lock_downgrade+0x900/0x900 06:16:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2294.623539] ? check_preemption_disabled+0x48/0x280 [ 2294.645727] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2294.650675] ? kasan_check_read+0x11/0x20 [ 2294.653952] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2294.654853] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2294.654886] ? rcu_softirq_qs+0x20/0x20 [ 2294.654918] ? __fget+0x4d1/0x740 [ 2294.654941] ? ksys_dup3+0x680/0x680 [ 2294.679527] ? __might_fault+0x12b/0x1e0 [ 2294.683619] ? video_usercopy+0x1760/0x1760 [ 2294.687953] video_ioctl2+0x2c/0x33 [ 2294.691597] v4l2_ioctl+0x154/0x1b0 [ 2294.695245] ? video_devdata+0xa0/0xa0 [ 2294.699164] do_vfs_ioctl+0x1de/0x1790 [ 2294.703106] ? ioctl_preallocate+0x300/0x300 [ 2294.707551] ? __fget_light+0x2e9/0x430 [ 2294.711557] ? fget_raw+0x20/0x20 [ 2294.715026] ? _copy_to_user+0xc8/0x110 [ 2294.718021] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2294.719023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2294.719043] ? put_timespec64+0x10f/0x1b0 [ 2294.719063] ? nsecs_to_jiffies+0x30/0x30 06:16:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2294.719114] ? do_syscall_64+0x9a/0x820 [ 2294.719133] ? do_syscall_64+0x9a/0x820 [ 2294.749081] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2294.753687] ? security_file_ioctl+0x94/0xc0 [ 2294.753712] ksys_ioctl+0xa9/0xd0 [ 2294.753736] __x64_sys_ioctl+0x73/0xb0 [ 2294.761602] do_syscall_64+0x1b9/0x820 [ 2294.769363] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2294.774754] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2294.779702] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2294.784572] ? trace_hardirqs_on_caller+0x310/0x310 06:16:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2294.788219] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2294.789603] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2294.789624] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2294.789649] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2294.789672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2294.817923] RIP: 0033:0x457669 [ 2294.821129] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2294.840099] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2294.847834] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2294.855127] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2294.856586] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2294.862418] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2294.862429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2294.862439] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2294.894487] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2294.906209] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2294.925414] CPU: 1 PID: 25117 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2294.932805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2294.942185] Call Trace: [ 2294.944799] dump_stack+0x244/0x39d [ 2294.948452] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2294.953680] ? __video_do_ioctl+0x8b1/0x1050 [ 2294.958106] ? video_usercopy+0x5c1/0x1760 [ 2294.962369] ? video_ioctl2+0x2c/0x33 [ 2294.966218] ? do_vfs_ioctl+0x1de/0x1790 [ 2294.970300] warn_alloc.cold.116+0xb7/0x1bd [ 2294.970320] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2294.970343] ? zap_class+0x640/0x640 [ 2294.970368] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2294.970392] ? check_preemption_disabled+0x48/0x280 [ 2294.979616] __vmalloc_node_range+0x472/0x750 [ 2294.979642] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2294.979663] ? vb2_vmalloc_alloc+0x123/0x380 [ 2294.979682] vmalloc_user+0x75/0x170 [ 2294.979700] ? vb2_vmalloc_alloc+0x123/0x380 [ 2295.015974] vb2_vmalloc_alloc+0x123/0x380 [ 2295.020202] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2295.025309] ? debug_mutex_wake_waiter+0x630/0x630 [ 2295.030246] ? mutex_destroy+0x200/0x200 [ 2295.034324] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2295.038662] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2295.043791] __vb2_queue_alloc+0x5e1/0xfa0 [ 2295.048072] ? vimc_cap_get_format+0x120/0x120 [ 2295.052666] vb2_core_create_bufs+0x401/0x8c0 [ 2295.057180] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2295.061608] ? debug_smp_processor_id+0x1c/0x20 [ 2295.066295] ? perf_trace_lock+0x14d/0x7a0 [ 2295.070576] ? __save_stack_trace+0x8d/0xf0 [ 2295.074938] vb2_create_bufs+0x4b6/0x8f0 [ 2295.079138] ? v4l2_ioctl+0x154/0x1b0 [ 2295.079164] ? vb2_request_queue+0x120/0x120 [ 2295.079191] ? find_held_lock+0x36/0x1c0 [ 2295.079210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2295.079233] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2295.087444] v4l_create_bufs+0x152/0x230 [ 2295.087468] __video_do_ioctl+0x8b1/0x1050 [ 2295.087497] ? v4l_s_fmt+0x990/0x990 [ 2295.087532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2295.087556] video_usercopy+0x5c1/0x1760 [ 2295.123293] ? v4l_s_fmt+0x990/0x990 [ 2295.127044] ? v4l_enumstd+0x70/0x70 [ 2295.130778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2295.136352] ? find_held_lock+0x36/0x1c0 [ 2295.140437] ? __fget+0x4aa/0x740 [ 2295.143922] ? lock_downgrade+0x900/0x900 [ 2295.148092] ? check_preemption_disabled+0x48/0x280 [ 2295.153124] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2295.158172] ? kasan_check_read+0x11/0x20 [ 2295.162331] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2295.167621] ? rcu_softirq_qs+0x20/0x20 [ 2295.171635] ? __fget+0x4d1/0x740 [ 2295.175112] ? ksys_dup3+0x680/0x680 [ 2295.178845] ? __might_fault+0x12b/0x1e0 [ 2295.182932] ? video_usercopy+0x1760/0x1760 [ 2295.187280] video_ioctl2+0x2c/0x33 [ 2295.190925] v4l2_ioctl+0x154/0x1b0 [ 2295.194584] ? video_devdata+0xa0/0xa0 [ 2295.198481] do_vfs_ioctl+0x1de/0x1790 [ 2295.202390] ? ioctl_preallocate+0x300/0x300 [ 2295.207280] ? __fget_light+0x2e9/0x430 [ 2295.211433] ? fget_raw+0x20/0x20 [ 2295.214892] ? _copy_to_user+0xc8/0x110 [ 2295.218880] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2295.224426] ? put_timespec64+0x10f/0x1b0 [ 2295.228582] ? nsecs_to_jiffies+0x30/0x30 [ 2295.232740] ? do_syscall_64+0x9a/0x820 [ 2295.236718] ? do_syscall_64+0x9a/0x820 [ 2295.240702] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2295.245296] ? security_file_ioctl+0x94/0xc0 [ 2295.249714] ksys_ioctl+0xa9/0xd0 [ 2295.253196] __x64_sys_ioctl+0x73/0xb0 [ 2295.257095] do_syscall_64+0x1b9/0x820 [ 2295.260985] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2295.266357] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2295.271293] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2295.276152] ? trace_hardirqs_on_caller+0x310/0x310 [ 2295.281188] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2295.286215] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2295.291242] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2295.296117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2295.301312] RIP: 0033:0x457669 [ 2295.304528] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2295.323435] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2295.331172] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2295.338453] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2295.345723] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2295.353010] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2295.360311] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2295.386545] warn_alloc_show_mem: 1 callbacks suppressed [ 2295.386550] Mem-Info: [ 2295.395111] active_anon:142013 inactive_anon:4309 isolated_anon:0 [ 2295.395111] active_file:7878 inactive_file:68269 isolated_file:0 [ 2295.395111] unevictable:1 dirty:254 writeback:0 unstable:0 [ 2295.395111] slab_reclaimable:12615 slab_unreclaimable:125294 [ 2295.395111] mapped:55363 shmem:4487 pagetables:2067 bounce:0 [ 2295.395111] free:1162257 free_pcp:949 free_cma:0 [ 2295.449220] Node 0 active_anon:565892kB inactive_anon:17236kB active_file:31512kB inactive_file:273076kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221452kB dirty:1016kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 163840kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2295.478528] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2295.506707] lowmem_reserve[]: 0 2818 6321 6321 [ 2295.511410] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:1352kB free_cma:0kB [ 2295.539880] lowmem_reserve[]: 0 0 3503 3503 [ 2295.547125] Node 0 Normal free:1749064kB min:37364kB low:46704kB high:56044kB active_anon:565860kB inactive_anon:17248kB active_file:31512kB inactive_file:273100kB unevictable:4kB writepending:1044kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8928kB pagetables:8216kB bounce:0kB free_pcp:2744kB local_pcp:1388kB free_cma:0kB [ 2295.581994] lowmem_reserve[]: 0 0 0 0 [ 2295.585954] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2295.599851] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2295.615161] Node 0 Normal: 1816*4kB (UME) 4692*8kB (UE) 70*16kB (UME) 11*32kB (UM) 227*64kB (UME) 152*128kB (UME) 19*256kB (UM) 4*512kB (UM) 1*1024kB (U) 5*2048kB (UME) 403*4096kB (M) = 1749120kB [ 2295.632869] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2295.641758] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 06:16:50 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x6800000000000000, 0xffffffffffffffff]}}}) 06:16:50 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x20004800, 0xffffffffffffffff]}}}) 06:16:50 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x5, r0, 0x0}]) [ 2295.650397] 80641 total pagecache pages [ 2295.654430] 0 pages in swap cache [ 2295.654442] Swap cache stats: add 0, delete 0, find 0/0 [ 2295.654449] Free swap = 0kB [ 2295.654455] Total swap = 0kB [ 2295.654471] 1965979 pages RAM [ 2295.663361] 0 pages HighMem/MovableOnly [ 2295.663368] 342853 pages reserved [ 2295.663374] 0 pages cma reserved [ 2295.707411] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2295.718911] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2295.724967] CPU: 0 PID: 25144 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2295.732344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2295.741710] Call Trace: [ 2295.744305] dump_stack+0x244/0x39d [ 2295.747936] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2295.753129] ? __video_do_ioctl+0x8b1/0x1050 [ 2295.757557] ? video_usercopy+0x5c1/0x1760 [ 2295.761799] ? video_ioctl2+0x2c/0x33 [ 2295.765602] ? do_vfs_ioctl+0x1de/0x1790 [ 2295.769673] warn_alloc.cold.116+0xb7/0x1bd [ 2295.774003] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2295.778852] ? zap_class+0x640/0x640 [ 2295.782593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2295.788175] ? check_preemption_disabled+0x48/0x280 [ 2295.793234] __vmalloc_node_range+0x472/0x750 [ 2295.797757] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2295.802782] ? vb2_vmalloc_alloc+0x123/0x380 [ 2295.807206] vmalloc_user+0x75/0x170 [ 2295.810924] ? vb2_vmalloc_alloc+0x123/0x380 [ 2295.815325] vb2_vmalloc_alloc+0x123/0x380 [ 2295.819573] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2295.824686] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2295.828999] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2295.834100] __vb2_queue_alloc+0x5e1/0xfa0 [ 2295.838353] ? vimc_cap_get_format+0x120/0x120 [ 2295.842928] vb2_core_create_bufs+0x401/0x8c0 [ 2295.847437] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2295.851843] ? debug_smp_processor_id+0x1c/0x20 [ 2295.856523] ? perf_trace_lock+0x14d/0x7a0 [ 2295.860767] ? __save_stack_trace+0x8d/0xf0 [ 2295.865136] vb2_create_bufs+0x4b6/0x8f0 [ 2295.869198] ? v4l2_ioctl+0x154/0x1b0 [ 2295.873005] ? vb2_request_queue+0x120/0x120 [ 2295.877426] ? find_held_lock+0x36/0x1c0 [ 2295.881480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2295.887024] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2295.891632] v4l_create_bufs+0x152/0x230 [ 2295.895717] __video_do_ioctl+0x8b1/0x1050 [ 2295.899968] ? v4l_s_fmt+0x990/0x990 [ 2295.903698] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2295.909257] video_usercopy+0x5c1/0x1760 [ 2295.913311] ? v4l_s_fmt+0x990/0x990 [ 2295.917022] ? v4l_enumstd+0x70/0x70 [ 2295.920734] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2295.926273] ? find_held_lock+0x36/0x1c0 [ 2295.930348] ? __fget+0x4aa/0x740 [ 2295.933817] ? lock_downgrade+0x900/0x900 [ 2295.937973] ? check_preemption_disabled+0x48/0x280 [ 2295.943025] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2295.947960] ? kasan_check_read+0x11/0x20 [ 2295.952153] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2295.957430] ? rcu_softirq_qs+0x20/0x20 [ 2295.961399] ? __fget+0x4d1/0x740 [ 2295.964872] ? ksys_dup3+0x680/0x680 [ 2295.968732] ? __might_fault+0x12b/0x1e0 [ 2295.972802] ? video_usercopy+0x1760/0x1760 [ 2295.977133] video_ioctl2+0x2c/0x33 [ 2295.980752] v4l2_ioctl+0x154/0x1b0 [ 2295.984395] ? video_devdata+0xa0/0xa0 [ 2295.988292] do_vfs_ioctl+0x1de/0x1790 [ 2295.992180] ? ioctl_preallocate+0x300/0x300 [ 2295.996579] ? __fget_light+0x2e9/0x430 [ 2296.000562] ? fget_raw+0x20/0x20 [ 2296.004005] ? _copy_to_user+0xc8/0x110 [ 2296.007974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2296.013587] ? put_timespec64+0x10f/0x1b0 [ 2296.017730] ? nsecs_to_jiffies+0x30/0x30 [ 2296.021886] ? do_syscall_64+0x9a/0x820 [ 2296.025882] ? do_syscall_64+0x9a/0x820 [ 2296.029859] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2296.034450] ? security_file_ioctl+0x94/0xc0 [ 2296.038866] ksys_ioctl+0xa9/0xd0 [ 2296.042331] __x64_sys_ioctl+0x73/0xb0 [ 2296.046226] do_syscall_64+0x1b9/0x820 [ 2296.050105] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2296.055475] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2296.060393] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2296.065237] ? trace_hardirqs_on_caller+0x310/0x310 [ 2296.070243] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2296.075406] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2296.080459] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2296.085308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2296.090498] RIP: 0033:0x457669 [ 2296.093724] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2296.112615] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2296.120318] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2296.127577] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2296.134832] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2296.142101] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2296.149369] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2296.158847] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2296.170126] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2296.175863] CPU: 0 PID: 25148 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2296.183271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2296.192636] Call Trace: [ 2296.195252] dump_stack+0x244/0x39d [ 2296.198891] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2296.204092] ? __video_do_ioctl+0x8b1/0x1050 [ 2296.208506] ? video_usercopy+0x5c1/0x1760 [ 2296.212768] ? video_ioctl2+0x2c/0x33 [ 2296.216586] ? do_vfs_ioctl+0x1de/0x1790 [ 2296.220663] warn_alloc.cold.116+0xb7/0x1bd [ 2296.224993] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2296.229850] ? zap_class+0x640/0x640 [ 2296.233578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2296.239135] ? check_preemption_disabled+0x48/0x280 [ 2296.244185] __vmalloc_node_range+0x472/0x750 [ 2296.248692] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2296.253720] ? vb2_vmalloc_alloc+0x123/0x380 [ 2296.258153] vmalloc_user+0x75/0x170 [ 2296.261867] ? vb2_vmalloc_alloc+0x123/0x380 [ 2296.266290] vb2_vmalloc_alloc+0x123/0x380 [ 2296.270551] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2296.275665] ? debug_mutex_wake_waiter+0x630/0x630 [ 2296.280602] ? mutex_destroy+0x200/0x200 [ 2296.284680] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2296.288993] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2296.294088] __vb2_queue_alloc+0x5e1/0xfa0 [ 2296.298325] ? vimc_cap_get_format+0x120/0x120 [ 2296.302920] vb2_core_create_bufs+0x401/0x8c0 [ 2296.307408] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2296.311803] ? debug_smp_processor_id+0x1c/0x20 [ 2296.316459] ? perf_trace_lock+0x14d/0x7a0 [ 2296.320682] ? __save_stack_trace+0x8d/0xf0 [ 2296.325010] vb2_create_bufs+0x4b6/0x8f0 [ 2296.329076] ? v4l2_ioctl+0x154/0x1b0 [ 2296.332869] ? vb2_request_queue+0x120/0x120 [ 2296.337268] ? find_held_lock+0x36/0x1c0 [ 2296.341316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2296.346846] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2296.351421] v4l_create_bufs+0x152/0x230 [ 2296.355494] __video_do_ioctl+0x8b1/0x1050 [ 2296.359730] ? v4l_s_fmt+0x990/0x990 [ 2296.363440] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2296.368965] video_usercopy+0x5c1/0x1760 [ 2296.373013] ? v4l_s_fmt+0x990/0x990 [ 2296.376729] ? v4l_enumstd+0x70/0x70 [ 2296.380430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2296.385977] ? find_held_lock+0x36/0x1c0 [ 2296.390031] ? __fget+0x4aa/0x740 [ 2296.393479] ? lock_downgrade+0x900/0x900 [ 2296.397618] ? check_preemption_disabled+0x48/0x280 [ 2296.402641] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2296.407572] ? kasan_check_read+0x11/0x20 [ 2296.411721] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2296.417018] ? rcu_softirq_qs+0x20/0x20 [ 2296.420991] ? __fget+0x4d1/0x740 [ 2296.424437] ? ksys_dup3+0x680/0x680 [ 2296.428137] ? __might_fault+0x12b/0x1e0 [ 2296.432201] ? video_usercopy+0x1760/0x1760 [ 2296.436507] video_ioctl2+0x2c/0x33 [ 2296.440142] v4l2_ioctl+0x154/0x1b0 [ 2296.443760] ? video_devdata+0xa0/0xa0 [ 2296.447638] do_vfs_ioctl+0x1de/0x1790 [ 2296.451531] ? ioctl_preallocate+0x300/0x300 [ 2296.455934] ? __fget_light+0x2e9/0x430 [ 2296.459895] ? fget_raw+0x20/0x20 [ 2296.463338] ? _copy_to_user+0xc8/0x110 [ 2296.467304] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2296.472830] ? put_timespec64+0x10f/0x1b0 [ 2296.476964] ? nsecs_to_jiffies+0x30/0x30 [ 2296.481101] ? do_syscall_64+0x9a/0x820 [ 2296.485077] ? do_syscall_64+0x9a/0x820 [ 2296.489055] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2296.493631] ? security_file_ioctl+0x94/0xc0 [ 2296.498041] ksys_ioctl+0xa9/0xd0 [ 2296.501484] __x64_sys_ioctl+0x73/0xb0 [ 2296.505361] do_syscall_64+0x1b9/0x820 [ 2296.509235] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2296.514588] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2296.519503] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2296.524347] ? trace_hardirqs_on_caller+0x310/0x310 [ 2296.529351] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2296.534354] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2296.539362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2296.544210] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2296.549398] RIP: 0033:0x457669 [ 2296.552580] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2296.571467] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2296.579176] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2296.586431] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2296.593686] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2296.600940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 06:16:51 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00%\xa1\xa9[\x03Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:16:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:51 executing program 0: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000001c0)="9aee846cbcd9dd9d51502eb841f06100ecbd2779fc9a6a8689b96d00c4187718f1394e5f71b1bae2a1ff1b230e7ae4566ecce50d7432c329ef209ec22a817f3d7e92155042a064cf1caf892dcf69fc41e876ba08c76d2ec074e8255d560651abe22002a8b8a076c377a3e1486c3a906bac1d49b0d57631de92cc6ecd198a130bca2bfdc14e2bb216141552d4b4b6cb329c3582c49bb251a6c6f1307312b2c9b94040a7d3", 0xa4, 0x10, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10) r2 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x100000000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x2}) write$binfmt_elf64(r0, &(0x7f0000000780)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x7f, 0x80000000, 0x0, 0x0, 0x2, 0x3, 0x7294dade, 0x117, 0x40, 0x395, 0x6, 0x20, 0x38, 0x2, 0x30c9ed6d, 0x9, 0x23fdf94e}, [{0x0, 0x9, 0x3, 0x400, 0x8, 0xa, 0x10001, 0xffffffffffffffff}, {0x0, 0x4, 0x800, 0x0, 0xfffffffffffffffb, 0x400000000, 0x0, 0x7fff}], "7c0b9df3ab765878c26bbfc44c80669894411da2d08ccfa897d55c6d6899c52be1341af7c7ae872e54bbca16059f3af4e6e4edbd1138f11f8f75305d9667bce98527b982f1af9f361e89735a37ffa9ae7f9708749ec1af4dbee4565986c6cd73d874d3199bffe34491"}, 0x119) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x9, 0xffffffffffffffff, 0x3ff, 0x0, 0x8, 0x2000, 0xe, 0xcfe, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x648f, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x7, 0x200, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x4, @perf_bp={0x0, 0x8}, 0x100, 0x8, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) r3 = add_key$keyring(&(0x7f0000000700)='keyring\x00', &(0x7f0000000740)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="a19e30ae678aabadc7cf8282217964d1358c2591870c0a53449e2a22baa8558bd56e17e66de9957749dc3b997e31bb342e1db7", 0x33}], 0x1, r3) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') memfd_create(&(0x7f0000000100)='IPVS\x00', 0x2) [ 2296.608193] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2296.635225] warn_alloc_show_mem: 1 callbacks suppressed [ 2296.635231] Mem-Info: [ 2296.640696] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2296.663907] active_anon:142550 inactive_anon:4311 isolated_anon:0 [ 2296.663907] active_file:7878 inactive_file:68293 isolated_file:0 [ 2296.663907] unevictable:1 dirty:278 writeback:0 unstable:0 06:16:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:51 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x8, r0, 0x0}]) [ 2296.663907] slab_reclaimable:12581 slab_unreclaimable:121592 [ 2296.663907] mapped:55363 shmem:4487 pagetables:2165 bounce:0 [ 2296.663907] free:1165499 free_pcp:744 free_cma:0 06:16:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2296.775842] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2296.782526] Node 0 active_anon:574528kB inactive_anon:17244kB active_file:31512kB inactive_file:273172kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221652kB dirty:1112kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 159744kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 06:16:52 executing program 0: socketpair$unix(0x1, 0x80003, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6(0xa, 0x400000000001, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x46) [ 2296.854780] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2296.898832] lowmem_reserve[]: 0 2818 6321 6321 06:16:52 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x7ffffffff000, r0, 0x0}]) [ 2296.901082] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2296.905239] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:72kB free_cma:0kB [ 2296.940337] lowmem_reserve[]: 0 0 3503 3503 06:16:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2296.949936] Node 0 Normal free:1763216kB min:37364kB low:46704kB high:56044kB active_anon:572296kB inactive_anon:17244kB active_file:31512kB inactive_file:273172kB unevictable:4kB writepending:1112kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:9120kB pagetables:8512kB bounce:0kB free_pcp:2660kB local_pcp:1200kB free_cma:0kB [ 2296.996884] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2297.018287] lowmem_reserve[]: 0 0 0 0 [ 2297.026617] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2297.051348] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2297.071372] Node 0 Normal: 6126*4kB (UE) 4817*8kB (UME) 165*16kB (UE) 15*32kB (UM) 228*64kB (UME) 152*128kB (UME) 19*256kB (UM) 4*512kB (UM) 1*1024kB (U) 3*2048kB (UME) 402*4096kB (M) = 1760880kB [ 2297.091186] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2297.100250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2297.115395] 80658 total pagecache pages [ 2297.126408] 0 pages in swap cache [ 2297.133459] Swap cache stats: add 0, delete 0, find 0/0 [ 2297.141064] Free swap = 0kB [ 2297.144905] Total swap = 0kB [ 2297.148186] 1965979 pages RAM [ 2297.151446] 0 pages HighMem/MovableOnly [ 2297.157200] 342853 pages reserved [ 2297.160827] 0 pages cma reserved [ 2297.165009] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2297.182966] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2297.194225] CPU: 1 PID: 25144 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2297.201610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2297.211455] Call Trace: [ 2297.214080] dump_stack+0x244/0x39d [ 2297.217733] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2297.222943] ? __video_do_ioctl+0x8b1/0x1050 [ 2297.227382] ? video_usercopy+0x5c1/0x1760 [ 2297.231631] ? video_ioctl2+0x2c/0x33 [ 2297.235449] ? do_vfs_ioctl+0x1de/0x1790 [ 2297.239555] warn_alloc.cold.116+0xb7/0x1bd [ 2297.243892] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2297.248805] ? zap_class+0x640/0x640 [ 2297.252552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2297.258112] ? check_preemption_disabled+0x48/0x280 [ 2297.263172] __vmalloc_node_range+0x472/0x750 [ 2297.267703] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2297.272739] ? vb2_vmalloc_alloc+0x123/0x380 [ 2297.277189] vmalloc_user+0x75/0x170 [ 2297.280913] ? vb2_vmalloc_alloc+0x123/0x380 [ 2297.285336] vb2_vmalloc_alloc+0x123/0x380 [ 2297.289598] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2297.294718] ? debug_mutex_wake_waiter+0x630/0x630 [ 2297.299662] ? mutex_destroy+0x200/0x200 [ 2297.303735] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2297.308073] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2297.313188] __vb2_queue_alloc+0x5e1/0xfa0 [ 2297.317465] ? vimc_cap_get_format+0x120/0x120 [ 2297.322099] vb2_core_create_bufs+0x401/0x8c0 [ 2297.326616] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2297.331050] ? debug_smp_processor_id+0x1c/0x20 [ 2297.335738] ? perf_trace_lock+0x14d/0x7a0 [ 2297.339984] ? __save_stack_trace+0x8d/0xf0 [ 2297.344360] vb2_create_bufs+0x4b6/0x8f0 [ 2297.348436] ? v4l2_ioctl+0x154/0x1b0 [ 2297.352255] ? vb2_request_queue+0x120/0x120 [ 2297.356682] ? find_held_lock+0x36/0x1c0 [ 2297.360756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2297.366312] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2297.370914] v4l_create_bufs+0x152/0x230 [ 2297.374993] __video_do_ioctl+0x8b1/0x1050 [ 2297.379271] ? v4l_s_fmt+0x990/0x990 [ 2297.383011] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2297.388586] video_usercopy+0x5c1/0x1760 [ 2297.392662] ? v4l_s_fmt+0x990/0x990 [ 2297.396414] ? v4l_enumstd+0x70/0x70 [ 2297.400140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2297.405711] ? find_held_lock+0x36/0x1c0 [ 2297.409796] ? __fget+0x4aa/0x740 [ 2297.413278] ? lock_downgrade+0x900/0x900 [ 2297.417459] ? check_preemption_disabled+0x48/0x280 [ 2297.422486] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2297.427430] ? kasan_check_read+0x11/0x20 [ 2297.431586] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2297.436849] ? rcu_softirq_qs+0x20/0x20 [ 2297.440819] ? __fget+0x4d1/0x740 [ 2297.444296] ? ksys_dup3+0x680/0x680 [ 2297.448016] ? __might_fault+0x12b/0x1e0 [ 2297.452106] ? video_usercopy+0x1760/0x1760 [ 2297.456422] video_ioctl2+0x2c/0x33 [ 2297.460045] v4l2_ioctl+0x154/0x1b0 [ 2297.463663] ? video_devdata+0xa0/0xa0 [ 2297.467551] do_vfs_ioctl+0x1de/0x1790 [ 2297.471432] ? ioctl_preallocate+0x300/0x300 [ 2297.475828] ? __fget_light+0x2e9/0x430 [ 2297.479793] ? fget_raw+0x20/0x20 [ 2297.483248] ? _copy_to_user+0xc8/0x110 [ 2297.487225] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2297.492766] ? put_timespec64+0x10f/0x1b0 [ 2297.496931] ? nsecs_to_jiffies+0x30/0x30 [ 2297.501086] ? do_syscall_64+0x9a/0x820 [ 2297.505068] ? do_syscall_64+0x9a/0x820 [ 2297.509061] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2297.513634] ? security_file_ioctl+0x94/0xc0 [ 2297.518065] ksys_ioctl+0xa9/0xd0 [ 2297.521532] __x64_sys_ioctl+0x73/0xb0 [ 2297.525429] do_syscall_64+0x1b9/0x820 [ 2297.529304] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2297.534659] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2297.539621] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2297.544455] ? trace_hardirqs_on_caller+0x310/0x310 [ 2297.549460] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2297.554463] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2297.559472] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2297.564308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2297.569497] RIP: 0033:0x457669 [ 2297.572728] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2297.591624] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2297.599318] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2297.606586] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000004 [ 2297.613856] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2297.621110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2297.628366] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:16:52 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0xfecaedfe, 0xffffffffffffffff]}}}) 06:16:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:52 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe00, r0, 0x0}]) [ 2297.708083] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2297.725112] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2297.759891] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2297.765597] CPU: 0 PID: 25191 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2297.772978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2297.782336] Call Trace: [ 2297.782369] dump_stack+0x244/0x39d [ 2297.782400] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2297.782423] ? __video_do_ioctl+0x8b1/0x1050 [ 2297.782446] ? video_usercopy+0x5c1/0x1760 [ 2297.788657] ? video_ioctl2+0x2c/0x33 [ 2297.788676] ? do_vfs_ioctl+0x1de/0x1790 [ 2297.788702] warn_alloc.cold.116+0xb7/0x1bd [ 2297.810398] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2297.810421] ? zap_class+0x640/0x640 [ 2297.810446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2297.819597] ? check_preemption_disabled+0x48/0x280 [ 2297.819637] __vmalloc_node_range+0x472/0x750 [ 2297.838384] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2297.843431] ? vb2_vmalloc_alloc+0x123/0x380 [ 2297.847866] vmalloc_user+0x75/0x170 [ 2297.851596] ? vb2_vmalloc_alloc+0x123/0x380 [ 2297.856027] vb2_vmalloc_alloc+0x123/0x380 06:16:52 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00}\xa1\xa9[\x03Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:16:52 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0xa00, 0xffffffffffffffff]}}}) 06:16:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2297.860292] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2297.865414] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2297.869749] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2297.874867] __vb2_queue_alloc+0x5e1/0xfa0 [ 2297.879177] ? vimc_cap_get_format+0x120/0x120 [ 2297.883792] vb2_core_create_bufs+0x401/0x8c0 [ 2297.888313] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2297.892751] ? debug_smp_processor_id+0x1c/0x20 [ 2297.893250] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2297.897429] ? perf_trace_lock+0x14d/0x7a0 06:16:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2297.897449] ? __save_stack_trace+0x8d/0xf0 [ 2297.897531] vb2_create_bufs+0x4b6/0x8f0 [ 2297.918284] ? v4l2_ioctl+0x154/0x1b0 [ 2297.922109] ? vb2_request_queue+0x120/0x120 [ 2297.926560] ? find_held_lock+0x36/0x1c0 [ 2297.930640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2297.936226] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2297.940869] v4l_create_bufs+0x152/0x230 [ 2297.944960] __video_do_ioctl+0x8b1/0x1050 [ 2297.944987] ? v4l_s_fmt+0x990/0x990 [ 2297.945012] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2297.945040] video_usercopy+0x5c1/0x1760 [ 2297.962659] ? v4l_s_fmt+0x990/0x990 [ 2297.966397] ? v4l_enumstd+0x70/0x70 [ 2297.970129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2297.975691] ? find_held_lock+0x36/0x1c0 [ 2297.979786] ? __fget+0x4aa/0x740 [ 2297.983258] ? lock_downgrade+0x900/0x900 [ 2297.986000] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2297.987424] ? check_preemption_disabled+0x48/0x280 [ 2297.987448] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2297.987466] ? kasan_check_read+0x11/0x20 06:16:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2297.987497] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2297.987560] ? rcu_softirq_qs+0x20/0x20 [ 2298.019086] ? __fget+0x4d1/0x740 [ 2298.022572] ? ksys_dup3+0x680/0x680 [ 2298.026307] ? __might_fault+0x12b/0x1e0 [ 2298.030386] ? video_usercopy+0x1760/0x1760 [ 2298.034723] video_ioctl2+0x2c/0x33 [ 2298.038362] v4l2_ioctl+0x154/0x1b0 [ 2298.038380] ? video_devdata+0xa0/0xa0 [ 2298.038400] do_vfs_ioctl+0x1de/0x1790 [ 2298.038424] ? ioctl_preallocate+0x300/0x300 [ 2298.038442] ? __fget_light+0x2e9/0x430 [ 2298.038460] ? fget_raw+0x20/0x20 [ 2298.045980] ? _copy_to_user+0xc8/0x110 [ 2298.046005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2298.046024] ? put_timespec64+0x10f/0x1b0 [ 2298.046043] ? nsecs_to_jiffies+0x30/0x30 [ 2298.046064] ? do_syscall_64+0x9a/0x820 [ 2298.046084] ? do_syscall_64+0x9a/0x820 [ 2298.075023] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2298.075456] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2298.083602] ? security_file_ioctl+0x94/0xc0 [ 2298.083626] ksys_ioctl+0xa9/0xd0 06:16:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2298.083649] __x64_sys_ioctl+0x73/0xb0 [ 2298.083678] do_syscall_64+0x1b9/0x820 [ 2298.095782] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2298.095803] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2298.095819] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2298.095841] ? trace_hardirqs_on_caller+0x310/0x310 [ 2298.095860] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2298.095879] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2298.095904] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2298.095942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2298.116163] RIP: 0033:0x457669 [ 2298.116181] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2298.116195] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2298.136323] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2298.136334] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2298.136344] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2298.136354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2298.136365] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2298.138720] warn_alloc_show_mem: 1 callbacks suppressed [ 2298.138725] Mem-Info: [ 2298.193406] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2298.232455] active_anon:143067 inactive_anon:4311 isolated_anon:0 [ 2298.232455] active_file:7878 inactive_file:68303 isolated_file:0 [ 2298.232455] unevictable:1 dirty:294 writeback:0 unstable:0 [ 2298.232455] slab_reclaimable:12581 slab_unreclaimable:122072 [ 2298.232455] mapped:55362 shmem:4487 pagetables:2154 bounce:0 [ 2298.232455] free:1169356 free_pcp:1020 free_cma:0 06:16:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003d80)=[{{0x0, 0x0, &(0x7f0000003b40), 0x0, &(0x7f0000003b80)}}], 0x1, 0x0) r0 = socket$inet6(0xa, 0x80003, 0x100000001) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000080)=0x2, 0x4) sendto$inet6(r0, &(0x7f0000000140)='9', 0x1, 0x0, 0x0, 0x0) accept4$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, &(0x7f00000000c0)=0x6e, 0x800) 06:16:53 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x4, r0, 0x0}]) 06:16:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2298.305183] Node 0 active_anon:568084kB inactive_anon:17244kB active_file:31512kB inactive_file:273212kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221448kB dirty:1176kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 163840kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2298.344112] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2298.368661] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2298.401772] lowmem_reserve[]: 0 2818 6321 6321 [ 2298.416035] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:72kB free_cma:0kB [ 2298.445505] lowmem_reserve[]: 0 0 3503 3503 [ 2298.450179] Node 0 Normal free:1776188kB min:37364kB low:46704kB high:56044kB active_anon:570200kB inactive_anon:17244kB active_file:31512kB inactive_file:273212kB unevictable:4kB writepending:1176kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:9024kB pagetables:8468kB bounce:0kB free_pcp:2584kB local_pcp:1416kB free_cma:0kB [ 2298.480870] lowmem_reserve[]: 0 0 0 0 [ 2298.485505] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2298.499750] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2298.517186] Node 0 Normal: 6213*4kB (UE) 4365*8kB (UE) 862*16kB (UE) 96*32kB (U) 228*64kB (UME) 153*128kB (UME) 19*256kB (UM) 4*512kB (UM) 1*1024kB (U) 4*2048kB (UME) 403*4096kB (M) = 1777628kB [ 2298.539207] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2298.548281] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2298.557315] 80686 total pagecache pages [ 2298.561317] 0 pages in swap cache [ 2298.564898] Swap cache stats: add 0, delete 0, find 0/0 [ 2298.570367] Free swap = 0kB [ 2298.573481] Total swap = 0kB [ 2298.576548] 1965979 pages RAM [ 2298.579663] 0 pages HighMem/MovableOnly [ 2298.583839] 342853 pages reserved [ 2298.587301] 0 pages cma reserved [ 2298.590777] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2298.602007] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2298.607175] CPU: 1 PID: 25198 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2298.614544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2298.623886] Call Trace: [ 2298.626466] dump_stack+0x244/0x39d [ 2298.630157] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2298.635377] ? __video_do_ioctl+0x8b1/0x1050 [ 2298.639795] ? video_usercopy+0x5c1/0x1760 [ 2298.644029] ? video_ioctl2+0x2c/0x33 [ 2298.647860] ? do_vfs_ioctl+0x1de/0x1790 [ 2298.651958] warn_alloc.cold.116+0xb7/0x1bd [ 2298.656330] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2298.661181] ? zap_class+0x640/0x640 [ 2298.664888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2298.670443] ? check_preemption_disabled+0x48/0x280 [ 2298.675487] __vmalloc_node_range+0x472/0x750 [ 2298.680020] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2298.685053] ? vb2_vmalloc_alloc+0x123/0x380 [ 2298.689501] vmalloc_user+0x75/0x170 [ 2298.693262] ? vb2_vmalloc_alloc+0x123/0x380 [ 2298.697679] vb2_vmalloc_alloc+0x123/0x380 [ 2298.701927] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2298.707054] ? debug_mutex_wake_waiter+0x630/0x630 [ 2298.711987] ? mutex_destroy+0x200/0x200 [ 2298.716063] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2298.720435] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2298.725556] __vb2_queue_alloc+0x5e1/0xfa0 [ 2298.729832] ? vimc_cap_get_format+0x120/0x120 [ 2298.734419] vb2_core_create_bufs+0x401/0x8c0 [ 2298.738928] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2298.743355] ? debug_smp_processor_id+0x1c/0x20 [ 2298.748065] ? perf_trace_lock+0x14d/0x7a0 [ 2298.752307] ? __save_stack_trace+0x8d/0xf0 [ 2298.756661] vb2_create_bufs+0x4b6/0x8f0 [ 2298.760729] ? v4l2_ioctl+0x154/0x1b0 [ 2298.764549] ? vb2_request_queue+0x120/0x120 [ 2298.768975] ? find_held_lock+0x36/0x1c0 [ 2298.773047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2298.778597] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2298.783193] v4l_create_bufs+0x152/0x230 [ 2298.787265] __video_do_ioctl+0x8b1/0x1050 [ 2298.791522] ? v4l_s_fmt+0x990/0x990 [ 2298.795251] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2298.800803] video_usercopy+0x5c1/0x1760 [ 2298.804872] ? v4l_s_fmt+0x990/0x990 [ 2298.808604] ? v4l_enumstd+0x70/0x70 [ 2298.812359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2298.817921] ? find_held_lock+0x36/0x1c0 [ 2298.822003] ? __fget+0x4aa/0x740 [ 2298.825471] ? lock_downgrade+0x900/0x900 [ 2298.829623] ? check_preemption_disabled+0x48/0x280 [ 2298.834648] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2298.839602] ? kasan_check_read+0x11/0x20 [ 2298.843756] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2298.849040] ? rcu_softirq_qs+0x20/0x20 [ 2298.853043] ? __fget+0x4d1/0x740 [ 2298.856508] ? ksys_dup3+0x680/0x680 [ 2298.860242] ? __might_fault+0x12b/0x1e0 [ 2298.864312] ? video_usercopy+0x1760/0x1760 [ 2298.868653] video_ioctl2+0x2c/0x33 [ 2298.872309] v4l2_ioctl+0x154/0x1b0 [ 2298.875967] ? video_devdata+0xa0/0xa0 [ 2298.879861] do_vfs_ioctl+0x1de/0x1790 [ 2298.883763] ? ioctl_preallocate+0x300/0x300 [ 2298.888179] ? __fget_light+0x2e9/0x430 [ 2298.892161] ? fget_raw+0x20/0x20 [ 2298.895622] ? _copy_to_user+0xc8/0x110 [ 2298.899607] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2298.905147] ? put_timespec64+0x10f/0x1b0 [ 2298.909301] ? nsecs_to_jiffies+0x30/0x30 [ 2298.913460] ? do_syscall_64+0x9a/0x820 [ 2298.917440] ? do_syscall_64+0x9a/0x820 [ 2298.921434] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2298.926024] ? security_file_ioctl+0x94/0xc0 [ 2298.930446] ksys_ioctl+0xa9/0xd0 [ 2298.933908] __x64_sys_ioctl+0x73/0xb0 [ 2298.937802] do_syscall_64+0x1b9/0x820 [ 2298.941694] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2298.947098] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2298.952050] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2298.956903] ? trace_hardirqs_on_caller+0x310/0x310 [ 2298.961925] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2298.966948] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2298.972006] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2298.976879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2298.982089] RIP: 0033:0x457669 [ 2298.985322] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2299.004224] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2299.011960] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2299.019249] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2299.026548] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2299.033818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2299.041100] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:16:54 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x20004800, 0xffffffffffffffff]}}}) 06:16:54 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00j\xa1\xa9[\x03Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:16:54 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:54 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfe00, r0, 0x0}]) 06:16:54 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x6c00, 0xffffffffffffffff]}}}) [ 2299.104312] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2299.116148] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 06:16:54 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2299.182236] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2299.188035] CPU: 0 PID: 25227 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2299.195413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2299.204774] Call Trace: [ 2299.207580] dump_stack+0x244/0x39d [ 2299.211248] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2299.216477] ? __video_do_ioctl+0x8b1/0x1050 [ 2299.220996] ? video_usercopy+0x5c1/0x1760 [ 2299.225246] ? video_ioctl2+0x2c/0x33 [ 2299.229067] ? do_vfs_ioctl+0x1de/0x1790 [ 2299.233165] warn_alloc.cold.116+0xb7/0x1bd [ 2299.237505] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2299.242374] ? zap_class+0x640/0x640 [ 2299.246142] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2299.246436] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2299.251698] ? check_preemption_disabled+0x48/0x280 [ 2299.251737] __vmalloc_node_range+0x472/0x750 [ 2299.269381] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2299.274409] ? vb2_vmalloc_alloc+0x123/0x380 [ 2299.278833] vmalloc_user+0x75/0x170 06:16:54 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2299.282570] ? vb2_vmalloc_alloc+0x123/0x380 [ 2299.286996] vb2_vmalloc_alloc+0x123/0x380 [ 2299.291268] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2299.296388] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2299.296407] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2299.296427] __vb2_queue_alloc+0x5e1/0xfa0 [ 2299.296469] ? vimc_cap_get_format+0x120/0x120 [ 2299.296485] vb2_core_create_bufs+0x401/0x8c0 [ 2299.296522] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2299.305948] ? debug_smp_processor_id+0x1c/0x20 [ 2299.305968] ? perf_trace_lock+0x14d/0x7a0 06:16:54 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2299.305988] ? __save_stack_trace+0x8d/0xf0 [ 2299.306033] vb2_create_bufs+0x4b6/0x8f0 [ 2299.306047] ? v4l2_ioctl+0x154/0x1b0 [ 2299.306070] ? vb2_request_queue+0x120/0x120 [ 2299.306098] ? find_held_lock+0x36/0x1c0 [ 2299.306120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2299.335274] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2299.337019] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2299.337046] v4l_create_bufs+0x152/0x230 [ 2299.337069] __video_do_ioctl+0x8b1/0x1050 06:16:54 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2299.337095] ? v4l_s_fmt+0x990/0x990 [ 2299.381580] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2299.383636] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2299.383664] video_usercopy+0x5c1/0x1760 [ 2299.383682] ? v4l_s_fmt+0x990/0x990 [ 2299.383709] ? v4l_enumstd+0x70/0x70 [ 2299.383729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2299.383758] ? find_held_lock+0x36/0x1c0 [ 2299.418481] ? __fget+0x4aa/0x740 [ 2299.421967] ? lock_downgrade+0x900/0x900 [ 2299.426135] ? check_preemption_disabled+0x48/0x280 [ 2299.431169] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2299.436119] ? kasan_check_read+0x11/0x20 [ 2299.436200] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2299.440282] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2299.440299] ? rcu_softirq_qs+0x20/0x20 [ 2299.440330] ? __fget+0x4d1/0x740 [ 2299.440361] ? ksys_dup3+0x680/0x680 [ 2299.464895] ? __might_fault+0x12b/0x1e0 [ 2299.468974] ? video_usercopy+0x1760/0x1760 [ 2299.473351] video_ioctl2+0x2c/0x33 [ 2299.477022] v4l2_ioctl+0x154/0x1b0 [ 2299.480659] ? video_devdata+0xa0/0xa0 [ 2299.484601] do_vfs_ioctl+0x1de/0x1790 [ 2299.488581] ? ioctl_preallocate+0x300/0x300 [ 2299.493030] ? __fget_light+0x2e9/0x430 [ 2299.497008] ? fget_raw+0x20/0x20 [ 2299.500452] ? _copy_to_user+0xc8/0x110 [ 2299.504455] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2299.509993] ? put_timespec64+0x10f/0x1b0 [ 2299.514133] ? nsecs_to_jiffies+0x30/0x30 [ 2299.518271] ? do_syscall_64+0x9a/0x820 [ 2299.522243] ? do_syscall_64+0x9a/0x820 [ 2299.526220] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2299.530820] ? security_file_ioctl+0x94/0xc0 [ 2299.535221] ksys_ioctl+0xa9/0xd0 [ 2299.538666] __x64_sys_ioctl+0x73/0xb0 [ 2299.542579] do_syscall_64+0x1b9/0x820 [ 2299.546473] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2299.551839] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2299.556768] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2299.561603] ? trace_hardirqs_on_caller+0x310/0x310 [ 2299.566623] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2299.571646] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2299.576675] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2299.581542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2299.586752] RIP: 0033:0x457669 [ 2299.589948] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2299.608851] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2299.616573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2299.623832] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 06:16:54 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r0, &(0x7f00000000c0)=0x202, 0x5a) 06:16:54 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2299.631086] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2299.638340] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2299.645634] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2299.662777] warn_alloc_show_mem: 1 callbacks suppressed [ 2299.662783] Mem-Info: [ 2299.670433] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2299.684366] active_anon:143066 inactive_anon:4311 isolated_anon:0 [ 2299.684366] active_file:7878 inactive_file:68339 isolated_file:0 [ 2299.684366] unevictable:1 dirty:324 writeback:0 unstable:0 [ 2299.684366] slab_reclaimable:12554 slab_unreclaimable:125267 [ 2299.684366] mapped:55363 shmem:4487 pagetables:2172 bounce:0 [ 2299.684366] free:1166315 free_pcp:861 free_cma:0 06:16:54 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x2, r0, 0x0}]) [ 2299.723288] Node 0 active_anon:568064kB inactive_anon:17244kB active_file:31512kB inactive_file:273356kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221452kB dirty:1296kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 161792kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2299.815064] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2299.847059] lowmem_reserve[]: 0 2818 6321 6321 [ 2299.852467] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:1352kB free_cma:0kB [ 2299.881056] lowmem_reserve[]: 0 0 3503 3503 [ 2299.886238] Node 0 Normal free:1764328kB min:37364kB low:46704kB high:56044kB active_anon:570344kB inactive_anon:17244kB active_file:31512kB inactive_file:273356kB unevictable:4kB writepending:1296kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8992kB pagetables:8540kB bounce:0kB free_pcp:2128kB local_pcp:768kB free_cma:0kB [ 2299.917428] lowmem_reserve[]: 0 0 0 0 [ 2299.921437] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2299.935772] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2299.952559] Node 0 Normal: 6352*4kB (UME) 4114*8kB (UE) 195*16kB (UME) 104*32kB (U) 232*64kB (UME) 155*128kB (UME) 19*256kB (UM) 4*512kB (UM) 1*1024kB (U) 3*2048kB (UME) 403*4096kB (M) = 1764224kB [ 2299.981093] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2300.002981] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2300.024332] 80704 total pagecache pages [ 2300.029957] 0 pages in swap cache [ 2300.034140] Swap cache stats: add 0, delete 0, find 0/0 [ 2300.039668] Free swap = 0kB [ 2300.043563] Total swap = 0kB [ 2300.046740] 1965979 pages RAM [ 2300.049999] 0 pages HighMem/MovableOnly [ 2300.054545] 342853 pages reserved [ 2300.058156] 0 pages cma reserved [ 2300.067438] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2300.091970] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2300.097208] CPU: 0 PID: 25239 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2300.104576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2300.113915] Call Trace: [ 2300.116494] dump_stack+0x244/0x39d [ 2300.120133] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2300.125315] ? __video_do_ioctl+0x8b1/0x1050 [ 2300.129715] ? video_usercopy+0x5c1/0x1760 [ 2300.133938] ? video_ioctl2+0x2c/0x33 [ 2300.137741] ? do_vfs_ioctl+0x1de/0x1790 [ 2300.141824] warn_alloc.cold.116+0xb7/0x1bd [ 2300.146136] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2300.150976] ? zap_class+0x640/0x640 [ 2300.154685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2300.160212] ? check_preemption_disabled+0x48/0x280 [ 2300.165250] __vmalloc_node_range+0x472/0x750 [ 2300.169757] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2300.174776] ? vb2_vmalloc_alloc+0x123/0x380 [ 2300.179177] vmalloc_user+0x75/0x170 [ 2300.182882] ? vb2_vmalloc_alloc+0x123/0x380 [ 2300.187295] vb2_vmalloc_alloc+0x123/0x380 [ 2300.191530] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2300.196635] ? debug_mutex_wake_waiter+0x630/0x630 [ 2300.201573] ? mutex_destroy+0x200/0x200 [ 2300.205629] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2300.209943] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2300.215039] __vb2_queue_alloc+0x5e1/0xfa0 [ 2300.219278] ? vimc_cap_get_format+0x120/0x120 [ 2300.223860] vb2_core_create_bufs+0x401/0x8c0 [ 2300.228380] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2300.232795] ? debug_smp_processor_id+0x1c/0x20 [ 2300.237490] ? perf_trace_lock+0x14d/0x7a0 [ 2300.241723] ? __save_stack_trace+0x8d/0xf0 [ 2300.246054] vb2_create_bufs+0x4b6/0x8f0 [ 2300.250106] ? v4l2_ioctl+0x154/0x1b0 [ 2300.253915] ? vb2_request_queue+0x120/0x120 [ 2300.258322] ? find_held_lock+0x36/0x1c0 [ 2300.262404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2300.267932] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2300.272509] v4l_create_bufs+0x152/0x230 [ 2300.276590] __video_do_ioctl+0x8b1/0x1050 [ 2300.280822] ? v4l_s_fmt+0x990/0x990 [ 2300.284543] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2300.290087] video_usercopy+0x5c1/0x1760 [ 2300.294162] ? v4l_s_fmt+0x990/0x990 [ 2300.297872] ? v4l_enumstd+0x70/0x70 [ 2300.301600] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2300.307170] ? find_held_lock+0x36/0x1c0 [ 2300.311242] ? __fget+0x4aa/0x740 [ 2300.314686] ? lock_downgrade+0x900/0x900 [ 2300.318827] ? check_preemption_disabled+0x48/0x280 [ 2300.323836] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2300.328755] ? kasan_check_read+0x11/0x20 [ 2300.332909] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2300.338185] ? rcu_softirq_qs+0x20/0x20 [ 2300.342180] ? __fget+0x4d1/0x740 [ 2300.345627] ? ksys_dup3+0x680/0x680 [ 2300.349332] ? __might_fault+0x12b/0x1e0 [ 2300.353388] ? video_usercopy+0x1760/0x1760 [ 2300.357706] video_ioctl2+0x2c/0x33 [ 2300.361350] v4l2_ioctl+0x154/0x1b0 [ 2300.364986] ? video_devdata+0xa0/0xa0 [ 2300.368896] do_vfs_ioctl+0x1de/0x1790 [ 2300.372824] ? ioctl_preallocate+0x300/0x300 [ 2300.377248] ? __fget_light+0x2e9/0x430 [ 2300.381246] ? fget_raw+0x20/0x20 [ 2300.384689] ? _copy_to_user+0xc8/0x110 [ 2300.388659] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2300.394211] ? put_timespec64+0x10f/0x1b0 [ 2300.398351] ? nsecs_to_jiffies+0x30/0x30 [ 2300.402493] ? do_syscall_64+0x9a/0x820 [ 2300.406464] ? do_syscall_64+0x9a/0x820 [ 2300.410428] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2300.415005] ? security_file_ioctl+0x94/0xc0 [ 2300.419404] ksys_ioctl+0xa9/0xd0 [ 2300.422862] __x64_sys_ioctl+0x73/0xb0 [ 2300.426752] do_syscall_64+0x1b9/0x820 [ 2300.430717] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2300.436074] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2300.440992] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2300.445829] ? trace_hardirqs_on_caller+0x310/0x310 [ 2300.450864] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2300.455900] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2300.460927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2300.465777] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2300.470967] RIP: 0033:0x457669 [ 2300.474149] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2300.493074] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2300.500788] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2300.508048] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2300.515304] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 06:16:55 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x400000, 0xffffffffffffffff]}}}) [ 2300.522561] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2300.529830] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:16:55 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00m\xa1\xa9[\x03Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:16:55 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:55 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000500)={0x26, 'aead\x00', 0x0, 0x0, 'morus640\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[], 0x271) recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}], 0x1}}], 0x1, 0x0, 0x0) 06:16:55 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x7, r0, 0x0}]) 06:16:55 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff00000016]}}}) [ 2300.606085] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2300.617633] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2300.623058] CPU: 0 PID: 25266 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2300.630443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2300.639813] Call Trace: [ 2300.642439] dump_stack+0x244/0x39d [ 2300.646094] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2300.651308] ? __video_do_ioctl+0x8b1/0x1050 [ 2300.655725] ? video_usercopy+0x5c1/0x1760 [ 2300.659994] ? video_ioctl2+0x2c/0x33 [ 2300.663811] ? do_vfs_ioctl+0x1de/0x1790 [ 2300.667895] warn_alloc.cold.116+0xb7/0x1bd [ 2300.667916] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2300.667944] ? zap_class+0x640/0x640 [ 2300.677108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2300.677144] ? check_preemption_disabled+0x48/0x280 [ 2300.677183] __vmalloc_node_range+0x472/0x750 [ 2300.695915] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2300.700997] ? vb2_vmalloc_alloc+0x123/0x380 [ 2300.705426] vmalloc_user+0x75/0x170 [ 2300.709149] ? vb2_vmalloc_alloc+0x123/0x380 [ 2300.713630] vb2_vmalloc_alloc+0x123/0x380 [ 2300.717887] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2300.723013] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2300.723032] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2300.723052] __vb2_queue_alloc+0x5e1/0xfa0 [ 2300.723094] ? vimc_cap_get_format+0x120/0x120 [ 2300.723111] vb2_core_create_bufs+0x401/0x8c0 [ 2300.723135] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2300.741584] ? debug_smp_processor_id+0x1c/0x20 [ 2300.741605] ? perf_trace_lock+0x14d/0x7a0 [ 2300.741625] ? __save_stack_trace+0x8d/0xf0 [ 2300.741667] vb2_create_bufs+0x4b6/0x8f0 [ 2300.750558] ? v4l2_ioctl+0x154/0x1b0 [ 2300.750585] ? vb2_request_queue+0x120/0x120 [ 2300.750609] ? find_held_lock+0x36/0x1c0 [ 2300.750634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2300.763928] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2300.763954] v4l_create_bufs+0x152/0x230 [ 2300.763976] __video_do_ioctl+0x8b1/0x1050 [ 2300.764017] ? v4l_s_fmt+0x990/0x990 06:16:55 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) add_key$user(0x0, &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffff8) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x80, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) [ 2300.764055] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2300.764095] video_usercopy+0x5c1/0x1760 [ 2300.764113] ? v4l_s_fmt+0x990/0x990 [ 2300.764137] ? v4l_enumstd+0x70/0x70 [ 2300.780452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2300.780477] ? find_held_lock+0x36/0x1c0 [ 2300.780505] ? __fget+0x4aa/0x740 [ 2300.780535] ? lock_downgrade+0x900/0x900 [ 2300.780557] ? check_preemption_disabled+0x48/0x280 [ 2300.808220] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2300.808239] ? kasan_check_read+0x11/0x20 [ 2300.808256] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2300.808273] ? rcu_softirq_qs+0x20/0x20 [ 2300.819788] ? __fget+0x4d1/0x740 [ 2300.819813] ? ksys_dup3+0x680/0x680 [ 2300.819847] ? __might_fault+0x12b/0x1e0 [ 2300.819881] ? video_usercopy+0x1760/0x1760 [ 2300.854512] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2300.856376] video_ioctl2+0x2c/0x33 [ 2300.856396] v4l2_ioctl+0x154/0x1b0 [ 2300.856413] ? video_devdata+0xa0/0xa0 [ 2300.856433] do_vfs_ioctl+0x1de/0x1790 [ 2300.856455] ? ioctl_preallocate+0x300/0x300 06:16:56 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2300.863901] ? __fget_light+0x2e9/0x430 [ 2300.863921] ? fget_raw+0x20/0x20 [ 2300.863937] ? _copy_to_user+0xc8/0x110 [ 2300.863961] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2300.863982] ? put_timespec64+0x10f/0x1b0 [ 2300.871742] ? nsecs_to_jiffies+0x30/0x30 [ 2300.871765] ? do_syscall_64+0x9a/0x820 [ 2300.871782] ? do_syscall_64+0x9a/0x820 [ 2300.871802] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2300.871824] ? security_file_ioctl+0x94/0xc0 [ 2300.891553] ksys_ioctl+0xa9/0xd0 [ 2300.891577] __x64_sys_ioctl+0x73/0xb0 [ 2300.891597] do_syscall_64+0x1b9/0x820 06:16:56 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000140)={'filter\x00', 0x7, 0x4, 0x478, 0x260, 0x140, 0x0, 0x390, 0x390, 0x390, 0x4, 0x0, {[{{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@remote, @broadcast, @multicast1}}}, {{@uncond, 0xf0, 0x120}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00'}}, {{@arp={@dev, @remote, 0x0, 0x0, @empty, {}, @mac, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'nr0\x00'}, 0xf0, 0x130}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f8d4228bdff4f6cdc3543bb3173169838a6b2a8d72d9035914f7d27e3ad0"}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4c8) [ 2300.891627] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2300.891646] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2300.891666] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2300.915252] ? trace_hardirqs_on_caller+0x310/0x310 [ 2300.915273] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2300.915293] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2300.915318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2300.915342] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2300.929185] RIP: 0033:0x457669 [ 2300.941712] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2300.941722] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2300.941739] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2300.941749] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2300.941759] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2300.941770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2300.941779] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2300.967584] warn_alloc_show_mem: 1 callbacks suppressed [ 2300.967589] Mem-Info: [ 2300.990306] active_anon:142572 inactive_anon:4308 isolated_anon:0 [ 2300.990306] active_file:7878 inactive_file:68349 isolated_file:0 [ 2300.990306] unevictable:1 dirty:335 writeback:0 unstable:0 [ 2300.990306] slab_reclaimable:12548 slab_unreclaimable:122131 [ 2300.990306] mapped:55365 shmem:4487 pagetables:2135 bounce:0 [ 2300.990306] free:1169977 free_pcp:911 free_cma:0 06:16:56 executing program 0: pipe2(0x0, 0x80000) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, 0x0) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f00000001c0)={0x0, 0x3}) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) getrusage(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340)) r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3f, &(0x7f0000000040)=0x1, 0x4) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) dup2(r0, r1) [ 2301.108980] Node 0 active_anon:570264kB inactive_anon:17232kB active_file:31512kB inactive_file:273396kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221460kB dirty:1340kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 155648kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2301.110904] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:16:56 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2301.166320] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2301.207230] lowmem_reserve[]: 0 2818 6321 6321 06:16:56 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x400000000000000, r0, 0x0}]) [ 2301.213149] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2301.222097] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:72kB free_cma:0kB [ 2301.284600] lowmem_reserve[]: 0 0 3503 3503 [ 2301.293874] Node 0 Normal free:1767212kB min:37364kB low:46704kB high:56044kB active_anon:570192kB inactive_anon:17232kB active_file:31512kB inactive_file:273396kB unevictable:4kB writepending:1340kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:9088kB pagetables:8540kB bounce:0kB free_pcp:1908kB local_pcp:1276kB free_cma:0kB [ 2301.360324] lowmem_reserve[]: 0 0 0 0 [ 2301.369158] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2301.383118] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2301.398675] Node 0 Normal: 6317*4kB (UE) 3620*8kB (UME) 5*16kB (UME) 52*32kB (U) 244*64kB (UME) 207*128kB (UME) 25*256kB (UM) 7*512kB (UM) 1*1024kB (U) 2*2048kB (UE) 403*4096kB (M) = 1763876kB [ 2301.419275] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2301.428698] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2301.437586] 80714 total pagecache pages [ 2301.441813] 0 pages in swap cache [ 2301.445608] Swap cache stats: add 0, delete 0, find 0/0 [ 2301.451200] Free swap = 0kB [ 2301.454553] Total swap = 0kB [ 2301.457813] 1965979 pages RAM 06:16:56 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x480020, 0xffffffffffffffff]}}}) [ 2301.461153] 0 pages HighMem/MovableOnly [ 2301.465567] 342853 pages reserved [ 2301.469250] 0 pages cma reserved [ 2301.547757] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2301.585366] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2301.599770] CPU: 0 PID: 25309 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2301.607160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2301.616549] Call Trace: [ 2301.619165] dump_stack+0x244/0x39d [ 2301.622827] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2301.628045] ? __video_do_ioctl+0x8b1/0x1050 [ 2301.632479] ? video_usercopy+0x5c1/0x1760 [ 2301.636753] ? video_ioctl2+0x2c/0x33 [ 2301.640584] ? do_vfs_ioctl+0x1de/0x1790 [ 2301.644675] warn_alloc.cold.116+0xb7/0x1bd [ 2301.649019] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2301.653890] ? zap_class+0x640/0x640 [ 2301.657634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2301.663194] ? check_preemption_disabled+0x48/0x280 [ 2301.668255] __vmalloc_node_range+0x472/0x750 [ 2301.672781] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2301.677816] ? vb2_vmalloc_alloc+0x123/0x380 [ 2301.682226] vmalloc_user+0x75/0x170 [ 2301.685981] ? vb2_vmalloc_alloc+0x123/0x380 [ 2301.690402] vb2_vmalloc_alloc+0x123/0x380 [ 2301.694652] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2301.699763] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2301.704085] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2301.709188] __vb2_queue_alloc+0x5e1/0xfa0 [ 2301.713444] ? vimc_cap_get_format+0x120/0x120 [ 2301.718027] vb2_core_create_bufs+0x401/0x8c0 [ 2301.722552] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2301.726978] ? debug_smp_processor_id+0x1c/0x20 [ 2301.731669] ? perf_trace_lock+0x14d/0x7a0 [ 2301.735906] ? __save_stack_trace+0x8d/0xf0 [ 2301.740389] vb2_create_bufs+0x4b6/0x8f0 [ 2301.744464] ? v4l2_ioctl+0x154/0x1b0 [ 2301.748267] ? vb2_request_queue+0x120/0x120 [ 2301.752684] ? find_held_lock+0x36/0x1c0 [ 2301.756756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2301.762499] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2301.767118] v4l_create_bufs+0x152/0x230 [ 2301.771194] __video_do_ioctl+0x8b1/0x1050 [ 2301.775446] ? v4l_s_fmt+0x990/0x990 [ 2301.779164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2301.784705] video_usercopy+0x5c1/0x1760 [ 2301.788778] ? v4l_s_fmt+0x990/0x990 [ 2301.792510] ? v4l_enumstd+0x70/0x70 [ 2301.796248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2301.801787] ? find_held_lock+0x36/0x1c0 [ 2301.805855] ? __fget+0x4aa/0x740 [ 2301.809308] ? lock_downgrade+0x900/0x900 [ 2301.813494] ? check_preemption_disabled+0x48/0x280 [ 2301.818586] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2301.823534] ? kasan_check_read+0x11/0x20 [ 2301.827697] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2301.832984] ? rcu_softirq_qs+0x20/0x20 [ 2301.836980] ? __fget+0x4d1/0x740 [ 2301.840436] ? ksys_dup3+0x680/0x680 [ 2301.844151] ? __might_fault+0x12b/0x1e0 [ 2301.848212] ? video_usercopy+0x1760/0x1760 [ 2301.852564] video_ioctl2+0x2c/0x33 [ 2301.856215] v4l2_ioctl+0x154/0x1b0 [ 2301.859850] ? video_devdata+0xa0/0xa0 [ 2301.863736] do_vfs_ioctl+0x1de/0x1790 [ 2301.867629] ? ioctl_preallocate+0x300/0x300 [ 2301.872043] ? __fget_light+0x2e9/0x430 [ 2301.876044] ? fget_raw+0x20/0x20 [ 2301.879544] ? _copy_to_user+0xc8/0x110 [ 2301.883558] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2301.889101] ? put_timespec64+0x10f/0x1b0 [ 2301.893252] ? nsecs_to_jiffies+0x30/0x30 [ 2301.897400] ? do_syscall_64+0x9a/0x820 [ 2301.901383] ? do_syscall_64+0x9a/0x820 [ 2301.905371] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2301.909956] ? security_file_ioctl+0x94/0xc0 [ 2301.914367] ksys_ioctl+0xa9/0xd0 [ 2301.917826] __x64_sys_ioctl+0x73/0xb0 [ 2301.921716] do_syscall_64+0x1b9/0x820 [ 2301.925605] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2301.930970] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2301.935938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2301.940785] ? trace_hardirqs_on_caller+0x310/0x310 [ 2301.945811] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2301.950844] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2301.955862] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2301.960775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2301.965988] RIP: 0033:0x457669 [ 2301.969222] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2301.988155] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2301.995866] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2302.003141] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2302.010469] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2302.017738] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2302.025003] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2302.032954] Mem-Info: [ 2302.035430] active_anon:142022 inactive_anon:4311 isolated_anon:0 [ 2302.035430] active_file:7878 inactive_file:68361 isolated_file:0 [ 2302.035430] unevictable:1 dirty:347 writeback:0 unstable:0 [ 2302.035430] slab_reclaimable:12548 slab_unreclaimable:124276 [ 2302.035430] mapped:55362 shmem:4487 pagetables:2107 bounce:0 [ 2302.035430] free:1168491 free_pcp:866 free_cma:0 [ 2302.069730] Node 0 active_anon:568088kB inactive_anon:17244kB active_file:31512kB inactive_file:273444kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221448kB dirty:1388kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 159744kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2302.098575] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2302.124790] lowmem_reserve[]: 0 2818 6321 6321 [ 2302.129399] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:72kB free_cma:0kB [ 2302.129441] lowmem_reserve[]: 0 0 3503 3503 [ 2302.129463] Node 0 Normal free:1780404kB min:37364kB low:46704kB high:56044kB active_anon:568088kB inactive_anon:17244kB active_file:31512kB inactive_file:273444kB unevictable:4kB writepending:1388kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8960kB pagetables:8428kB bounce:0kB free_pcp:2020kB local_pcp:1392kB free_cma:0kB [ 2302.129511] lowmem_reserve[]: 0 0 0 0 [ 2302.161716] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2302.209851] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2302.225229] Node 0 Normal: 6407*4kB (UME) 3582*8kB (UME) 239*16kB (UME) 60*32kB (U) 241*64kB (UME) 204*128kB (UME) 26*256kB (UM) 16*512kB (UM) 5*1024kB (U) 2*2048kB (UE) 404*4096kB (M) = 1780412kB [ 2302.243125] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2302.243139] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2302.243145] 80726 total pagecache pages [ 2302.243162] 0 pages in swap cache [ 2302.243172] Swap cache stats: add 0, delete 0, find 0/0 [ 2302.243179] Free swap = 0kB [ 2302.243184] Total swap = 0kB [ 2302.243199] 1965979 pages RAM [ 2302.260795] 0 pages HighMem/MovableOnly [ 2302.268368] 342853 pages reserved [ 2302.276875] 0 pages cma reserved 06:16:57 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x04\xa1\xa9[\x03Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:16:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:57 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfffffdef, r0, 0x0}]) 06:16:57 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0000004a]}}}) 06:16:57 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x3, 0xffffffffffffffff]}}}) [ 2302.382636] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2302.395944] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2302.403082] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2302.416026] CPU: 1 PID: 25313 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2302.423427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2302.423436] Call Trace: [ 2302.423466] dump_stack+0x244/0x39d [ 2302.423492] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2302.423538] ? __video_do_ioctl+0x8b1/0x1050 [ 2302.423566] ? video_usercopy+0x5c1/0x1760 [ 2302.453029] ? video_ioctl2+0x2c/0x33 [ 2302.453055] ? do_vfs_ioctl+0x1de/0x1790 [ 2302.453081] warn_alloc.cold.116+0xb7/0x1bd [ 2302.453101] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2302.453123] ? zap_class+0x640/0x640 [ 2302.453146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2302.465340] ? check_preemption_disabled+0x48/0x280 [ 2302.465382] __vmalloc_node_range+0x472/0x750 [ 2302.465406] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2302.465426] ? vb2_vmalloc_alloc+0x123/0x380 [ 2302.479536] vmalloc_user+0x75/0x170 [ 2302.479555] ? vb2_vmalloc_alloc+0x123/0x380 [ 2302.479572] vb2_vmalloc_alloc+0x123/0x380 [ 2302.479591] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2302.494245] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2302.494264] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2302.494284] __vb2_queue_alloc+0x5e1/0xfa0 [ 2302.494328] ? vimc_cap_get_format+0x120/0x120 [ 2302.494348] vb2_core_create_bufs+0x401/0x8c0 [ 2302.511126] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2302.511149] ? debug_smp_processor_id+0x1c/0x20 [ 2302.511168] ? perf_trace_lock+0x14d/0x7a0 [ 2302.511187] ? __save_stack_trace+0x8d/0xf0 [ 2302.511229] vb2_create_bufs+0x4b6/0x8f0 [ 2302.530024] ? v4l2_ioctl+0x154/0x1b0 [ 2302.530057] ? vb2_request_queue+0x120/0x120 [ 2302.530083] ? find_held_lock+0x36/0x1c0 [ 2302.530102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2302.530124] vb2_ioctl_create_bufs+0x327/0x4a0 06:16:57 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000080)='./file0/file0\x00', 0x3fffa, 0x0) rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file0/file1\x00') unlink(&(0x7f0000000040)='./file0/file1\x00') 06:16:57 executing program 0: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x100000000) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, 0x0) accept4$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x0, 0x80000) recvfrom$packet(r0, &(0x7f00000001c0)=""/73, 0x49, 0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8001, 0x648f, 0x9e6d, 0x0, 0x5c97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x200, 0x0, 0x80000000, 0x0, @perf_bp={0x0}, 0x100, 0x0, 0x0, 0x6}, 0x0, 0xe, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ipvs(0x0) memfd_create(0x0, 0x2) [ 2302.539218] v4l_create_bufs+0x152/0x230 [ 2302.539242] __video_do_ioctl+0x8b1/0x1050 [ 2302.539272] ? v4l_s_fmt+0x990/0x990 [ 2302.539298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2302.539321] video_usercopy+0x5c1/0x1760 [ 2302.548396] ? v4l_s_fmt+0x990/0x990 [ 2302.548424] ? v4l_enumstd+0x70/0x70 [ 2302.548445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2302.548469] ? find_held_lock+0x36/0x1c0 [ 2302.548496] ? __fget+0x4aa/0x740 [ 2302.557058] ? lock_downgrade+0x900/0x900 06:16:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2302.557078] ? check_preemption_disabled+0x48/0x280 [ 2302.557099] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2302.557118] ? kasan_check_read+0x11/0x20 [ 2302.557134] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2302.557151] ? rcu_softirq_qs+0x20/0x20 [ 2302.653166] ? __fget+0x4d1/0x740 [ 2302.656656] ? ksys_dup3+0x680/0x680 [ 2302.660394] ? __might_fault+0x12b/0x1e0 [ 2302.664485] ? video_usercopy+0x1760/0x1760 [ 2302.668853] video_ioctl2+0x2c/0x33 [ 2302.672509] v4l2_ioctl+0x154/0x1b0 [ 2302.676182] ? video_devdata+0xa0/0xa0 [ 2302.680107] do_vfs_ioctl+0x1de/0x1790 06:16:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff\xfe\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2302.681382] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2302.684060] ? ioctl_preallocate+0x300/0x300 [ 2302.684079] ? __fget_light+0x2e9/0x430 [ 2302.684098] ? fget_raw+0x20/0x20 [ 2302.684114] ? _copy_to_user+0xc8/0x110 [ 2302.684138] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2302.684162] ? put_timespec64+0x10f/0x1b0 [ 2302.717812] ? nsecs_to_jiffies+0x30/0x30 [ 2302.721986] ? do_syscall_64+0x9a/0x820 [ 2302.725983] ? do_syscall_64+0x9a/0x820 [ 2302.729986] ? lockdep_hardirqs_on+0x3bb/0x5b0 06:16:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\xff\xff\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2302.734206] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2302.734598] ? security_file_ioctl+0x94/0xc0 [ 2302.734622] ksys_ioctl+0xa9/0xd0 [ 2302.734642] __x64_sys_ioctl+0x73/0xb0 [ 2302.754577] do_syscall_64+0x1b9/0x820 [ 2302.758489] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2302.763895] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2302.768845] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2302.773717] ? trace_hardirqs_on_caller+0x310/0x310 [ 2302.778759] ? prepare_exit_to_usermode+0x3b0/0x3b0 06:16:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2302.783971] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2302.784293] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2302.789017] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2302.789051] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2302.789066] RIP: 0033:0x457669 [ 2302.789084] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 06:16:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff\xfe\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2302.789100] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2302.837131] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2302.840332] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2302.844416] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2302.844427] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2302.844438] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2302.844448] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2302.933568] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:16:58 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9\x0e\x00Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:16:58 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0d000000]}}}) 06:16:58 executing program 0: r0 = gettid() inotify_init1(0x800) setxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) close(0xffffffffffffffff) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RUNLINKAT(0xffffffffffffffff, 0x0, 0x0) write$P9_RLOCK(0xffffffffffffffff, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x0, 0xae09}, 0x8) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) tkill(r0, 0x1000000000016) 06:16:58 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x4000000, r0, 0x0}]) 06:16:58 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x7400, 0xffffffffffffffff]}}}) 06:16:58 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2303.366776] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2303.368222] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2303.402987] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2303.418695] CPU: 0 PID: 25355 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2303.426093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2303.435465] Call Trace: [ 2303.438086] dump_stack+0x244/0x39d [ 2303.441752] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2303.446973] ? __video_do_ioctl+0x8b1/0x1050 [ 2303.451405] ? video_usercopy+0x5c1/0x1760 [ 2303.455659] ? video_ioctl2+0x2c/0x33 [ 2303.459479] ? do_vfs_ioctl+0x1de/0x1790 [ 2303.463590] warn_alloc.cold.116+0xb7/0x1bd [ 2303.467928] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2303.472779] ? zap_class+0x640/0x640 [ 2303.476534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2303.482080] ? check_preemption_disabled+0x48/0x280 [ 2303.487153] __vmalloc_node_range+0x472/0x750 [ 2303.491670] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2303.496693] ? vb2_vmalloc_alloc+0x123/0x380 [ 2303.501101] vmalloc_user+0x75/0x170 [ 2303.504812] ? vb2_vmalloc_alloc+0x123/0x380 [ 2303.509220] vb2_vmalloc_alloc+0x123/0x380 [ 2303.513455] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2303.518572] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2303.522903] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2303.528020] __vb2_queue_alloc+0x5e1/0xfa0 [ 2303.532287] ? vimc_cap_get_format+0x120/0x120 [ 2303.536896] vb2_core_create_bufs+0x401/0x8c0 [ 2303.541409] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2303.545858] ? debug_smp_processor_id+0x1c/0x20 [ 2303.550552] ? perf_trace_lock+0x14d/0x7a0 [ 2303.554789] ? __save_stack_trace+0x8d/0xf0 [ 2303.559219] vb2_create_bufs+0x4b6/0x8f0 [ 2303.563277] ? v4l2_ioctl+0x154/0x1b0 [ 2303.567095] ? vb2_request_queue+0x120/0x120 [ 2303.571545] ? find_held_lock+0x36/0x1c0 [ 2303.575610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2303.581163] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2303.585777] v4l_create_bufs+0x152/0x230 [ 2303.589854] __video_do_ioctl+0x8b1/0x1050 [ 2303.594094] ? v4l_s_fmt+0x990/0x990 [ 2303.597811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2303.603352] video_usercopy+0x5c1/0x1760 [ 2303.607413] ? v4l_s_fmt+0x990/0x990 [ 2303.611134] ? v4l_enumstd+0x70/0x70 [ 2303.614866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2303.620447] ? find_held_lock+0x36/0x1c0 [ 2303.624549] ? __fget+0x4aa/0x740 [ 2303.628003] ? lock_downgrade+0x900/0x900 [ 2303.632161] ? check_preemption_disabled+0x48/0x280 [ 2303.637195] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2303.642126] ? kasan_check_read+0x11/0x20 [ 2303.646272] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2303.651566] ? rcu_softirq_qs+0x20/0x20 [ 2303.655581] ? __fget+0x4d1/0x740 [ 2303.659054] ? ksys_dup3+0x680/0x680 [ 2303.662772] ? __might_fault+0x12b/0x1e0 [ 2303.666834] ? video_usercopy+0x1760/0x1760 [ 2303.671152] video_ioctl2+0x2c/0x33 [ 2303.674776] v4l2_ioctl+0x154/0x1b0 [ 2303.678402] ? video_devdata+0xa0/0xa0 [ 2303.682300] do_vfs_ioctl+0x1de/0x1790 [ 2303.686205] ? ioctl_preallocate+0x300/0x300 [ 2303.690613] ? __fget_light+0x2e9/0x430 [ 2303.694586] ? fget_raw+0x20/0x20 [ 2303.698039] ? _copy_to_user+0xc8/0x110 [ 2303.702032] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2303.707622] ? put_timespec64+0x10f/0x1b0 [ 2303.711771] ? nsecs_to_jiffies+0x30/0x30 [ 2303.715933] ? do_syscall_64+0x9a/0x820 [ 2303.719921] ? do_syscall_64+0x9a/0x820 [ 2303.723897] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2303.728482] ? security_file_ioctl+0x94/0xc0 [ 2303.732895] ksys_ioctl+0xa9/0xd0 [ 2303.736351] __x64_sys_ioctl+0x73/0xb0 [ 2303.740242] do_syscall_64+0x1b9/0x820 [ 2303.744130] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2303.749493] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2303.754504] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2303.759386] ? trace_hardirqs_on_caller+0x310/0x310 [ 2303.764401] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2303.769416] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2303.774434] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2303.779322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2303.784510] RIP: 0033:0x457669 [ 2303.787727] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2303.806627] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:16:58 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:16:58 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000d12000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0xfffffffffffffdc3, 0x0) poll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x7fffffff) connect$unix(r0, &(0x7f0000000200)=@abs, 0x6e) [ 2303.814330] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2303.821685] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2303.828998] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2303.836275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2303.843562] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2303.856266] warn_alloc_show_mem: 1 callbacks suppressed [ 2303.856271] Mem-Info: [ 2303.879550] active_anon:143075 inactive_anon:4311 isolated_anon:0 [ 2303.879550] active_file:7878 inactive_file:68386 isolated_file:0 [ 2303.879550] unevictable:1 dirty:374 writeback:0 unstable:0 [ 2303.879550] slab_reclaimable:12548 slab_unreclaimable:123686 [ 2303.879550] mapped:55413 shmem:4487 pagetables:2141 bounce:0 [ 2303.879550] free:1167961 free_pcp:780 free_cma:0 [ 2303.914151] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:16:59 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfdef, r0, 0x0}]) [ 2303.928175] Node 0 active_anon:576584kB inactive_anon:17244kB active_file:31512kB inactive_file:273544kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:221552kB dirty:1496kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 161792kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2303.957786] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:16:59 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2304.038489] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2304.073890] lowmem_reserve[]: 0 2818 6321 6321 06:16:59 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x2102001ff4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000300)='./file0\x00', 0x3) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000340)=""/80, &(0x7f00000002c0)=0x50) mlockall(0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x0) write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) 06:16:59 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdfe, r0, 0x0}]) [ 2304.082338] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2304.094556] Node 0 DMA32 free:2887356kB min:30052kB low:37564kB high:45076kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1424kB local_pcp:72kB free_cma:0kB [ 2304.166659] lowmem_reserve[]: 0 0 3503 3503 [ 2304.171687] Node 0 Normal free:1769424kB min:37364kB low:46704kB high:56044kB active_anon:570192kB inactive_anon:17244kB active_file:31512kB inactive_file:273544kB unevictable:4kB writepending:1496kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:9120kB pagetables:8416kB bounce:0kB free_pcp:1812kB local_pcp:1132kB free_cma:0kB [ 2304.215241] IPVS: length: 80 != 24 [ 2304.238683] lowmem_reserve[]: 0 0 0 0 [ 2304.243038] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2304.257330] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 1*2048kB (M) 703*4096kB (M) = 2887356kB [ 2304.273080] Node 0 Normal: 6374*4kB (UME) 3012*8kB (UME) 102*16kB (UME) 4*32kB (U) 220*64kB (UME) 167*128kB (UME) 27*256kB (UM) 21*512kB (UM) 8*1024kB (U) 4*2048kB (UME) 402*4096kB (M) = 1767448kB [ 2304.291726] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2304.301074] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2304.310142] 80754 total pagecache pages [ 2304.314711] 0 pages in swap cache [ 2304.318320] Swap cache stats: add 0, delete 0, find 0/0 [ 2304.324183] Free swap = 0kB [ 2304.327356] Total swap = 0kB [ 2304.330546] 1965979 pages RAM [ 2304.334172] 0 pages HighMem/MovableOnly [ 2304.338301] 342853 pages reserved [ 2304.348289] 0 pages cma reserved [ 2304.520345] IPVS: length: 80 != 24 06:16:59 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9t\x03Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2311.406452] oom_reaper: reaped process 25352 (syz-executor4), now anon-rss:0kB, file-rss:31996kB, shmem-rss:0kB [ 2311.474466] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2311.486514] rsyslogd cpuset=/ mems_allowed=0 [ 2311.491356] CPU: 1 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2311.498191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2311.507552] Call Trace: [ 2311.510142] dump_stack+0x244/0x39d [ 2311.513770] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2311.518996] ? mark_held_locks+0x130/0x130 [ 2311.523226] ? mark_held_locks+0x130/0x130 [ 2311.527454] dump_header+0x27b/0xf72 [ 2311.531163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2311.536697] ? check_preemption_disabled+0x48/0x280 [ 2311.541708] ? pagefault_out_of_memory+0x197/0x197 [ 2311.546629] ? debug_smp_processor_id+0x1c/0x20 [ 2311.551285] ? perf_trace_lock+0x14d/0x7a0 [ 2311.555508] ? debug_smp_processor_id+0x1c/0x20 [ 2311.560181] ? lock_is_held_type+0x210/0x210 [ 2311.564585] ? debug_smp_processor_id+0x1c/0x20 [ 2311.569254] ? perf_trace_lock+0x14d/0x7a0 [ 2311.573504] ? zap_class+0x640/0x640 [ 2311.577220] ? zap_class+0x640/0x640 [ 2311.580919] ? print_usage_bug+0xc0/0xc0 [ 2311.584967] ? lock_is_held_type+0x210/0x210 [ 2311.589373] ? perf_trace_lock+0x14d/0x7a0 [ 2311.593611] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2311.599140] ? find_held_lock+0x36/0x1c0 [ 2311.603192] ? mark_held_locks+0xc7/0x130 [ 2311.607379] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2311.612481] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2311.617569] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2311.622139] ? trace_hardirqs_on+0xbd/0x310 [ 2311.626462] ? kasan_check_read+0x11/0x20 [ 2311.630596] ? ___ratelimit+0x3b4/0x672 [ 2311.634587] ? trace_hardirqs_off_caller+0x310/0x310 [ 2311.639694] ? trace_hardirqs_on+0x310/0x310 [ 2311.644086] ? lock_downgrade+0x900/0x900 [ 2311.648219] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2311.653320] ? ___ratelimit+0x3b9/0x672 [ 2311.657279] ? idr_get_free+0xf70/0xf70 [ 2311.661236] ? lock_is_held_type+0x210/0x210 [ 2311.665657] oom_kill_process.cold.27+0x10/0x903 [ 2311.670399] ? zap_class+0x640/0x640 [ 2311.674098] ? oom_badness+0xe6/0xaa0 [ 2311.677881] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2311.682810] ? kasan_check_read+0x11/0x20 [ 2311.686949] ? oom_evaluate_task+0x540/0x540 [ 2311.691344] ? find_held_lock+0x36/0x1c0 [ 2311.695395] ? out_of_memory+0x974/0x1430 [ 2311.699535] ? lock_downgrade+0x900/0x900 [ 2311.703675] ? check_preemption_disabled+0x48/0x280 [ 2311.708676] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2311.713592] ? kasan_check_read+0x11/0x20 [ 2311.717724] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2311.722986] ? rcu_softirq_qs+0x20/0x20 [ 2311.726953] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2311.732473] ? oom_evaluate_task+0x302/0x540 [ 2311.736893] out_of_memory+0xa84/0x1430 [ 2311.740861] ? oom_killer_disable+0x3a0/0x3a0 [ 2311.745345] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2311.750277] ? __ww_mutex_check_waiters+0x160/0x160 [ 2311.755307] __alloc_pages_slowpath+0x232c/0x2de0 [ 2311.760156] ? warn_alloc+0x120/0x120 [ 2311.763942] ? mark_held_locks+0x130/0x130 [ 2311.768181] ? find_get_entry+0xaae/0x1120 [ 2311.772421] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2311.777945] ? check_preemption_disabled+0x48/0x280 [ 2311.782947] ? filemap_map_pages+0x1a20/0x1a20 [ 2311.787519] ? debug_smp_processor_id+0x1c/0x20 [ 2311.792181] ? perf_trace_lock+0x14d/0x7a0 [ 2311.796406] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2311.801934] ? should_fail+0x22d/0xd01 [ 2311.805812] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2311.810901] ? zap_class+0x640/0x640 [ 2311.814614] ? __lock_is_held+0xb5/0x140 [ 2311.818667] ? mark_held_locks+0x130/0x130 [ 2311.822892] ? lock_release+0xa00/0xa00 [ 2311.826853] ? perf_trace_sched_process_exec+0x860/0x860 [ 2311.832291] ? xa_load+0x2ba/0x460 [ 2311.835815] ? lock_downgrade+0x900/0x900 [ 2311.839947] ? __might_sleep+0x95/0x190 [ 2311.843913] __alloc_pages_nodemask+0xad8/0xea0 [ 2311.848572] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2311.853575] ? __page_cache_alloc+0x191/0x5c0 [ 2311.858060] ? xa_load+0x2e1/0x460 [ 2311.861592] ? xa_clear_mark+0x40/0x40 [ 2311.865470] ? zap_class+0x640/0x640 [ 2311.869183] ? zap_class+0x640/0x640 [ 2311.872880] ? zap_class+0x640/0x640 [ 2311.876594] ? __do_page_cache_readahead+0x663/0x810 [ 2311.881703] ? find_held_lock+0x36/0x1c0 [ 2311.885755] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2311.891550] alloc_pages_current+0x173/0x350 [ 2311.895966] __page_cache_alloc+0x38c/0x5c0 [ 2311.900289] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2311.905218] ? kasan_check_read+0x11/0x20 [ 2311.909352] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2311.914614] ? generic_perform_write+0x6a0/0x6a0 [ 2311.919355] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2311.924880] ? check_preemption_disabled+0x48/0x280 [ 2311.929885] filemap_fault+0x1595/0x25f0 [ 2311.933943] ? __lock_page_or_retry+0xa00/0xa00 [ 2311.938601] ? mark_held_locks+0x130/0x130 [ 2311.942830] ? filemap_map_pages+0xd6b/0x1a20 [ 2311.947323] ? lock_downgrade+0x900/0x900 [ 2311.951463] ? check_preemption_disabled+0x48/0x280 [ 2311.956474] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2311.961389] ? kasan_check_read+0x11/0x20 [ 2311.965529] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2311.970794] ? rcu_softirq_qs+0x20/0x20 [ 2311.974760] ? filemap_map_pages+0xd92/0x1a20 [ 2311.979248] ? find_get_entries_tag+0x1400/0x1400 [ 2311.984093] ? __kernel_text_address+0xd/0x40 [ 2311.988576] ? unwind_get_return_address+0x61/0xa0 [ 2311.993498] ? lock_acquire+0x1ed/0x520 [ 2311.997462] ? ext4_filemap_fault+0x7a/0xad [ 2312.001772] ? lock_release+0xa00/0xa00 [ 2312.005732] ? perf_trace_sched_process_exec+0x860/0x860 [ 2312.011172] ? print_usage_bug+0xc0/0xc0 [ 2312.015221] ? print_usage_bug+0xc0/0xc0 [ 2312.019267] ? __x64_sys_read+0x73/0xb0 [ 2312.023226] ? print_usage_bug+0xc0/0xc0 [ 2312.027286] ? down_read+0x8d/0x120 [ 2312.030897] ? ext4_filemap_fault+0x7a/0xad [ 2312.035207] ? __down_interruptible+0x700/0x700 [ 2312.039864] ext4_filemap_fault+0x82/0xad [ 2312.044002] __do_fault+0x100/0x6b0 [ 2312.047617] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2312.052710] ? mark_held_locks+0x130/0x130 [ 2312.056929] ? mark_held_locks+0x130/0x130 [ 2312.061178] ? lock_is_held_type+0x210/0x210 [ 2312.065571] ? do_syslog+0x147b/0x1690 [ 2312.069447] ? do_syslog+0x309/0x1690 [ 2312.073239] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2312.078767] __handle_mm_fault+0x3ea6/0x5be0 [ 2312.083167] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2312.088025] ? lock_is_held_type+0x210/0x210 [ 2312.092421] ? find_held_lock+0x36/0x1c0 [ 2312.096481] ? zap_class+0x640/0x640 [ 2312.100179] ? zap_class+0x640/0x640 [ 2312.103882] ? find_held_lock+0x36/0x1c0 [ 2312.107933] ? handle_mm_fault+0x42a/0xc70 [ 2312.112157] ? lock_downgrade+0x900/0x900 [ 2312.116297] ? check_preemption_disabled+0x48/0x280 [ 2312.121303] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2312.126220] ? kasan_check_read+0x11/0x20 [ 2312.130353] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2312.135616] ? rcu_softirq_qs+0x20/0x20 [ 2312.139580] ? trace_hardirqs_off_caller+0x310/0x310 [ 2312.144684] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2312.150212] ? check_preemption_disabled+0x48/0x280 [ 2312.155219] handle_mm_fault+0x54f/0xc70 [ 2312.159269] ? __handle_mm_fault+0x5be0/0x5be0 [ 2312.163851] ? find_vma+0x34/0x190 [ 2312.167384] __do_page_fault+0x5e8/0xe60 [ 2312.171443] ? trace_hardirqs_off+0xb8/0x310 [ 2312.175851] ? kernel_write+0x120/0x120 [ 2312.179819] do_page_fault+0xf2/0x7e0 [ 2312.183606] ? vmalloc_sync_all+0x30/0x30 [ 2312.187743] ? error_entry+0x70/0xd0 [ 2312.191440] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2312.196465] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2312.201379] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2312.206322] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2312.211198] ? trace_hardirqs_on_caller+0x310/0x310 [ 2312.216216] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2312.221653] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2312.226655] ? page_fault+0x8/0x30 [ 2312.230185] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2312.235040] ? page_fault+0x8/0x30 [ 2312.238585] page_fault+0x1e/0x30 [ 2312.242023] RIP: 0033:0x7f5b991d81fd [ 2312.245736] Code: Bad RIP value. [ 2312.249081] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2312.254427] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2312.261682] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2312.268937] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2312.276192] R10: 6b205d3832313838 R11: 0000000000000293 R12: 000000000065e420 [ 2312.283454] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2312.293122] Mem-Info: [ 2312.295618] active_anon:127510 inactive_anon:4311 isolated_anon:0 [ 2312.295618] active_file:18 inactive_file:11 isolated_file:0 [ 2312.295618] unevictable:1 dirty:3 writeback:7 unstable:0 [ 2312.295618] slab_reclaimable:12438 slab_unreclaimable:117700 [ 2312.295618] mapped:49168 shmem:4487 pagetables:2035 bounce:0 [ 2312.295618] free:15811 free_pcp:213 free_cma:0 [ 2312.302903] syz-executor4: vmalloc: allocation failure, allocated 87339008 of 218107904 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2312.328943] Node 0 active_anon:510040kB inactive_anon:17244kB active_file:56kB inactive_file:56kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 155648kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2312.349707] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2312.370424] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2312.370468] lowmem_reserve[]: 0 2818 6321 6321 [ 2312.384989] CPU: 0 PID: 25352 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2312.401773] Node 0 DMA32 free:28800kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2312.406306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2312.406313] Call Trace: [ 2312.406337] dump_stack+0x244/0x39d [ 2312.406360] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2312.406392] warn_alloc.cold.116+0xb7/0x1bd [ 2312.413780] lowmem_reserve[]: 0 0 3503 3503 [ 2312.441148] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2312.441168] ? __lock_is_held+0xb5/0x140 [ 2312.441197] ? policy_nodemask+0x16/0x1b0 [ 2312.441222] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2312.441268] __vmalloc_node_range+0x522/0x750 [ 2312.451673] Node 0 Normal free:18536kB min:37364kB low:46704kB high:56044kB active_anon:510004kB inactive_anon:17244kB active_file:52kB inactive_file:56kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8768kB pagetables:8140kB bounce:0kB free_pcp:604kB local_pcp:356kB free_cma:0kB [ 2312.453209] ? vb2_vmalloc_alloc+0x123/0x380 [ 2312.453227] vmalloc_user+0x75/0x170 [ 2312.453244] ? vb2_vmalloc_alloc+0x123/0x380 [ 2312.456852] lowmem_reserve[]: 0 0 0 0 [ 2312.462056] vb2_vmalloc_alloc+0x123/0x380 [ 2312.462077] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2312.462099] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2312.462118] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2312.466422] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2312.470742] __vb2_queue_alloc+0x5e1/0xfa0 [ 2312.475604] Node 0 DMA32: 6*4kB (UM) 5*8kB (UM) 6*16kB (ME) 7*32kB (UME) 6*64kB (UME) 5*128kB (ME) 3*256kB (ME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28800kB [ 2312.479648] ? vimc_cap_get_format+0x120/0x120 [ 2312.483813] Node 0 Normal: 538*4kB (UME) 882*8kB (ME) 573*16kB (UM) 5*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18536kB [ 2312.489295] vb2_core_create_bufs+0x401/0x8c0 [ 2312.493815] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2312.522833] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2312.522855] ? debug_smp_processor_id+0x1c/0x20 [ 2312.522873] ? perf_trace_lock+0x14d/0x7a0 [ 2312.522891] ? __save_stack_trace+0x8d/0xf0 [ 2312.522934] vb2_create_bufs+0x4b6/0x8f0 [ 2312.530322] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2312.531027] ? v4l2_ioctl+0x154/0x1b0 [ 2312.535515] 4516 total pagecache pages [ 2312.539250] ? vb2_request_queue+0x120/0x120 [ 2312.543532] 0 pages in swap cache [ 2312.548578] ? find_held_lock+0x36/0x1c0 [ 2312.552916] Swap cache stats: add 0, delete 0, find 0/0 [ 2312.557984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2312.571560] Free swap = 0kB [ 2312.575776] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2312.575812] v4l_create_bufs+0x152/0x230 [ 2312.575835] __video_do_ioctl+0x8b1/0x1050 [ 2312.575876] ? v4l_s_fmt+0x990/0x990 [ 2312.593017] Total swap = 0kB [ 2312.596393] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2312.609784] 1965979 pages RAM [ 2312.614243] video_usercopy+0x5c1/0x1760 [ 2312.614277] ? v4l_s_fmt+0x990/0x990 [ 2312.614301] ? v4l_enumstd+0x70/0x70 [ 2312.623169] 0 pages HighMem/MovableOnly [ 2312.627540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2312.632240] 342853 pages reserved [ 2312.636425] ? find_held_lock+0x36/0x1c0 [ 2312.640726] 0 pages cma reserved [ 2312.644795] ? __fget+0x4aa/0x740 [ 2312.644815] ? lock_downgrade+0x900/0x900 [ 2312.644838] ? check_preemption_disabled+0x48/0x280 [ 2312.653444] Out of memory: Kill process 14500 (syz-executor5) score 1007 or sacrifice child [ 2312.657190] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2312.664814] Killed process 14500 (syz-executor5) total-vm:70736kB, anon-rss:16560kB, file-rss:32768kB, shmem-rss:0kB [ 2312.665472] ? kasan_check_read+0x11/0x20 [ 2312.665489] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2312.665505] ? rcu_softirq_qs+0x20/0x20 [ 2312.665544] ? __fget+0x4d1/0x740 [ 2312.665576] ? ksys_dup3+0x680/0x680 [ 2312.665596] ? __might_fault+0x12b/0x1e0 [ 2312.665616] ? video_usercopy+0x1760/0x1760 [ 2312.665632] video_ioctl2+0x2c/0x33 [ 2312.665649] v4l2_ioctl+0x154/0x1b0 [ 2312.665664] ? video_devdata+0xa0/0xa0 [ 2312.665683] do_vfs_ioctl+0x1de/0x1790 [ 2312.665706] ? ioctl_preallocate+0x300/0x300 [ 2312.665722] ? __fget_light+0x2e9/0x430 [ 2312.665740] ? fget_raw+0x20/0x20 [ 2312.665754] ? _copy_to_user+0xc8/0x110 [ 2312.665775] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2312.665793] ? put_timespec64+0x10f/0x1b0 [ 2312.665811] ? nsecs_to_jiffies+0x30/0x30 [ 2312.665833] ? do_syscall_64+0x9a/0x820 [ 2312.665849] ? do_syscall_64+0x9a/0x820 [ 2312.665867] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2312.665888] ? security_file_ioctl+0x94/0xc0 [ 2312.665908] ksys_ioctl+0xa9/0xd0 [ 2312.665929] __x64_sys_ioctl+0x73/0xb0 [ 2312.665947] do_syscall_64+0x1b9/0x820 [ 2312.677761] oom_reaper: reaped process 14500 (syz-executor5), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 2312.679305] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2312.694759] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2312.696499] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2312.700717] rsyslogd cpuset=/ mems_allowed=0 [ 2312.704429] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2312.704452] ? trace_hardirqs_on_caller+0x310/0x310 [ 2312.704471] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2312.704491] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2312.942239] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2312.947362] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2312.952568] RIP: 0033:0x457669 [ 2312.955782] Code: Bad RIP value. [ 2312.959148] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2312.966880] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2312.974157] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2312.981428] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2312.988699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2312.995973] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2313.003276] CPU: 1 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2313.010129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2313.011822] Mem-Info: [ 2313.019480] Call Trace: [ 2313.019506] dump_stack+0x244/0x39d [ 2313.019539] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2313.019561] ? mark_held_locks+0x130/0x130 [ 2313.019582] ? mark_held_locks+0x130/0x130 [ 2313.022042] active_anon:123385 inactive_anon:4311 isolated_anon:0 [ 2313.022042] active_file:14 inactive_file:14 isolated_file:0 [ 2313.022042] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2313.022042] slab_reclaimable:12388 slab_unreclaimable:117288 [ 2313.022042] mapped:49168 shmem:4487 pagetables:2035 bounce:0 [ 2313.022042] free:20211 free_pcp:446 free_cma:0 [ 2313.024572] dump_header+0x27b/0xf72 [ 2313.028200] Node 0 active_anon:493540kB inactive_anon:17244kB active_file:56kB inactive_file:56kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 155648kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2313.033368] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2313.033388] ? check_preemption_disabled+0x48/0x280 [ 2313.033407] ? pagefault_out_of_memory+0x197/0x197 [ 2313.037623] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2313.041892] ? debug_smp_processor_id+0x1c/0x20 [ 2313.075599] lowmem_reserve[]: 0 2818 6321 6321 [ 2313.079289] ? perf_trace_lock+0x14d/0x7a0 [ 2313.107151] Node 0 DMA32 free:28800kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2313.112668] ? debug_smp_processor_id+0x1c/0x20 [ 2313.112684] ? perf_trace_lock+0x14d/0x7a0 [ 2313.112704] ? lock_is_held_type+0x210/0x210 [ 2313.117700] lowmem_reserve[]: 0 0 3503 3503 [ 2313.122634] ? debug_smp_processor_id+0x1c/0x20 [ 2313.122650] ? perf_trace_lock+0x14d/0x7a0 [ 2313.122669] ? zap_class+0x640/0x640 [ 2313.148789] Node 0 Normal free:36136kB min:37364kB low:46704kB high:56044kB active_anon:493504kB inactive_anon:17244kB active_file:52kB inactive_file:56kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8768kB pagetables:8140kB bounce:0kB free_pcp:1536kB local_pcp:420kB free_cma:0kB [ 2313.153423] ? zap_class+0x640/0x640 [ 2313.153455] ? print_usage_bug+0xc0/0xc0 [ 2313.153475] ? lock_is_held_type+0x210/0x210 [ 2313.158036] lowmem_reserve[]: 0 0 0 0 [ 2313.162293] ? perf_trace_lock+0x14d/0x7a0 [ 2313.162317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2313.162338] ? find_held_lock+0x36/0x1c0 [ 2313.189932] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2313.194582] ? mark_held_locks+0xc7/0x130 [ 2313.194609] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2313.198831] Node 0 DMA32: 6*4kB (UM) 5*8kB (UM) 6*16kB (ME) 7*32kB (UME) 6*64kB (UME) 5*128kB (ME) 3*256kB (ME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28800kB [ 2313.203250] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2313.203267] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2313.203290] ? trace_hardirqs_on+0xbd/0x310 [ 2313.207806] Node 0 Normal: 538*4kB (UME) 935*8kB (UME) 575*16kB (UM) 11*32kB (UM) 0*64kB 3*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 8*2048kB (M) 0*4096kB = 36208kB [ 2313.212481] ? kasan_check_read+0x11/0x20 [ 2313.212511] ? ___ratelimit+0x3b4/0x672 [ 2313.212541] ? trace_hardirqs_off_caller+0x310/0x310 [ 2313.216781] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2313.220499] ? trace_hardirqs_on+0x310/0x310 [ 2313.249762] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2313.253433] ? lock_downgrade+0x900/0x900 [ 2313.253455] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2313.253472] ? ___ratelimit+0x3b9/0x672 [ 2313.257519] 4516 total pagecache pages [ 2313.261925] ? idr_get_free+0xf70/0xf70 [ 2313.261943] ? lock_is_held_type+0x210/0x210 [ 2313.261968] oom_kill_process.cold.27+0x10/0x903 [ 2313.265752] 0 pages in swap cache [ 2313.269977] ? zap_class+0x640/0x640 [ 2313.275551] Swap cache stats: add 0, delete 0, find 0/0 [ 2313.279580] ? oom_badness+0xe6/0xaa0 [ 2313.293123] Free swap = 0kB [ 2313.297243] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2313.302355] Total swap = 0kB [ 2313.318284] ? kasan_check_read+0x11/0x20 [ 2313.318305] ? oom_evaluate_task+0x540/0x540 [ 2313.318325] ? find_held_lock+0x36/0x1c0 [ 2313.323437] 1965979 pages RAM [ 2313.327993] ? out_of_memory+0x974/0x1430 [ 2313.332313] 0 pages HighMem/MovableOnly [ 2313.346888] ? lock_downgrade+0x900/0x900 [ 2313.346905] ? check_preemption_disabled+0x48/0x280 [ 2313.346938] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2313.351071] 342853 pages reserved [ 2313.355038] ? kasan_check_read+0x11/0x20 [ 2313.355060] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2313.355075] ? rcu_softirq_qs+0x20/0x20 [ 2313.360164] 0 pages cma reserved [ 2313.368995] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2313.369009] ? oom_evaluate_task+0x302/0x540 [ 2313.369028] out_of_memory+0xa84/0x1430 [ 2313.511592] ? oom_killer_disable+0x3a0/0x3a0 [ 2313.516116] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2313.521156] ? __ww_mutex_check_waiters+0x160/0x160 [ 2313.526189] __alloc_pages_slowpath+0x232c/0x2de0 [ 2313.531101] ? warn_alloc+0x120/0x120 [ 2313.534905] ? mark_held_locks+0x130/0x130 [ 2313.539147] ? find_get_entry+0xaae/0x1120 [ 2313.543396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2313.548940] ? check_preemption_disabled+0x48/0x280 [ 2313.553958] ? filemap_map_pages+0x1a20/0x1a20 [ 2313.558556] ? debug_smp_processor_id+0x1c/0x20 [ 2313.563227] ? perf_trace_lock+0x14d/0x7a0 [ 2313.567489] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2313.573028] ? should_fail+0x22d/0xd01 [ 2313.576929] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2313.582040] ? zap_class+0x640/0x640 [ 2313.585791] ? __lock_is_held+0xb5/0x140 [ 2313.589866] ? mark_held_locks+0x130/0x130 [ 2313.594106] ? lock_release+0xa00/0xa00 [ 2313.598097] ? perf_trace_sched_process_exec+0x860/0x860 [ 2313.603559] ? xa_load+0x2ba/0x460 [ 2313.607104] ? lock_downgrade+0x900/0x900 [ 2313.611260] ? __might_sleep+0x95/0x190 [ 2313.615242] __alloc_pages_nodemask+0xad8/0xea0 [ 2313.619917] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2313.624938] ? __page_cache_alloc+0x191/0x5c0 [ 2313.629451] ? xa_load+0x2e1/0x460 [ 2313.633002] ? xa_clear_mark+0x40/0x40 [ 2313.636923] ? zap_class+0x640/0x640 [ 2313.640644] ? zap_class+0x640/0x640 [ 2313.644359] ? zap_class+0x640/0x640 [ 2313.648079] ? __do_page_cache_readahead+0x663/0x810 [ 2313.653201] ? find_held_lock+0x36/0x1c0 [ 2313.657267] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2313.662815] alloc_pages_current+0x173/0x350 [ 2313.667251] __page_cache_alloc+0x38c/0x5c0 [ 2313.671595] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2313.676589] ? kasan_check_read+0x11/0x20 [ 2313.680737] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2313.686023] ? generic_perform_write+0x6a0/0x6a0 [ 2313.690785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2313.696343] ? check_preemption_disabled+0x48/0x280 [ 2313.701367] filemap_fault+0x1595/0x25f0 [ 2313.705445] ? __lock_page_or_retry+0xa00/0xa00 [ 2313.710119] ? mark_held_locks+0x130/0x130 [ 2313.714365] ? filemap_map_pages+0xd6b/0x1a20 [ 2313.718881] ? lock_downgrade+0x900/0x900 [ 2313.723032] ? check_preemption_disabled+0x48/0x280 [ 2313.728075] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2313.733006] ? kasan_check_read+0x11/0x20 [ 2313.737155] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2313.742433] ? rcu_softirq_qs+0x20/0x20 [ 2313.746422] ? filemap_map_pages+0xd92/0x1a20 [ 2313.750934] ? find_get_entries_tag+0x1400/0x1400 [ 2313.755785] ? __kernel_text_address+0xd/0x40 [ 2313.760363] ? unwind_get_return_address+0x61/0xa0 [ 2313.765313] ? lock_acquire+0x1ed/0x520 [ 2313.769317] ? ext4_filemap_fault+0x7a/0xad [ 2313.773680] ? lock_release+0xa00/0xa00 [ 2313.777671] ? perf_trace_sched_process_exec+0x860/0x860 [ 2313.783123] ? print_usage_bug+0xc0/0xc0 [ 2313.787185] ? print_usage_bug+0xc0/0xc0 [ 2313.791274] ? __x64_sys_read+0x73/0xb0 [ 2313.795278] ? print_usage_bug+0xc0/0xc0 [ 2313.799360] ? down_read+0x8d/0x120 [ 2313.802988] ? ext4_filemap_fault+0x7a/0xad [ 2313.807332] ? __down_interruptible+0x700/0x700 [ 2313.812045] ext4_filemap_fault+0x82/0xad [ 2313.816200] __do_fault+0x100/0x6b0 [ 2313.819837] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2313.824967] ? mark_held_locks+0x130/0x130 [ 2313.829203] ? mark_held_locks+0x130/0x130 [ 2313.833438] ? lock_is_held_type+0x210/0x210 [ 2313.837850] ? do_syslog+0x147b/0x1690 [ 2313.841743] ? do_syslog+0x309/0x1690 [ 2313.845585] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2313.851128] __handle_mm_fault+0x3ea6/0x5be0 [ 2313.855553] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2313.860428] ? lock_is_held_type+0x210/0x210 [ 2313.864840] ? find_held_lock+0x36/0x1c0 [ 2313.868922] ? zap_class+0x640/0x640 [ 2313.872636] ? zap_class+0x640/0x640 [ 2313.876374] ? find_held_lock+0x36/0x1c0 [ 2313.880445] ? handle_mm_fault+0x42a/0xc70 [ 2313.884683] ? lock_downgrade+0x900/0x900 [ 2313.888838] ? check_preemption_disabled+0x48/0x280 [ 2313.893879] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2313.898829] ? kasan_check_read+0x11/0x20 [ 2313.902984] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2313.908259] ? rcu_softirq_qs+0x20/0x20 [ 2313.912236] ? trace_hardirqs_off_caller+0x310/0x310 [ 2313.917428] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2313.922966] ? check_preemption_disabled+0x48/0x280 [ 2313.927991] handle_mm_fault+0x54f/0xc70 [ 2313.932065] ? __handle_mm_fault+0x5be0/0x5be0 [ 2313.936672] ? find_vma+0x34/0x190 [ 2313.940226] __do_page_fault+0x5e8/0xe60 [ 2313.944289] ? trace_hardirqs_off+0xb8/0x310 [ 2313.948714] ? kernel_write+0x120/0x120 [ 2313.952720] do_page_fault+0xf2/0x7e0 [ 2313.956535] ? vmalloc_sync_all+0x30/0x30 [ 2313.960687] ? error_entry+0x70/0xd0 [ 2313.964405] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2313.969423] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2313.974358] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2313.979287] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2313.984132] ? trace_hardirqs_on_caller+0x310/0x310 [ 2313.989152] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2313.994625] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2313.999676] ? page_fault+0x8/0x30 [ 2314.003224] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2314.008073] ? page_fault+0x8/0x30 [ 2314.011617] page_fault+0x1e/0x30 [ 2314.015073] RIP: 0033:0x7f5b991d81fd [ 2314.018801] Code: Bad RIP value. [ 2314.022166] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2314.027541] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2314.034809] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2314.042123] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2314.049404] R10: 6b205d3832313838 R11: 0000000000000293 R12: 000000000065e420 [ 2314.056678] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2314.065428] Mem-Info: [ 2314.067894] active_anon:123377 inactive_anon:4311 isolated_anon:0 [ 2314.067894] active_file:21 inactive_file:7 isolated_file:0 [ 2314.067894] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2314.067894] slab_reclaimable:12387 slab_unreclaimable:117283 [ 2314.067894] mapped:49168 shmem:4487 pagetables:2003 bounce:0 [ 2314.067894] free:20469 free_pcp:684 free_cma:0 [ 2314.101450] Node 0 active_anon:493508kB inactive_anon:17244kB active_file:56kB inactive_file:156kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 139264kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2314.129537] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2314.158640] lowmem_reserve[]: 0 2818 6321 6321 [ 2314.163293] Node 0 DMA32 free:42600kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1260kB local_pcp:0kB free_cma:0kB [ 2314.190912] lowmem_reserve[]: 0 0 3503 3503 [ 2314.196560] Node 0 Normal free:105336kB min:37364kB low:46704kB high:56044kB active_anon:493472kB inactive_anon:17244kB active_file:56kB inactive_file:552kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8736kB pagetables:8012kB bounce:0kB free_pcp:2588kB local_pcp:1124kB free_cma:0kB [ 2314.226539] lowmem_reserve[]: 0 0 0 0 [ 2314.230372] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2314.244098] Node 0 DMA32: 7*4kB (UM) 5*8kB (UM) 8*16kB (UME) 9*32kB (UME) 7*64kB (UME) 6*128kB (UME) 6*256kB (UME) 5*512kB (UME) 6*1024kB (UME) 5*2048kB (UME) 5*4096kB (UM) = 42660kB [ 2314.260697] Node 0 Normal: 8130*4kB (UME) 3790*8kB (UME) 1167*16kB (UM) 255*32kB (UM) 85*64kB (U) 55*128kB (U) 36*256kB (U) 9*512kB (U) 4*1024kB (U) 10*2048kB (UM) 1*4096kB (U) = 144648kB [ 2314.277740] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2314.286639] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2314.295336] 4776 total pagecache pages [ 2314.299252] 0 pages in swap cache [ 2314.302748] Swap cache stats: add 0, delete 0, find 0/0 [ 2314.308111] Free swap = 0kB [ 2314.311125] Total swap = 0kB [ 2314.314242] 1965979 pages RAM [ 2314.317350] 0 pages HighMem/MovableOnly [ 2314.321321] 342853 pages reserved [ 2314.325994] 0 pages cma reserved [ 2314.329373] Out of memory: Kill process 14548 (syz-executor4) score 1005 or sacrifice child [ 2314.337982] Killed process 14548 (syz-executor4) total-vm:71396kB, anon-rss:4328kB, file-rss:32768kB, shmem-rss:0kB [ 2317.257665] syz-executor4 (25352) used greatest stack depth: 8944 bytes left 06:17:12 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x2000, 0xffffffffffffffff]}}}) 06:17:12 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff00000004]}}}) 06:17:12 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfcfdffffffffffff, r0, 0x0}]) 06:17:12 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x12Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:12 executing program 0: [ 2317.494659] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2317.509455] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2317.514903] CPU: 0 PID: 25401 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2317.522302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2317.531660] Call Trace: [ 2317.534245] dump_stack+0x244/0x39d [ 2317.537891] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2317.543074] ? __video_do_ioctl+0x8b1/0x1050 [ 2317.547482] ? video_usercopy+0x5c1/0x1760 [ 2317.551738] ? video_ioctl2+0x2c/0x33 [ 2317.555565] ? do_vfs_ioctl+0x1de/0x1790 [ 2317.559637] warn_alloc.cold.116+0xb7/0x1bd [ 2317.563951] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2317.568795] ? zap_class+0x640/0x640 [ 2317.572518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2317.578078] ? check_preemption_disabled+0x48/0x280 [ 2317.583101] __vmalloc_node_range+0x472/0x750 [ 2317.587594] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2317.592617] ? vb2_vmalloc_alloc+0x123/0x380 [ 2317.597027] vmalloc_user+0x75/0x170 [ 2317.600771] ? vb2_vmalloc_alloc+0x123/0x380 [ 2317.605183] vb2_vmalloc_alloc+0x123/0x380 [ 2317.609417] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2317.614558] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2317.618896] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2317.624007] __vb2_queue_alloc+0x5e1/0xfa0 [ 2317.628247] ? vimc_cap_get_format+0x120/0x120 [ 2317.632829] vb2_core_create_bufs+0x401/0x8c0 [ 2317.637317] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2317.641730] ? debug_smp_processor_id+0x1c/0x20 [ 2317.646409] ? perf_trace_lock+0x14d/0x7a0 [ 2317.650639] ? __save_stack_trace+0x8d/0xf0 [ 2317.654967] vb2_create_bufs+0x4b6/0x8f0 [ 2317.659047] ? v4l2_ioctl+0x154/0x1b0 [ 2317.662846] ? vb2_request_queue+0x120/0x120 [ 2317.667252] ? find_held_lock+0x36/0x1c0 [ 2317.671312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2317.676863] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2317.681468] v4l_create_bufs+0x152/0x230 [ 2317.685579] __video_do_ioctl+0x8b1/0x1050 [ 2317.689871] ? v4l_s_fmt+0x990/0x990 [ 2317.693597] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2317.699158] video_usercopy+0x5c1/0x1760 [ 2317.703237] ? v4l_s_fmt+0x990/0x990 [ 2317.706949] ? v4l_enumstd+0x70/0x70 [ 2317.710678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2317.716240] ? find_held_lock+0x36/0x1c0 [ 2317.720314] ? __fget+0x4aa/0x740 [ 2317.723756] ? lock_downgrade+0x900/0x900 [ 2317.727918] ? check_preemption_disabled+0x48/0x280 [ 2317.732964] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2317.737896] ? kasan_check_read+0x11/0x20 [ 2317.742033] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2317.747300] ? rcu_softirq_qs+0x20/0x20 [ 2317.751274] ? __fget+0x4d1/0x740 [ 2317.754722] ? ksys_dup3+0x680/0x680 [ 2317.758443] ? __might_fault+0x12b/0x1e0 [ 2317.762512] ? video_usercopy+0x1760/0x1760 [ 2317.766832] video_ioctl2+0x2c/0x33 [ 2317.770447] v4l2_ioctl+0x154/0x1b0 [ 2317.774069] ? video_devdata+0xa0/0xa0 [ 2317.777948] do_vfs_ioctl+0x1de/0x1790 [ 2317.781827] ? ioctl_preallocate+0x300/0x300 [ 2317.786240] ? __fget_light+0x2e9/0x430 [ 2317.790221] ? fget_raw+0x20/0x20 [ 2317.793662] ? _copy_to_user+0xc8/0x110 [ 2317.797632] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2317.803163] ? put_timespec64+0x10f/0x1b0 [ 2317.807303] ? nsecs_to_jiffies+0x30/0x30 [ 2317.811458] ? do_syscall_64+0x9a/0x820 [ 2317.815438] ? do_syscall_64+0x9a/0x820 [ 2317.819419] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2317.824019] ? security_file_ioctl+0x94/0xc0 [ 2317.828461] ksys_ioctl+0xa9/0xd0 [ 2317.831936] __x64_sys_ioctl+0x73/0xb0 [ 2317.835830] do_syscall_64+0x1b9/0x820 [ 2317.839710] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2317.845067] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2317.849987] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2317.854858] ? trace_hardirqs_on_caller+0x310/0x310 [ 2317.859902] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2317.864911] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2317.869937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2317.874812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2317.880015] RIP: 0033:0x457669 [ 2317.883230] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2317.902130] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2317.909856] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2317.917137] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2317.924411] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2317.931689] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2317.938950] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:17:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:13 executing program 0: [ 2317.949733] Mem-Info: [ 2317.962216] active_anon:123372 inactive_anon:4309 isolated_anon:0 [ 2317.962216] active_file:29 inactive_file:3291 isolated_file:0 [ 2317.962216] unevictable:1 dirty:53 writeback:0 unstable:0 [ 2317.962216] slab_reclaimable:12359 slab_unreclaimable:116799 [ 2317.962216] mapped:51508 shmem:4487 pagetables:2045 bounce:0 [ 2317.962216] free:1265424 free_pcp:874 free_cma:0 06:17:13 executing program 0: [ 2318.003102] Node 0 active_anon:493488kB inactive_anon:17236kB active_file:116kB inactive_file:13264kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:206032kB dirty:212kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 137216kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2318.034727] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 06:17:13 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfeffffffffffff, r0, 0x0}]) [ 2318.096558] lowmem_reserve[]: 0 2818 6321 6321 [ 2318.103800] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2318.112090] Node 0 DMA32 free:2881440kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1396kB local_pcp:1396kB free_cma:0kB 06:17:13 executing program 0: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000001c0)="9aee846cbcd9dd9d51502eb841f06100ecbd2779fc9a6a8689b96d00c4187718f1394e5f71b1bae2a1ff1b230e7ae4566ecce50d7432c329ef209ec22a817f3d7e92155042a064cf1caf892dcf69fc41e876ba08c76d2ec074e8255d560651abe22002a8b8a076c377a3e1486c3a906bac1d49b0d57631de92cc6ecd198a130bca2bfdc14e2bb216141552d4b4b6cb329c3582c49bb251a6c6f1307312b2c9b94040a7d3f6", 0xa5, 0x10, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10) r2 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x100000000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x2}) write$binfmt_elf64(r0, &(0x7f0000000780)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x7f, 0x80000000, 0x0, 0x0, 0x2, 0x3, 0x7294dade, 0x117, 0x40, 0x395, 0x6, 0x20, 0x38, 0x2, 0x30c9ed6d, 0x9, 0x23fdf94e}, [{0x0, 0x9, 0x3, 0x400, 0x8, 0xa, 0x10001, 0xffffffffffffffff}, {0x0, 0x4, 0x800, 0x0, 0xfffffffffffffffb, 0x400000000, 0x0, 0x7fff}], "7c0b9df3ab765878c26bbfc44c80669894411da2d08ccfa897d55c6d6899c52be1341af7c7ae872e54bbca16059f3af4e6e4edbd1138f11f8f75305d9667bce98527b982f1af9f361e89735a37ffa9ae7f9708749ec1af4dbee4565986c6cd73d874d3199bffe34491"}, 0x119) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x9, 0xffffffffffffffff, 0x3ff, 0x0, 0x8, 0x2000, 0xe, 0xcfe, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x648f, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x7, 0x200, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x0, @perf_bp={0x0, 0x8}, 0x100, 0x8, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) r3 = add_key$keyring(&(0x7f0000000700)='keyring\x00', &(0x7f0000000740)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="a19e30ae678aabadc7cf8282217964d1358c2591870c0a53449e2a22baa8558bd56e17e66de9957749dc3b997e31bb342e1db72a9f59d9809a245d2e5f5faa87c6df7360", 0x44}], 0x1, r3) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') 06:17:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2318.196333] lowmem_reserve[]: 0 0 3503 3503 [ 2318.212013] Node 0 Normal free:2147828kB min:37364kB low:46704kB high:56044kB active_anon:495756kB inactive_anon:17236kB active_file:2016kB inactive_file:12660kB unevictable:4kB writepending:212kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8960kB pagetables:8328kB bounce:0kB free_pcp:2296kB local_pcp:1228kB free_cma:0kB [ 2318.248522] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2318.282110] lowmem_reserve[]: 0 0 0 0 06:17:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2318.286899] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2318.312867] Node 0 DMA32: 20*4kB (UM) 56*8kB (UM) 57*16kB (UME) 56*32kB (UME) 56*64kB (UME) 62*128kB (UME) 44*256kB (UME) 35*512kB (UME) 27*1024kB (UME) 20*2048kB (UME) 676*4096kB (UM) = 2881440kB [ 2318.334565] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2318.353421] Node 0 Normal: 11755*4kB (UE) 8300*8kB (UME) 3807*16kB (UME) 1610*32kB (UM) 833*64kB (UME) 459*128kB (UME) 170*256kB (UM) 96*512kB (UM) 66*1024kB (U) 39*2048kB (UM) 383*4096kB (UM) = 2146812kB [ 2318.391330] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2318.404705] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2318.415250] 8363 total pagecache pages [ 2318.425131] 0 pages in swap cache [ 2318.429028] Swap cache stats: add 0, delete 0, find 0/0 [ 2318.435080] Free swap = 0kB [ 2318.438209] Total swap = 0kB [ 2318.441316] 1965979 pages RAM [ 2318.444596] 0 pages HighMem/MovableOnly [ 2318.448710] 342853 pages reserved [ 2318.452313] 0 pages cma reserved 06:17:13 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x1aZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:13 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xeffdffffffffffff, r0, 0x0}]) 06:17:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:13 executing program 0: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000001c0)="9aee846cbcd9dd9d51502eb841f06100ecbd2779fc9a6a8689b96d00c4187718f1394e5f71b1bae2a1ff1b230e7ae4566ecce50d7432c329ef209ec22a817f3d7e92155042a064cf1caf892dcf69fc41e876ba08c76d2ec074e8255d560651abe22002a8b8a076c377a3e1486c3a906bac1d49b0d57631de92cc6ecd198a130bca2bfdc14e2bb216141552d4b4b6cb329c3582c49bb251a6c6f1307312b2c9b94040a7d3f6", 0xa5, 0x10, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10) r2 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x100000000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x2}) write$binfmt_elf64(r0, &(0x7f0000000780)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x7f, 0x80000000, 0x0, 0x0, 0x2, 0x3, 0x7294dade, 0x117, 0x40, 0x395, 0x6, 0x20, 0x38, 0x2, 0x30c9ed6d, 0x9, 0x23fdf94e}, [{0x0, 0x9, 0x3, 0x400, 0x8, 0xa, 0x10001, 0xffffffffffffffff}, {0x0, 0x4, 0x800, 0x0, 0xfffffffffffffffb, 0x400000000, 0x0, 0x7fff}], "7c0b9df3ab765878c26bbfc44c80669894411da2d08ccfa897d55c6d6899c52be1341af7c7ae872e54bbca16059f3af4e6e4edbd1138f11f8f75305d9667bce98527b982f1af9f361e89735a37ffa9ae7f9708749ec1af4dbee4565986c6cd73d874d3199bffe34491"}, 0x119) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x9, 0xffffffffffffffff, 0x3ff, 0x0, 0x8, 0x2000, 0xe, 0xcfe, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x648f, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x7, 0x200, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x0, @perf_bp={0x0, 0x8}, 0x100, 0x8, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) r3 = add_key$keyring(&(0x7f0000000700)='keyring\x00', &(0x7f0000000740)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="a19e30ae678aabadc7cf8282217964d1358c2591870c0a53449e2a22baa8558bd56e17e66de9957749dc3b997e31bb342e1db72a9f59d9809a245d2e5f5faa87c6df7360", 0x44}], 0x1, r3) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') 06:17:13 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff000e1000]}}}) 06:17:13 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x68, 0xffffffffffffffff]}}}) [ 2318.710501] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:13 executing program 0: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000001c0)="9aee846cbcd9dd9d51502eb841f06100ecbd2779fc9a6a8689b96d00c4187718f1394e5f71b1bae2a1ff1b230e7ae4566ecce50d7432c329ef209ec22a817f3d7e92155042a064cf1caf892dcf69fc41e876ba08c76d2ec074e8255d560651abe22002a8b8a076c377a3e1486c3a906bac1d49b0d57631de92cc6ecd198a130bca2bfdc14e2bb216141552d4b4b6cb329c3582c49bb251a6c6f1307312b2c9b94040a7d3f6", 0xa5, 0x10, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10) r2 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x100000000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x2}) write$binfmt_elf64(r0, &(0x7f0000000780)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x7f, 0x80000000, 0x0, 0x0, 0x2, 0x3, 0x7294dade, 0x117, 0x40, 0x395, 0x6, 0x20, 0x38, 0x2, 0x30c9ed6d, 0x9, 0x23fdf94e}, [{0x0, 0x9, 0x3, 0x400, 0x8, 0xa, 0x10001, 0xffffffffffffffff}, {0x0, 0x4, 0x800, 0x0, 0xfffffffffffffffb, 0x400000000, 0x0, 0x7fff}], "7c0b9df3ab765878c26bbfc44c80669894411da2d08ccfa897d55c6d6899c52be1341af7c7ae872e54bbca16059f3af4e6e4edbd1138f11f8f75305d9667bce98527b982f1af9f361e89735a37ffa9ae7f9708749ec1af4dbee4565986c6cd73d874d3199bffe34491"}, 0x119) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x9, 0xffffffffffffffff, 0x3ff, 0x0, 0x8, 0x2000, 0xe, 0xcfe, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x648f, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x7, 0x200, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x0, @perf_bp={0x0, 0x8}, 0x100, 0x8, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) r3 = add_key$keyring(&(0x7f0000000700)='keyring\x00', &(0x7f0000000740)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="a19e30ae678aabadc7cf8282217964d1358c2591870c0a53449e2a22baa8558bd56e17e66de9957749dc3b997e31bb342e1db72a9f59d9809a245d2e5f5faa87c6df7360", 0x44}], 0x1, r3) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') 06:17:13 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfefdffffffffffff, r0, 0x0}]) [ 2318.829747] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:14 executing program 0: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000001c0)="9aee846cbcd9dd9d51502eb841f06100ecbd2779fc9a6a8689b96d00c4187718f1394e5f71b1bae2a1ff1b230e7ae4566ecce50d7432c329ef209ec22a817f3d7e92155042a064cf1caf892dcf69fc41e876ba08c76d2ec074e8255d560651abe22002a8b8a076c377a3e1486c3a906bac1d49b0d57631de92cc6ecd198a130bca2bfdc14e2bb216141552d4b4b6cb329c3582c49bb251a6c6f1307312b2c9b94040a7d3f6", 0xa5, 0x10, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10) r2 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x100000000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x2}) write$binfmt_elf64(r0, &(0x7f0000000780)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x7f, 0x80000000, 0x0, 0x0, 0x2, 0x3, 0x7294dade, 0x117, 0x40, 0x395, 0x6, 0x20, 0x38, 0x2, 0x30c9ed6d, 0x9, 0x23fdf94e}, [{0x0, 0x9, 0x3, 0x400, 0x8, 0xa, 0x10001, 0xffffffffffffffff}, {0x0, 0x4, 0x800, 0x0, 0xfffffffffffffffb, 0x400000000, 0x0, 0x7fff}], "7c0b9df3ab765878c26bbfc44c80669894411da2d08ccfa897d55c6d6899c52be1341af7c7ae872e54bbca16059f3af4e6e4edbd1138f11f8f75305d9667bce98527b982f1af9f361e89735a37ffa9ae7f9708749ec1af4dbee4565986c6cd73d874d3199bffe34491"}, 0x119) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x9, 0xffffffffffffffff, 0x3ff, 0x0, 0x8, 0x2000, 0xe, 0xcfe, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x648f, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x7, 0x200, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x0, @perf_bp={0x0, 0x8}, 0x100, 0x8, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) r3 = add_key$keyring(&(0x7f0000000700)='keyring\x00', &(0x7f0000000740)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="a19e30ae678aabadc7cf8282217964d1358c2591870c0a53449e2a22baa8558bd56e17e66de9957749dc3b997e31bb342e1db72a9f59d9809a245d2e5f5faa87c6df7360", 0x44}], 0x1, r3) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') 06:17:14 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:14 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfffffe00, r0, 0x0}]) [ 2318.966590] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2318.975655] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2318.987544] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2319.019830] CPU: 0 PID: 25446 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2319.027232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2319.036593] Call Trace: [ 2319.039217] dump_stack+0x244/0x39d [ 2319.042884] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2319.048106] ? __video_do_ioctl+0x8b1/0x1050 [ 2319.052526] ? video_usercopy+0x5c1/0x1760 [ 2319.056791] ? video_ioctl2+0x2c/0x33 [ 2319.060611] ? do_vfs_ioctl+0x1de/0x1790 [ 2319.064696] warn_alloc.cold.116+0xb7/0x1bd [ 2319.069057] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2319.073954] ? zap_class+0x640/0x640 [ 2319.078170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2319.083729] ? check_preemption_disabled+0x48/0x280 [ 2319.088789] __vmalloc_node_range+0x472/0x750 [ 2319.093307] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2319.098338] ? vb2_vmalloc_alloc+0x123/0x380 [ 2319.102791] vmalloc_user+0x75/0x170 [ 2319.106558] ? vb2_vmalloc_alloc+0x123/0x380 [ 2319.110988] vb2_vmalloc_alloc+0x123/0x380 [ 2319.115252] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2319.120370] ? debug_mutex_wake_waiter+0x630/0x630 [ 2319.125309] ? mutex_destroy+0x200/0x200 [ 2319.129389] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2319.133726] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2319.138849] __vb2_queue_alloc+0x5e1/0xfa0 [ 2319.143126] ? vimc_cap_get_format+0x120/0x120 [ 2319.147722] vb2_core_create_bufs+0x401/0x8c0 [ 2319.152238] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2319.156666] ? debug_smp_processor_id+0x1c/0x20 [ 2319.161348] ? perf_trace_lock+0x14d/0x7a0 [ 2319.165596] ? __save_stack_trace+0x8d/0xf0 [ 2319.169958] vb2_create_bufs+0x4b6/0x8f0 [ 2319.174027] ? v4l2_ioctl+0x154/0x1b0 [ 2319.177858] ? vb2_request_queue+0x120/0x120 [ 2319.182292] ? find_held_lock+0x36/0x1c0 [ 2319.186367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2319.191926] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2319.196536] v4l_create_bufs+0x152/0x230 [ 2319.200622] __video_do_ioctl+0x8b1/0x1050 [ 2319.204879] ? v4l_s_fmt+0x990/0x990 [ 2319.208763] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2319.214319] video_usercopy+0x5c1/0x1760 [ 2319.218393] ? v4l_s_fmt+0x990/0x990 [ 2319.222140] ? v4l_enumstd+0x70/0x70 [ 2319.225873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2319.231441] ? find_held_lock+0x36/0x1c0 [ 2319.235536] ? __fget+0x4aa/0x740 [ 2319.239015] ? lock_downgrade+0x900/0x900 [ 2319.243177] ? check_preemption_disabled+0x48/0x280 [ 2319.248210] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2319.253151] ? kasan_check_read+0x11/0x20 [ 2319.257314] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2319.262611] ? rcu_softirq_qs+0x20/0x20 [ 2319.266625] ? __fget+0x4d1/0x740 [ 2319.270104] ? ksys_dup3+0x680/0x680 [ 2319.273849] ? __might_fault+0x12b/0x1e0 [ 2319.277931] ? video_usercopy+0x1760/0x1760 [ 2319.282263] video_ioctl2+0x2c/0x33 [ 2319.285904] v4l2_ioctl+0x154/0x1b0 [ 2319.289561] ? video_devdata+0xa0/0xa0 [ 2319.293463] do_vfs_ioctl+0x1de/0x1790 [ 2319.297389] ? ioctl_preallocate+0x300/0x300 [ 2319.301811] ? __fget_light+0x2e9/0x430 [ 2319.305800] ? fget_raw+0x20/0x20 [ 2319.309264] ? _copy_to_user+0xc8/0x110 [ 2319.313279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2319.318832] ? put_timespec64+0x10f/0x1b0 [ 2319.322995] ? nsecs_to_jiffies+0x30/0x30 [ 2319.327158] ? do_syscall_64+0x9a/0x820 [ 2319.331144] ? do_syscall_64+0x9a/0x820 [ 2319.335131] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2319.339733] ? security_file_ioctl+0x94/0xc0 [ 2319.344162] ksys_ioctl+0xa9/0xd0 [ 2319.347636] __x64_sys_ioctl+0x73/0xb0 [ 2319.351548] do_syscall_64+0x1b9/0x820 [ 2319.355460] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2319.360851] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2319.360869] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2319.360891] ? trace_hardirqs_on_caller+0x310/0x310 [ 2319.360910] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2319.360933] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2319.370766] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2319.370792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2319.370807] RIP: 0033:0x457669 [ 2319.370829] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2319.418149] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2319.425872] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2319.433152] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000004 [ 2319.440435] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2319.447708] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2319.454965] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2319.462708] Mem-Info: [ 2319.465190] active_anon:123992 inactive_anon:4311 isolated_anon:0 [ 2319.465190] active_file:886 inactive_file:3037 isolated_file:0 [ 2319.465190] unevictable:1 dirty:88 writeback:0 unstable:0 [ 2319.465190] slab_reclaimable:12355 slab_unreclaimable:120104 [ 2319.465190] mapped:51833 shmem:4487 pagetables:2057 bounce:0 [ 2319.465190] free:1260778 free_pcp:1021 free_cma:0 [ 2319.499232] Node 0 active_anon:495968kB inactive_anon:17244kB active_file:3544kB inactive_file:12148kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:207332kB dirty:352kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 135168kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2319.527784] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2319.527826] lowmem_reserve[]: 0 2818 6321 6321 [ 2319.527848] Node 0 DMA32 free:2881440kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1396kB local_pcp:1396kB free_cma:0kB [ 2319.527887] lowmem_reserve[]: 0 0 3503 3503 [ 2319.527908] Node 0 Normal free:2157516kB min:37364kB low:46704kB high:56044kB active_anon:495932kB inactive_anon:17244kB active_file:3544kB inactive_file:12144kB unevictable:4kB writepending:352kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8832kB pagetables:8228kB bounce:0kB free_pcp:2688kB local_pcp:1268kB free_cma:0kB [ 2319.527947] lowmem_reserve[]: 0 0 0 0 [ 2319.527968] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2319.558940] Node 0 DMA32: 20*4kB (UM) 56*8kB (UM) 57*16kB (UME) 56*32kB (UME) 56*64kB (UME) 62*128kB (UME) 44*256kB (UME) 35*512kB (UME) 27*1024kB (UME) 20*2048kB (UME) 676*4096kB (UM) = 2881440kB [ 2319.591338] Node 0 Normal: 11404*4kB (UE) 8027*8kB (UME) 3446*16kB (UME) 1674*32kB (UM) 840*64kB (UME) 459*128kB (UME) 175*256kB (UM) 98*512kB (UM) 69*1024kB (U) 41*2048kB (UM) 385*4096kB (UM) = 2157608kB [ 2319.639346] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2319.675492] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2319.693217] 8398 total pagecache pages [ 2319.693235] 0 pages in swap cache [ 2319.693246] Swap cache stats: add 0, delete 0, find 0/0 [ 2319.693252] Free swap = 0kB [ 2319.693259] Total swap = 0kB [ 2319.693268] 1965979 pages RAM [ 2319.693274] 0 pages HighMem/MovableOnly [ 2319.693281] 342853 pages reserved [ 2319.693286] 0 pages cma reserved 06:17:14 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\rZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:14 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:14 executing program 0: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000001c0)="9aee846cbcd9dd9d51502eb841f06100ecbd2779fc9a6a8689b96d00c4187718f1394e5f71b1bae2a1ff1b230e7ae4566ecce50d7432c329ef209ec22a817f3d7e92155042a064cf1caf892dcf69fc41e876ba08c76d2ec074e8255d560651abe22002a8b8a076c377a3e1486c3a906bac1d49b0d57631de92cc6ecd198a130bca2bfdc14e2bb216141552d4b4b6cb329c3582c49bb251a6c6f1307312b2c9b94040a7d3f6", 0xa5, 0x10, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10) r2 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x100000000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x2}) write$binfmt_elf64(r0, &(0x7f0000000780)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x7f, 0x80000000, 0x0, 0x0, 0x2, 0x3, 0x7294dade, 0x117, 0x40, 0x395, 0x6, 0x20, 0x38, 0x2, 0x30c9ed6d, 0x9, 0x23fdf94e}, [{0x0, 0x9, 0x3, 0x400, 0x8, 0xa, 0x10001, 0xffffffffffffffff}, {0x0, 0x4, 0x800, 0x0, 0xfffffffffffffffb, 0x400000000, 0x0, 0x7fff}], "7c0b9df3ab765878c26bbfc44c80669894411da2d08ccfa897d55c6d6899c52be1341af7c7ae872e54bbca16059f3af4e6e4edbd1138f11f8f75305d9667bce98527b982f1af9f361e89735a37ffa9ae7f9708749ec1af4dbee4565986c6cd73d874d3199bffe34491"}, 0x119) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x9, 0xffffffffffffffff, 0x3ff, 0x0, 0x8, 0x2000, 0xe, 0xcfe, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x648f, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x7, 0x200, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x0, @perf_bp={0x0, 0x8}, 0x100, 0x8, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) r3 = add_key$keyring(&(0x7f0000000700)='keyring\x00', &(0x7f0000000740)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="a19e30ae678aabadc7cf8282217964d1358c2591870c0a53449e2a22baa8558bd56e17e66de9957749dc3b997e31bb342e1db72a9f59d9809a245d2e5f5faa87c6df7360", 0x44}], 0x1, r3) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') 06:17:14 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff04000000]}}}) 06:17:14 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x5000000, 0xffffffffffffffff]}}}) 06:17:14 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfdfc, r0, 0x0}]) [ 2319.831705] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2319.848952] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2319.854496] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2319.863706] CPU: 0 PID: 25476 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2319.871089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2319.880563] Call Trace: [ 2319.880595] dump_stack+0x244/0x39d [ 2319.880624] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2319.892015] ? __video_do_ioctl+0x8b1/0x1050 [ 2319.896440] ? video_usercopy+0x5c1/0x1760 [ 2319.900693] ? video_ioctl2+0x2c/0x33 [ 2319.904512] ? do_vfs_ioctl+0x1de/0x1790 [ 2319.908622] warn_alloc.cold.116+0xb7/0x1bd [ 2319.912954] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2319.912978] ? zap_class+0x640/0x640 [ 2319.913004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2319.913052] ? check_preemption_disabled+0x48/0x280 06:17:15 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00\x00\x00\x00\x00\xdb\x88yt\xa9\xd4\xb8\x04\x9e f\x06\xa8\b\xfc\xfe=\xd3\x12\x91\xf7\x86\xce\xe9*.\xd9\xcc\x0e\xeb\x0fn\x1b!p\x05W\xd7\xd3!\xc6\x16\xf2\xa6\x9f\x97^]X\ah1\x03\xcfHQo\xd9`c`1\x93\xe1\xcc1\t\xac\x8e\xeb4\x89\xd6\xa5\xd8n\xeao\xc6j\xdcl\x927\x8dI', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000003c0)='./file0\x00', r1, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2) [ 2319.913089] __vmalloc_node_range+0x472/0x750 [ 2319.927177] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2319.927199] ? vb2_vmalloc_alloc+0x123/0x380 [ 2319.927218] vmalloc_user+0x75/0x170 [ 2319.927241] ? vb2_vmalloc_alloc+0x123/0x380 [ 2319.954279] vb2_vmalloc_alloc+0x123/0x380 [ 2319.958566] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2319.958591] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2319.958610] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2319.958629] __vb2_queue_alloc+0x5e1/0xfa0 [ 2319.958668] ? vimc_cap_get_format+0x120/0x120 06:17:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000014000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000000)="360fae08670f01d1b8c80e8ee0f2a566b9af0300000f320fc75ac70f019af5ffba210066ed0fc79e9c5ebaa000b80118ef", 0x31}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2319.977422] vb2_core_create_bufs+0x401/0x8c0 [ 2319.977450] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2319.990966] ? debug_smp_processor_id+0x1c/0x20 [ 2319.995668] ? perf_trace_lock+0x14d/0x7a0 [ 2319.995688] ? __save_stack_trace+0x8d/0xf0 [ 2319.995735] vb2_create_bufs+0x4b6/0x8f0 [ 2319.995750] ? v4l2_ioctl+0x154/0x1b0 [ 2319.995773] ? vb2_request_queue+0x120/0x120 [ 2320.004316] ? find_held_lock+0x36/0x1c0 [ 2320.012178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2320.012204] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2320.012230] v4l_create_bufs+0x152/0x230 [ 2320.012253] __video_do_ioctl+0x8b1/0x1050 [ 2320.012280] ? v4l_s_fmt+0x990/0x990 [ 2320.012304] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2320.034933] video_usercopy+0x5c1/0x1760 [ 2320.034953] ? v4l_s_fmt+0x990/0x990 [ 2320.034979] ? v4l_enumstd+0x70/0x70 [ 2320.035000] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2320.048541] ? find_held_lock+0x36/0x1c0 [ 2320.048577] ? __fget+0x4aa/0x740 [ 2320.048596] ? lock_downgrade+0x900/0x900 [ 2320.048631] ? check_preemption_disabled+0x48/0x280 [ 2320.056526] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2320.056562] ? kasan_check_read+0x11/0x20 [ 2320.056579] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2320.056596] ? rcu_softirq_qs+0x20/0x20 [ 2320.056624] ? __fget+0x4d1/0x740 [ 2320.065867] ? ksys_dup3+0x680/0x680 [ 2320.065888] ? __might_fault+0x12b/0x1e0 [ 2320.065909] ? video_usercopy+0x1760/0x1760 [ 2320.065925] video_ioctl2+0x2c/0x33 [ 2320.065944] v4l2_ioctl+0x154/0x1b0 [ 2320.065960] ? video_devdata+0xa0/0xa0 [ 2320.065980] do_vfs_ioctl+0x1de/0x1790 [ 2320.073504] ? ioctl_preallocate+0x300/0x300 [ 2320.073521] ? __fget_light+0x2e9/0x430 [ 2320.073567] ? fget_raw+0x20/0x20 [ 2320.073584] ? _copy_to_user+0xc8/0x110 [ 2320.073606] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2320.073626] ? put_timespec64+0x10f/0x1b0 [ 2320.157129] ? nsecs_to_jiffies+0x30/0x30 [ 2320.161303] ? do_syscall_64+0x9a/0x820 [ 2320.165344] ? do_syscall_64+0x9a/0x820 [ 2320.165366] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2320.165389] ? security_file_ioctl+0x94/0xc0 [ 2320.165412] ksys_ioctl+0xa9/0xd0 06:17:15 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2320.165432] __x64_sys_ioctl+0x73/0xb0 [ 2320.173990] do_syscall_64+0x1b9/0x820 [ 2320.174024] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2320.174044] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2320.174074] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2320.174096] ? trace_hardirqs_on_caller+0x310/0x310 [ 2320.174115] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2320.174134] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2320.174157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2320.225321] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2320.230572] RIP: 0033:0x457669 [ 2320.233794] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2320.237171] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2320.252700] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2320.252717] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2320.252728] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2320.252738] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2320.252748] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2320.252759] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:17:15 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:15 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xeffd, r0, 0x0}]) 06:17:15 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4004}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) clone(0x4000020002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) stat(&(0x7f0000000180)='./file0\x00', 0x0) [ 2320.398792] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:16 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x05Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:16 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:16 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x300000000000000, r0, 0x0}]) [ 2320.934029] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:18 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x500000000000000, r0, 0x0}]) 06:17:18 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0a000000]}}}) 06:17:18 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:18 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="24000000070607031dfffd946fa2830020200a0009000100061d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 06:17:18 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x06Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:18 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x20000, 0xffffffffffffffff]}}}) [ 2323.897658] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2323.898727] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2323.913528] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2323.942457] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2323.951120] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2323.958625] CPU: 1 PID: 25535 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2323.966011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2323.975403] Call Trace: [ 2323.975434] dump_stack+0x244/0x39d [ 2323.975462] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2323.986879] ? __video_do_ioctl+0x8b1/0x1050 [ 2323.991296] ? video_usercopy+0x5c1/0x1760 06:17:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2323.991312] ? video_ioctl2+0x2c/0x33 [ 2323.991331] ? do_vfs_ioctl+0x1de/0x1790 [ 2323.991357] warn_alloc.cold.116+0xb7/0x1bd [ 2323.991378] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2324.012615] ? zap_class+0x640/0x640 [ 2324.016357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2324.021916] ? check_preemption_disabled+0x48/0x280 [ 2324.026976] __vmalloc_node_range+0x472/0x750 [ 2324.031511] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2324.036566] ? vb2_vmalloc_alloc+0x123/0x380 [ 2324.041009] vmalloc_user+0x75/0x170 06:17:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2324.044743] ? vb2_vmalloc_alloc+0x123/0x380 [ 2324.048369] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2324.049169] vb2_vmalloc_alloc+0x123/0x380 [ 2324.061565] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2324.066692] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2324.071033] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2324.076155] __vb2_queue_alloc+0x5e1/0xfa0 [ 2324.080431] ? vimc_cap_get_format+0x120/0x120 [ 2324.085031] vb2_core_create_bufs+0x401/0x8c0 [ 2324.089592] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2324.094027] ? debug_smp_processor_id+0x1c/0x20 06:17:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2324.098721] ? perf_trace_lock+0x14d/0x7a0 [ 2324.102976] ? __save_stack_trace+0x8d/0xf0 [ 2324.104584] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2324.107345] vb2_create_bufs+0x4b6/0x8f0 [ 2324.107362] ? v4l2_ioctl+0x154/0x1b0 [ 2324.107388] ? vb2_request_queue+0x120/0x120 [ 2324.107413] ? find_held_lock+0x36/0x1c0 [ 2324.131912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2324.137472] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2324.142098] v4l_create_bufs+0x152/0x230 06:17:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2324.146199] __video_do_ioctl+0x8b1/0x1050 [ 2324.150474] ? v4l_s_fmt+0x990/0x990 [ 2324.154267] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2324.159846] video_usercopy+0x5c1/0x1760 [ 2324.160857] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2324.163957] ? v4l_s_fmt+0x990/0x990 [ 2324.163998] ? v4l_enumstd+0x70/0x70 [ 2324.164019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2324.164044] ? find_held_lock+0x36/0x1c0 [ 2324.164078] ? __fget+0x4aa/0x740 [ 2324.164098] ? lock_downgrade+0x900/0x900 [ 2324.196817] ? check_preemption_disabled+0x48/0x280 [ 2324.201855] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2324.207311] ? kasan_check_read+0x11/0x20 [ 2324.211475] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2324.214787] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2324.216770] ? rcu_softirq_qs+0x20/0x20 [ 2324.216803] ? __fget+0x4d1/0x740 [ 2324.216829] ? ksys_dup3+0x680/0x680 [ 2324.216849] ? __might_fault+0x12b/0x1e0 [ 2324.216870] ? video_usercopy+0x1760/0x1760 [ 2324.244487] video_ioctl2+0x2c/0x33 06:17:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2324.248141] v4l2_ioctl+0x154/0x1b0 [ 2324.251818] ? video_devdata+0xa0/0xa0 [ 2324.255724] do_vfs_ioctl+0x1de/0x1790 [ 2324.259654] ? ioctl_preallocate+0x300/0x300 [ 2324.264083] ? __fget_light+0x2e9/0x430 [ 2324.267342] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2324.268095] ? fget_raw+0x20/0x20 [ 2324.279691] ? _copy_to_user+0xc8/0x110 [ 2324.283698] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2324.289250] ? put_timespec64+0x10f/0x1b0 [ 2324.293411] ? nsecs_to_jiffies+0x30/0x30 06:17:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2324.297584] ? do_syscall_64+0x9a/0x820 [ 2324.301611] ? do_syscall_64+0x9a/0x820 [ 2324.305610] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2324.310217] ? security_file_ioctl+0x94/0xc0 [ 2324.314644] ksys_ioctl+0xa9/0xd0 [ 2324.317475] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2324.318122] __x64_sys_ioctl+0x73/0xb0 [ 2324.318143] do_syscall_64+0x1b9/0x820 [ 2324.318161] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2324.318182] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2324.318198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2324.318221] ? trace_hardirqs_on_caller+0x310/0x310 [ 2324.354264] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2324.359291] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2324.364319] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2324.369167] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2324.374354] RIP: 0033:0x457669 [ 2324.377580] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2324.396483] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2324.404176] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2324.411451] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2324.418780] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2324.426067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2324.433330] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2324.446097] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2324.454140] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2324.463083] warn_alloc_show_mem: 1 callbacks suppressed [ 2324.463089] Mem-Info: [ 2324.471071] active_anon:124548 inactive_anon:4311 isolated_anon:0 [ 2324.471071] active_file:988 inactive_file:2985 isolated_file:0 [ 2324.471071] unevictable:1 dirty:124 writeback:0 unstable:0 [ 2324.471071] slab_reclaimable:12378 slab_unreclaimable:119968 [ 2324.471071] mapped:51887 shmem:4487 pagetables:2119 bounce:0 [ 2324.471071] free:1260451 free_pcp:779 free_cma:0 [ 2324.506500] Node 0 active_anon:498096kB inactive_anon:17240kB active_file:3960kB inactive_file:11944kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:207520kB dirty:508kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 141312kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 06:17:19 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x7000000, r0, 0x0}]) [ 2324.535308] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2324.578374] lowmem_reserve[]: 0 2818 6321 6321 [ 2324.597422] Node 0 DMA32 free:2881440kB min:30052kB low:37564kB high:45076kB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1404kB local_pcp:0kB free_cma:0kB [ 2324.634783] lowmem_reserve[]: 0 0 3503 3503 [ 2324.639282] Node 0 Normal free:2145896kB min:37364kB low:46704kB high:56044kB active_anon:493796kB inactive_anon:17236kB active_file:3968kB inactive_file:11952kB unevictable:4kB writepending:532kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8896kB pagetables:8288kB bounce:0kB free_pcp:2108kB local_pcp:1112kB free_cma:0kB [ 2324.670198] lowmem_reserve[]: 0 0 0 0 [ 2324.676831] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2324.690824] Node 0 DMA32: 20*4kB (UM) 56*8kB (UM) 57*16kB (UME) 56*32kB (UME) 56*64kB (UME) 62*128kB (UME) 44*256kB (UME) 35*512kB (UME) 27*1024kB (UME) 20*2048kB (UME) 676*4096kB (UM) = 2881440kB [ 2324.717942] Node 0 Normal: 11824*4kB (UME) 8051*8kB (UME) 2958*16kB (UME) 2288*32kB (UM) 1109*64kB (UME) 715*128kB (UME) 274*256kB (UM) 105*512kB (UM) 41*1024kB (U) 34*2048kB (UM) 370*4096kB (UM) = 2145784kB [ 2324.775216] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2324.791977] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2324.807460] 8507 total pagecache pages [ 2324.824247] 0 pages in swap cache [ 2324.835790] Swap cache stats: add 0, delete 0, find 0/0 [ 2324.849292] Free swap = 0kB [ 2324.856261] Total swap = 0kB [ 2324.859518] 1965979 pages RAM [ 2324.863197] 0 pages HighMem/MovableOnly [ 2324.867319] 342853 pages reserved [ 2324.870894] 0 pages cma reserved [ 2328.977658] oom_reaper: reaped process 25539 (syz-executor4), now anon-rss:0kB, file-rss:32008kB, shmem-rss:0kB [ 2329.006903] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2329.018418] rsyslogd cpuset=/ mems_allowed=0 [ 2329.022901] CPU: 1 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2329.029749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2329.039105] Call Trace: [ 2329.041716] dump_stack+0x244/0x39d [ 2329.045360] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2329.050574] ? mark_held_locks+0x130/0x130 [ 2329.054807] ? mark_held_locks+0x130/0x130 [ 2329.059028] dump_header+0x27b/0xf72 [ 2329.062105] syz-executor4: vmalloc: allocation failure, allocated 95027200 of 167776256 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2329.062763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2329.076686] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2329.082173] ? check_preemption_disabled+0x48/0x280 [ 2329.082193] ? pagefault_out_of_memory+0x197/0x197 [ 2329.082210] ? debug_smp_processor_id+0x1c/0x20 [ 2329.082229] ? perf_trace_lock+0x14d/0x7a0 [ 2329.106171] ? lock_is_held_type+0x210/0x210 [ 2329.110608] ? debug_smp_processor_id+0x1c/0x20 [ 2329.115296] ? perf_trace_lock+0x14d/0x7a0 [ 2329.119545] ? zap_class+0x640/0x640 [ 2329.123283] ? print_usage_bug+0xc0/0xc0 [ 2329.127382] ? lock_is_held_type+0x210/0x210 [ 2329.131811] ? perf_trace_lock+0x14d/0x7a0 [ 2329.136057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2329.141615] ? find_held_lock+0x36/0x1c0 [ 2329.145698] ? mark_held_locks+0xc7/0x130 [ 2329.149866] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2329.155499] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2329.160620] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2329.165213] ? trace_hardirqs_on+0xbd/0x310 [ 2329.169550] ? kasan_check_read+0x11/0x20 [ 2329.173709] ? ___ratelimit+0x3b4/0x672 [ 2329.177690] ? trace_hardirqs_off_caller+0x310/0x310 [ 2329.182801] ? trace_hardirqs_on+0x310/0x310 [ 2329.187231] ? lock_downgrade+0x900/0x900 [ 2329.191401] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2329.196511] ? ___ratelimit+0x3b9/0x672 [ 2329.200518] ? idr_get_free+0xf70/0xf70 [ 2329.204557] ? lock_is_held_type+0x210/0x210 [ 2329.209477] oom_kill_process.cold.27+0x10/0x903 [ 2329.214247] ? zap_class+0x640/0x640 [ 2329.218055] ? check_preemption_disabled+0x48/0x280 [ 2329.223092] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2329.228025] ? kasan_check_read+0x11/0x20 [ 2329.232184] ? oom_evaluate_task+0x540/0x540 [ 2329.236601] ? find_held_lock+0x36/0x1c0 [ 2329.240678] ? out_of_memory+0x974/0x1430 [ 2329.244835] ? lock_downgrade+0x900/0x900 [ 2329.249007] ? check_preemption_disabled+0x48/0x280 [ 2329.254070] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2329.259016] ? kasan_check_read+0x11/0x20 [ 2329.263173] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2329.268452] ? rcu_softirq_qs+0x20/0x20 [ 2329.272441] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2329.277984] ? oom_evaluate_task+0x302/0x540 [ 2329.282405] out_of_memory+0xa84/0x1430 [ 2329.286394] ? oom_killer_disable+0x3a0/0x3a0 [ 2329.290898] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2329.295841] ? __ww_mutex_check_waiters+0x160/0x160 [ 2329.300878] __alloc_pages_slowpath+0x232c/0x2de0 [ 2329.305792] ? warn_alloc+0x120/0x120 [ 2329.309632] ? mark_held_locks+0x130/0x130 [ 2329.313884] ? find_get_entry+0xaae/0x1120 [ 2329.318129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2329.323676] ? check_preemption_disabled+0x48/0x280 [ 2329.328700] ? filemap_map_pages+0x1a20/0x1a20 [ 2329.333318] ? debug_smp_processor_id+0x1c/0x20 [ 2329.337996] ? perf_trace_lock+0x14d/0x7a0 [ 2329.342252] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2329.347798] ? should_fail+0x22d/0xd01 [ 2329.351697] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2329.356807] ? zap_class+0x640/0x640 [ 2329.360565] ? __lock_is_held+0xb5/0x140 [ 2329.364648] ? mark_held_locks+0x130/0x130 [ 2329.368891] ? lock_release+0xa00/0xa00 [ 2329.372877] ? perf_trace_sched_process_exec+0x860/0x860 [ 2329.378359] ? xa_load+0x2ba/0x460 [ 2329.381924] ? lock_downgrade+0x900/0x900 [ 2329.386093] ? __might_sleep+0x95/0x190 [ 2329.390091] __alloc_pages_nodemask+0xad8/0xea0 [ 2329.394780] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2329.399855] ? __page_cache_alloc+0x191/0x5c0 [ 2329.404385] ? xa_load+0x2e1/0x460 [ 2329.407933] ? xa_clear_mark+0x40/0x40 [ 2329.411834] ? zap_class+0x640/0x640 [ 2329.415580] ? zap_class+0x640/0x640 [ 2329.419328] ? zap_class+0x640/0x640 [ 2329.423049] ? __do_page_cache_readahead+0x663/0x810 [ 2329.428166] ? find_held_lock+0x36/0x1c0 [ 2329.432241] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2329.437791] alloc_pages_current+0x173/0x350 [ 2329.442211] __page_cache_alloc+0x38c/0x5c0 [ 2329.446543] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2329.451480] ? kasan_check_read+0x11/0x20 [ 2329.455636] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2329.460918] ? generic_perform_write+0x6a0/0x6a0 [ 2329.465682] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2329.471239] ? check_preemption_disabled+0x48/0x280 [ 2329.476266] filemap_fault+0x1595/0x25f0 [ 2329.480359] ? __lock_page_or_retry+0xa00/0xa00 [ 2329.485036] ? mark_held_locks+0x130/0x130 [ 2329.489324] ? filemap_map_pages+0xd6b/0x1a20 [ 2329.493840] ? lock_downgrade+0x900/0x900 [ 2329.497995] ? check_preemption_disabled+0x48/0x280 [ 2329.503038] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2329.508005] ? kasan_check_read+0x11/0x20 [ 2329.512157] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2329.517440] ? rcu_softirq_qs+0x20/0x20 [ 2329.521437] ? filemap_map_pages+0xd92/0x1a20 [ 2329.525958] ? find_get_entries_tag+0x1400/0x1400 [ 2329.530821] ? __kernel_text_address+0xd/0x40 [ 2329.535328] ? unwind_get_return_address+0x61/0xa0 [ 2329.540286] ? lock_acquire+0x1ed/0x520 [ 2329.544270] ? ext4_filemap_fault+0x7a/0xad [ 2329.548607] ? lock_release+0xa00/0xa00 [ 2329.552589] ? perf_trace_sched_process_exec+0x860/0x860 [ 2329.558043] ? print_usage_bug+0xc0/0xc0 [ 2329.562117] ? print_usage_bug+0xc0/0xc0 [ 2329.566183] ? __x64_sys_read+0x73/0xb0 [ 2329.570164] ? print_usage_bug+0xc0/0xc0 [ 2329.574247] ? down_read+0x8d/0x120 [ 2329.577883] ? ext4_filemap_fault+0x7a/0xad [ 2329.582213] ? __down_interruptible+0x700/0x700 [ 2329.586900] ext4_filemap_fault+0x82/0xad [ 2329.591071] __do_fault+0x100/0x6b0 [ 2329.594713] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2329.599825] ? mark_held_locks+0x130/0x130 [ 2329.604104] ? mark_held_locks+0x130/0x130 [ 2329.608358] ? lock_is_held_type+0x210/0x210 [ 2329.612776] ? do_syslog+0x147b/0x1690 [ 2329.616675] ? do_syslog+0x309/0x1690 [ 2329.620481] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2329.626033] __handle_mm_fault+0x3ea6/0x5be0 [ 2329.630467] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2329.635319] ? lock_is_held_type+0x210/0x210 [ 2329.639734] ? find_held_lock+0x36/0x1c0 [ 2329.643827] ? zap_class+0x640/0x640 [ 2329.647553] ? zap_class+0x640/0x640 [ 2329.651286] ? find_held_lock+0x36/0x1c0 [ 2329.655380] ? handle_mm_fault+0x42a/0xc70 [ 2329.659623] ? lock_downgrade+0x900/0x900 [ 2329.663779] ? check_preemption_disabled+0x48/0x280 [ 2329.668805] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2329.673741] ? kasan_check_read+0x11/0x20 [ 2329.677898] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2329.683179] ? rcu_softirq_qs+0x20/0x20 [ 2329.687304] ? trace_hardirqs_off_caller+0x310/0x310 [ 2329.692417] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2329.697959] ? check_preemption_disabled+0x48/0x280 [ 2329.702992] handle_mm_fault+0x54f/0xc70 [ 2329.707072] ? __handle_mm_fault+0x5be0/0x5be0 [ 2329.711669] ? find_vma+0x34/0x190 [ 2329.715223] __do_page_fault+0x5e8/0xe60 [ 2329.719288] ? trace_hardirqs_off+0xb8/0x310 [ 2329.723702] ? kernel_write+0x120/0x120 [ 2329.727692] do_page_fault+0xf2/0x7e0 [ 2329.731500] ? vmalloc_sync_all+0x30/0x30 [ 2329.735662] ? error_entry+0x70/0xd0 [ 2329.739389] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2329.744414] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2329.749355] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2329.754290] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2329.759140] ? trace_hardirqs_on_caller+0x310/0x310 [ 2329.764160] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2329.769623] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2329.774645] ? page_fault+0x8/0x30 [ 2329.778204] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2329.783064] ? page_fault+0x8/0x30 [ 2329.786613] page_fault+0x1e/0x30 [ 2329.790074] RIP: 0033:0x7f5b991d81fd [ 2329.793808] Code: Bad RIP value. [ 2329.797174] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2329.802547] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2329.809819] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2329.817111] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2329.824384] R10: 6b205d3231353735 R11: 0000000000000293 R12: 000000000065e420 [ 2329.831661] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2329.838963] CPU: 0 PID: 25539 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2329.846362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2329.855717] Call Trace: [ 2329.858322] dump_stack+0x244/0x39d [ 2329.861923] Mem-Info: [ 2329.861976] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2329.864406] active_anon:122303 inactive_anon:4311 isolated_anon:0 [ 2329.864406] active_file:16 inactive_file:15 isolated_file:0 [ 2329.864406] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2329.864406] slab_reclaimable:12351 slab_unreclaimable:117174 [ 2329.864406] mapped:49168 shmem:4487 pagetables:1977 bounce:0 [ 2329.864406] free:15825 free_pcp:151 free_cma:0 [ 2329.869631] warn_alloc.cold.116+0xb7/0x1bd [ 2329.907157] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2329.907460] Node 0 active_anon:489212kB inactive_anon:17244kB active_file:64kB inactive_file:60kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 135168kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2329.912012] ? __lock_is_held+0xb5/0x140 [ 2329.912087] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2329.939951] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2329.943998] __vmalloc_node_range+0x522/0x750 [ 2329.944027] ? vb2_vmalloc_alloc+0x123/0x380 [ 2329.949572] lowmem_reserve[]: 0 2818 6321 6321 [ 2329.975685] vmalloc_user+0x75/0x170 [ 2329.975702] ? vb2_vmalloc_alloc+0x123/0x380 [ 2329.975720] vb2_vmalloc_alloc+0x123/0x380 [ 2329.980209] Node 0 DMA32 free:28852kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:12kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2329.984617] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2329.984641] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2329.984659] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2329.989220] lowmem_reserve[]: 0 0 3503 3503 [ 2329.992930] __vb2_queue_alloc+0x5e1/0xfa0 [ 2329.992971] ? vimc_cap_get_format+0x120/0x120 [ 2329.997352] Node 0 Normal free:18540kB min:37364kB low:46704kB high:56044kB active_anon:489176kB inactive_anon:17244kB active_file:52kB inactive_file:48kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8704kB pagetables:7908kB bounce:0kB free_pcp:356kB local_pcp:108kB free_cma:0kB [ 2330.001589] vb2_core_create_bufs+0x401/0x8c0 [ 2330.029188] lowmem_reserve[]: 0 0 0 0 [ 2330.034268] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2330.034290] ? debug_smp_processor_id+0x1c/0x20 [ 2330.034328] ? perf_trace_lock+0x14d/0x7a0 [ 2330.038653] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2330.043754] ? __save_stack_trace+0x8d/0xf0 [ 2330.043804] vb2_create_bufs+0x4b6/0x8f0 [ 2330.048108] Node 0 DMA32: 3*4kB (UM) 1*8kB (M) 6*16kB (UME) 6*32kB (UME) 4*64kB (ME) 5*128kB (UME) 4*256kB (ME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28852kB [ 2330.052332] ? v4l2_ioctl+0x154/0x1b0 [ 2330.052358] ? vb2_request_queue+0x120/0x120 [ 2330.052381] ? find_held_lock+0x36/0x1c0 [ 2330.056943] Node 0 Normal: 313*4kB (ME) 939*8kB (UME) 575*16kB (UM) 18*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18540kB [ 2330.086002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2330.086027] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2330.086053] v4l_create_bufs+0x152/0x230 [ 2330.090553] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2330.094363] __video_do_ioctl+0x8b1/0x1050 [ 2330.094392] ? v4l_s_fmt+0x990/0x990 [ 2330.098789] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2330.103466] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2330.103495] video_usercopy+0x5c1/0x1760 [ 2330.107709] 4519 total pagecache pages [ 2330.121224] ? v4l_s_fmt+0x990/0x990 [ 2330.121250] ? v4l_enumstd+0x70/0x70 [ 2330.121270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2330.125610] 0 pages in swap cache [ 2330.129729] ? find_held_lock+0x36/0x1c0 [ 2330.145695] Swap cache stats: add 0, delete 0, find 0/0 [ 2330.149466] ? __fget+0x4aa/0x740 [ 2330.153879] Free swap = 0kB [ 2330.157917] ? lock_downgrade+0x900/0x900 [ 2330.171369] Total swap = 0kB [ 2330.176890] ? check_preemption_disabled+0x48/0x280 [ 2330.176912] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2330.181473] 1965979 pages RAM [ 2330.185527] ? kasan_check_read+0x11/0x20 [ 2330.185553] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2330.185575] ? rcu_softirq_qs+0x20/0x20 [ 2330.194417] 0 pages HighMem/MovableOnly [ 2330.198643] ? __fget+0x4d1/0x740 [ 2330.202351] 342853 pages reserved [ 2330.210903] ? ksys_dup3+0x680/0x680 [ 2330.216441] 0 pages cma reserved [ 2330.220475] ? __might_fault+0x12b/0x1e0 [ 2330.224372] Out of memory: Kill process 24142 (syz-executor2) score 1005 or sacrifice child [ 2330.228055] ? video_usercopy+0x1760/0x1760 [ 2330.231818] Killed process 24142 (syz-executor2) total-vm:70604kB, anon-rss:4264kB, file-rss:32768kB, shmem-rss:0kB [ 2330.237282] video_ioctl2+0x2c/0x33 [ 2330.237302] v4l2_ioctl+0x154/0x1b0 [ 2330.237319] ? video_devdata+0xa0/0xa0 [ 2330.242786] oom_reaper: reaped process 24142 (syz-executor2), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 2330.244820] do_vfs_ioctl+0x1de/0x1790 [ 2330.257517] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2330.260771] ? ioctl_preallocate+0x300/0x300 [ 2330.263800] rsyslogd cpuset=/ mems_allowed=0 [ 2330.268785] ? __fget_light+0x2e9/0x430 [ 2330.384674] ? fget_raw+0x20/0x20 [ 2330.388138] ? _copy_to_user+0xc8/0x110 [ 2330.392123] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2330.397672] ? put_timespec64+0x10f/0x1b0 [ 2330.401839] ? nsecs_to_jiffies+0x30/0x30 [ 2330.406002] ? do_syscall_64+0x9a/0x820 [ 2330.409982] ? do_syscall_64+0x9a/0x820 [ 2330.413989] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2330.418589] ? security_file_ioctl+0x94/0xc0 [ 2330.423016] ksys_ioctl+0xa9/0xd0 [ 2330.426486] __x64_sys_ioctl+0x73/0xb0 [ 2330.430388] do_syscall_64+0x1b9/0x820 [ 2330.434299] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2330.439675] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2330.444611] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2330.449462] ? trace_hardirqs_on_caller+0x310/0x310 [ 2330.454519] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2330.459584] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2330.464621] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2330.469477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2330.474704] RIP: 0033:0x457669 [ 2330.477914] Code: Bad RIP value. [ 2330.481294] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2330.489007] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2330.496275] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2330.503555] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2330.510837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2330.518110] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2330.525409] CPU: 1 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2330.532261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2330.540857] Mem-Info: [ 2330.541624] Call Trace: [ 2330.544204] active_anon:121255 inactive_anon:4311 isolated_anon:0 [ 2330.544204] active_file:16 inactive_file:15 isolated_file:0 [ 2330.544204] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2330.544204] slab_reclaimable:12351 slab_unreclaimable:117174 [ 2330.544204] mapped:49168 shmem:4487 pagetables:1977 bounce:0 [ 2330.544204] free:16849 free_pcp:214 free_cma:0 [ 2330.546662] dump_stack+0x244/0x39d [ 2330.580004] Node 0 active_anon:485020kB inactive_anon:17244kB active_file:64kB inactive_file:60kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 135168kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2330.583514] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2330.583546] ? mark_held_locks+0x130/0x130 [ 2330.583562] ? mark_held_locks+0x130/0x130 [ 2330.583584] dump_header+0x27b/0xf72 [ 2330.583607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2330.583626] ? check_preemption_disabled+0x48/0x280 [ 2330.583646] ? pagefault_out_of_memory+0x197/0x197 [ 2330.614304] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2330.616694] ? debug_smp_processor_id+0x1c/0x20 [ 2330.620909] lowmem_reserve[]: 0 2818 6321 6321 [ 2330.625138] ? perf_trace_lock+0x14d/0x7a0 [ 2330.625163] ? lock_is_held_type+0x210/0x210 [ 2330.625188] ? debug_smp_processor_id+0x1c/0x20 [ 2330.625206] ? perf_trace_lock+0x14d/0x7a0 [ 2330.628907] Node 0 DMA32 free:28852kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:12kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2330.634437] ? zap_class+0x640/0x640 [ 2330.634455] ? print_usage_bug+0xc0/0xc0 [ 2330.634472] ? lock_is_held_type+0x210/0x210 [ 2330.634486] ? perf_trace_lock+0x14d/0x7a0 [ 2330.634507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2330.639548] lowmem_reserve[]: 0 0 3503 3503 [ 2330.644431] ? find_held_lock+0x36/0x1c0 [ 2330.644457] ? mark_held_locks+0xc7/0x130 [ 2330.644478] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2330.670806] Node 0 Normal free:23916kB min:37364kB low:46704kB high:56044kB active_anon:484984kB inactive_anon:17244kB active_file:52kB inactive_file:48kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8672kB pagetables:7812kB bounce:0kB free_pcp:904kB local_pcp:668kB free_cma:0kB [ 2330.675259] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2330.675278] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2330.675298] ? trace_hardirqs_on+0xbd/0x310 [ 2330.675321] ? kasan_check_read+0x11/0x20 [ 2330.679881] lowmem_reserve[]: 0 0 0 0 [ 2330.684111] ? ___ratelimit+0x3b4/0x672 [ 2330.684128] ? trace_hardirqs_off_caller+0x310/0x310 [ 2330.684146] ? trace_hardirqs_on+0x310/0x310 [ 2330.684163] ? lock_downgrade+0x900/0x900 [ 2330.684183] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2330.688614] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2330.693241] ? ___ratelimit+0x3b9/0x672 [ 2330.693259] ? idr_get_free+0xf70/0xf70 [ 2330.693277] ? lock_is_held_type+0x210/0x210 [ 2330.693302] oom_kill_process.cold.27+0x10/0x903 [ 2330.697514] Node 0 DMA32: 3*4kB (UM) 1*8kB (M) 6*16kB (UME) 6*32kB (UME) 4*64kB (ME) 5*128kB (UME) 4*256kB (ME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28852kB [ 2330.725284] ? zap_class+0x640/0x640 [ 2330.725301] ? check_preemption_disabled+0x48/0x280 [ 2330.725320] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2330.725334] ? kasan_check_read+0x11/0x20 [ 2330.725351] ? oom_evaluate_task+0x540/0x540 [ 2330.729115] Node 0 Normal: 313*4kB (ME) 983*8kB (UME) 577*16kB (UM) 22*32kB (UM) 0*64kB 2*128kB (U) 2*256kB (U) 0*512kB 0*1024kB 2*2048kB (M) 0*4096kB = 23916kB [ 2330.733145] ? find_held_lock+0x36/0x1c0 [ 2330.733185] ? out_of_memory+0x974/0x1430 [ 2330.733203] ? lock_downgrade+0x900/0x900 [ 2330.737606] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2330.741835] ? check_preemption_disabled+0x48/0x280 [ 2330.747510] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2330.751728] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2330.755809] 4519 total pagecache pages [ 2330.759916] ? kasan_check_read+0x11/0x20 [ 2330.765099] 0 pages in swap cache [ 2330.794064] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2330.794081] ? rcu_softirq_qs+0x20/0x20 [ 2330.794102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2330.794115] ? oom_evaluate_task+0x302/0x540 [ 2330.794132] out_of_memory+0xa84/0x1430 [ 2330.794170] ? oom_killer_disable+0x3a0/0x3a0 [ 2330.799324] Swap cache stats: add 0, delete 0, find 0/0 [ 2330.803847] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2330.803869] ? __ww_mutex_check_waiters+0x160/0x160 [ 2330.803897] __alloc_pages_slowpath+0x232c/0x2de0 [ 2330.808202] Free swap = 0kB [ 2330.812370] ? warn_alloc+0x120/0x120 [ 2330.812385] ? mark_held_locks+0x130/0x130 [ 2330.812411] ? find_get_entry+0xaae/0x1120 [ 2330.816231] Total swap = 0kB [ 2330.820174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2330.825290] 1965979 pages RAM [ 2330.829661] ? check_preemption_disabled+0x48/0x280 [ 2330.833876] 0 pages HighMem/MovableOnly [ 2330.838889] ? filemap_map_pages+0x1a20/0x1a20 [ 2330.852476] 342853 pages reserved [ 2330.856356] ? debug_smp_processor_id+0x1c/0x20 [ 2330.860310] 0 pages cma reserved [ 2330.864710] ? perf_trace_lock+0x14d/0x7a0 [ 2330.864736] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2330.864753] ? should_fail+0x22d/0xd01 [ 2330.864774] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2331.091670] ? zap_class+0x640/0x640 [ 2331.095438] ? __lock_is_held+0xb5/0x140 [ 2331.099510] ? mark_held_locks+0x130/0x130 [ 2331.103762] ? lock_release+0xa00/0xa00 [ 2331.107740] ? perf_trace_sched_process_exec+0x860/0x860 [ 2331.113236] ? xa_load+0x2ba/0x460 [ 2331.116781] ? lock_downgrade+0x900/0x900 [ 2331.120936] ? __might_sleep+0x95/0x190 [ 2331.124923] __alloc_pages_nodemask+0xad8/0xea0 [ 2331.129607] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2331.134633] ? __page_cache_alloc+0x191/0x5c0 [ 2331.139129] ? xa_load+0x2e1/0x460 [ 2331.142674] ? xa_clear_mark+0x40/0x40 [ 2331.146571] ? zap_class+0x640/0x640 [ 2331.150299] ? zap_class+0x640/0x640 [ 2331.154037] ? zap_class+0x640/0x640 [ 2331.157759] ? __do_page_cache_readahead+0x663/0x810 [ 2331.162869] ? find_held_lock+0x36/0x1c0 [ 2331.166940] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2331.172515] alloc_pages_current+0x173/0x350 [ 2331.176974] __page_cache_alloc+0x38c/0x5c0 [ 2331.181311] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2331.186242] ? kasan_check_read+0x11/0x20 [ 2331.190394] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2331.195674] ? generic_perform_write+0x6a0/0x6a0 [ 2331.200452] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2331.205994] ? check_preemption_disabled+0x48/0x280 [ 2331.211471] filemap_fault+0x1595/0x25f0 [ 2331.215556] ? __lock_page_or_retry+0xa00/0xa00 [ 2331.220235] ? mark_held_locks+0x130/0x130 [ 2331.224483] ? filemap_map_pages+0xd6b/0x1a20 [ 2331.228977] ? lock_downgrade+0x900/0x900 [ 2331.233128] ? check_preemption_disabled+0x48/0x280 [ 2331.238147] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2331.243083] ? kasan_check_read+0x11/0x20 [ 2331.247236] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2331.252518] ? rcu_softirq_qs+0x20/0x20 [ 2331.256588] ? filemap_map_pages+0xd92/0x1a20 [ 2331.261103] ? find_get_entries_tag+0x1400/0x1400 [ 2331.265954] ? __kernel_text_address+0xd/0x40 [ 2331.270457] ? unwind_get_return_address+0x61/0xa0 [ 2331.275424] ? lock_acquire+0x1ed/0x520 [ 2331.279398] ? ext4_filemap_fault+0x7a/0xad [ 2331.283742] ? lock_release+0xa00/0xa00 [ 2331.287716] ? perf_trace_sched_process_exec+0x860/0x860 [ 2331.293181] ? print_usage_bug+0xc0/0xc0 [ 2331.297245] ? print_usage_bug+0xc0/0xc0 [ 2331.301323] ? __x64_sys_read+0x73/0xb0 [ 2331.305304] ? print_usage_bug+0xc0/0xc0 [ 2331.309395] ? down_read+0x8d/0x120 [ 2331.313034] ? ext4_filemap_fault+0x7a/0xad [ 2331.317361] ? __down_interruptible+0x700/0x700 [ 2331.322046] ext4_filemap_fault+0x82/0xad [ 2331.326208] __do_fault+0x100/0x6b0 [ 2331.329843] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2331.334955] ? mark_held_locks+0x130/0x130 [ 2331.339199] ? mark_held_locks+0x130/0x130 [ 2331.343455] ? lock_is_held_type+0x210/0x210 [ 2331.347861] ? do_syslog+0x147b/0x1690 [ 2331.351754] ? do_syslog+0x309/0x1690 [ 2331.355567] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2331.361114] __handle_mm_fault+0x3ea6/0x5be0 [ 2331.365535] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2331.370394] ? lock_is_held_type+0x210/0x210 [ 2331.374810] ? find_held_lock+0x36/0x1c0 [ 2331.378894] ? zap_class+0x640/0x640 [ 2331.382630] ? zap_class+0x640/0x640 [ 2331.386358] ? find_held_lock+0x36/0x1c0 [ 2331.390447] ? handle_mm_fault+0x42a/0xc70 [ 2331.394695] ? lock_downgrade+0x900/0x900 [ 2331.398852] ? check_preemption_disabled+0x48/0x280 [ 2331.403873] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2331.408808] ? kasan_check_read+0x11/0x20 [ 2331.412955] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2331.418242] ? rcu_softirq_qs+0x20/0x20 [ 2331.422218] ? trace_hardirqs_off_caller+0x310/0x310 [ 2331.427328] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2331.432867] ? check_preemption_disabled+0x48/0x280 [ 2331.437895] handle_mm_fault+0x54f/0xc70 [ 2331.441967] ? __handle_mm_fault+0x5be0/0x5be0 [ 2331.446579] ? find_vma+0x34/0x190 [ 2331.450144] __do_page_fault+0x5e8/0xe60 [ 2331.454222] ? trace_hardirqs_off+0xb8/0x310 [ 2331.458632] ? kernel_write+0x120/0x120 [ 2331.462620] do_page_fault+0xf2/0x7e0 [ 2331.466453] ? vmalloc_sync_all+0x30/0x30 [ 2331.470614] ? error_entry+0x70/0xd0 [ 2331.474332] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2331.479347] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2331.484278] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2331.489206] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2331.494052] ? trace_hardirqs_on_caller+0x310/0x310 [ 2331.499082] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2331.504577] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2331.509599] ? page_fault+0x8/0x30 [ 2331.513149] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2331.517997] ? page_fault+0x8/0x30 [ 2331.521560] page_fault+0x1e/0x30 [ 2331.525014] RIP: 0033:0x7f5b991d81fd [ 2331.528744] Code: Bad RIP value. [ 2331.532108] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2331.537509] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2331.544787] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2331.552064] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2331.559367] R10: 6b205d3231353735 R11: 0000000000000293 R12: 000000000065e420 [ 2331.566635] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2331.607390] Mem-Info: [ 2331.609964] active_anon:121249 inactive_anon:4311 isolated_anon:0 [ 2331.609964] active_file:15 inactive_file:26 isolated_file:0 [ 2331.609964] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2331.609964] slab_reclaimable:12312 slab_unreclaimable:116785 [ 2331.609964] mapped:49168 shmem:4487 pagetables:1951 bounce:0 [ 2331.609964] free:26851 free_pcp:903 free_cma:0 [ 2331.644919] Node 0 active_anon:484996kB inactive_anon:17244kB active_file:60kB inactive_file:204kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 131072kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2331.673849] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2331.705021] lowmem_reserve[]: 0 2818 6321 6321 [ 2331.709889] Node 0 DMA32 free:72648kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:104kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1620kB local_pcp:360kB free_cma:0kB [ 2331.741837] lowmem_reserve[]: 0 0 3503 3503 [ 2331.746420] Node 0 Normal free:80020kB min:37364kB low:46704kB high:56044kB active_anon:482824kB inactive_anon:17244kB active_file:60kB inactive_file:1540kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8576kB pagetables:7656kB bounce:0kB free_pcp:1764kB local_pcp:432kB free_cma:0kB [ 2331.776080] lowmem_reserve[]: 0 0 0 0 [ 2331.779982] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2331.793898] Node 0 DMA32: 5*4kB (UM) 3*8kB (U) 7*16kB (UME) 5*32kB (UE) 5*64kB (UME) 7*128kB (UME) 8*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 8*2048kB (UME) 10*4096kB (UM) = 72700kB [ 2331.810702] Node 0 Normal: 12174*4kB (UE) 5464*8kB (UME) 1238*16kB (UME) 209*32kB (UM) 57*64kB (UME) 14*128kB (UME) 8*256kB (UM) 3*512kB (UM) 1*1024kB (U) 9*2048kB (UM) 0*4096kB = 147384kB [ 2331.828082] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2331.837089] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2331.845826] 5481 total pagecache pages [ 2331.849850] 0 pages in swap cache [ 2331.853486] Swap cache stats: add 0, delete 0, find 0/0 [ 2331.858964] Free swap = 0kB [ 2331.863264] Total swap = 0kB [ 2331.866377] 1965979 pages RAM [ 2331.869595] 0 pages HighMem/MovableOnly [ 2331.873706] 342853 pages reserved [ 2331.877258] 0 pages cma reserved [ 2331.880721] Out of memory: Kill process 8136 (syz-executor2) score 1005 or sacrifice child [ 2331.889334] Killed process 8136 (syz-executor2) total-vm:70604kB, anon-rss:4256kB, file-rss:32768kB, shmem-rss:0kB [ 2331.901259] oom_reaper: reaped process 8136 (syz-executor2), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 2334.884143] syz-executor4 (25539) used greatest stack depth: 7840 bytes left 06:17:30 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffe]}}}) 06:17:30 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x4c, 0xffffffffffffffff]}}}) 06:17:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\xff\xff\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfefdffff, r0, 0x0}]) 06:17:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003d80)=[{{0x0, 0x0, &(0x7f0000003b40), 0x0, &(0x7f0000003b80)=[{0x10}], 0x10}}], 0x1, 0x4000) r0 = socket$inet6(0xa, 0x80003, 0x100000001) openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x0, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000080)=0x2, 0x4) sendto$inet6(r0, &(0x7f0000000140)='9', 0x1, 0x0, 0x0, 0x0) 06:17:30 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\vZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2335.006721] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2335.017700] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2335.023122] CPU: 1 PID: 25567 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2335.030499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2335.039873] Call Trace: [ 2335.042470] dump_stack+0x244/0x39d [ 2335.046095] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2335.051288] ? __video_do_ioctl+0x8b1/0x1050 [ 2335.055697] ? video_usercopy+0x5c1/0x1760 [ 2335.059935] ? video_ioctl2+0x2c/0x33 [ 2335.063737] ? do_vfs_ioctl+0x1de/0x1790 [ 2335.067809] warn_alloc.cold.116+0xb7/0x1bd [ 2335.072161] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2335.077181] ? zap_class+0x640/0x640 [ 2335.080933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2335.086488] ? check_preemption_disabled+0x48/0x280 [ 2335.091581] __vmalloc_node_range+0x472/0x750 [ 2335.096101] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2335.101145] ? vb2_vmalloc_alloc+0x123/0x380 06:17:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2335.105587] vmalloc_user+0x75/0x170 [ 2335.109317] ? vb2_vmalloc_alloc+0x123/0x380 [ 2335.113169] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2335.113780] vb2_vmalloc_alloc+0x123/0x380 [ 2335.113803] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2335.113832] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2335.113853] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2335.140748] __vb2_queue_alloc+0x5e1/0xfa0 [ 2335.145025] ? vimc_cap_get_format+0x120/0x120 [ 2335.149629] vb2_core_create_bufs+0x401/0x8c0 [ 2335.154162] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2335.158600] ? debug_smp_processor_id+0x1c/0x20 [ 2335.163287] ? perf_trace_lock+0x14d/0x7a0 [ 2335.167530] ? __save_stack_trace+0x8d/0xf0 [ 2335.171921] vb2_create_bufs+0x4b6/0x8f0 [ 2335.175998] ? v4l2_ioctl+0x154/0x1b0 [ 2335.179819] ? vb2_request_queue+0x120/0x120 [ 2335.184268] ? find_held_lock+0x36/0x1c0 [ 2335.188346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2335.188386] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2335.188427] v4l_create_bufs+0x152/0x230 [ 2335.188451] __video_do_ioctl+0x8b1/0x1050 [ 2335.188478] ? v4l_s_fmt+0x990/0x990 [ 2335.188516] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2335.202768] video_usercopy+0x5c1/0x1760 [ 2335.202788] ? v4l_s_fmt+0x990/0x990 [ 2335.202814] ? v4l_enumstd+0x70/0x70 [ 2335.202836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2335.202860] ? find_held_lock+0x36/0x1c0 [ 2335.202887] ? __fget+0x4aa/0x740 [ 2335.202906] ? lock_downgrade+0x900/0x900 [ 2335.202924] ? check_preemption_disabled+0x48/0x280 [ 2335.202946] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2335.202962] ? kasan_check_read+0x11/0x20 [ 2335.202983] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2335.211135] ? rcu_softirq_qs+0x20/0x20 [ 2335.220731] ? __fget+0x4d1/0x740 [ 2335.220758] ? ksys_dup3+0x680/0x680 [ 2335.220779] ? __might_fault+0x12b/0x1e0 [ 2335.220801] ? video_usercopy+0x1760/0x1760 [ 2335.220818] video_ioctl2+0x2c/0x33 [ 2335.220835] v4l2_ioctl+0x154/0x1b0 [ 2335.220853] ? video_devdata+0xa0/0xa0 [ 2335.228323] do_vfs_ioctl+0x1de/0x1790 [ 2335.228348] ? ioctl_preallocate+0x300/0x300 06:17:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2335.228365] ? __fget_light+0x2e9/0x430 [ 2335.228382] ? fget_raw+0x20/0x20 [ 2335.228397] ? _copy_to_user+0xc8/0x110 [ 2335.228419] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2335.228436] ? put_timespec64+0x10f/0x1b0 [ 2335.228454] ? nsecs_to_jiffies+0x30/0x30 [ 2335.238041] ? do_syscall_64+0x9a/0x820 [ 2335.238059] ? do_syscall_64+0x9a/0x820 [ 2335.238085] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2335.238108] ? security_file_ioctl+0x94/0xc0 [ 2335.238129] ksys_ioctl+0xa9/0xd0 [ 2335.238151] __x64_sys_ioctl+0x73/0xb0 06:17:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2335.238177] do_syscall_64+0x1b9/0x820 [ 2335.245765] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2335.245787] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2335.245804] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2335.245826] ? trace_hardirqs_on_caller+0x310/0x310 [ 2335.245845] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2335.245865] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2335.245889] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2335.245913] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2335.255834] RIP: 0033:0x457669 [ 2335.255852] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2335.255862] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2335.255878] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2335.255888] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2335.255898] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 06:17:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff\xfe\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2335.255909] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2335.255919] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2335.267250] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2335.315259] Mem-Info: [ 2335.346893] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2335.393430] active_anon:122343 inactive_anon:4311 isolated_anon:0 [ 2335.393430] active_file:801 inactive_file:2960 isolated_file:0 [ 2335.393430] unevictable:1 dirty:47 writeback:0 unstable:0 [ 2335.393430] slab_reclaimable:12313 slab_unreclaimable:116136 06:17:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x500, r0, 0x0}]) [ 2335.393430] mapped:51679 shmem:4487 pagetables:2009 bounce:0 [ 2335.393430] free:1266434 free_pcp:1193 free_cma:0 [ 2335.409601] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2335.454214] Node 0 active_anon:489408kB inactive_anon:17244kB active_file:3204kB inactive_file:11840kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:206716kB dirty:188kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 124928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2335.489939] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2335.560083] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2335.612428] lowmem_reserve[]: 0 2818 6321 6321 [ 2335.622710] Node 0 DMA32 free:2879980kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:36kB inactive_file:128kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2648kB local_pcp:1388kB free_cma:0kB [ 2335.682266] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2335.697149] lowmem_reserve[]: 0 0 3503 3503 [ 2335.702408] Node 0 Normal free:2171556kB min:37364kB low:46704kB high:56044kB active_anon:487300kB inactive_anon:17236kB active_file:3288kB inactive_file:11732kB unevictable:4kB writepending:292kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8896kB pagetables:8200kB bounce:0kB free_pcp:2104kB local_pcp:1504kB free_cma:0kB [ 2335.747378] lowmem_reserve[]: 0 0 0 0 [ 2335.752741] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2335.768203] Node 0 DMA32: 19*4kB (UM) 56*8kB (U) 56*16kB (UE) 55*32kB (UME) 58*64kB (UME) 66*128kB (UME) 52*256kB (UME) 39*512kB (UME) 33*1024kB (UME) 26*2048kB (UME) 670*4096kB (UM) = 2879980kB [ 2335.791572] Node 0 Normal: 12133*4kB (UME) 8012*8kB (UME) 3222*16kB (UME) 2434*32kB (UM) 1151*64kB (UME) 719*128kB (UME) 284*256kB (UM) 108*512kB (UM) 46*1024kB (U) 38*2048kB (UM) 370*4096kB (UM) = 2176212kB [ 2335.814478] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2335.824039] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2335.833242] 8285 total pagecache pages [ 2335.838344] 0 pages in swap cache [ 2335.842700] Swap cache stats: add 0, delete 0, find 0/0 [ 2335.848317] Free swap = 0kB [ 2335.851590] Total swap = 0kB [ 2335.855005] 1965979 pages RAM [ 2335.858199] 0 pages HighMem/MovableOnly [ 2335.862291] 342853 pages reserved [ 2335.865873] 0 pages cma reserved [ 2335.869428] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2335.880559] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2335.886260] CPU: 0 PID: 25569 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2335.893638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2335.902979] Call Trace: [ 2335.905587] dump_stack+0x244/0x39d [ 2335.909232] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2335.914429] ? __video_do_ioctl+0x8b1/0x1050 [ 2335.918846] ? video_usercopy+0x5c1/0x1760 [ 2335.923083] ? video_ioctl2+0x2c/0x33 [ 2335.926879] ? do_vfs_ioctl+0x1de/0x1790 [ 2335.931061] warn_alloc.cold.116+0xb7/0x1bd [ 2335.935426] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2335.940287] ? zap_class+0x640/0x640 [ 2335.944012] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2335.949561] ? check_preemption_disabled+0x48/0x280 [ 2335.954609] __vmalloc_node_range+0x472/0x750 [ 2335.959112] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2335.964137] ? vb2_vmalloc_alloc+0x123/0x380 [ 2335.968537] vmalloc_user+0x75/0x170 [ 2335.972255] ? vb2_vmalloc_alloc+0x123/0x380 [ 2335.976653] vb2_vmalloc_alloc+0x123/0x380 [ 2335.980879] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2335.985985] ? debug_mutex_wake_waiter+0x630/0x630 [ 2335.990933] ? mutex_destroy+0x200/0x200 06:17:31 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$search(0xa, r2, 0x0, &(0x7f0000000200)={'syz', 0x2}, 0x0) ioctl$TIOCLINUX4(0xffffffffffffffff, 0x541c, &(0x7f00000001c0)) socket$inet6(0xa, 0x80a, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x80, 0x0) getuid() fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x0) socket$inet6(0xa, 0x805, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) signalfd4(r0, 0x0, 0x0, 0x80000) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000280)={0x18, 0x71, 0x0, {{0x2f7971c7c0c741ab}, 0x1f}}, 0x18) fcntl$dupfd(r3, 0x0, r1) perf_event_open(&(0x7f00000003c0)={0x5, 0x70, 0x401, 0xffffffff80000000, 0xff, 0x100000000, 0x0, 0x201e, 0x0, 0x1, 0x8001, 0x4, 0x7, 0x64, 0x7, 0x6, 0x0, 0x9, 0x66b710ce, 0x4, 0x20000000200, 0x6, 0x95b, 0x600000000, 0x0, 0x0, 0x1, 0x91, 0x7, 0x8296, 0xc725, 0xff, 0x7, 0x0, 0x0, 0x20, 0x2, 0x4, 0x0, 0x3ff, 0x4, @perf_config_ext={0x0, 0x6}, 0x40, 0xfff, 0x8, 0x8, 0xeb7, 0x3, 0x4}, 0xffffffffffffffff, 0x4, r0, 0x8) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000002c0)) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) [ 2335.995036] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2335.999361] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2336.004470] __vb2_queue_alloc+0x5e1/0xfa0 [ 2336.008709] ? vimc_cap_get_format+0x120/0x120 [ 2336.013296] vb2_core_create_bufs+0x401/0x8c0 [ 2336.017815] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2336.022242] ? debug_smp_processor_id+0x1c/0x20 [ 2336.026928] ? perf_trace_lock+0x14d/0x7a0 [ 2336.031181] ? __save_stack_trace+0x8d/0xf0 [ 2336.035557] vb2_create_bufs+0x4b6/0x8f0 [ 2336.039640] ? v4l2_ioctl+0x154/0x1b0 [ 2336.043464] ? vb2_request_queue+0x120/0x120 [ 2336.047899] ? find_held_lock+0x36/0x1c0 [ 2336.051970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2336.057501] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2336.062111] v4l_create_bufs+0x152/0x230 [ 2336.066168] __video_do_ioctl+0x8b1/0x1050 [ 2336.070400] ? v4l_s_fmt+0x990/0x990 [ 2336.074125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2336.079678] video_usercopy+0x5c1/0x1760 [ 2336.083731] ? v4l_s_fmt+0x990/0x990 [ 2336.087437] ? v4l_enumstd+0x70/0x70 [ 2336.091140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2336.096672] ? find_held_lock+0x36/0x1c0 [ 2336.100729] ? __fget+0x4aa/0x740 [ 2336.104176] ? lock_downgrade+0x900/0x900 [ 2336.108327] ? check_preemption_disabled+0x48/0x280 [ 2336.113349] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2336.118269] ? kasan_check_read+0x11/0x20 [ 2336.122408] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2336.127686] ? rcu_softirq_qs+0x20/0x20 [ 2336.131679] ? __fget+0x4d1/0x740 [ 2336.135130] ? ksys_dup3+0x680/0x680 [ 2336.138848] ? __might_fault+0x12b/0x1e0 [ 2336.142920] ? video_usercopy+0x1760/0x1760 [ 2336.147233] video_ioctl2+0x2c/0x33 [ 2336.150870] v4l2_ioctl+0x154/0x1b0 [ 2336.154499] ? video_devdata+0xa0/0xa0 [ 2336.158412] do_vfs_ioctl+0x1de/0x1790 [ 2336.162320] ? ioctl_preallocate+0x300/0x300 [ 2336.166742] ? __fget_light+0x2e9/0x430 [ 2336.170705] ? fget_raw+0x20/0x20 [ 2336.174159] ? _copy_to_user+0xc8/0x110 [ 2336.178125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2336.183654] ? put_timespec64+0x10f/0x1b0 [ 2336.187792] ? nsecs_to_jiffies+0x30/0x30 [ 2336.191933] ? do_syscall_64+0x9a/0x820 [ 2336.195896] ? do_syscall_64+0x9a/0x820 [ 2336.199863] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2336.204456] ? security_file_ioctl+0x94/0xc0 [ 2336.208858] ksys_ioctl+0xa9/0xd0 [ 2336.212305] __x64_sys_ioctl+0x73/0xb0 [ 2336.216199] do_syscall_64+0x1b9/0x820 [ 2336.220123] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2336.225491] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2336.230421] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2336.235255] ? trace_hardirqs_on_caller+0x310/0x310 [ 2336.240323] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2336.245350] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2336.250187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2336.255379] RIP: 0033:0x457669 [ 2336.258634] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2336.277647] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2336.285339] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2336.292616] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2336.299941] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2336.307199] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2336.314459] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2336.323290] Mem-Info: [ 2336.326245] active_anon:120745 inactive_anon:4309 isolated_anon:0 [ 2336.326245] active_file:845 inactive_file:2955 isolated_file:0 [ 2336.326245] unevictable:1 dirty:77 writeback:0 unstable:0 [ 2336.326245] slab_reclaimable:12312 slab_unreclaimable:115489 [ 2336.326245] mapped:51687 shmem:4487 pagetables:1934 bounce:0 [ 2336.326245] free:1268685 free_pcp:1340 free_cma:0 [ 2336.360357] Node 0 active_anon:485028kB inactive_anon:17236kB active_file:3380kB inactive_file:11920kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:206848kB dirty:308kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 135168kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2336.388900] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2336.415246] lowmem_reserve[]: 0 2818 6321 6321 [ 2336.419935] Node 0 DMA32 free:2879980kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:36kB inactive_file:128kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2648kB local_pcp:1388kB free_cma:0kB [ 2336.448346] lowmem_reserve[]: 0 0 3503 3503 [ 2336.452766] Node 0 Normal free:2175984kB min:37364kB low:46704kB high:56044kB active_anon:484992kB inactive_anon:17236kB active_file:3344kB inactive_file:11892kB unevictable:4kB writepending:308kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8832kB pagetables:7884kB bounce:0kB free_pcp:2748kB local_pcp:1468kB free_cma:0kB [ 2336.483025] lowmem_reserve[]: 0 0 0 0 [ 2336.486945] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2336.500805] Node 0 DMA32: 19*4kB (UM) 56*8kB (U) 56*16kB (UE) 55*32kB (UME) 58*64kB (UME) 66*128kB (UME) 52*256kB (UME) 39*512kB (UME) 33*1024kB (UME) 26*2048kB (UME) 670*4096kB (UM) = 2879980kB [ 2336.518509] Node 0 Normal: 12070*4kB (UME) 7998*8kB (UE) 3217*16kB (UME) 2433*32kB (UM) 1150*64kB (UME) 719*128kB (UME) 283*256kB (UM) 107*512kB (UM) 45*1024kB (U) 39*2048kB (UM) 370*4096kB (UM) = 2175928kB [ 2336.537316] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 06:17:31 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff00000002]}}}) [ 2336.546940] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2336.555794] 8401 total pagecache pages [ 2336.559820] 0 pages in swap cache [ 2336.563424] Swap cache stats: add 0, delete 0, find 0/0 [ 2336.568795] Free swap = 0kB [ 2336.572011] Total swap = 0kB [ 2336.575129] 1965979 pages RAM [ 2336.578295] 0 pages HighMem/MovableOnly [ 2336.582974] 342853 pages reserved [ 2336.586442] 0 pages cma reserved 06:17:31 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x5, 0xffffffffffffffff]}}}) 06:17:31 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x1cZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfcfd, r0, 0x0}]) 06:17:31 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:31 executing program 0: r0 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x4) lseek(r0, 0x0, 0x3) [ 2336.652039] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:31 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff4a000000]}}}) [ 2336.708003] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2336.769752] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2336.790390] CPU: 1 PID: 25627 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2336.797772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2336.797780] Call Trace: [ 2336.797810] dump_stack+0x244/0x39d [ 2336.797839] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2336.797863] ? __video_do_ioctl+0x8b1/0x1050 [ 2336.797881] ? video_usercopy+0x5c1/0x1760 [ 2336.797898] ? video_ioctl2+0x2c/0x33 [ 2336.797922] ? do_vfs_ioctl+0x1de/0x1790 [ 2336.835158] warn_alloc.cold.116+0xb7/0x1bd [ 2336.839513] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2336.844381] ? zap_class+0x640/0x640 [ 2336.844408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2336.844428] ? check_preemption_disabled+0x48/0x280 [ 2336.844469] __vmalloc_node_range+0x472/0x750 [ 2336.844492] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2336.868236] ? vb2_vmalloc_alloc+0x123/0x380 [ 2336.872661] vmalloc_user+0x75/0x170 [ 2336.876390] ? vb2_vmalloc_alloc+0x123/0x380 [ 2336.880820] vb2_vmalloc_alloc+0x123/0x380 [ 2336.885120] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 06:17:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x700000000000000, r0, 0x0}]) 06:17:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2336.890276] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2336.894615] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2336.899735] __vb2_queue_alloc+0x5e1/0xfa0 [ 2336.904003] ? vimc_cap_get_format+0x120/0x120 [ 2336.904021] vb2_core_create_bufs+0x401/0x8c0 [ 2336.904043] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2336.904070] ? debug_smp_processor_id+0x1c/0x20 [ 2336.904088] ? perf_trace_lock+0x14d/0x7a0 [ 2336.904107] ? __save_stack_trace+0x8d/0xf0 [ 2336.904148] vb2_create_bufs+0x4b6/0x8f0 [ 2336.934871] ? v4l2_ioctl+0x154/0x1b0 [ 2336.938711] ? vb2_request_queue+0x120/0x120 [ 2336.943141] ? find_held_lock+0x36/0x1c0 [ 2336.947223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2336.952783] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2336.953014] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2336.957401] v4l_create_bufs+0x152/0x230 [ 2336.957425] __video_do_ioctl+0x8b1/0x1050 [ 2336.957452] ? v4l_s_fmt+0x990/0x990 [ 2336.957475] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2336.983144] video_usercopy+0x5c1/0x1760 [ 2336.987217] ? v4l_s_fmt+0x990/0x990 06:17:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2336.990959] ? v4l_enumstd+0x70/0x70 [ 2336.994694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2337.000254] ? find_held_lock+0x36/0x1c0 [ 2337.004341] ? __fget+0x4aa/0x740 [ 2337.007838] ? lock_downgrade+0x900/0x900 [ 2337.012023] ? check_preemption_disabled+0x48/0x280 [ 2337.017053] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2337.022036] ? kasan_check_read+0x11/0x20 [ 2337.026220] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2337.031513] ? rcu_softirq_qs+0x20/0x20 [ 2337.035563] ? __fget+0x4d1/0x740 [ 2337.039086] ? ksys_dup3+0x680/0x680 [ 2337.042823] ? __might_fault+0x12b/0x1e0 [ 2337.046905] ? video_usercopy+0x1760/0x1760 [ 2337.051244] video_ioctl2+0x2c/0x33 [ 2337.054895] v4l2_ioctl+0x154/0x1b0 [ 2337.055111] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2337.058536] ? video_devdata+0xa0/0xa0 [ 2337.058566] do_vfs_ioctl+0x1de/0x1790 [ 2337.058591] ? ioctl_preallocate+0x300/0x300 [ 2337.058608] ? __fget_light+0x2e9/0x430 [ 2337.058628] ? fget_raw+0x20/0x20 [ 2337.086538] ? _copy_to_user+0xc8/0x110 06:17:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2337.090556] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2337.096113] ? put_timespec64+0x10f/0x1b0 [ 2337.100282] ? nsecs_to_jiffies+0x30/0x30 [ 2337.104448] ? do_syscall_64+0x9a/0x820 [ 2337.108442] ? do_syscall_64+0x9a/0x820 [ 2337.112435] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2337.117040] ? security_file_ioctl+0x94/0xc0 [ 2337.121494] ksys_ioctl+0xa9/0xd0 [ 2337.124970] __x64_sys_ioctl+0x73/0xb0 [ 2337.128876] do_syscall_64+0x1b9/0x820 [ 2337.132783] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2337.138162] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2337.143123] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2337.147988] ? trace_hardirqs_on_caller+0x310/0x310 [ 2337.153051] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2337.158152] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2337.158829] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2337.163186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2337.163213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2337.163227] RIP: 0033:0x457669 06:17:32 executing program 0: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x68, 0xffffffffffffffff]}}}) [ 2337.163244] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2337.163254] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2337.163268] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2337.163277] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2337.163284] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2337.163292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2337.163301] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:17:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xf0ffffff7f0000, r0, 0x0}]) [ 2341.640225] oom_reaper: reaped process 25635 (syz-executor4), now anon-rss:0kB, file-rss:32004kB, shmem-rss:0kB [ 2341.661525] syz-fuzzer invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2341.681962] syz-fuzzer cpuset=/ mems_allowed=0 [ 2341.686592] CPU: 1 PID: 6049 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #379 [ 2341.693613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2341.702975] Call Trace: [ 2341.705602] dump_stack+0x244/0x39d [ 2341.709253] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2341.714501] ? mark_held_locks+0x130/0x130 [ 2341.718725] ? mark_held_locks+0x130/0x130 [ 2341.721984] syz-executor4: vmalloc: allocation failure, allocated 171626496 of 1241518080 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2341.722974] dump_header+0x27b/0xf72 [ 2341.740341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2341.743043] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2341.745898] ? check_preemption_disabled+0x48/0x280 [ 2341.755995] ? pagefault_out_of_memory+0x197/0x197 [ 2341.760933] ? debug_smp_processor_id+0x1c/0x20 [ 2341.765610] ? perf_trace_lock+0x14d/0x7a0 [ 2341.769868] ? mark_held_locks+0x130/0x130 [ 2341.774131] ? lock_is_held_type+0x210/0x210 [ 2341.778569] ? debug_smp_processor_id+0x1c/0x20 [ 2341.783247] ? perf_trace_lock+0x14d/0x7a0 [ 2341.787486] ? zap_class+0x640/0x640 [ 2341.791208] ? print_usage_bug+0xc0/0xc0 [ 2341.795279] ? lock_is_held_type+0x210/0x210 [ 2341.799696] ? perf_trace_lock+0x14d/0x7a0 [ 2341.803946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2341.809506] ? find_held_lock+0x36/0x1c0 [ 2341.813589] ? mark_held_locks+0xc7/0x130 [ 2341.817751] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2341.822864] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2341.827977] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2341.832579] ? trace_hardirqs_on+0xbd/0x310 [ 2341.836917] ? kasan_check_read+0x11/0x20 [ 2341.841088] ? ___ratelimit+0x3b4/0x672 [ 2341.845093] ? trace_hardirqs_off_caller+0x310/0x310 [ 2341.850236] ? trace_hardirqs_on+0x310/0x310 [ 2341.854666] ? lock_downgrade+0x900/0x900 [ 2341.858832] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2341.863943] ? ___ratelimit+0x3b9/0x672 [ 2341.867959] ? idr_get_free+0xf70/0xf70 [ 2341.871941] ? lock_is_held_type+0x210/0x210 [ 2341.876384] oom_kill_process.cold.27+0x10/0x903 [ 2341.881156] ? zap_class+0x640/0x640 [ 2341.884878] ? _raw_spin_unlock+0x2c/0x50 [ 2341.889047] ? oom_badness+0xe6/0xaa0 [ 2341.892885] ? oom_evaluate_task+0x540/0x540 [ 2341.897328] ? find_held_lock+0x36/0x1c0 [ 2341.901436] ? out_of_memory+0x974/0x1430 [ 2341.905593] ? lock_downgrade+0x900/0x900 [ 2341.909752] ? check_preemption_disabled+0x48/0x280 [ 2341.914782] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2341.919722] ? kasan_check_read+0x11/0x20 [ 2341.923875] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2341.929156] ? rcu_softirq_qs+0x20/0x20 [ 2341.933145] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2341.938168] ? oom_evaluate_task+0x302/0x540 [ 2341.942594] out_of_memory+0xa84/0x1430 [ 2341.946593] ? oom_killer_disable+0x3a0/0x3a0 [ 2341.951101] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2341.956046] ? __ww_mutex_check_waiters+0x160/0x160 [ 2341.961111] __alloc_pages_slowpath+0x232c/0x2de0 [ 2341.965993] ? warn_alloc+0x120/0x120 [ 2341.969798] ? mark_held_locks+0x130/0x130 [ 2341.974048] ? find_get_entry+0xaae/0x1120 [ 2341.978313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2341.983875] ? check_preemption_disabled+0x48/0x280 [ 2341.988898] ? filemap_map_pages+0x1a20/0x1a20 [ 2341.993495] ? debug_smp_processor_id+0x1c/0x20 [ 2341.998211] ? perf_trace_lock+0x14d/0x7a0 [ 2342.002471] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2342.008028] ? should_fail+0x22d/0xd01 [ 2342.011926] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2342.017044] ? zap_class+0x640/0x640 [ 2342.020815] ? __lock_is_held+0xb5/0x140 [ 2342.024894] ? mark_held_locks+0x130/0x130 [ 2342.029137] ? lock_release+0xa00/0xa00 [ 2342.033120] ? perf_trace_sched_process_exec+0x860/0x860 [ 2342.038594] ? xa_load+0x2ba/0x460 [ 2342.042144] ? lock_downgrade+0x900/0x900 [ 2342.046340] ? __might_sleep+0x95/0x190 [ 2342.050324] __alloc_pages_nodemask+0xad8/0xea0 [ 2342.055024] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2342.060071] ? __page_cache_alloc+0x191/0x5c0 [ 2342.064593] ? xa_load+0x2e1/0x460 [ 2342.068141] ? xa_clear_mark+0x40/0x40 [ 2342.072036] ? zap_class+0x640/0x640 [ 2342.075886] ? zap_class+0x640/0x640 [ 2342.079608] ? zap_class+0x640/0x640 [ 2342.083332] ? __do_page_cache_readahead+0x663/0x810 [ 2342.088447] ? find_held_lock+0x36/0x1c0 [ 2342.092521] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2342.098089] alloc_pages_current+0x173/0x350 [ 2342.102516] __page_cache_alloc+0x38c/0x5c0 [ 2342.106851] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2342.111790] ? kasan_check_read+0x11/0x20 [ 2342.115945] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2342.121238] ? generic_perform_write+0x6a0/0x6a0 [ 2342.126006] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2342.131560] ? check_preemption_disabled+0x48/0x280 [ 2342.136610] filemap_fault+0x1595/0x25f0 [ 2342.140702] ? __lock_page_or_retry+0xa00/0xa00 [ 2342.145387] ? mark_held_locks+0x130/0x130 [ 2342.149651] ? filemap_map_pages+0xd6b/0x1a20 [ 2342.154157] ? lock_downgrade+0x900/0x900 [ 2342.158317] ? check_preemption_disabled+0x48/0x280 [ 2342.163348] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2342.168285] ? kasan_check_read+0x11/0x20 [ 2342.172438] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2342.177725] ? rcu_softirq_qs+0x20/0x20 [ 2342.181738] ? filemap_map_pages+0xd92/0x1a20 [ 2342.186258] ? find_get_entries_tag+0x1400/0x1400 [ 2342.191112] ? debug_object_destroy+0x2b0/0x2b0 [ 2342.195792] ? lock_pi_update_atomic+0x150/0x150 [ 2342.200567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2342.206130] ? lock_acquire+0x1ed/0x520 [ 2342.210630] ? ext4_filemap_fault+0x7a/0xad [ 2342.214969] ? lock_release+0xa00/0xa00 [ 2342.218965] ? perf_trace_sched_process_exec+0x860/0x860 [ 2342.224441] ? print_usage_bug+0xc0/0xc0 [ 2342.228514] ? print_usage_bug+0xc0/0xc0 [ 2342.232608] ? down_read+0x8d/0x120 [ 2342.236241] ? ext4_filemap_fault+0x7a/0xad [ 2342.240625] ? __down_interruptible+0x700/0x700 [ 2342.245313] ext4_filemap_fault+0x82/0xad [ 2342.249471] __do_fault+0x100/0x6b0 [ 2342.253116] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2342.258232] ? mark_held_locks+0x130/0x130 [ 2342.262473] ? mark_held_locks+0x130/0x130 [ 2342.266717] ? debug_smp_processor_id+0x1c/0x20 [ 2342.271390] ? perf_trace_lock+0x14d/0x7a0 [ 2342.275640] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2342.281197] __handle_mm_fault+0x3ea6/0x5be0 [ 2342.285627] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2342.290476] ? lock_is_held_type+0x210/0x210 [ 2342.294918] ? zap_class+0x640/0x640 [ 2342.298642] ? zap_class+0x640/0x640 [ 2342.302369] ? __x64_sys_futex+0x53e/0x6a0 [ 2342.306625] ? find_held_lock+0x36/0x1c0 [ 2342.310706] ? handle_mm_fault+0x42a/0xc70 [ 2342.314959] ? lock_downgrade+0x900/0x900 [ 2342.319114] ? check_preemption_disabled+0x48/0x280 [ 2342.324139] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2342.329076] ? kasan_check_read+0x11/0x20 [ 2342.333228] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2342.338527] ? rcu_softirq_qs+0x20/0x20 [ 2342.342520] ? trace_hardirqs_off_caller+0x310/0x310 [ 2342.347637] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2342.353213] ? check_preemption_disabled+0x48/0x280 [ 2342.358264] handle_mm_fault+0x54f/0xc70 [ 2342.362339] ? __handle_mm_fault+0x5be0/0x5be0 [ 2342.366966] ? find_vma+0x34/0x190 [ 2342.370524] __do_page_fault+0x5e8/0xe60 [ 2342.374614] ? trace_hardirqs_off+0xb8/0x310 [ 2342.379031] ? retint_kernel+0x2d/0x2d [ 2342.382936] do_page_fault+0xf2/0x7e0 [ 2342.386744] ? vmalloc_sync_all+0x30/0x30 [ 2342.390897] ? error_entry+0x70/0xd0 [ 2342.394641] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2342.399666] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2342.404615] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2342.409556] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2342.414422] ? trace_hardirqs_on_caller+0x310/0x310 [ 2342.419452] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2342.424917] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2342.429951] ? page_fault+0x8/0x30 [ 2342.433521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2342.438396] ? page_fault+0x8/0x30 [ 2342.441961] page_fault+0x1e/0x30 [ 2342.445418] RIP: 0033:0x45ddf3 [ 2342.448635] Code: Bad RIP value. [ 2342.451999] RSP: 002b:000000c42001eea0 EFLAGS: 00010206 [ 2342.457367] RAX: ffffffffffffff92 RBX: 000000003b96ba48 RCX: 000000000045ddf3 [ 2342.464642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001585d20 [ 2342.471912] RBP: 000000c42001eee8 R08: 0000000000000000 R09: 0000000000000000 [ 2342.479185] R10: 000000c42001eed8 R11: 0000000000000206 R12: 0000000000000001 [ 2342.486456] R13: 0000000000000020 R14: 0000000000000013 R15: 000000c42633a370 [ 2342.498366] CPU: 0 PID: 25635 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2342.503110] Mem-Info: [ 2342.505754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2342.508186] active_anon:120727 inactive_anon:4311 isolated_anon:0 [ 2342.508186] active_file:38 inactive_file:0 isolated_file:0 [ 2342.508186] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2342.508186] slab_reclaimable:12320 slab_unreclaimable:116090 [ 2342.508186] mapped:49168 shmem:4487 pagetables:1951 bounce:0 [ 2342.508186] free:15786 free_pcp:151 free_cma:0 [ 2342.517498] Call Trace: [ 2342.517522] dump_stack+0x244/0x39d [ 2342.517587] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2342.556256] Node 0 active_anon:482908kB inactive_anon:17244kB active_file:152kB inactive_file:0kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:17948kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 131072kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2342.556931] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2342.562125] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2342.589977] warn_alloc.cold.116+0xb7/0x1bd [ 2342.589998] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2342.590020] ? __lock_is_held+0xb5/0x140 [ 2342.594781] lowmem_reserve[]: 0 2818 6321 6321 [ 2342.620884] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2342.620918] __vmalloc_node_range+0x522/0x750 [ 2342.625237] Node 0 DMA32 free:28900kB min:30052kB low:37564kB high:45076kB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:4kB free_cma:0kB [ 2342.630064] ? vb2_vmalloc_alloc+0x123/0x380 [ 2342.634125] lowmem_reserve[]: 0 0 3503 3503 [ 2342.638811] vmalloc_user+0x75/0x170 [ 2342.644346] Node 0 Normal free:18336kB min:37364kB low:46704kB high:56044kB active_anon:482864kB inactive_anon:17244kB active_file:152kB inactive_file:0kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8640kB pagetables:7804kB bounce:0kB free_pcp:352kB local_pcp:104kB free_cma:0kB [ 2342.648816] ? vb2_vmalloc_alloc+0x123/0x380 [ 2342.676230] lowmem_reserve[]: 0 0 0 0 [ 2342.680623] vb2_vmalloc_alloc+0x123/0x380 [ 2342.684946] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2342.688635] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2342.717699] Node 0 DMA32: 3*4kB (UME) 7*8kB (ME) 6*16kB (M) 4*32kB (UME) 5*64kB (UME) 5*128kB (UME) 4*256kB (ME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28900kB [ 2342.722081] ? mutex_destroy+0x200/0x200 [ 2342.722102] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2342.722121] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2342.725903] Node 0 Normal: 310*4kB (UME) 939*8kB (ME) 565*16kB (UM) 17*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18336kB [ 2342.730140] __vb2_queue_alloc+0x5e1/0xfa0 [ 2342.743742] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2342.748816] ? vimc_cap_get_format+0x120/0x120 [ 2342.764846] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2342.768874] vb2_core_create_bufs+0x401/0x8c0 [ 2342.773201] 4514 total pagecache pages [ 2342.778309] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2342.791759] 0 pages in swap cache [ 2342.795957] ? debug_smp_processor_id+0x1c/0x20 [ 2342.795977] ? perf_trace_lock+0x14d/0x7a0 [ 2342.796000] ? __save_stack_trace+0x8d/0xf0 [ 2342.804842] Swap cache stats: add 0, delete 0, find 0/0 [ 2342.809415] vb2_create_bufs+0x4b6/0x8f0 [ 2342.817971] Free swap = 0kB [ 2342.822438] ? v4l2_ioctl+0x154/0x1b0 [ 2342.822463] ? vb2_request_queue+0x120/0x120 [ 2342.822487] ? find_held_lock+0x36/0x1c0 [ 2342.826355] Total swap = 0kB [ 2342.830763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2342.834220] 1965979 pages RAM [ 2342.838864] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2342.843107] 0 pages HighMem/MovableOnly [ 2342.847401] v4l_create_bufs+0x152/0x230 [ 2342.852764] 342853 pages reserved [ 2342.856799] __video_do_ioctl+0x8b1/0x1050 [ 2342.859792] 0 pages cma reserved [ 2342.863603] ? v4l_s_fmt+0x990/0x990 [ 2342.863629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2342.868022] Out of memory: Kill process 19412 (syz-executor1) score 1005 or sacrifice child [ 2342.872089] video_usercopy+0x5c1/0x1760 [ 2342.872121] ? v4l_s_fmt+0x990/0x990 [ 2342.872159] ? v4l_enumstd+0x70/0x70 [ 2342.875418] Killed process 19412 (syz-executor1) total-vm:70736kB, anon-rss:2232kB, file-rss:32768kB, shmem-rss:0kB [ 2342.880686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2342.907148] syz-fuzzer invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2342.907386] ? find_held_lock+0x36/0x1c0 [ 2342.911084] syz-fuzzer cpuset=/ mems_allowed=0 [ 2342.916629] ? __fget+0x4aa/0x740 [ 2342.916648] ? lock_downgrade+0x900/0x900 [ 2342.916677] ? check_preemption_disabled+0x48/0x280 [ 2342.985352] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2342.990290] ? kasan_check_read+0x11/0x20 [ 2342.994445] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2342.999735] ? rcu_softirq_qs+0x20/0x20 [ 2343.003734] ? __fget+0x4d1/0x740 [ 2343.007221] ? ksys_dup3+0x680/0x680 [ 2343.010961] ? __might_fault+0x12b/0x1e0 [ 2343.015036] ? video_usercopy+0x1760/0x1760 [ 2343.019370] video_ioctl2+0x2c/0x33 [ 2343.023015] v4l2_ioctl+0x154/0x1b0 [ 2343.026681] ? video_devdata+0xa0/0xa0 [ 2343.030593] do_vfs_ioctl+0x1de/0x1790 [ 2343.034528] ? ioctl_preallocate+0x300/0x300 [ 2343.038981] ? __fget_light+0x2e9/0x430 [ 2343.042966] ? fget_raw+0x20/0x20 [ 2343.046435] ? _copy_to_user+0xc8/0x110 [ 2343.050424] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2343.055971] ? put_timespec64+0x10f/0x1b0 [ 2343.060126] ? nsecs_to_jiffies+0x30/0x30 [ 2343.064286] ? do_syscall_64+0x9a/0x820 [ 2343.068312] ? do_syscall_64+0x9a/0x820 [ 2343.072339] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2343.076931] ? security_file_ioctl+0x94/0xc0 [ 2343.081351] ksys_ioctl+0xa9/0xd0 [ 2343.084818] __x64_sys_ioctl+0x73/0xb0 [ 2343.088718] do_syscall_64+0x1b9/0x820 [ 2343.092618] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2343.097992] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2343.102926] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2343.107784] ? trace_hardirqs_on_caller+0x310/0x310 [ 2343.112810] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2343.117842] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2343.122873] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2343.127761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2343.132953] RIP: 0033:0x457669 [ 2343.136165] Code: Bad RIP value. [ 2343.139532] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2343.147260] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2343.154530] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2343.161818] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2343.169093] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2343.176375] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2343.183683] CPU: 1 PID: 6049 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #379 [ 2343.190715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2343.192075] warn_alloc_show_mem: 1 callbacks suppressed [ 2343.192081] Mem-Info: [ 2343.200073] Call Trace: [ 2343.210938] dump_stack+0x244/0x39d [ 2343.211486] active_anon:120187 inactive_anon:236 isolated_anon:0 [ 2343.211486] active_file:22 inactive_file:4 isolated_file:0 [ 2343.211486] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2343.211486] slab_reclaimable:12320 slab_unreclaimable:116009 [ 2343.211486] mapped:49168 shmem:412 pagetables:1914 bounce:0 [ 2343.211486] free:20223 free_pcp:493 free_cma:0 [ 2343.214587] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2343.214610] ? mark_held_locks+0x130/0x130 [ 2343.214627] ? mark_held_locks+0x130/0x130 [ 2343.214675] dump_header+0x27b/0xf72 [ 2343.254239] Node 0 active_anon:480748kB inactive_anon:944kB active_file:88kB inactive_file:16kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1648kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 131072kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2343.257054] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2343.261261] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2343.264988] ? check_preemption_disabled+0x48/0x280 [ 2343.265008] ? pagefault_out_of_memory+0x197/0x197 [ 2343.265024] ? debug_smp_processor_id+0x1c/0x20 [ 2343.265040] ? perf_trace_lock+0x14d/0x7a0 [ 2343.265060] ? mark_held_locks+0x130/0x130 [ 2343.265092] ? lock_is_held_type+0x210/0x210 [ 2343.299097] lowmem_reserve[]: 0 2818 6321 6321 [ 2343.324347] ? debug_smp_processor_id+0x1c/0x20 [ 2343.324365] ? perf_trace_lock+0x14d/0x7a0 [ 2343.324380] ? zap_class+0x640/0x640 [ 2343.324399] ? print_usage_bug+0xc0/0xc0 [ 2343.324416] ? lock_is_held_type+0x210/0x210 [ 2343.324431] ? perf_trace_lock+0x14d/0x7a0 [ 2343.324452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2343.324493] ? find_held_lock+0x36/0x1c0 [ 2343.324517] ? mark_held_locks+0xc7/0x130 [ 2343.332004] Node 0 DMA32 free:28900kB min:30052kB low:37564kB high:45076kB active_anon:48kB inactive_anon:0kB active_file:28kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:248kB free_cma:0kB [ 2343.334491] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2343.339194] lowmem_reserve[]: 0 0 3503 3503 [ 2343.343448] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2343.343502] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2343.343522] ? trace_hardirqs_on+0xbd/0x310 [ 2343.343544] ? kasan_check_read+0x11/0x20 [ 2343.352879] Node 0 Normal free:36084kB min:37364kB low:46704kB high:56044kB active_anon:480704kB inactive_anon:944kB active_file:60kB inactive_file:36kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8576kB pagetables:7656kB bounce:0kB free_pcp:1720kB local_pcp:328kB free_cma:0kB [ 2343.356765] ? ___ratelimit+0x3b4/0x672 [ 2343.361413] lowmem_reserve[]: 0 0 0 0 [ 2343.365650] ? trace_hardirqs_off_caller+0x310/0x310 [ 2343.365668] ? trace_hardirqs_on+0x310/0x310 [ 2343.365685] ? lock_downgrade+0x900/0x900 [ 2343.365706] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2343.365723] ? ___ratelimit+0x3b9/0x672 [ 2343.365741] ? idr_get_free+0xf70/0xf70 [ 2343.365760] ? lock_is_held_type+0x210/0x210 [ 2343.369519] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2343.373554] oom_kill_process.cold.27+0x10/0x903 [ 2343.373573] ? zap_class+0x640/0x640 [ 2343.373594] ? _raw_spin_unlock+0x2c/0x50 [ 2343.373608] ? oom_badness+0xe6/0xaa0 [ 2343.373630] ? oom_evaluate_task+0x540/0x540 [ 2343.379804] Node 0 DMA32: 3*4kB (UME) 7*8kB (ME) 6*16kB (M) 4*32kB (UME) 5*64kB (UME) 5*128kB (UME) 4*256kB (ME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28900kB [ 2343.382253] ? find_held_lock+0x36/0x1c0 [ 2343.382278] ? out_of_memory+0x974/0x1430 [ 2343.382301] ? lock_downgrade+0x900/0x900 [ 2343.387824] Node 0 Normal: 443*4kB (UME) 967*8kB (UME) 582*16kB (UM) 87*32kB (UM) 191*64kB (U) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 36132kB [ 2343.391879] ? check_preemption_disabled+0x48/0x280 [ 2343.391900] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2343.391931] ? kasan_check_read+0x11/0x20 [ 2343.391948] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2343.401238] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2343.423757] ? rcu_softirq_qs+0x20/0x20 [ 2343.423779] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2343.423792] ? oom_evaluate_task+0x302/0x540 [ 2343.423811] out_of_memory+0xa84/0x1430 [ 2343.423835] ? oom_killer_disable+0x3a0/0x3a0 [ 2343.423854] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2343.423876] ? __ww_mutex_check_waiters+0x160/0x160 [ 2343.423904] __alloc_pages_slowpath+0x232c/0x2de0 [ 2343.431976] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2343.433345] ? warn_alloc+0x120/0x120 [ 2343.438404] 439 total pagecache pages [ 2343.442981] ? mark_held_locks+0x130/0x130 [ 2343.443005] ? find_get_entry+0xaae/0x1120 [ 2343.443036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2343.451349] 0 pages in swap cache [ 2343.451522] ? check_preemption_disabled+0x48/0x280 [ 2343.486990] Swap cache stats: add 0, delete 0, find 0/0 [ 2343.488283] ? filemap_map_pages+0x1a20/0x1a20 [ 2343.493515] Free swap = 0kB [ 2343.497784] ? debug_smp_processor_id+0x1c/0x20 [ 2343.508220] Total swap = 0kB [ 2343.510992] ? perf_trace_lock+0x14d/0x7a0 [ 2343.515100] 1965979 pages RAM [ 2343.519368] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2343.539144] 0 pages HighMem/MovableOnly [ 2343.541344] ? should_fail+0x22d/0xd01 [ 2343.545522] 342853 pages reserved [ 2343.549283] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2343.559812] 0 pages cma reserved [ 2343.569717] ? zap_class+0x640/0x640 [ 2343.569759] ? __lock_is_held+0xb5/0x140 [ 2343.569782] ? mark_held_locks+0x130/0x130 [ 2343.765469] ? lock_release+0xa00/0xa00 [ 2343.769486] ? perf_trace_sched_process_exec+0x860/0x860 [ 2343.775014] ? xa_load+0x2ba/0x460 [ 2343.778578] ? lock_downgrade+0x900/0x900 [ 2343.782747] ? __might_sleep+0x95/0x190 [ 2343.786736] __alloc_pages_nodemask+0xad8/0xea0 [ 2343.791420] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2343.796447] ? __page_cache_alloc+0x191/0x5c0 [ 2343.800954] ? xa_load+0x2e1/0x460 [ 2343.804507] ? xa_clear_mark+0x40/0x40 [ 2343.808419] ? zap_class+0x640/0x640 [ 2343.812153] ? zap_class+0x640/0x640 [ 2343.815875] ? zap_class+0x640/0x640 [ 2343.819606] ? __do_page_cache_readahead+0x663/0x810 [ 2343.824727] ? find_held_lock+0x36/0x1c0 [ 2343.828805] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2343.834360] alloc_pages_current+0x173/0x350 [ 2343.838787] __page_cache_alloc+0x38c/0x5c0 [ 2343.843116] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2343.848056] ? kasan_check_read+0x11/0x20 [ 2343.852217] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2343.857523] ? generic_perform_write+0x6a0/0x6a0 [ 2343.862299] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2343.867851] ? check_preemption_disabled+0x48/0x280 [ 2343.872888] filemap_fault+0x1595/0x25f0 [ 2343.876979] ? __lock_page_or_retry+0xa00/0xa00 [ 2343.881665] ? mark_held_locks+0x130/0x130 [ 2343.885920] ? filemap_map_pages+0xd6b/0x1a20 [ 2343.890427] ? lock_downgrade+0x900/0x900 [ 2343.894597] ? check_preemption_disabled+0x48/0x280 [ 2343.899642] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2343.904601] ? kasan_check_read+0x11/0x20 [ 2343.908755] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2343.914039] ? rcu_softirq_qs+0x20/0x20 [ 2343.918041] ? filemap_map_pages+0xd92/0x1a20 [ 2343.922576] ? find_get_entries_tag+0x1400/0x1400 [ 2343.927431] ? debug_object_destroy+0x2b0/0x2b0 [ 2343.932113] ? lock_pi_update_atomic+0x150/0x150 [ 2343.936877] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2343.942442] ? lock_acquire+0x1ed/0x520 [ 2343.946423] ? ext4_filemap_fault+0x7a/0xad [ 2343.950763] ? lock_release+0xa00/0xa00 [ 2343.954760] ? perf_trace_sched_process_exec+0x860/0x860 [ 2343.960222] ? print_usage_bug+0xc0/0xc0 [ 2343.964294] ? print_usage_bug+0xc0/0xc0 [ 2343.968376] ? down_read+0x8d/0x120 [ 2343.972013] ? ext4_filemap_fault+0x7a/0xad [ 2343.976347] ? __down_interruptible+0x700/0x700 [ 2343.981037] ext4_filemap_fault+0x82/0xad [ 2343.985201] __do_fault+0x100/0x6b0 [ 2343.988842] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2343.993958] ? mark_held_locks+0x130/0x130 [ 2343.998207] ? mark_held_locks+0x130/0x130 [ 2344.002559] ? debug_smp_processor_id+0x1c/0x20 [ 2344.007254] ? perf_trace_lock+0x14d/0x7a0 [ 2344.011508] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2344.017061] __handle_mm_fault+0x3ea6/0x5be0 [ 2344.021503] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2344.026354] ? lock_is_held_type+0x210/0x210 [ 2344.030793] ? zap_class+0x640/0x640 [ 2344.034510] ? zap_class+0x640/0x640 [ 2344.038227] ? __x64_sys_futex+0x53e/0x6a0 [ 2344.042469] ? find_held_lock+0x36/0x1c0 [ 2344.046556] ? handle_mm_fault+0x42a/0xc70 [ 2344.050794] ? lock_downgrade+0x900/0x900 [ 2344.054946] ? check_preemption_disabled+0x48/0x280 [ 2344.059968] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2344.064902] ? kasan_check_read+0x11/0x20 [ 2344.069063] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2344.074390] ? rcu_softirq_qs+0x20/0x20 [ 2344.078373] ? trace_hardirqs_off_caller+0x310/0x310 [ 2344.083484] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2344.089026] ? check_preemption_disabled+0x48/0x280 [ 2344.094056] handle_mm_fault+0x54f/0xc70 [ 2344.098129] ? __handle_mm_fault+0x5be0/0x5be0 [ 2344.102724] ? find_vma+0x34/0x190 [ 2344.106275] __do_page_fault+0x5e8/0xe60 [ 2344.110339] ? trace_hardirqs_off+0xb8/0x310 [ 2344.114749] ? retint_kernel+0x2d/0x2d [ 2344.118653] do_page_fault+0xf2/0x7e0 [ 2344.122459] ? vmalloc_sync_all+0x30/0x30 [ 2344.126608] ? error_entry+0x70/0xd0 [ 2344.130327] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2344.135344] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2344.140281] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2344.145216] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2344.150065] ? trace_hardirqs_on_caller+0x310/0x310 [ 2344.155098] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2344.160566] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2344.165587] ? page_fault+0x8/0x30 [ 2344.169134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2344.173993] ? page_fault+0x8/0x30 [ 2344.177535] page_fault+0x1e/0x30 [ 2344.181087] RIP: 0033:0x45ddf3 [ 2344.184296] Code: Bad RIP value. [ 2344.187662] RSP: 002b:000000c42001eea0 EFLAGS: 00010206 [ 2344.193028] RAX: ffffffffffffff92 RBX: 000000003b96ba48 RCX: 000000000045ddf3 [ 2344.200302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001585d20 [ 2344.208080] RBP: 000000c42001eee8 R08: 0000000000000000 R09: 0000000000000000 [ 2344.215373] R10: 000000c42001eed8 R11: 0000000000000206 R12: 0000000000000001 [ 2344.222651] R13: 0000000000000020 R14: 0000000000000013 R15: 000000c42633a370 [ 2344.239016] Mem-Info: [ 2344.241479] active_anon:120179 inactive_anon:216 isolated_anon:0 [ 2344.241479] active_file:13 inactive_file:13 isolated_file:0 [ 2344.241479] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2344.241479] slab_reclaimable:12318 slab_unreclaimable:115964 [ 2344.241479] mapped:49168 shmem:392 pagetables:1918 bounce:0 [ 2344.241479] free:20805 free_pcp:759 free_cma:0 [ 2344.275814] Node 0 active_anon:480716kB inactive_anon:864kB active_file:52kB inactive_file:52kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 126976kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2344.303524] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2344.330213] lowmem_reserve[]: 0 2818 6321 6321 [ 2344.334896] Node 0 DMA32 free:130900kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:4kB inactive_file:704kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1552kB local_pcp:212kB free_cma:0kB [ 2344.365426] lowmem_reserve[]: 0 0 3503 3503 [ 2344.369779] Node 0 Normal free:82112kB min:37364kB low:46704kB high:56044kB active_anon:480672kB inactive_anon:864kB active_file:48kB inactive_file:248kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8576kB pagetables:7672kB bounce:0kB free_pcp:2756kB local_pcp:1448kB free_cma:0kB [ 2344.431664] lowmem_reserve[]: 0 0 0 0 [ 2344.435597] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2344.449479] Node 0 DMA32: 8*4kB (UME) 6*8kB (UME) 5*16kB (UM) 6*32kB (UME) 6*64kB (UME) 7*128kB (UME) 4*256kB (UME) 7*512kB (UME) 6*1024kB (UME) 5*2048kB (UME) 31*4096kB (UM) = 149600kB [ 2344.469783] Node 0 Normal: 483*4kB (UME) 1745*8kB (UME) 1004*16kB (UM) 212*32kB (UME) 233*64kB (UME) 9*128kB (UM) 5*256kB (UM) 2*512kB (UM) 0*1024kB 6*2048kB (UM) 4*4096kB (UM) = 85780kB [ 2344.487533] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2344.499602] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2344.509436] 1011 total pagecache pages [ 2344.513426] 0 pages in swap cache [ 2344.517088] Swap cache stats: add 0, delete 0, find 0/0 [ 2344.522812] Free swap = 0kB [ 2344.526620] Total swap = 0kB [ 2344.530736] 1965979 pages RAM [ 2344.533990] 0 pages HighMem/MovableOnly [ 2344.538191] 342853 pages reserved [ 2344.542694] 0 pages cma reserved [ 2344.549453] Out of memory: Kill process 25027 (syz-executor0) score 1005 or sacrifice child [ 2344.558406] Killed process 25027 (syz-executor0) total-vm:70736kB, anon-rss:2228kB, file-rss:32768kB, shmem-rss:0kB 06:17:42 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x4800000000000000, 0xffffffffffffffff]}}}) 06:17:42 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff02000000]}}}) 06:17:42 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:42 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfffffdfe, r0, 0x0}]) 06:17:42 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\aZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:42 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ff4000/0xb000)=nil, 0xb000, 0x0, &(0x7f0000000280), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000200)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100), 0x28) r2 = syz_open_dev$vbi(&(0x7f0000000400)='/dev/vbi#\x00', 0x1, 0x2) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000440)=""/250) recvmmsg(r1, &(0x7f0000002fc0)=[{{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000002a80)=[{&(0x7f0000000280)=""/124, 0xfeab}, {&(0x7f0000000780)=""/217}, {&(0x7f0000000980)=""/241}, {&(0x7f0000000a80)=""/4096}, {&(0x7f0000001a80)=""/4096}, {&(0x7f0000000880)=""/70}, {&(0x7f0000000300)=""/54}], 0x0, &(0x7f0000000340)=""/160, 0xa0}}], 0x569, 0x0, &(0x7f00000001c0)={0x77359400}) shutdown(r1, 0x0) seccomp(0x1, 0x2, &(0x7f0000007ff0)={0x0, &(0x7f0000004fe8)}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000000c0)="c744240020000000c74424024f000000c7442406000000000f011c24c4427d180508000000c4c245ae08c4e2850108b9800000c00f3235004000000f30d3559e67470f224205c814000066b89d000f00d0c423a95f2518410000e1", 0x5b}], 0x1, 0x0, &(0x7f0000000040), 0x4000) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x20}, &(0x7f0000000180)=0x2ef) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000240)={r4, 0xfffffffffffffff7}, 0x8) dup3(r0, r1, 0x0) [ 2347.619316] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2347.639210] tls_set_device_offload_rx: netdev lo with no TLS offload 06:17:42 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfdfe, r0, 0x0}]) 06:17:42 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2347.812534] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2347.854770] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:43 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfefd, r0, 0x0}]) 06:17:43 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2348.023110] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:43 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:43 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x300, r0, 0x0}]) [ 2348.154455] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:43 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff\xfe', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2348.313858] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2349.849736] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2349.860731] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2349.865953] CPU: 0 PID: 25671 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2349.873353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2349.882710] Call Trace: [ 2349.885293] dump_stack+0x244/0x39d [ 2349.888914] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2349.894100] ? __video_do_ioctl+0x8b1/0x1050 [ 2349.898499] ? video_usercopy+0x5c1/0x1760 [ 2349.902732] ? video_ioctl2+0x2c/0x33 [ 2349.906560] ? do_vfs_ioctl+0x1de/0x1790 [ 2349.910630] warn_alloc.cold.116+0xb7/0x1bd [ 2349.914947] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2349.919784] ? zap_class+0x640/0x640 [ 2349.923499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2349.929043] ? check_preemption_disabled+0x48/0x280 [ 2349.934062] __vmalloc_node_range+0x472/0x750 [ 2349.938562] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2349.943588] ? vb2_vmalloc_alloc+0x123/0x380 [ 2349.947988] vmalloc_user+0x75/0x170 [ 2349.951708] ? vb2_vmalloc_alloc+0x123/0x380 [ 2349.956109] vb2_vmalloc_alloc+0x123/0x380 [ 2349.960335] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2349.965430] ? debug_mutex_wake_waiter+0x630/0x630 [ 2349.970356] ? mutex_destroy+0x200/0x200 [ 2349.974414] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2349.978725] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2349.983823] __vb2_queue_alloc+0x5e1/0xfa0 [ 2349.988083] ? vimc_cap_get_format+0x120/0x120 [ 2349.992657] vb2_core_create_bufs+0x401/0x8c0 [ 2349.997147] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2350.001548] ? debug_smp_processor_id+0x1c/0x20 [ 2350.006228] ? perf_trace_lock+0x14d/0x7a0 [ 2350.010453] ? __save_stack_trace+0x8d/0xf0 [ 2350.014782] vb2_create_bufs+0x4b6/0x8f0 [ 2350.018833] ? v4l2_ioctl+0x154/0x1b0 [ 2350.022643] ? vb2_request_queue+0x120/0x120 [ 2350.027061] ? find_held_lock+0x36/0x1c0 [ 2350.031132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2350.036694] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2350.041276] v4l_create_bufs+0x152/0x230 [ 2350.045346] __video_do_ioctl+0x8b1/0x1050 [ 2350.049590] ? v4l_s_fmt+0x990/0x990 [ 2350.053299] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2350.058832] video_usercopy+0x5c1/0x1760 [ 2350.062903] ? v4l_s_fmt+0x990/0x990 [ 2350.066615] ? v4l_enumstd+0x70/0x70 [ 2350.070319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2350.075848] ? find_held_lock+0x36/0x1c0 [ 2350.079909] ? __fget+0x4aa/0x740 [ 2350.083351] ? lock_downgrade+0x900/0x900 [ 2350.087488] ? check_preemption_disabled+0x48/0x280 [ 2350.092511] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2350.097431] ? kasan_check_read+0x11/0x20 [ 2350.101578] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2350.106847] ? rcu_softirq_qs+0x20/0x20 [ 2350.110820] ? __fget+0x4d1/0x740 [ 2350.114268] ? ksys_dup3+0x680/0x680 [ 2350.117974] ? __might_fault+0x12b/0x1e0 [ 2350.122043] ? video_usercopy+0x1760/0x1760 [ 2350.126367] video_ioctl2+0x2c/0x33 [ 2350.129997] v4l2_ioctl+0x154/0x1b0 [ 2350.133626] ? video_devdata+0xa0/0xa0 [ 2350.137528] do_vfs_ioctl+0x1de/0x1790 [ 2350.141416] ? ioctl_preallocate+0x300/0x300 [ 2350.145825] ? __fget_light+0x2e9/0x430 [ 2350.149804] ? fget_raw+0x20/0x20 [ 2350.153259] ? _copy_to_user+0xc8/0x110 [ 2350.157239] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2350.162793] ? put_timespec64+0x10f/0x1b0 [ 2350.166946] ? nsecs_to_jiffies+0x30/0x30 [ 2350.171090] ? do_syscall_64+0x9a/0x820 [ 2350.175057] ? do_syscall_64+0x9a/0x820 [ 2350.179024] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2350.183629] ? security_file_ioctl+0x94/0xc0 [ 2350.188028] ksys_ioctl+0xa9/0xd0 [ 2350.191474] __x64_sys_ioctl+0x73/0xb0 [ 2350.195352] do_syscall_64+0x1b9/0x820 [ 2350.199240] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2350.204609] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2350.209541] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2350.214391] ? trace_hardirqs_on_caller+0x310/0x310 [ 2350.219421] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2350.224460] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2350.229483] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2350.234338] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2350.239519] RIP: 0033:0x457669 [ 2350.242704] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2350.261607] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2350.269303] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2350.276571] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2350.283843] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2350.291111] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2350.298381] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2350.305917] Mem-Info: [ 2350.308416] active_anon:119703 inactive_anon:216 isolated_anon:0 [ 2350.308416] active_file:871 inactive_file:3156 isolated_file:0 [ 2350.308416] unevictable:1 dirty:79 writeback:0 unstable:0 [ 2350.308416] slab_reclaimable:12312 slab_unreclaimable:115679 [ 2350.308416] mapped:51870 shmem:392 pagetables:1899 bounce:0 [ 2350.308416] free:1273392 free_pcp:1423 free_cma:0 [ 2350.342268] Node 0 active_anon:478812kB inactive_anon:864kB active_file:3484kB inactive_file:12624kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:207480kB dirty:316kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 124928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2350.370518] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2350.396756] lowmem_reserve[]: 0 2818 6321 6321 [ 2350.401393] Node 0 DMA32 free:2879012kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:536kB inactive_file:312kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2772kB local_pcp:1372kB free_cma:0kB [ 2350.429757] lowmem_reserve[]: 0 0 3503 3503 [ 2350.434155] Node 0 Normal free:2198648kB min:37364kB low:46704kB high:56044kB active_anon:478772kB inactive_anon:864kB active_file:2948kB inactive_file:12312kB unevictable:4kB writepending:316kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8640kB pagetables:7596kB bounce:0kB free_pcp:2912kB local_pcp:1388kB free_cma:0kB [ 2350.464119] lowmem_reserve[]: 0 0 0 0 [ 2350.467937] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2350.481663] Node 0 DMA32: 29*4kB (UME) 66*8kB (UME) 62*16kB (UM) 64*32kB (UME) 69*64kB (UME) 73*128kB (UE) 56*256kB (UME) 47*512kB (UME) 37*1024kB (UME) 30*2048kB (UME) 665*4096kB (UM) = 2879012kB [ 2350.499394] Node 0 Normal: 12286*4kB (UME) 8278*8kB (UME) 2477*16kB (UM) 2440*32kB (UME) 1406*64kB (UME) 757*128kB (UM) 302*256kB (UM) 117*512kB (UM) 49*1024kB (U) 49*2048kB (UM) 364*4096kB (UM) = 2198648kB [ 2350.518177] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2350.527086] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2350.535709] 4420 total pagecache pages [ 2350.539606] 0 pages in swap cache [ 2350.543129] Swap cache stats: add 0, delete 0, find 0/0 [ 2350.548494] Free swap = 0kB 06:17:45 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x4c000000, 0xffffffffffffffff]}}}) 06:17:45 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ff4000/0xb000)=nil, 0xb000, 0x0, &(0x7f0000000280), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000200)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100), 0x28) r2 = syz_open_dev$vbi(&(0x7f0000000400)='/dev/vbi#\x00', 0x1, 0x2) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000440)=""/250) recvmmsg(r1, &(0x7f0000002fc0)=[{{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000002a80)=[{&(0x7f0000000280)=""/124, 0xfeab}, {&(0x7f0000000780)=""/217}, {&(0x7f0000000980)=""/241}, {&(0x7f0000000a80)=""/4096}, {&(0x7f0000001a80)=""/4096}, {&(0x7f0000000880)=""/70}, {&(0x7f0000000300)=""/54}], 0x0, &(0x7f0000000340)=""/160, 0xa0}}], 0x569, 0x0, &(0x7f00000001c0)={0x77359400}) shutdown(r1, 0x0) seccomp(0x1, 0x2, &(0x7f0000007ff0)={0x0, &(0x7f0000004fe8)}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000000c0)="c744240020000000c74424024f000000c7442406000000000f011c24c4427d180508000000c4c245ae08c4e2850108b9800000c00f3235004000000f30d3559e67470f224205c814000066b89d000f00d0c423a95f2518410000e1", 0x5b}], 0x1, 0x0, &(0x7f0000000040), 0x4000) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x20}, &(0x7f0000000180)=0x2ef) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000240)={r4, 0xfffffffffffffff7}, 0x8) dup3(r0, r1, 0x0) 06:17:45 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0xfe, r0, 0x0}]) 06:17:45 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0000000b]}}}) 06:17:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:45 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03K\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2350.551497] Total swap = 0kB [ 2350.554592] 1965979 pages RAM [ 2350.557718] 0 pages HighMem/MovableOnly [ 2350.561704] 342853 pages reserved [ 2350.565234] 0 pages cma reserved [ 2350.627666] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2350.639524] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2350.666845] tls_set_device_offload_rx: netdev lo with no TLS offload [ 2350.682594] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2350.694097] CPU: 0 PID: 25721 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2350.701493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2350.710857] Call Trace: [ 2350.713471] dump_stack+0x244/0x39d [ 2350.713506] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2350.722316] ? __video_do_ioctl+0x8b1/0x1050 [ 2350.722333] ? video_usercopy+0x5c1/0x1760 [ 2350.722349] ? video_ioctl2+0x2c/0x33 [ 2350.722367] ? do_vfs_ioctl+0x1de/0x1790 [ 2350.722393] warn_alloc.cold.116+0xb7/0x1bd [ 2350.722419] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2350.748086] ? zap_class+0x640/0x640 [ 2350.751366] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2350.751823] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2350.765511] ? check_preemption_disabled+0x48/0x280 [ 2350.770646] __vmalloc_node_range+0x472/0x750 [ 2350.775181] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2350.780217] ? vb2_vmalloc_alloc+0x123/0x380 [ 2350.784650] vmalloc_user+0x75/0x170 [ 2350.788383] ? vb2_vmalloc_alloc+0x123/0x380 [ 2350.792812] vb2_vmalloc_alloc+0x123/0x380 [ 2350.797064] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2350.802189] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2350.806539] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2350.811681] __vb2_queue_alloc+0x5e1/0xfa0 [ 2350.811726] ? vimc_cap_get_format+0x120/0x120 [ 2350.811743] vb2_core_create_bufs+0x401/0x8c0 [ 2350.811766] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2350.820616] ? debug_smp_processor_id+0x1c/0x20 [ 2350.820637] ? perf_trace_lock+0x14d/0x7a0 [ 2350.820657] ? __save_stack_trace+0x8d/0xf0 [ 2350.820700] vb2_create_bufs+0x4b6/0x8f0 [ 2350.838283] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2350.838493] ? v4l2_ioctl+0x154/0x1b0 [ 2350.858812] ? vb2_request_queue+0x120/0x120 [ 2350.863254] ? find_held_lock+0x36/0x1c0 [ 2350.867363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2350.867389] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2350.867413] v4l_create_bufs+0x152/0x230 [ 2350.877534] __video_do_ioctl+0x8b1/0x1050 [ 2350.877603] ? v4l_s_fmt+0x990/0x990 [ 2350.877629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2350.894534] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2350.895336] video_usercopy+0x5c1/0x1760 [ 2350.907528] ? v4l_s_fmt+0x990/0x990 [ 2350.911283] ? v4l_enumstd+0x70/0x70 [ 2350.915018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2350.920600] ? find_held_lock+0x36/0x1c0 [ 2350.924687] ? __fget+0x4aa/0x740 [ 2350.928153] ? lock_downgrade+0x900/0x900 [ 2350.928173] ? check_preemption_disabled+0x48/0x280 [ 2350.928195] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2350.928218] ? kasan_check_read+0x11/0x20 [ 2350.937405] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2350.937421] ? rcu_softirq_qs+0x20/0x20 [ 2350.937451] ? __fget+0x4d1/0x740 [ 2350.937490] ? ksys_dup3+0x680/0x680 [ 2350.957383] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2350.959287] ? __might_fault+0x12b/0x1e0 [ 2350.959310] ? video_usercopy+0x1760/0x1760 [ 2350.959326] video_ioctl2+0x2c/0x33 [ 2350.959345] v4l2_ioctl+0x154/0x1b0 [ 2350.986802] ? video_devdata+0xa0/0xa0 [ 2350.990705] do_vfs_ioctl+0x1de/0x1790 [ 2350.990731] ? ioctl_preallocate+0x300/0x300 [ 2350.990749] ? __fget_light+0x2e9/0x430 [ 2350.990768] ? fget_raw+0x20/0x20 [ 2350.999070] ? _copy_to_user+0xc8/0x110 [ 2350.999094] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2350.999112] ? put_timespec64+0x10f/0x1b0 [ 2350.999132] ? nsecs_to_jiffies+0x30/0x30 [ 2351.015292] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\xff\xff\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:46 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:46 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:46 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2351.016064] ? do_syscall_64+0x9a/0x820 [ 2351.016080] ? do_syscall_64+0x9a/0x820 [ 2351.016099] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2351.016119] ? security_file_ioctl+0x94/0xc0 [ 2351.016138] ksys_ioctl+0xa9/0xd0 [ 2351.045098] __x64_sys_ioctl+0x73/0xb0 [ 2351.045119] do_syscall_64+0x1b9/0x820 [ 2351.045136] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2351.045157] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2351.053034] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2351.053057] ? trace_hardirqs_on_caller+0x310/0x310 [ 2351.053075] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2351.053095] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2351.053132] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2351.073056] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2351.076004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2351.076019] RIP: 0033:0x457669 [ 2351.076035] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2351.076048] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2351.139036] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2351.146296] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2351.153572] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2351.160852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2351.168112] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:17:46 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x20000000, 0xffffffffffffffff]}}}) [ 2351.353856] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2351.388035] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2351.393491] CPU: 0 PID: 25745 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2351.400870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2351.410238] Call Trace: [ 2351.412864] dump_stack+0x244/0x39d [ 2351.416566] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2351.421814] ? __video_do_ioctl+0x8b1/0x1050 [ 2351.426242] ? video_usercopy+0x5c1/0x1760 [ 2351.430490] ? video_ioctl2+0x2c/0x33 [ 2351.434307] ? do_vfs_ioctl+0x1de/0x1790 [ 2351.438394] warn_alloc.cold.116+0xb7/0x1bd [ 2351.442733] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2351.447625] ? zap_class+0x640/0x640 [ 2351.451368] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2351.456926] ? check_preemption_disabled+0x48/0x280 [ 2351.461986] __vmalloc_node_range+0x472/0x750 [ 2351.466505] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2351.471543] ? vb2_vmalloc_alloc+0x123/0x380 [ 2351.475995] vmalloc_user+0x75/0x170 [ 2351.479740] ? vb2_vmalloc_alloc+0x123/0x380 [ 2351.484176] vb2_vmalloc_alloc+0x123/0x380 [ 2351.488442] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2351.493605] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2351.497944] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2351.503074] __vb2_queue_alloc+0x5e1/0xfa0 [ 2351.507398] ? vimc_cap_get_format+0x120/0x120 [ 2351.511999] vb2_core_create_bufs+0x401/0x8c0 [ 2351.516517] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2351.520953] ? debug_smp_processor_id+0x1c/0x20 [ 2351.525639] ? perf_trace_lock+0x14d/0x7a0 [ 2351.529887] ? __save_stack_trace+0x8d/0xf0 [ 2351.534255] vb2_create_bufs+0x4b6/0x8f0 [ 2351.538329] ? v4l2_ioctl+0x154/0x1b0 [ 2351.542168] ? vb2_request_queue+0x120/0x120 [ 2351.546622] ? find_held_lock+0x36/0x1c0 [ 2351.550703] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2351.556306] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2351.560923] v4l_create_bufs+0x152/0x230 [ 2351.565003] __video_do_ioctl+0x8b1/0x1050 [ 2351.569294] ? v4l_s_fmt+0x990/0x990 [ 2351.573132] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2351.578695] video_usercopy+0x5c1/0x1760 [ 2351.582772] ? v4l_s_fmt+0x990/0x990 [ 2351.586505] ? v4l_enumstd+0x70/0x70 [ 2351.590233] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2351.595805] ? find_held_lock+0x36/0x1c0 [ 2351.599892] ? __fget+0x4aa/0x740 [ 2351.603376] ? lock_downgrade+0x900/0x900 [ 2351.607535] ? check_preemption_disabled+0x48/0x280 [ 2351.612612] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2351.617563] ? kasan_check_read+0x11/0x20 [ 2351.621734] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2351.627039] ? rcu_softirq_qs+0x20/0x20 [ 2351.631055] ? __fget+0x4d1/0x740 [ 2351.635401] ? ksys_dup3+0x680/0x680 [ 2351.639132] ? __might_fault+0x12b/0x1e0 [ 2351.643211] ? video_usercopy+0x1760/0x1760 [ 2351.647594] video_ioctl2+0x2c/0x33 [ 2351.651264] v4l2_ioctl+0x154/0x1b0 [ 2351.654908] ? video_devdata+0xa0/0xa0 [ 2351.658841] do_vfs_ioctl+0x1de/0x1790 [ 2351.662749] ? ioctl_preallocate+0x300/0x300 [ 2351.667171] ? __fget_light+0x2e9/0x430 [ 2351.671176] ? fget_raw+0x20/0x20 [ 2351.674642] ? _copy_to_user+0xc8/0x110 [ 2351.678634] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2351.684188] ? put_timespec64+0x10f/0x1b0 [ 2351.688355] ? nsecs_to_jiffies+0x30/0x30 [ 2351.692521] ? do_syscall_64+0x9a/0x820 [ 2351.696515] ? do_syscall_64+0x9a/0x820 [ 2351.700529] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2351.705142] ? security_file_ioctl+0x94/0xc0 [ 2351.709584] ksys_ioctl+0xa9/0xd0 [ 2351.713061] __x64_sys_ioctl+0x73/0xb0 [ 2351.716967] do_syscall_64+0x1b9/0x820 [ 2351.720883] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2351.726261] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2351.731199] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2351.736057] ? trace_hardirqs_on_caller+0x310/0x310 [ 2351.741090] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2351.746121] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2351.751158] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2351.756021] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2351.761226] RIP: 0033:0x457669 [ 2351.764433] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2351.783349] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2351.791069] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2351.798349] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 06:17:46 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ff4000/0xb000)=nil, 0xb000, 0x0, &(0x7f0000000280), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000200)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100), 0x28) r2 = syz_open_dev$vbi(&(0x7f0000000400)='/dev/vbi#\x00', 0x1, 0x2) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000440)=""/250) recvmmsg(r1, &(0x7f0000002fc0)=[{{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000002a80)=[{&(0x7f0000000280)=""/124, 0xfeab}, {&(0x7f0000000780)=""/217}, {&(0x7f0000000980)=""/241}, {&(0x7f0000000a80)=""/4096}, {&(0x7f0000001a80)=""/4096}, {&(0x7f0000000880)=""/70}, {&(0x7f0000000300)=""/54}], 0x0, &(0x7f0000000340)=""/160, 0xa0}}], 0x569, 0x0, &(0x7f00000001c0)={0x77359400}) shutdown(r1, 0x0) seccomp(0x1, 0x2, &(0x7f0000007ff0)={0x0, &(0x7f0000004fe8)}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000000c0)="c744240020000000c74424024f000000c7442406000000000f011c24c4427d180508000000c4c245ae08c4e2850108b9800000c00f3235004000000f30d3559e67470f224205c814000066b89d000f00d0c423a95f2518410000e1", 0x5b}], 0x1, 0x0, &(0x7f0000000040), 0x4000) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x20}, &(0x7f0000000180)=0x2ef) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000240)={r4, 0xfffffffffffffff7}, 0x8) dup3(r0, r1, 0x0) 06:17:46 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:46 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0000000d]}}}) 06:17:46 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x8}]) [ 2351.805636] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2351.813438] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2351.820722] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2351.878418] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2351.880563] warn_alloc_show_mem: 1 callbacks suppressed [ 2351.880570] Mem-Info: [ 2351.894802] tls_set_device_offload_rx: netdev lo with no TLS offload [ 2351.905684] active_anon:121310 inactive_anon:214 isolated_anon:0 [ 2351.905684] active_file:936 inactive_file:3116 isolated_file:0 [ 2351.905684] unevictable:1 dirty:110 writeback:0 unstable:0 [ 2351.905684] slab_reclaimable:12310 slab_unreclaimable:115671 [ 2351.905684] mapped:51921 shmem:392 pagetables:2007 bounce:0 [ 2351.905684] free:1271825 free_pcp:1163 free_cma:0 [ 2351.946311] Node 0 active_anon:483096kB inactive_anon:856kB active_file:3744kB inactive_file:12464kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:207584kB dirty:440kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 124928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2351.980685] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2352.007522] lowmem_reserve[]: 0 2818 6321 6321 [ 2352.012675] Node 0 DMA32 free:2879012kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:572kB inactive_file:276kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2772kB local_pcp:1400kB free_cma:0kB [ 2352.050566] lowmem_reserve[]: 0 0 3503 3503 06:17:47 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03f\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:47 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x700000000000000}]) 06:17:47 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2352.063224] Node 0 Normal free:2198360kB min:37364kB low:46704kB high:56044kB active_anon:480920kB inactive_anon:856kB active_file:3172kB inactive_file:12188kB unevictable:4kB writepending:440kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8704kB pagetables:7732kB bounce:0kB free_pcp:2012kB local_pcp:708kB free_cma:0kB [ 2352.101178] lowmem_reserve[]: 0 0 0 0 [ 2352.147217] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2352.166729] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:47 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfcfdffff}]) [ 2352.218030] Node 0 DMA32: 29*4kB (UME) 66*8kB (UME) 62*16kB (UM) 64*32kB (UME) 69*64kB (UME) 73*128kB (UE) 56*256kB (UME) 47*512kB (UME) 37*1024kB (UME) 30*2048kB (UME) 665*4096kB (UM) = 2879012kB [ 2352.236189] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:47 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2352.294004] Node 0 Normal: 12289*4kB (UME) 7510*8kB (UME) 1484*16kB (UM) 2455*32kB (UME) 1412*64kB (UME) 762*128kB (UM) 307*256kB (UM) 121*512kB (UM) 52*1024kB (U) 53*2048kB (UM) 363*4096kB (U) = 2188628kB 06:17:47 executing program 0: r0 = dup(0xffffffffffffffff) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x8000, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x4e21, 0x6, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x17}}, 0xff}], 0x1c) r1 = socket(0x11, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bind$packet(r1, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000100)={0x9, 0x6905118b, 0x8009, 0x7ff, 0xffffffffffffffe0, 0xfffffffffffffff9, 0x67f, 0xd6, 0x0}, &(0x7f0000000180)=0x20) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f00000002c0)=ANY=[@ANYRES32=r3, @ANYBLOB="b2000000e4ec4b826543c3820beeb59238fd7136425f7497b0049c08db485117166f9544f54debc4a86cd82e16538b490c7b9be69f079c6576e02852bbc0ae8d4d21398687f91838aca6cb8f425afea18727874f558c27aea1854949e93c6f42d8db9879ffee7e954e266bc62b3d0ca867e81fe12198df3c2e4ae6a366bb9c7f520057cbed5e95fe59617da769cd987f5748aae200100000410e8a6ab040c4ab18f5ac191293b2b53ed47c808fd977c4a892ffea122ab171cd1198897279131204c4605381b783def0a1a35691366f0d47d0a0c37abf5fb29669fbb75944244f508f1e0963cf76f54fc19dfac9c68d502769e7d0d63040d2"], &(0x7f0000000280)=0xba) arch_prctl$ARCH_SET_GS(0x1001, 0x40) sendmmsg$inet_sctp(r1, &(0x7f0000871fc8)=[{&(0x7f000086c000)=@in6={0xa, 0x6558, 0x2}, 0x1c, &(0x7f0000d1e000), 0x0, &(0x7f0000dda000)}], 0x492492492492510, 0x0) r4 = socket$inet6(0xa, 0x803, 0x3) ioctl(r4, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") socket$inet6(0xa, 0x800, 0x80) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) [ 2352.345839] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2352.365407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2352.387804] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 06:17:47 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2352.407908] 4556 total pagecache pages [ 2352.418185] 0 pages in swap cache [ 2352.423614] Swap cache stats: add 0, delete 0, find 0/0 [ 2352.429099] Free swap = 0kB [ 2352.442114] Total swap = 0kB [ 2352.445411] 1965979 pages RAM [ 2352.449883] 0 pages HighMem/MovableOnly [ 2352.457164] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2352.461194] 342853 pages reserved [ 2352.472512] 0 pages cma reserved 06:17:47 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x600, 0xffffffffffffffff]}}}) 06:17:47 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x300}]) 06:17:47 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0000000a]}}}) 06:17:47 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:47 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0b000000]}}}) [ 2352.632930] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2352.638813] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2352.718959] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2352.735802] CPU: 0 PID: 25799 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2352.743203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2352.752582] Call Trace: [ 2352.755196] dump_stack+0x244/0x39d [ 2352.758847] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2352.764052] ? __video_do_ioctl+0x8b1/0x1050 [ 2352.768471] ? video_usercopy+0x5c1/0x1760 [ 2352.772717] ? video_ioctl2+0x2c/0x33 [ 2352.776528] ? do_vfs_ioctl+0x1de/0x1790 [ 2352.780636] warn_alloc.cold.116+0xb7/0x1bd [ 2352.784976] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2352.789837] ? zap_class+0x640/0x640 [ 2352.793586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2352.799141] ? check_preemption_disabled+0x48/0x280 [ 2352.804190] __vmalloc_node_range+0x472/0x750 [ 2352.808719] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2352.813751] ? vb2_vmalloc_alloc+0x123/0x380 [ 2352.818177] vmalloc_user+0x75/0x170 [ 2352.821904] ? vb2_vmalloc_alloc+0x123/0x380 [ 2352.826331] vb2_vmalloc_alloc+0x123/0x380 [ 2352.830599] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2352.835724] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2352.840061] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2352.845179] __vb2_queue_alloc+0x5e1/0xfa0 [ 2352.849515] ? vimc_cap_get_format+0x120/0x120 [ 2352.854127] vb2_core_create_bufs+0x401/0x8c0 [ 2352.858642] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2352.863069] ? debug_smp_processor_id+0x1c/0x20 [ 2352.867751] ? perf_trace_lock+0x14d/0x7a0 [ 2352.871998] ? __save_stack_trace+0x8d/0xf0 [ 2352.876367] vb2_create_bufs+0x4b6/0x8f0 [ 2352.880440] ? v4l2_ioctl+0x154/0x1b0 [ 2352.884268] ? vb2_request_queue+0x120/0x120 [ 2352.888697] ? find_held_lock+0x36/0x1c0 [ 2352.892773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2352.898331] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2352.902952] v4l_create_bufs+0x152/0x230 [ 2352.907045] __video_do_ioctl+0x8b1/0x1050 [ 2352.911298] ? v4l_s_fmt+0x990/0x990 [ 2352.915035] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2352.920607] video_usercopy+0x5c1/0x1760 [ 2352.924683] ? v4l_s_fmt+0x990/0x990 [ 2352.928456] ? v4l_enumstd+0x70/0x70 [ 2352.932242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2352.937793] ? find_held_lock+0x36/0x1c0 [ 2352.941892] ? __fget+0x4aa/0x740 [ 2352.945365] ? lock_downgrade+0x900/0x900 [ 2352.949524] ? check_preemption_disabled+0x48/0x280 [ 2352.954593] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2352.959540] ? kasan_check_read+0x11/0x20 [ 2352.963714] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2352.968998] ? rcu_softirq_qs+0x20/0x20 [ 2352.972999] ? __fget+0x4d1/0x740 [ 2352.976483] ? ksys_dup3+0x680/0x680 [ 2352.980205] ? __might_fault+0x12b/0x1e0 [ 2352.984286] ? video_usercopy+0x1760/0x1760 [ 2352.988621] video_ioctl2+0x2c/0x33 [ 2352.992264] v4l2_ioctl+0x154/0x1b0 [ 2352.995914] ? video_devdata+0xa0/0xa0 [ 2352.999821] do_vfs_ioctl+0x1de/0x1790 [ 2353.003733] ? ioctl_preallocate+0x300/0x300 [ 2353.008194] ? __fget_light+0x2e9/0x430 [ 2353.012190] ? fget_raw+0x20/0x20 [ 2353.012206] ? _copy_to_user+0xc8/0x110 [ 2353.012227] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2353.012250] ? put_timespec64+0x10f/0x1b0 [ 2353.025193] ? nsecs_to_jiffies+0x30/0x30 [ 2353.025216] ? do_syscall_64+0x9a/0x820 [ 2353.025233] ? do_syscall_64+0x9a/0x820 [ 2353.025251] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2353.025274] ? security_file_ioctl+0x94/0xc0 [ 2353.033562] ksys_ioctl+0xa9/0xd0 [ 2353.033592] __x64_sys_ioctl+0x73/0xb0 [ 2353.033612] do_syscall_64+0x1b9/0x820 [ 2353.033630] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2353.033655] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2353.072095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2353.076972] ? trace_hardirqs_on_caller+0x310/0x310 [ 2353.082006] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2353.087056] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2353.092092] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2353.096933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2353.102114] RIP: 0033:0x457669 [ 2353.105310] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2353.124216] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2353.131925] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2353.139193] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2353.146451] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2353.153711] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2353.160973] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2353.169116] Mem-Info: [ 2353.171735] active_anon:121305 inactive_anon:214 isolated_anon:0 [ 2353.171735] active_file:1011 inactive_file:3216 isolated_file:0 [ 2353.171735] unevictable:1 dirty:110 writeback:0 unstable:0 [ 2353.171735] slab_reclaimable:12310 slab_unreclaimable:118045 [ 2353.171735] mapped:51996 shmem:392 pagetables:1933 bounce:0 [ 2353.171735] free:1269217 free_pcp:1316 free_cma:0 [ 2353.205885] Node 0 active_anon:485220kB inactive_anon:856kB active_file:4044kB inactive_file:12864kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:208084kB dirty:440kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 124928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2353.234453] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2353.260968] lowmem_reserve[]: 0 2818 6321 6321 [ 2353.265995] Node 0 DMA32 free:2879012kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:572kB inactive_file:276kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2772kB local_pcp:1372kB free_cma:0kB [ 2353.295202] lowmem_reserve[]: 0 0 3503 3503 [ 2353.299867] Node 0 Normal free:2193988kB min:37364kB low:46704kB high:56044kB active_anon:485180kB inactive_anon:856kB active_file:3472kB inactive_file:12588kB unevictable:4kB writepending:440kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8800kB pagetables:7732kB bounce:0kB free_pcp:2440kB local_pcp:1064kB free_cma:0kB [ 2353.330756] lowmem_reserve[]: 0 0 0 0 [ 2353.335060] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2353.349236] Node 0 DMA32: 29*4kB (UME) 66*8kB (UME) 62*16kB (UM) 64*32kB (UME) 69*64kB (UME) 73*128kB (UE) 56*256kB (UME) 47*512kB (UME) 37*1024kB (UME) 30*2048kB (UME) 665*4096kB (UM) = 2879012kB [ 2353.367505] Node 0 Normal: 12119*4kB (UE) 7359*8kB (UE) 2095*16kB (UM) 2464*32kB (UME) 1419*64kB (UME) 765*128kB (UM) 308*256kB (UM) 123*512kB (UM) 52*1024kB (U) 51*2048kB (UM) 363*4096kB (U) = 2194820kB [ 2353.386314] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2353.395609] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2353.404548] 4593 total pagecache pages [ 2353.408742] 0 pages in swap cache [ 2353.412464] Swap cache stats: add 0, delete 0, find 0/0 [ 2353.418134] Free swap = 0kB 06:17:48 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x02Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:17:48 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfefd}]) 06:17:48 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:48 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet6_int(r1, 0x29, 0xd0, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r2, &(0x7f0000000580), 0x0, 0x200007fe, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r3 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$LOOP_SET_FD(r3, 0x4c00, r0) r4 = dup2(r2, 0xffffffffffffffff) syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0x4, 0x6000) stat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000480)) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000340)=""/35) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, 0x0}, 0x44801) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='\x00\x00\x00\x00\x00') r6 = openat$cgroup_ro(r5, &(0x7f0000000200)='mem\x00\x01y.swaS.current\x00', 0x0, 0x0) preadv(r6, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x400000) sendmsg$FOU_CMD_DEL(r4, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[]}}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000003c0), &(0x7f0000000400)=0x8) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000580)) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000380), 0xfdf5) setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x5, 0x0, 0x101) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0x1f) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000300)=0x1002, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xc0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0xffff}, 0x14) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2353.424321] Total swap = 0kB [ 2353.427535] 1965979 pages RAM [ 2353.430827] 0 pages HighMem/MovableOnly [ 2353.435207] 342853 pages reserved [ 2353.438838] 0 pages cma reserved [ 2353.502286] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:48 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:48 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfe}]) [ 2353.609219] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:48 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2353.754733] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2353.791663] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2357.977768] oom_reaper: reaped process 25804 (syz-executor4), now anon-rss:0kB, file-rss:32004kB, shmem-rss:0kB [ 2358.006891] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2358.018395] rsyslogd cpuset=/ mems_allowed=0 [ 2358.022890] CPU: 1 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2358.029735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2358.039099] Call Trace: [ 2358.041717] dump_stack+0x244/0x39d [ 2358.045354] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2358.050536] ? mark_held_locks+0x130/0x130 [ 2358.054767] ? mark_held_locks+0x130/0x130 [ 2358.059002] dump_header+0x27b/0xf72 [ 2358.061972] syz-executor4: vmalloc: allocation failure, allocated 183726080 of 184553472 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2358.062719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2358.076727] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2358.082199] ? check_preemption_disabled+0x48/0x280 [ 2358.082219] ? pagefault_out_of_memory+0x197/0x197 [ 2358.082235] ? debug_smp_processor_id+0x1c/0x20 [ 2358.082255] ? perf_trace_lock+0x14d/0x7a0 [ 2358.106175] ? lock_is_held_type+0x210/0x210 [ 2358.110607] ? debug_smp_processor_id+0x1c/0x20 [ 2358.115284] ? perf_trace_lock+0x14d/0x7a0 [ 2358.119531] ? zap_class+0x640/0x640 [ 2358.123264] ? print_usage_bug+0xc0/0xc0 [ 2358.127337] ? lock_is_held_type+0x210/0x210 [ 2358.131752] ? perf_trace_lock+0x14d/0x7a0 [ 2358.136003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2358.141552] ? find_held_lock+0x36/0x1c0 [ 2358.145640] ? mark_held_locks+0xc7/0x130 [ 2358.149802] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2358.154934] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2358.160049] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2358.164646] ? trace_hardirqs_on+0xbd/0x310 [ 2358.169013] ? kasan_check_read+0x11/0x20 [ 2358.173169] ? ___ratelimit+0x3b4/0x672 [ 2358.177153] ? trace_hardirqs_off_caller+0x310/0x310 [ 2358.182268] ? trace_hardirqs_on+0x310/0x310 [ 2358.186687] ? lock_downgrade+0x900/0x900 [ 2358.190850] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2358.195963] ? ___ratelimit+0x3b9/0x672 [ 2358.199944] ? idr_get_free+0xf70/0xf70 [ 2358.203931] ? lock_is_held_type+0x210/0x210 [ 2358.208808] oom_kill_process.cold.27+0x10/0x903 [ 2358.213583] ? zap_class+0x640/0x640 [ 2358.217308] ? check_preemption_disabled+0x48/0x280 [ 2358.222333] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2358.227268] ? kasan_check_read+0x11/0x20 [ 2358.231431] ? oom_evaluate_task+0x540/0x540 [ 2358.235851] ? find_held_lock+0x36/0x1c0 [ 2358.239925] ? out_of_memory+0x974/0x1430 [ 2358.244085] ? lock_downgrade+0x900/0x900 [ 2358.248244] ? check_preemption_disabled+0x48/0x280 [ 2358.253274] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2358.258210] ? kasan_check_read+0x11/0x20 [ 2358.262365] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2358.267650] ? rcu_softirq_qs+0x20/0x20 [ 2358.271641] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2358.277184] ? oom_evaluate_task+0x302/0x540 [ 2358.281602] out_of_memory+0xa84/0x1430 [ 2358.285603] ? oom_killer_disable+0x3a0/0x3a0 [ 2358.290115] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2358.295067] ? __ww_mutex_check_waiters+0x160/0x160 [ 2358.300114] __alloc_pages_slowpath+0x232c/0x2de0 [ 2358.304996] ? warn_alloc+0x120/0x120 [ 2358.308805] ? mark_held_locks+0x130/0x130 [ 2358.313053] ? find_get_entry+0xaae/0x1120 [ 2358.317310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2358.322858] ? check_preemption_disabled+0x48/0x280 [ 2358.327879] ? filemap_map_pages+0x1a20/0x1a20 [ 2358.332473] ? debug_smp_processor_id+0x1c/0x20 [ 2358.337152] ? perf_trace_lock+0x14d/0x7a0 [ 2358.341415] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2358.346965] ? should_fail+0x22d/0xd01 [ 2358.350865] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2358.355975] ? zap_class+0x640/0x640 [ 2358.359726] ? __lock_is_held+0xb5/0x140 [ 2358.363803] ? mark_held_locks+0x130/0x130 [ 2358.368050] ? lock_release+0xa00/0xa00 [ 2358.372039] ? perf_trace_sched_process_exec+0x860/0x860 [ 2358.377500] ? xa_load+0x2ba/0x460 [ 2358.381052] ? lock_downgrade+0x900/0x900 [ 2358.385217] ? __might_sleep+0x95/0x190 [ 2358.389206] __alloc_pages_nodemask+0xad8/0xea0 [ 2358.393893] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2358.398919] ? __page_cache_alloc+0x191/0x5c0 [ 2358.403422] ? xa_load+0x2e1/0x460 [ 2358.406977] ? xa_clear_mark+0x40/0x40 [ 2358.410876] ? zap_class+0x640/0x640 [ 2358.414611] ? zap_class+0x640/0x640 [ 2358.418330] ? zap_class+0x640/0x640 [ 2358.422059] ? __do_page_cache_readahead+0x663/0x810 [ 2358.427183] ? find_held_lock+0x36/0x1c0 [ 2358.431262] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2358.436815] alloc_pages_current+0x173/0x350 [ 2358.441242] __page_cache_alloc+0x38c/0x5c0 [ 2358.445578] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2358.450513] ? kasan_check_read+0x11/0x20 [ 2358.454670] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2358.459954] ? generic_perform_write+0x6a0/0x6a0 [ 2358.464718] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2358.470270] ? check_preemption_disabled+0x48/0x280 [ 2358.475301] filemap_fault+0x1595/0x25f0 [ 2358.479385] ? __lock_page_or_retry+0xa00/0xa00 [ 2358.484067] ? mark_held_locks+0x130/0x130 [ 2358.488341] ? filemap_map_pages+0xd6b/0x1a20 [ 2358.492846] ? lock_downgrade+0x900/0x900 [ 2358.497001] ? check_preemption_disabled+0x48/0x280 [ 2358.502029] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2358.506963] ? kasan_check_read+0x11/0x20 [ 2358.511117] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2358.516400] ? rcu_softirq_qs+0x20/0x20 [ 2358.520398] ? filemap_map_pages+0xd92/0x1a20 [ 2358.524917] ? find_get_entries_tag+0x1400/0x1400 [ 2358.529767] ? __kernel_text_address+0xd/0x40 [ 2358.534276] ? unwind_get_return_address+0x61/0xa0 [ 2358.539230] ? lock_acquire+0x1ed/0x520 [ 2358.543209] ? ext4_filemap_fault+0x7a/0xad [ 2358.547542] ? lock_release+0xa00/0xa00 [ 2358.551530] ? perf_trace_sched_process_exec+0x860/0x860 [ 2358.556993] ? print_usage_bug+0xc0/0xc0 [ 2358.561060] ? print_usage_bug+0xc0/0xc0 [ 2358.565133] ? __x64_sys_read+0x73/0xb0 [ 2358.569124] ? print_usage_bug+0xc0/0xc0 [ 2358.573219] ? down_read+0x8d/0x120 [ 2358.576851] ? ext4_filemap_fault+0x7a/0xad [ 2358.581178] ? __down_interruptible+0x700/0x700 [ 2358.585884] ext4_filemap_fault+0x82/0xad [ 2358.590047] __do_fault+0x100/0x6b0 [ 2358.593698] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2358.598811] ? mark_held_locks+0x130/0x130 [ 2358.603056] ? mark_held_locks+0x130/0x130 [ 2358.607308] ? lock_is_held_type+0x210/0x210 [ 2358.611748] ? do_syslog+0x147b/0x1690 [ 2358.615649] ? do_syslog+0x309/0x1690 [ 2358.619457] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2358.625006] __handle_mm_fault+0x3ea6/0x5be0 [ 2358.629439] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2358.634294] ? lock_is_held_type+0x210/0x210 [ 2358.638717] ? find_held_lock+0x36/0x1c0 [ 2358.642806] ? zap_class+0x640/0x640 [ 2358.646603] ? zap_class+0x640/0x640 [ 2358.650381] ? find_held_lock+0x36/0x1c0 [ 2358.654458] ? handle_mm_fault+0x42a/0xc70 [ 2358.658706] ? lock_downgrade+0x900/0x900 [ 2358.662882] ? check_preemption_disabled+0x48/0x280 [ 2358.667943] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2358.672916] ? kasan_check_read+0x11/0x20 [ 2358.677096] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2358.682406] ? rcu_softirq_qs+0x20/0x20 [ 2358.686408] ? trace_hardirqs_off_caller+0x310/0x310 [ 2358.691523] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2358.697085] ? check_preemption_disabled+0x48/0x280 [ 2358.702123] handle_mm_fault+0x54f/0xc70 [ 2358.706199] ? __handle_mm_fault+0x5be0/0x5be0 [ 2358.710799] ? find_vma+0x34/0x190 [ 2358.714367] __do_page_fault+0x5e8/0xe60 [ 2358.718435] ? trace_hardirqs_off+0xb8/0x310 [ 2358.722873] ? kernel_write+0x120/0x120 [ 2358.726869] do_page_fault+0xf2/0x7e0 [ 2358.730697] ? vmalloc_sync_all+0x30/0x30 [ 2358.734853] ? error_entry+0x70/0xd0 [ 2358.738580] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2358.743616] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2358.748565] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2358.753512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2358.758362] ? trace_hardirqs_on_caller+0x310/0x310 [ 2358.763385] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2358.768864] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2358.773914] ? page_fault+0x8/0x30 [ 2358.777480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2358.782331] ? page_fault+0x8/0x30 [ 2358.785883] page_fault+0x1e/0x30 [ 2358.789348] RIP: 0033:0x7f5b991d81fd [ 2358.793087] Code: Bad RIP value. [ 2358.796456] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2358.801824] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2358.809114] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2358.816388] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2358.823661] R10: 6b205d3739333135 R11: 0000000000000293 R12: 000000000065e420 [ 2358.830934] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2358.838256] CPU: 0 PID: 25804 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2358.840918] Mem-Info: [ 2358.845636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2358.845643] Call Trace: [ 2358.845671] dump_stack+0x244/0x39d [ 2358.845694] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2358.848151] active_anon:119103 inactive_anon:216 isolated_anon:0 [ 2358.848151] active_file:15 inactive_file:14 isolated_file:0 [ 2358.848151] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2358.848151] slab_reclaimable:12285 slab_unreclaimable:115085 [ 2358.848151] mapped:49168 shmem:392 pagetables:1868 bounce:0 [ 2358.848151] free:16028 free_pcp:260 free_cma:0 [ 2358.857494] warn_alloc.cold.116+0xb7/0x1bd [ 2358.857514] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2358.860110] Node 0 active_anon:476412kB inactive_anon:864kB active_file:60kB inactive_file:56kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 122880kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2358.863705] ? __lock_is_held+0xb5/0x140 [ 2358.863741] ? policy_nodemask+0x65/0x1b0 [ 2358.868935] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2358.902000] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2358.902033] __vmalloc_node_range+0x522/0x750 [ 2358.906332] lowmem_reserve[]: 0 2818 6321 6321 [ 2358.911182] ? vb2_vmalloc_alloc+0x123/0x380 [ 2358.938816] Node 0 DMA32 free:28600kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:4kB free_cma:0kB [ 2358.942840] vmalloc_user+0x75/0x170 [ 2358.942876] ? vb2_vmalloc_alloc+0x123/0x380 [ 2358.947009] lowmem_reserve[]: 0 0 3503 3503 [ 2358.973145] vb2_vmalloc_alloc+0x123/0x380 [ 2358.973180] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2358.973203] ? mutex_destroy+0x200/0x200 [ 2358.978718] Node 0 Normal free:19604kB min:37364kB low:46704kB high:56044kB active_anon:476368kB inactive_anon:864kB active_file:60kB inactive_file:52kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8544kB pagetables:7472kB bounce:0kB free_pcp:788kB local_pcp:172kB free_cma:0kB [ 2358.983209] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2358.983227] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2358.983247] __vb2_queue_alloc+0x5e1/0xfa0 [ 2358.987807] lowmem_reserve[]: 0 0 0 0 [ 2358.992240] ? vimc_cap_get_format+0x120/0x120 [ 2358.992270] vb2_core_create_bufs+0x401/0x8c0 [ 2359.019719] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2359.023406] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2359.023432] ? debug_smp_processor_id+0x1c/0x20 [ 2359.027819] Node 0 DMA32: 8*4kB (UME) 9*8kB (ME) 9*16kB (UM) 4*32kB (UME) 5*64kB (ME) 6*128kB (UME) 4*256kB (UME) 5*512kB (UME) 3*1024kB (ME) 4*2048kB (UME) 3*4096kB (M) = 28600kB [ 2359.032150] ? perf_trace_lock+0x14d/0x7a0 [ 2359.032177] ? __save_stack_trace+0x8d/0xf0 [ 2359.032219] vb2_create_bufs+0x4b6/0x8f0 [ 2359.036414] Node 0 Normal: 335*4kB (UME) 960*8kB (UME) 574*16kB (UM) 25*32kB (UM) 0*64kB 2*128kB (U) 2*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19772kB [ 2359.041513] ? v4l2_ioctl+0x154/0x1b0 [ 2359.045598] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2359.074473] ? vb2_request_queue+0x120/0x120 [ 2359.074500] ? find_held_lock+0x36/0x1c0 [ 2359.074523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2359.078849] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2359.083944] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2359.083976] v4l_create_bufs+0x152/0x230 [ 2359.088189] 422 total pagecache pages [ 2359.091992] __video_do_ioctl+0x8b1/0x1050 [ 2359.092021] ? v4l_s_fmt+0x990/0x990 [ 2359.096602] 0 pages in swap cache [ 2359.101092] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2359.114643] Swap cache stats: add 0, delete 0, find 0/0 [ 2359.119016] video_usercopy+0x5c1/0x1760 [ 2359.123687] Free swap = 0kB [ 2359.139800] ? v4l_s_fmt+0x990/0x990 [ 2359.139831] ? v4l_enumstd+0x70/0x70 [ 2359.144084] Total swap = 0kB [ 2359.148393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2359.152472] 1965979 pages RAM [ 2359.166668] ? find_held_lock+0x36/0x1c0 [ 2359.166696] ? __fget+0x4aa/0x740 [ 2359.170474] 0 pages HighMem/MovableOnly [ 2359.179305] ? lock_downgrade+0x900/0x900 [ 2359.179324] ? check_preemption_disabled+0x48/0x280 [ 2359.179345] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2359.183762] 342853 pages reserved [ 2359.187803] ? kasan_check_read+0x11/0x20 [ 2359.193336] 0 pages cma reserved [ 2359.201880] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2359.201896] ? rcu_softirq_qs+0x20/0x20 [ 2359.201926] ? __fget+0x4d1/0x740 [ 2359.206483] Out of memory: Kill process 8649 (syz-executor4) score 1005 or sacrifice child [ 2359.210695] ? ksys_dup3+0x680/0x680 [ 2359.214594] Killed process 8649 (syz-executor4) total-vm:70736kB, anon-rss:2220kB, file-rss:32768kB, shmem-rss:0kB [ 2359.218714] ? __might_fault+0x12b/0x1e0 [ 2359.243330] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2359.243804] ? video_usercopy+0x1760/0x1760 [ 2359.247497] rsyslogd cpuset=/ mems_allowed=0 [ 2359.251206] video_ioctl2+0x2c/0x33 [ 2359.362243] v4l2_ioctl+0x154/0x1b0 [ 2359.365892] ? video_devdata+0xa0/0xa0 [ 2359.369790] do_vfs_ioctl+0x1de/0x1790 [ 2359.373692] ? ioctl_preallocate+0x300/0x300 [ 2359.378106] ? __fget_light+0x2e9/0x430 [ 2359.382088] ? fget_raw+0x20/0x20 [ 2359.385546] ? _copy_to_user+0xc8/0x110 [ 2359.389548] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2359.395109] ? put_timespec64+0x10f/0x1b0 [ 2359.399264] ? nsecs_to_jiffies+0x30/0x30 [ 2359.403425] ? do_syscall_64+0x9a/0x820 [ 2359.407408] ? do_syscall_64+0x9a/0x820 [ 2359.411394] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2359.415990] ? security_file_ioctl+0x94/0xc0 [ 2359.420464] ksys_ioctl+0xa9/0xd0 [ 2359.423964] __x64_sys_ioctl+0x73/0xb0 [ 2359.427865] do_syscall_64+0x1b9/0x820 [ 2359.431774] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2359.437148] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2359.442084] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2359.446936] ? trace_hardirqs_on_caller+0x310/0x310 [ 2359.451975] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2359.457029] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2359.462058] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2359.466943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2359.472132] RIP: 0033:0x457669 [ 2359.475341] Code: Bad RIP value. [ 2359.478706] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2359.486419] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2359.493693] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2359.500975] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2359.508247] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2359.515515] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2359.522816] CPU: 1 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2359.529670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2359.538058] Mem-Info: [ 2359.539029] Call Trace: [ 2359.541458] active_anon:118564 inactive_anon:216 isolated_anon:0 [ 2359.541458] active_file:15 inactive_file:14 isolated_file:0 [ 2359.541458] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2359.541458] slab_reclaimable:12285 slab_unreclaimable:115085 [ 2359.541458] mapped:49168 shmem:392 pagetables:1831 bounce:0 [ 2359.541458] free:16544 free_pcp:327 free_cma:0 [ 2359.544024] dump_stack+0x244/0x39d [ 2359.544045] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2359.544064] ? mark_held_locks+0x130/0x130 [ 2359.544100] ? mark_held_locks+0x130/0x130 [ 2359.544136] dump_header+0x27b/0xf72 [ 2359.544161] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2359.544178] ? check_preemption_disabled+0x48/0x280 [ 2359.544212] ? pagefault_out_of_memory+0x197/0x197 [ 2359.544276] ? debug_smp_processor_id+0x1c/0x20 [ 2359.588468] Node 0 active_anon:474256kB inactive_anon:864kB active_file:60kB inactive_file:56kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 122880kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2359.590370] ? perf_trace_lock+0x14d/0x7a0 [ 2359.594732] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2359.598320] ? lock_is_held_type+0x210/0x210 [ 2359.617002] lowmem_reserve[]: 0 2818 6321 6321 [ 2359.618441] ? debug_smp_processor_id+0x1c/0x20 [ 2359.658543] Node 0 DMA32 free:28600kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:248kB free_cma:0kB [ 2359.676342] ? perf_trace_lock+0x14d/0x7a0 [ 2359.676359] ? zap_class+0x640/0x640 [ 2359.676379] ? print_usage_bug+0xc0/0xc0 [ 2359.676396] ? lock_is_held_type+0x210/0x210 [ 2359.676411] ? perf_trace_lock+0x14d/0x7a0 [ 2359.676435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2359.676457] ? find_held_lock+0x36/0x1c0 [ 2359.676482] ? mark_held_locks+0xc7/0x130 [ 2359.693568] lowmem_reserve[]: 0 0 3503 3503 [ 2359.717704] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2359.717719] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2359.717737] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2359.717757] ? trace_hardirqs_on+0xbd/0x310 [ 2359.717775] ? kasan_check_read+0x11/0x20 [ 2359.717791] ? ___ratelimit+0x3b4/0x672 [ 2359.717809] ? trace_hardirqs_off_caller+0x310/0x310 [ 2359.717827] ? trace_hardirqs_on+0x310/0x310 [ 2359.717847] ? lock_downgrade+0x900/0x900 [ 2359.734921] Node 0 Normal free:21820kB min:37364kB low:46704kB high:56044kB active_anon:474212kB inactive_anon:864kB active_file:56kB inactive_file:56kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8512kB pagetables:7324kB bounce:0kB free_pcp:1056kB local_pcp:616kB free_cma:0kB [ 2359.738480] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2359.750499] lowmem_reserve[]: 0 0 0 0 [ 2359.752193] ? ___ratelimit+0x3b9/0x672 [ 2359.752212] ? idr_get_free+0xf70/0xf70 [ 2359.752230] ? lock_is_held_type+0x210/0x210 [ 2359.752256] oom_kill_process.cold.27+0x10/0x903 [ 2359.752274] ? zap_class+0x640/0x640 [ 2359.752293] ? check_preemption_disabled+0x48/0x280 [ 2359.752312] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2359.764487] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2359.766832] ? kasan_check_read+0x11/0x20 [ 2359.771392] Node 0 DMA32: 8*4kB (UME) 9*8kB (ME) 9*16kB (UM) 4*32kB (UME) 5*64kB (ME) 6*128kB (UME) 4*256kB (UME) 5*512kB (UME) 3*1024kB (ME) 4*2048kB (UME) 3*4096kB (M) = 28600kB [ 2359.775711] ? oom_evaluate_task+0x540/0x540 [ 2359.775731] ? find_held_lock+0x36/0x1c0 [ 2359.775756] ? out_of_memory+0x974/0x1430 [ 2359.775774] ? lock_downgrade+0x900/0x900 [ 2359.775791] ? check_preemption_disabled+0x48/0x280 [ 2359.775812] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2359.785608] Node 0 Normal: 335*4kB (UME) 960*8kB (UME) 574*16kB (UM) 26*32kB (UM) 0*64kB 2*128kB (U) 2*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 21852kB [ 2359.789017] ? kasan_check_read+0x11/0x20 [ 2359.793578] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2359.797571] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2359.838737] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2359.839409] ? rcu_softirq_qs+0x20/0x20 [ 2359.843530] 422 total pagecache pages [ 2359.847787] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2359.865437] 0 pages in swap cache [ 2359.866163] ? oom_evaluate_task+0x302/0x540 [ 2359.893159] Swap cache stats: add 0, delete 0, find 0/0 [ 2359.899953] out_of_memory+0xa84/0x1430 [ 2359.911575] Free swap = 0kB [ 2359.912541] ? oom_killer_disable+0x3a0/0x3a0 [ 2359.912567] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2359.912599] ? __ww_mutex_check_waiters+0x160/0x160 [ 2359.916727] Total swap = 0kB [ 2359.921747] __alloc_pages_slowpath+0x232c/0x2de0 [ 2359.939477] 1965979 pages RAM [ 2359.941235] ? warn_alloc+0x120/0x120 [ 2359.945479] 0 pages HighMem/MovableOnly [ 2359.954183] ? mark_held_locks+0x130/0x130 [ 2359.954206] ? find_get_entry+0xaae/0x1120 [ 2359.954231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2359.954250] ? check_preemption_disabled+0x48/0x280 [ 2359.954270] ? filemap_map_pages+0x1a20/0x1a20 [ 2359.967950] 342853 pages reserved [ 2359.968154] ? debug_smp_processor_id+0x1c/0x20 [ 2359.977064] 0 pages cma reserved [ 2359.981451] ? perf_trace_lock+0x14d/0x7a0 [ 2360.073986] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2360.079555] ? should_fail+0x22d/0xd01 [ 2360.083476] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2360.088598] ? zap_class+0x640/0x640 [ 2360.092350] ? __lock_is_held+0xb5/0x140 [ 2360.096429] ? mark_held_locks+0x130/0x130 [ 2360.100687] ? lock_release+0xa00/0xa00 [ 2360.104674] ? perf_trace_sched_process_exec+0x860/0x860 [ 2360.110149] ? xa_load+0x2ba/0x460 [ 2360.113703] ? lock_downgrade+0x900/0x900 [ 2360.117869] ? __might_sleep+0x95/0x190 [ 2360.121870] __alloc_pages_nodemask+0xad8/0xea0 [ 2360.126593] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2360.131628] ? __page_cache_alloc+0x191/0x5c0 [ 2360.136133] ? xa_load+0x2e1/0x460 [ 2360.139680] ? xa_clear_mark+0x40/0x40 [ 2360.143584] ? zap_class+0x640/0x640 [ 2360.147311] ? zap_class+0x640/0x640 [ 2360.151028] ? zap_class+0x640/0x640 [ 2360.154750] ? __do_page_cache_readahead+0x663/0x810 [ 2360.159861] ? find_held_lock+0x36/0x1c0 [ 2360.163936] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2360.169488] alloc_pages_current+0x173/0x350 [ 2360.173929] __page_cache_alloc+0x38c/0x5c0 [ 2360.178282] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2360.183215] ? kasan_check_read+0x11/0x20 [ 2360.187363] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2360.192646] ? generic_perform_write+0x6a0/0x6a0 [ 2360.197404] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2360.202950] ? check_preemption_disabled+0x48/0x280 [ 2360.208449] filemap_fault+0x1595/0x25f0 [ 2360.212529] ? __lock_page_or_retry+0xa00/0xa00 [ 2360.217211] ? mark_held_locks+0x130/0x130 [ 2360.221458] ? filemap_map_pages+0xd6b/0x1a20 [ 2360.225958] ? lock_downgrade+0x900/0x900 [ 2360.230111] ? check_preemption_disabled+0x48/0x280 [ 2360.235137] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2360.240068] ? kasan_check_read+0x11/0x20 [ 2360.244226] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2360.249509] ? rcu_softirq_qs+0x20/0x20 [ 2360.253500] ? filemap_map_pages+0xd92/0x1a20 [ 2360.258013] ? find_get_entries_tag+0x1400/0x1400 [ 2360.262862] ? __kernel_text_address+0xd/0x40 [ 2360.267360] ? unwind_get_return_address+0x61/0xa0 [ 2360.272310] ? lock_acquire+0x1ed/0x520 [ 2360.276299] ? ext4_filemap_fault+0x7a/0xad [ 2360.280630] ? lock_release+0xa00/0xa00 [ 2360.284610] ? perf_trace_sched_process_exec+0x860/0x860 [ 2360.290062] ? print_usage_bug+0xc0/0xc0 [ 2360.294131] ? print_usage_bug+0xc0/0xc0 [ 2360.298198] ? __x64_sys_read+0x73/0xb0 [ 2360.302174] ? print_usage_bug+0xc0/0xc0 [ 2360.306256] ? down_read+0x8d/0x120 [ 2360.309880] ? ext4_filemap_fault+0x7a/0xad [ 2360.314204] ? __down_interruptible+0x700/0x700 [ 2360.318886] ext4_filemap_fault+0x82/0xad [ 2360.323042] __do_fault+0x100/0x6b0 [ 2360.326676] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2360.331785] ? mark_held_locks+0x130/0x130 [ 2360.336026] ? mark_held_locks+0x130/0x130 [ 2360.340263] ? lock_is_held_type+0x210/0x210 [ 2360.344673] ? do_syslog+0x147b/0x1690 [ 2360.348574] ? do_syslog+0x309/0x1690 [ 2360.352385] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2360.357934] __handle_mm_fault+0x3ea6/0x5be0 [ 2360.362355] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2360.367227] ? lock_is_held_type+0x210/0x210 [ 2360.371646] ? find_held_lock+0x36/0x1c0 [ 2360.375736] ? zap_class+0x640/0x640 [ 2360.379455] ? zap_class+0x640/0x640 [ 2360.383181] ? find_held_lock+0x36/0x1c0 [ 2360.387258] ? handle_mm_fault+0x42a/0xc70 [ 2360.391495] ? lock_downgrade+0x900/0x900 [ 2360.395649] ? check_preemption_disabled+0x48/0x280 [ 2360.400671] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2360.405616] ? kasan_check_read+0x11/0x20 [ 2360.409786] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2360.415066] ? rcu_softirq_qs+0x20/0x20 [ 2360.419048] ? trace_hardirqs_off_caller+0x310/0x310 [ 2360.424160] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2360.429702] ? check_preemption_disabled+0x48/0x280 [ 2360.434732] handle_mm_fault+0x54f/0xc70 [ 2360.438800] ? __handle_mm_fault+0x5be0/0x5be0 [ 2360.443394] ? find_vma+0x34/0x190 [ 2360.446945] __do_page_fault+0x5e8/0xe60 [ 2360.451012] ? trace_hardirqs_off+0xb8/0x310 [ 2360.455426] ? kernel_write+0x120/0x120 [ 2360.459416] do_page_fault+0xf2/0x7e0 [ 2360.463225] ? vmalloc_sync_all+0x30/0x30 [ 2360.467379] ? error_entry+0x70/0xd0 [ 2360.471127] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2360.476150] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2360.481088] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2360.486019] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2360.490895] ? trace_hardirqs_on_caller+0x310/0x310 [ 2360.495916] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2360.501378] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2360.506402] ? page_fault+0x8/0x30 [ 2360.509950] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2360.514804] ? page_fault+0x8/0x30 [ 2360.518391] page_fault+0x1e/0x30 [ 2360.521862] RIP: 0033:0x7f5b991d81fd [ 2360.525599] Code: Bad RIP value. [ 2360.528968] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2360.534335] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2360.541608] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2360.548876] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2360.556146] R10: 6b205d3739333135 R11: 0000000000000293 R12: 000000000065e420 [ 2360.563415] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2360.576995] Mem-Info: [ 2360.579460] active_anon:118556 inactive_anon:216 isolated_anon:0 [ 2360.579460] active_file:15 inactive_file:14 isolated_file:0 [ 2360.579460] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2360.579460] slab_reclaimable:12274 slab_unreclaimable:115029 [ 2360.579460] mapped:49168 shmem:392 pagetables:1843 bounce:0 [ 2360.579460] free:17566 free_pcp:427 free_cma:0 [ 2360.614647] Node 0 active_anon:474224kB inactive_anon:864kB active_file:56kB inactive_file:60kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 120832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2360.643007] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2360.669523] lowmem_reserve[]: 0 2818 6321 6321 [ 2360.674204] Node 0 DMA32 free:131364kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1780kB local_pcp:456kB free_cma:0kB [ 2360.704119] lowmem_reserve[]: 0 0 3503 3503 [ 2360.709471] Node 0 Normal free:57856kB min:37364kB low:46704kB high:56044kB active_anon:474180kB inactive_anon:864kB active_file:52kB inactive_file:60kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8512kB pagetables:7372kB bounce:0kB free_pcp:1564kB local_pcp:112kB free_cma:0kB [ 2360.742432] lowmem_reserve[]: 0 0 0 0 [ 2360.746263] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2360.759926] Node 0 DMA32: 6*4kB (U) 6*8kB (UME) 6*16kB (UM) 6*32kB (UME) 8*64kB (UE) 7*128kB (UME) 8*256kB (UME) 9*512kB (UME) 6*1024kB (UME) 8*2048kB (UME) 31*4096kB (UM) = 157928kB [ 2360.776538] Node 0 Normal: 725*4kB (UME) 1782*8kB (UME) 1005*16kB (UM) 141*32kB (UME) 43*64kB (UME) 12*128kB (UM) 6*256kB (UM) 5*512kB (UM) 3*1024kB (U) 6*2048kB (UM) 2*4096kB (U) = 69684kB [ 2360.793831] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2360.802838] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2360.811520] 756 total pagecache pages [ 2360.815498] 0 pages in swap cache [ 2360.819981] Swap cache stats: add 0, delete 0, find 0/0 [ 2360.825433] Free swap = 0kB [ 2360.828454] Total swap = 0kB [ 2360.831468] 1965979 pages RAM [ 2360.835207] 0 pages HighMem/MovableOnly [ 2360.840158] 342853 pages reserved [ 2360.843692] 0 pages cma reserved [ 2360.847071] Out of memory: Kill process 24942 (syz-executor0) score 1005 or sacrifice child [ 2360.857447] Killed process 24942 (syz-executor0) total-vm:70604kB, anon-rss:2224kB, file-rss:32768kB, shmem-rss:0kB [ 2363.812429] syz-executor4 (25804) used greatest stack depth: 6152 bytes left 06:17:59 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x7ffffffff000}]) 06:17:59 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x6800, 0xffffffffffffffff]}}}) 06:17:59 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff16000000]}}}) 06:17:59 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x04Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2364.106801] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2364.118179] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2364.123533] CPU: 0 PID: 25844 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2364.130918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2364.140256] Call Trace: [ 2364.142839] dump_stack+0x244/0x39d [ 2364.146461] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2364.151649] ? __video_do_ioctl+0x8b1/0x1050 [ 2364.156073] ? video_usercopy+0x5c1/0x1760 [ 2364.160310] ? video_ioctl2+0x2c/0x33 [ 2364.164107] ? do_vfs_ioctl+0x1de/0x1790 [ 2364.168164] warn_alloc.cold.116+0xb7/0x1bd [ 2364.172479] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2364.177320] ? zap_class+0x640/0x640 [ 2364.181044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2364.186657] ? check_preemption_disabled+0x48/0x280 [ 2364.191706] __vmalloc_node_range+0x472/0x750 [ 2364.196196] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2364.201221] ? vb2_vmalloc_alloc+0x123/0x380 [ 2364.205636] vmalloc_user+0x75/0x170 [ 2364.209351] ? vb2_vmalloc_alloc+0x123/0x380 [ 2364.213762] vb2_vmalloc_alloc+0x123/0x380 [ 2364.217989] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2364.223099] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2364.227427] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2364.232525] __vb2_queue_alloc+0x5e1/0xfa0 [ 2364.236780] ? vimc_cap_get_format+0x120/0x120 [ 2364.241376] vb2_core_create_bufs+0x401/0x8c0 [ 2364.245876] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2364.250279] ? debug_smp_processor_id+0x1c/0x20 [ 2364.254939] ? perf_trace_lock+0x14d/0x7a0 [ 2364.259174] ? __save_stack_trace+0x8d/0xf0 [ 2364.263527] vb2_create_bufs+0x4b6/0x8f0 [ 2364.267590] ? v4l2_ioctl+0x154/0x1b0 [ 2364.271398] ? vb2_request_queue+0x120/0x120 [ 2364.275818] ? find_held_lock+0x36/0x1c0 [ 2364.279882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2364.285421] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2364.290031] v4l_create_bufs+0x152/0x230 [ 2364.294104] __video_do_ioctl+0x8b1/0x1050 [ 2364.298366] ? v4l_s_fmt+0x990/0x990 [ 2364.302146] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2364.307692] video_usercopy+0x5c1/0x1760 [ 2364.311776] ? v4l_s_fmt+0x990/0x990 [ 2364.315498] ? v4l_enumstd+0x70/0x70 [ 2364.319218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2364.324777] ? find_held_lock+0x36/0x1c0 [ 2364.328867] ? __fget+0x4aa/0x740 [ 2364.332338] ? lock_downgrade+0x900/0x900 [ 2364.336505] ? check_preemption_disabled+0x48/0x280 [ 2364.341524] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2364.346447] ? kasan_check_read+0x11/0x20 [ 2364.350614] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2364.355898] ? rcu_softirq_qs+0x20/0x20 [ 2364.359894] ? __fget+0x4d1/0x740 [ 2364.363354] ? ksys_dup3+0x680/0x680 [ 2364.367075] ? __might_fault+0x12b/0x1e0 [ 2364.371137] ? video_usercopy+0x1760/0x1760 [ 2364.375450] video_ioctl2+0x2c/0x33 [ 2364.379076] v4l2_ioctl+0x154/0x1b0 [ 2364.382697] ? video_devdata+0xa0/0xa0 [ 2364.386605] do_vfs_ioctl+0x1de/0x1790 [ 2364.390511] ? ioctl_preallocate+0x300/0x300 [ 2364.394948] ? __fget_light+0x2e9/0x430 [ 2364.398926] ? fget_raw+0x20/0x20 [ 2364.402383] ? _copy_to_user+0xc8/0x110 [ 2364.406349] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2364.411924] ? put_timespec64+0x10f/0x1b0 [ 2364.416084] ? nsecs_to_jiffies+0x30/0x30 [ 2364.420236] ? do_syscall_64+0x9a/0x820 [ 2364.424201] ? do_syscall_64+0x9a/0x820 [ 2364.428168] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2364.432744] ? security_file_ioctl+0x94/0xc0 [ 2364.437183] ksys_ioctl+0xa9/0xd0 [ 2364.440664] __x64_sys_ioctl+0x73/0xb0 [ 2364.444552] do_syscall_64+0x1b9/0x820 [ 2364.448449] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2364.453822] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2364.458748] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2364.463623] ? trace_hardirqs_on_caller+0x310/0x310 [ 2364.468653] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2364.473673] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2364.478714] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2364.483576] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2364.488779] RIP: 0033:0x457669 [ 2364.491977] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2364.510875] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2364.518600] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2364.525858] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2364.533141] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2364.540409] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2364.547670] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2364.555493] Mem-Info: 06:17:59 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:17:59 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet6_int(r1, 0x29, 0xd0, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r2, &(0x7f0000000580), 0x0, 0x200007fe, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r3 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$LOOP_SET_FD(r3, 0x4c00, r0) r4 = dup2(r2, 0xffffffffffffffff) syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0x4, 0x6000) stat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000480)) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000340)=""/35) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, 0x0}, 0x44801) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='\x00\x00\x00\x00\x00') r6 = openat$cgroup_ro(r5, &(0x7f0000000200)='mem\x00\x01y.swaS.current\x00', 0x0, 0x0) preadv(r6, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x400000) sendmsg$FOU_CMD_DEL(r4, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[]}}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000003c0), &(0x7f0000000400)=0x8) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000580)) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000380), 0xfdf5) setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x5, 0x0, 0x101) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0x1f) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000300)=0x1002, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xc0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0xffff}, 0x14) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2364.557972] active_anon:117997 inactive_anon:213 isolated_anon:0 [ 2364.557972] active_file:586 inactive_file:2830 isolated_file:0 [ 2364.557972] unevictable:1 dirty:44 writeback:0 unstable:0 [ 2364.557972] slab_reclaimable:12254 slab_unreclaimable:113845 [ 2364.557972] mapped:51408 shmem:392 pagetables:1800 bounce:0 [ 2364.557972] free:1277923 free_pcp:1352 free_cma:0 [ 2364.593261] Node 0 active_anon:474084kB inactive_anon:864kB active_file:2496kB inactive_file:11524kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:205804kB dirty:224kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 118784kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2364.621787] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2364.652066] lowmem_reserve[]: 0 2818 6321 6321 [ 2364.672404] Node 0 DMA32 free:2879276kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:96kB inactive_file:440kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2780kB local_pcp:1292kB free_cma:0kB [ 2364.705282] lowmem_reserve[]: 0 0 3503 3503 [ 2364.705420] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2364.709981] Node 0 Normal free:2197172kB min:37364kB low:46704kB high:56044kB active_anon:482636kB inactive_anon:864kB active_file:2400kB inactive_file:12084kB unevictable:4kB writepending:224kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8704kB pagetables:7516kB bounce:0kB free_pcp:1804kB local_pcp:848kB free_cma:0kB [ 2364.748726] lowmem_reserve[]: 0 0 0 0 [ 2364.753046] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 06:17:59 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2364.771924] Node 0 DMA32: 21*4kB (U) 67*8kB (UME) 72*16kB (UM) 66*32kB (UME) 68*64kB (UE) 78*128kB (UME) 62*256kB (UME) 51*512kB (UME) 43*1024kB (UME) 37*2048kB (UME) 659*4096kB (UM) = 2879276kB [ 2364.808540] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:17:59 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x100000000000000}]) [ 2364.836028] Node 0 Normal: 12391*4kB (UME) 7904*8kB (UE) 1442*16kB (UM) 2454*32kB (UME) 1475*64kB (UME) 804*128kB (UM) 288*256kB (UM) 134*512kB (UM) 62*1024kB (U) 57*2048kB (UM) 356*4096kB (U) = 2192444kB 06:18:00 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2364.882262] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2364.891756] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2364.920843] 4313 total pagecache pages [ 2364.927917] 0 pages in swap cache [ 2364.931719] Swap cache stats: add 0, delete 0, find 0/0 [ 2364.937538] Free swap = 0kB [ 2364.940921] Total swap = 0kB [ 2364.944370] 1965979 pages RAM [ 2364.947804] 0 pages HighMem/MovableOnly [ 2364.952181] 342853 pages reserved [ 2364.966443] 0 pages cma reserved 06:18:00 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet6_int(r1, 0x29, 0xd0, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r2, &(0x7f0000000580), 0x0, 0x200007fe, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r3 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$LOOP_SET_FD(r3, 0x4c00, r0) r4 = dup2(r2, 0xffffffffffffffff) syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0x4, 0x6000) stat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000480)) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000340)=""/35) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, 0x0}, 0x44801) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='\x00\x00\x00\x00\x00') r6 = openat$cgroup_ro(r5, &(0x7f0000000200)='mem\x00\x01y.swaS.current\x00', 0x0, 0x0) preadv(r6, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x400000) sendmsg$FOU_CMD_DEL(r4, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[]}}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000003c0), &(0x7f0000000400)=0x8) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000580)) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000380), 0xfdf5) setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x5, 0x0, 0x101) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0x1f) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000300)=0x1002, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xc0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0xffff}, 0x14) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2364.977333] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:00 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x8000000000000000}]) 06:18:00 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2365.173732] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:00 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x0fZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:00 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x300000000000000}]) 06:18:00 executing program 0: r0 = socket(0x1, 0x1, 0x0) getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='security.apparmor\x00', &(0x7f00000000c0)=""/208, 0xd0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0}, &(0x7f0000000480)=0xc) capset(&(0x7f00000004c0)={0x0, r1}, &(0x7f0000000500)={0x0, 0x0, 0x4, 0x2, 0x6, 0xffffffffffffffeb}) fcntl$getown(r0, 0x9) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000340)={0x405, {{0xa, 0x4e23, 0x6, @local, 0x100}}}, 0x88) [ 2369.560830] oom_reaper: reaped process 25846 (syz-executor4), now anon-rss:0kB, file-rss:32704kB, shmem-rss:0kB [ 2369.597552] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2369.610042] rsyslogd cpuset=/ mems_allowed=0 [ 2369.614703] CPU: 0 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2369.621552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2369.630944] Call Trace: [ 2369.633577] dump_stack+0x244/0x39d [ 2369.637229] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2369.642434] ? mark_held_locks+0x130/0x130 [ 2369.646679] ? mark_held_locks+0x130/0x130 [ 2369.650932] dump_header+0x27b/0xf72 [ 2369.654667] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.660221] ? check_preemption_disabled+0x48/0x280 [ 2369.665276] ? pagefault_out_of_memory+0x197/0x197 [ 2369.670215] ? debug_smp_processor_id+0x1c/0x20 [ 2369.674888] ? perf_trace_lock+0x14d/0x7a0 [ 2369.679114] ? lock_is_held_type+0x210/0x210 [ 2369.683526] ? debug_smp_processor_id+0x1c/0x20 [ 2369.688182] ? perf_trace_lock+0x14d/0x7a0 [ 2369.692403] ? zap_class+0x640/0x640 [ 2369.696104] ? print_usage_bug+0xc0/0xc0 [ 2369.700150] ? lock_is_held_type+0x210/0x210 [ 2369.704541] ? perf_trace_lock+0x14d/0x7a0 [ 2369.708767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.714293] ? find_held_lock+0x36/0x1c0 [ 2369.718359] ? mark_held_locks+0xc7/0x130 [ 2369.722498] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2369.727596] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2369.732711] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2369.737294] ? trace_hardirqs_on+0xbd/0x310 [ 2369.741604] ? kasan_check_read+0x11/0x20 [ 2369.745742] ? ___ratelimit+0x3b4/0x672 [ 2369.749710] ? trace_hardirqs_off_caller+0x310/0x310 [ 2369.754803] ? trace_hardirqs_on+0x310/0x310 [ 2369.759200] ? lock_downgrade+0x900/0x900 [ 2369.763338] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2369.768425] ? ___ratelimit+0x3b9/0x672 [ 2369.772402] ? idr_get_free+0xf70/0xf70 [ 2369.776373] ? lock_is_held_type+0x210/0x210 [ 2369.780789] oom_kill_process.cold.27+0x10/0x903 [ 2369.785531] ? zap_class+0x640/0x640 [ 2369.789236] ? check_preemption_disabled+0x48/0x280 [ 2369.794271] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2369.799189] ? kasan_check_read+0x11/0x20 [ 2369.803339] ? oom_evaluate_task+0x540/0x540 [ 2369.807738] ? find_held_lock+0x36/0x1c0 [ 2369.811790] ? out_of_memory+0x974/0x1430 [ 2369.815924] ? lock_downgrade+0x900/0x900 [ 2369.820056] ? check_preemption_disabled+0x48/0x280 [ 2369.825074] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2369.830003] ? kasan_check_read+0x11/0x20 [ 2369.834138] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2369.839419] ? rcu_softirq_qs+0x20/0x20 [ 2369.843385] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2369.848914] ? oom_evaluate_task+0x302/0x540 [ 2369.853309] out_of_memory+0xa84/0x1430 [ 2369.857274] ? oom_killer_disable+0x3a0/0x3a0 [ 2369.861767] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2369.866689] ? __ww_mutex_check_waiters+0x160/0x160 [ 2369.871696] __alloc_pages_slowpath+0x232c/0x2de0 [ 2369.876540] ? warn_alloc+0x120/0x120 [ 2369.880335] ? mark_held_locks+0x130/0x130 [ 2369.884561] ? find_get_entry+0xaae/0x1120 [ 2369.888797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.894323] ? check_preemption_disabled+0x48/0x280 [ 2369.899327] ? filemap_map_pages+0x1a20/0x1a20 [ 2369.903899] ? debug_smp_processor_id+0x1c/0x20 [ 2369.908562] ? perf_trace_lock+0x14d/0x7a0 [ 2369.912802] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2369.918326] ? should_fail+0x22d/0xd01 [ 2369.922203] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2369.927292] ? zap_class+0x640/0x640 [ 2369.931004] ? __lock_is_held+0xb5/0x140 [ 2369.935054] ? mark_held_locks+0x130/0x130 [ 2369.939273] ? lock_release+0xa00/0xa00 [ 2369.943234] ? perf_trace_sched_process_exec+0x860/0x860 [ 2369.948672] ? xa_load+0x2ba/0x460 [ 2369.952203] ? lock_downgrade+0x900/0x900 [ 2369.956339] ? __might_sleep+0x95/0x190 [ 2369.960298] __alloc_pages_nodemask+0xad8/0xea0 [ 2369.964957] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2369.969959] ? __page_cache_alloc+0x191/0x5c0 [ 2369.974437] ? xa_load+0x2e1/0x460 [ 2369.977992] ? xa_clear_mark+0x40/0x40 [ 2369.981891] ? zap_class+0x640/0x640 [ 2369.985620] ? zap_class+0x640/0x640 [ 2369.989334] ? zap_class+0x640/0x640 [ 2369.993065] ? __do_page_cache_readahead+0x663/0x810 [ 2369.998161] ? find_held_lock+0x36/0x1c0 [ 2370.002213] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2370.007745] alloc_pages_current+0x173/0x350 [ 2370.012144] __page_cache_alloc+0x38c/0x5c0 [ 2370.016450] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2370.021363] ? kasan_check_read+0x11/0x20 [ 2370.025495] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2370.030772] ? generic_perform_write+0x6a0/0x6a0 [ 2370.035517] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2370.041042] ? check_preemption_disabled+0x48/0x280 [ 2370.046049] filemap_fault+0x1595/0x25f0 [ 2370.050105] ? __lock_page_or_retry+0xa00/0xa00 [ 2370.054764] ? mark_held_locks+0x130/0x130 [ 2370.058993] ? filemap_map_pages+0xd6b/0x1a20 [ 2370.063476] ? lock_downgrade+0x900/0x900 [ 2370.067612] ? check_preemption_disabled+0x48/0x280 [ 2370.072615] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2370.077528] ? kasan_check_read+0x11/0x20 [ 2370.081689] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2370.086956] ? rcu_softirq_qs+0x20/0x20 [ 2370.090923] ? filemap_map_pages+0xd92/0x1a20 [ 2370.095414] ? find_get_entries_tag+0x1400/0x1400 [ 2370.100257] ? __kernel_text_address+0xd/0x40 [ 2370.104757] ? unwind_get_return_address+0x61/0xa0 [ 2370.109695] ? lock_acquire+0x1ed/0x520 [ 2370.113656] ? ext4_filemap_fault+0x7a/0xad [ 2370.117966] ? lock_release+0xa00/0xa00 [ 2370.121924] ? perf_trace_sched_process_exec+0x860/0x860 [ 2370.127442] ? print_usage_bug+0xc0/0xc0 [ 2370.131513] ? print_usage_bug+0xc0/0xc0 [ 2370.135560] ? __x64_sys_read+0x73/0xb0 [ 2370.139527] ? print_usage_bug+0xc0/0xc0 [ 2370.143599] ? down_read+0x8d/0x120 [ 2370.147216] ? ext4_filemap_fault+0x7a/0xad [ 2370.151525] ? __down_interruptible+0x700/0x700 [ 2370.156200] ext4_filemap_fault+0x82/0xad [ 2370.160337] __do_fault+0x100/0x6b0 [ 2370.163954] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2370.169057] ? mark_held_locks+0x130/0x130 [ 2370.173311] ? mark_held_locks+0x130/0x130 [ 2370.177527] ? lock_is_held_type+0x210/0x210 [ 2370.181917] ? do_syslog+0x147b/0x1690 [ 2370.185805] ? do_syslog+0x309/0x1690 [ 2370.189595] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2370.195150] __handle_mm_fault+0x3ea6/0x5be0 [ 2370.199546] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2370.204379] ? lock_is_held_type+0x210/0x210 [ 2370.208830] ? find_held_lock+0x36/0x1c0 [ 2370.212893] ? zap_class+0x640/0x640 [ 2370.216618] ? zap_class+0x640/0x640 [ 2370.220348] ? find_held_lock+0x36/0x1c0 [ 2370.224413] ? handle_mm_fault+0x42a/0xc70 [ 2370.228649] ? lock_downgrade+0x900/0x900 [ 2370.232786] ? check_preemption_disabled+0x48/0x280 [ 2370.237787] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2370.242701] ? kasan_check_read+0x11/0x20 [ 2370.246834] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2370.252097] ? rcu_softirq_qs+0x20/0x20 [ 2370.256059] ? trace_hardirqs_off_caller+0x310/0x310 [ 2370.261151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2370.266674] ? sync_mm_rss+0x9a/0x1c0 [ 2370.270460] handle_mm_fault+0x54f/0xc70 [ 2370.274508] ? __handle_mm_fault+0x5be0/0x5be0 [ 2370.279080] ? find_vma+0x34/0x190 [ 2370.282621] __do_page_fault+0x5e8/0xe60 [ 2370.286667] ? trace_hardirqs_off+0xb8/0x310 [ 2370.291060] ? kernel_write+0x120/0x120 [ 2370.295075] do_page_fault+0xf2/0x7e0 [ 2370.298879] ? vmalloc_sync_all+0x30/0x30 [ 2370.303016] ? error_entry+0x70/0xd0 [ 2370.306713] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2370.311712] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2370.316631] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2370.321543] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2370.326376] ? trace_hardirqs_on_caller+0x310/0x310 [ 2370.331389] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2370.336828] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2370.341827] ? page_fault+0x8/0x30 [ 2370.345356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2370.350183] ? page_fault+0x8/0x30 [ 2370.353709] page_fault+0x1e/0x30 [ 2370.357148] RIP: 0033:0x7f5b991d81fd [ 2370.360856] Code: Bad RIP value. [ 2370.364246] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2370.369595] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2370.376866] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2370.384123] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2370.391376] R10: 6b205d3037363335 R11: 0000000000000293 R12: 000000000065e420 [ 2370.398631] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2370.406327] Mem-Info: [ 2370.408783] active_anon:118014 inactive_anon:216 isolated_anon:0 [ 2370.408783] active_file:14 inactive_file:14 isolated_file:0 [ 2370.408783] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2370.408783] slab_reclaimable:12276 slab_unreclaimable:115103 [ 2370.408783] mapped:49168 shmem:392 pagetables:1819 bounce:0 [ 2370.408783] free:15866 free_pcp:273 free_cma:0 [ 2370.413276] syz-executor4: vmalloc: allocation failure, allocated 4247552 of 369102848 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2370.441945] Node 0 active_anon:472056kB inactive_anon:864kB active_file:56kB inactive_file:56kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 120832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2370.441953] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2370.441999] lowmem_reserve[]: 0 2818 6321 6321 [ 2370.456078] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2370.483050] Node 0 DMA32 free:29024kB min:30052kB low:37564kB high:45076kB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:500kB local_pcp:248kB free_cma:0kB [ 2370.483089] lowmem_reserve[]: 0 0 3503 3503 [ 2370.483110] Node 0 Normal free:18532kB min:37364kB low:46704kB high:56044kB active_anon:472012kB inactive_anon:864kB active_file:56kB inactive_file:56kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8416kB pagetables:7276kB bounce:0kB free_pcp:592kB local_pcp:244kB free_cma:0kB [ 2370.483153] lowmem_reserve[]: 0 0 0 0 [ 2370.515820] CPU: 1 PID: 25846 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2370.519047] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2370.546626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2370.546633] Call Trace: [ 2370.546661] dump_stack+0x244/0x39d [ 2370.546684] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2370.546716] warn_alloc.cold.116+0xb7/0x1bd [ 2370.551011] Node 0 DMA32: 10*4kB (UM) 11*8kB (UME) 10*16kB (UM) 4*32kB (ME) 7*64kB (UME) 4*128kB (ME) 4*256kB (UME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 29024kB [ 2370.579900] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2370.579920] ? __lock_is_held+0xb5/0x140 [ 2370.579956] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2370.586371] Node 0 Normal: 366*4kB (UME) 941*8kB (UME) 563*16kB (UM) 23*32kB (UM) 0*64kB 2*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19248kB [ 2370.591155] __vmalloc_node_range+0x522/0x750 [ 2370.604796] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2370.614030] ? vb2_vmalloc_alloc+0x123/0x380 [ 2370.614050] vmalloc_user+0x75/0x170 [ 2370.614071] ? vb2_vmalloc_alloc+0x123/0x380 [ 2370.616651] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2370.620269] vb2_vmalloc_alloc+0x123/0x380 [ 2370.625551] 421 total pagecache pages [ 2370.629772] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2370.646163] 0 pages in swap cache [ 2370.650897] ? mutex_destroy+0x200/0x200 [ 2370.654973] Swap cache stats: add 0, delete 0, find 0/0 [ 2370.660474] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2370.674785] Free swap = 0kB [ 2370.679163] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2370.688131] Total swap = 0kB [ 2370.692503] __vb2_queue_alloc+0x5e1/0xfa0 [ 2370.692545] ? vimc_cap_get_format+0x120/0x120 [ 2370.692561] vb2_core_create_bufs+0x401/0x8c0 [ 2370.692596] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2370.696335] 1965979 pages RAM [ 2370.700712] ? debug_smp_processor_id+0x1c/0x20 [ 2370.709297] 0 pages HighMem/MovableOnly [ 2370.713519] ? perf_trace_lock+0x14d/0x7a0 [ 2370.713538] ? __save_stack_trace+0x8d/0xf0 [ 2370.713591] vb2_create_bufs+0x4b6/0x8f0 [ 2370.717412] 342853 pages reserved [ 2370.722476] ? v4l2_ioctl+0x154/0x1b0 [ 2370.722501] ? vb2_request_queue+0x120/0x120 [ 2370.722527] ? find_held_lock+0x36/0x1c0 [ 2370.725962] 0 pages cma reserved [ 2370.730026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2370.735506] Out of memory: Kill process 14371 (syz-executor4) score 1005 or sacrifice child [ 2370.739731] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2370.742931] Killed process 14371 (syz-executor4) total-vm:70472kB, anon-rss:2212kB, file-rss:32768kB, shmem-rss:0kB [ 2370.747841] v4l_create_bufs+0x152/0x230 [ 2370.845126] __video_do_ioctl+0x8b1/0x1050 [ 2370.849386] ? v4l_s_fmt+0x990/0x990 [ 2370.853130] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2370.858704] video_usercopy+0x5c1/0x1760 [ 2370.862780] ? v4l_s_fmt+0x990/0x990 [ 2370.866534] ? v4l_enumstd+0x70/0x70 [ 2370.870273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2370.875848] ? find_held_lock+0x36/0x1c0 [ 2370.879930] ? __fget+0x4aa/0x740 [ 2370.883398] ? lock_downgrade+0x900/0x900 [ 2370.887558] ? check_preemption_disabled+0x48/0x280 [ 2370.892613] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2370.897562] ? kasan_check_read+0x11/0x20 [ 2370.901734] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2370.907022] ? rcu_softirq_qs+0x20/0x20 [ 2370.911023] ? __fget+0x4d1/0x740 [ 2370.914495] ? ksys_dup3+0x680/0x680 [ 2370.918238] ? __might_fault+0x12b/0x1e0 [ 2370.922315] ? video_usercopy+0x1760/0x1760 [ 2370.926646] video_ioctl2+0x2c/0x33 [ 2370.930287] v4l2_ioctl+0x154/0x1b0 [ 2370.933927] ? video_devdata+0xa0/0xa0 [ 2370.937830] do_vfs_ioctl+0x1de/0x1790 [ 2370.941743] ? ioctl_preallocate+0x300/0x300 [ 2370.946168] ? __fget_light+0x2e9/0x430 [ 2370.950155] ? fget_raw+0x20/0x20 [ 2370.953624] ? _copy_to_user+0xc8/0x110 [ 2370.957620] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2370.963171] ? put_timespec64+0x10f/0x1b0 [ 2370.967332] ? nsecs_to_jiffies+0x30/0x30 [ 2370.971497] ? do_syscall_64+0x9a/0x820 [ 2370.975533] ? do_syscall_64+0x9a/0x820 [ 2370.979542] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2370.984158] ? security_file_ioctl+0x94/0xc0 [ 2370.988595] ksys_ioctl+0xa9/0xd0 [ 2370.992075] __x64_sys_ioctl+0x73/0xb0 [ 2370.995987] do_syscall_64+0x1b9/0x820 [ 2370.999892] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2371.005272] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2371.010214] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2371.015075] ? trace_hardirqs_on_caller+0x310/0x310 [ 2371.020116] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2371.025150] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2371.030185] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2371.035049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2371.040253] RIP: 0033:0x457669 [ 2371.043499] Code: Bad RIP value. [ 2371.046871] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2371.054598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2371.061880] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2371.069155] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2371.076461] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2371.083750] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2371.092647] oom_reaper: reaped process 14371 (syz-executor4), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 2371.120352] syz-fuzzer invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2371.128186] Mem-Info: [ 2371.131911] syz-fuzzer cpuset=/ mems_allowed=0 [ 2371.134468] active_anon:117474 inactive_anon:216 isolated_anon:0 [ 2371.134468] active_file:14 inactive_file:14 isolated_file:0 [ 2371.134468] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2371.134468] slab_reclaimable:12276 slab_unreclaimable:114800 [ 2371.134468] mapped:49168 shmem:392 pagetables:1818 bounce:0 [ 2371.134468] free:16701 free_pcp:0 free_cma:0 [ 2371.138868] CPU: 1 PID: 6040 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #379 [ 2371.178736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2371.186878] Node 0 active_anon:469896kB inactive_anon:864kB active_file:56kB inactive_file:56kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 118784kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2371.188097] Call Trace: [ 2371.218318] dump_stack+0x244/0x39d [ 2371.222004] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2371.227215] ? mark_held_locks+0x130/0x130 [ 2371.230224] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2371.231469] ? mark_held_locks+0x130/0x130 [ 2371.261819] dump_header+0x27b/0xf72 [ 2371.265558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2371.271123] ? check_preemption_disabled+0x48/0x280 [ 2371.273337] lowmem_reserve[]: 0 2818 6321 6321 [ 2371.276150] ? pagefault_out_of_memory+0x197/0x197 [ 2371.280717] Node 0 DMA32 free:29024kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2371.285642] ? debug_smp_processor_id+0x1c/0x20 [ 2371.285660] ? perf_trace_lock+0x14d/0x7a0 [ 2371.285684] ? lock_is_held_type+0x210/0x210 [ 2371.285709] ? debug_smp_processor_id+0x1c/0x20 [ 2371.285729] ? perf_trace_lock+0x14d/0x7a0 [ 2371.327911] lowmem_reserve[]: 0 0 3503 3503 [ 2371.330896] ? zap_class+0x640/0x640 [ 2371.343150] ? print_usage_bug+0xc0/0xc0 [ 2371.347231] ? lock_is_held_type+0x210/0x210 [ 2371.351652] ? perf_trace_lock+0x14d/0x7a0 [ 2371.352538] Node 0 Normal free:21872kB min:37364kB low:46704kB high:56044kB active_anon:469852kB inactive_anon:864kB active_file:56kB inactive_file:56kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8416kB pagetables:7272kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2371.355901] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2371.389965] ? find_held_lock+0x36/0x1c0 [ 2371.394065] ? mark_held_locks+0xc7/0x130 [ 2371.398239] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2371.403136] lowmem_reserve[]: 0 0 0 0 [ 2371.403397] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2371.407201] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2371.412299] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2371.412320] ? trace_hardirqs_on+0xbd/0x310 [ 2371.412338] ? kasan_check_read+0x11/0x20 [ 2371.412354] ? ___ratelimit+0x3b4/0x672 [ 2371.412372] ? trace_hardirqs_off_caller+0x310/0x310 [ 2371.412390] ? trace_hardirqs_on+0x310/0x310 [ 2371.412410] ? lock_downgrade+0x900/0x900 [ 2371.440155] Node 0 DMA32: 11*4kB (UM) 11*8kB (UME) 9*16kB (UM) 6*32kB (UME) 8*64kB (UME) 5*128kB (UME) 3*256kB (ME) 5*512kB (UME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 29524kB [ 2371.442936] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2371.442953] ? ___ratelimit+0x3b9/0x672 [ 2371.442971] ? idr_get_free+0xf70/0xf70 [ 2371.442991] ? lock_is_held_type+0x210/0x210 [ 2371.448082] Node 0 Normal: 455*4kB (UME) 977*8kB (UME) 570*16kB (UM) 28*32kB (UM) 2*64kB (U) 2*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 22340kB [ 2371.452519] oom_kill_process.cold.27+0x10/0x903 [ 2371.452537] ? zap_class+0x640/0x640 [ 2371.452555] ? check_preemption_disabled+0x48/0x280 [ 2371.452586] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2371.452601] ? kasan_check_read+0x11/0x20 [ 2371.452622] ? oom_evaluate_task+0x540/0x540 [ 2371.452642] ? find_held_lock+0x36/0x1c0 [ 2371.452665] ? out_of_memory+0x974/0x1430 [ 2371.470405] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2371.473180] ? lock_downgrade+0x900/0x900 [ 2371.473197] ? check_preemption_disabled+0x48/0x280 [ 2371.473216] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2371.473231] ? kasan_check_read+0x11/0x20 [ 2371.473247] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2371.473261] ? rcu_softirq_qs+0x20/0x20 [ 2371.473280] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2371.473298] ? oom_evaluate_task+0x302/0x540 [ 2371.491697] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2371.505644] out_of_memory+0xa84/0x1430 [ 2371.505670] ? oom_killer_disable+0x3a0/0x3a0 [ 2371.505688] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2371.505711] ? __ww_mutex_check_waiters+0x160/0x160 [ 2371.505737] __alloc_pages_slowpath+0x232c/0x2de0 [ 2371.505784] ? warn_alloc+0x120/0x120 [ 2371.525184] 421 total pagecache pages [ 2371.528314] ? mark_held_locks+0x130/0x130 [ 2371.541328] 0 pages in swap cache [ 2371.549758] ? find_get_entry+0xaae/0x1120 [ 2371.549784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2371.549801] ? check_preemption_disabled+0x48/0x280 [ 2371.549816] ? filemap_map_pages+0x1a20/0x1a20 [ 2371.549838] ? debug_smp_processor_id+0x1c/0x20 [ 2371.549854] ? perf_trace_lock+0x14d/0x7a0 [ 2371.549882] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2371.549898] ? should_fail+0x22d/0xd01 [ 2371.549919] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2371.549937] ? zap_class+0x640/0x640 [ 2371.566457] Swap cache stats: add 0, delete 0, find 0/0 [ 2371.568174] ? __lock_is_held+0xb5/0x140 [ 2371.580030] Free swap = 0kB [ 2371.582957] ? mark_held_locks+0x130/0x130 [ 2371.582977] ? lock_release+0xa00/0xa00 [ 2371.583019] ? perf_trace_sched_process_exec+0x860/0x860 [ 2371.583038] ? xa_load+0x2ba/0x460 [ 2371.583056] ? lock_downgrade+0x900/0x900 [ 2371.583099] ? __might_sleep+0x95/0x190 [ 2371.598019] Total swap = 0kB [ 2371.600119] __alloc_pages_nodemask+0xad8/0xea0 [ 2371.607234] 1965979 pages RAM [ 2371.609530] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2371.614563] 0 pages HighMem/MovableOnly [ 2371.619373] ? __page_cache_alloc+0x191/0x5c0 [ 2371.635505] 342853 pages reserved [ 2371.638856] ? xa_load+0x2e1/0x460 [ 2371.650699] 0 pages cma reserved [ 2371.653951] ? xa_clear_mark+0x40/0x40 [ 2371.653972] ? zap_class+0x640/0x640 [ 2371.653997] ? zap_class+0x640/0x640 [ 2371.654031] ? zap_class+0x640/0x640 [ 2371.768351] ? __do_page_cache_readahead+0x663/0x810 [ 2371.773476] ? find_held_lock+0x36/0x1c0 [ 2371.777554] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2371.783129] alloc_pages_current+0x173/0x350 [ 2371.787559] __page_cache_alloc+0x38c/0x5c0 [ 2371.791907] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2371.796850] ? kasan_check_read+0x11/0x20 [ 2371.801011] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2371.806306] ? generic_perform_write+0x6a0/0x6a0 [ 2371.811077] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2371.816635] ? check_preemption_disabled+0x48/0x280 [ 2371.821672] filemap_fault+0x1595/0x25f0 [ 2371.825756] ? __lock_page_or_retry+0xa00/0xa00 [ 2371.830445] ? mark_held_locks+0x130/0x130 [ 2371.834700] ? filemap_map_pages+0xd6b/0x1a20 [ 2371.839223] ? lock_downgrade+0x900/0x900 [ 2371.843380] ? check_preemption_disabled+0x48/0x280 [ 2371.848408] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2371.853347] ? kasan_check_read+0x11/0x20 [ 2371.857503] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2371.862824] ? rcu_softirq_qs+0x20/0x20 [ 2371.866825] ? filemap_map_pages+0xd92/0x1a20 [ 2371.871432] ? find_get_entries_tag+0x1400/0x1400 [ 2371.876289] ? debug_object_destroy+0x2b0/0x2b0 [ 2371.881002] ? lock_pi_update_atomic+0x150/0x150 [ 2371.885771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2371.891334] ? lock_acquire+0x1ed/0x520 [ 2371.895321] ? ext4_filemap_fault+0x7a/0xad [ 2371.899659] ? lock_release+0xa00/0xa00 [ 2371.903637] ? perf_trace_sched_process_exec+0x860/0x860 [ 2371.909108] ? print_usage_bug+0xc0/0xc0 [ 2371.913222] ? print_usage_bug+0xc0/0xc0 [ 2371.917339] ? down_read+0x8d/0x120 [ 2371.920965] ? ext4_filemap_fault+0x7a/0xad [ 2371.925298] ? __down_interruptible+0x700/0x700 [ 2371.929982] ext4_filemap_fault+0x82/0xad [ 2371.934138] __do_fault+0x100/0x6b0 [ 2371.937772] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2371.942898] ? mark_held_locks+0x130/0x130 [ 2371.947136] ? mark_held_locks+0x130/0x130 [ 2371.951380] ? debug_smp_processor_id+0x1c/0x20 [ 2371.956055] ? perf_trace_lock+0x14d/0x7a0 [ 2371.960306] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2371.965852] __handle_mm_fault+0x3ea6/0x5be0 [ 2371.970276] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2371.975127] ? lock_is_held_type+0x210/0x210 [ 2371.979560] ? zap_class+0x640/0x640 [ 2371.983292] ? zap_class+0x640/0x640 [ 2371.987034] ? __x64_sys_futex+0x53e/0x6a0 [ 2371.991291] ? find_held_lock+0x36/0x1c0 [ 2371.995365] ? handle_mm_fault+0x42a/0xc70 [ 2371.999609] ? lock_downgrade+0x900/0x900 [ 2372.003768] ? check_preemption_disabled+0x48/0x280 [ 2372.008794] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2372.013726] ? kasan_check_read+0x11/0x20 [ 2372.017879] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2372.023161] ? rcu_softirq_qs+0x20/0x20 [ 2372.027138] ? trace_hardirqs_off_caller+0x310/0x310 [ 2372.032251] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2372.037791] ? check_preemption_disabled+0x48/0x280 [ 2372.042829] handle_mm_fault+0x54f/0xc70 [ 2372.046899] ? __handle_mm_fault+0x5be0/0x5be0 [ 2372.051489] ? find_vma+0x34/0x190 [ 2372.055044] __do_page_fault+0x5e8/0xe60 [ 2372.059152] ? trace_hardirqs_off+0xb8/0x310 [ 2372.063584] do_page_fault+0xf2/0x7e0 [ 2372.067399] ? vmalloc_sync_all+0x30/0x30 [ 2372.071549] ? error_entry+0x70/0xd0 [ 2372.075272] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2372.080280] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2372.085215] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2372.090145] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2372.095010] ? trace_hardirqs_on_caller+0x310/0x310 [ 2372.100027] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2372.105485] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2372.110505] ? page_fault+0x8/0x30 [ 2372.114055] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2372.118906] ? page_fault+0x8/0x30 [ 2372.122451] page_fault+0x1e/0x30 [ 2372.125905] RIP: 0033:0x45ddf3 [ 2372.129113] Code: Bad RIP value. [ 2372.132477] RSP: 002b:000000c42001eea0 EFLAGS: 00010206 [ 2372.137851] RAX: ffffffffffffff92 RBX: 000000000fa7b7b2 RCX: 000000000045ddf3 [ 2372.145121] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001585d20 [ 2372.152405] RBP: 000000c42001eee8 R08: 0000000000000000 R09: 0000000000000000 [ 2372.159676] R10: 000000c42001eed8 R11: 0000000000000206 R12: 0000000000000001 [ 2372.167120] R13: 0000000000000020 R14: 0000000000000013 R15: 000000c43218d058 [ 2372.203929] Mem-Info: [ 2372.206430] active_anon:116936 inactive_anon:216 isolated_anon:0 [ 2372.206430] active_file:14 inactive_file:14 isolated_file:0 [ 2372.206430] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2372.206430] slab_reclaimable:12271 slab_unreclaimable:114782 [ 2372.206430] mapped:49168 shmem:392 pagetables:1817 bounce:0 [ 2372.206430] free:18269 free_pcp:459 free_cma:0 [ 2372.250447] Node 0 active_anon:467744kB inactive_anon:864kB active_file:56kB inactive_file:56kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 116736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2372.283287] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2372.317411] lowmem_reserve[]: 0 2818 6321 6321 [ 2372.322153] Node 0 DMA32 free:33024kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1328kB local_pcp:1328kB free_cma:0kB [ 2372.356625] lowmem_reserve[]: 0 0 3503 3503 [ 2372.360981] Node 0 Normal free:24144kB min:37364kB low:46704kB high:56044kB active_anon:467704kB inactive_anon:864kB active_file:56kB inactive_file:56kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8320kB pagetables:7268kB bounce:0kB free_pcp:640kB local_pcp:264kB free_cma:0kB [ 2372.396493] lowmem_reserve[]: 0 0 0 0 [ 2372.400331] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2372.419395] Node 0 DMA32: 11*4kB (UM) 12*8kB (UME) 9*16kB (UM) 6*32kB (UME) 9*64kB (UME) 6*128kB (UME) 4*256kB (UME) 7*512kB (UME) 6*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 33052kB [ 2372.443874] Node 0 Normal: 392*4kB (UME) 978*8kB (UME) 570*16kB (UM) 31*32kB (UM) 2*64kB (U) 2*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 2*2048kB (M) 0*4096kB = 24240kB [ 2372.458946] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2372.471235] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2372.479856] 421 total pagecache pages [ 2372.490015] 0 pages in swap cache [ 2372.493522] Swap cache stats: add 0, delete 0, find 0/0 [ 2372.498899] Free swap = 0kB [ 2372.502469] Total swap = 0kB [ 2372.505505] 1965979 pages RAM [ 2372.508638] 0 pages HighMem/MovableOnly [ 2372.512667] 342853 pages reserved [ 2372.516138] 0 pages cma reserved [ 2372.519525] Out of memory: Kill process 14638 (syz-executor4) score 1005 or sacrifice child [ 2372.534774] Killed process 14638 (syz-executor4) total-vm:70472kB, anon-rss:2212kB, file-rss:32768kB, shmem-rss:0kB [ 2372.546705] oom_reaper: reaped process 14638 (syz-executor4), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 2372.563385] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2372.577851] rsyslogd cpuset=/ mems_allowed=0 [ 2372.586044] CPU: 0 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2372.592899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2372.602276] Call Trace: [ 2372.604899] dump_stack+0x244/0x39d [ 2372.608547] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2372.613762] ? mark_held_locks+0x130/0x130 [ 2372.618013] ? mark_held_locks+0x130/0x130 [ 2372.622262] dump_header+0x27b/0xf72 [ 2372.625993] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2372.631541] ? check_preemption_disabled+0x48/0x280 [ 2372.636584] ? pagefault_out_of_memory+0x197/0x197 [ 2372.641539] ? debug_smp_processor_id+0x1c/0x20 [ 2372.646222] ? perf_trace_lock+0x14d/0x7a0 [ 2372.650468] ? lock_is_held_type+0x210/0x210 [ 2372.654904] ? debug_smp_processor_id+0x1c/0x20 [ 2372.659579] ? perf_trace_lock+0x14d/0x7a0 [ 2372.663825] ? zap_class+0x640/0x640 [ 2372.667560] ? print_usage_bug+0xc0/0xc0 [ 2372.671648] ? lock_is_held_type+0x210/0x210 [ 2372.676058] ? perf_trace_lock+0x14d/0x7a0 [ 2372.680305] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2372.685853] ? find_held_lock+0x36/0x1c0 [ 2372.689925] ? mark_held_locks+0xc7/0x130 [ 2372.694082] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2372.699185] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2372.704296] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2372.708883] ? trace_hardirqs_on+0xbd/0x310 [ 2372.713210] ? kasan_check_read+0x11/0x20 [ 2372.717363] ? ___ratelimit+0x3b4/0x672 [ 2372.721338] ? trace_hardirqs_off_caller+0x310/0x310 [ 2372.726445] ? trace_hardirqs_on+0x310/0x310 [ 2372.730857] ? lock_downgrade+0x900/0x900 [ 2372.735031] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2372.740135] ? ___ratelimit+0x3b9/0x672 [ 2372.744116] ? idr_get_free+0xf70/0xf70 [ 2372.748098] ? lock_is_held_type+0x210/0x210 [ 2372.752543] oom_kill_process.cold.27+0x10/0x903 [ 2372.757328] ? zap_class+0x640/0x640 [ 2372.761049] ? check_preemption_disabled+0x48/0x280 [ 2372.766086] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2372.771020] ? kasan_check_read+0x11/0x20 [ 2372.775203] ? oom_evaluate_task+0x540/0x540 [ 2372.779622] ? find_held_lock+0x36/0x1c0 [ 2372.783733] ? out_of_memory+0x974/0x1430 [ 2372.787886] ? lock_downgrade+0x900/0x900 [ 2372.792039] ? check_preemption_disabled+0x48/0x280 [ 2372.797078] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2372.802022] ? kasan_check_read+0x11/0x20 [ 2372.806170] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2372.811459] ? rcu_softirq_qs+0x20/0x20 [ 2372.815443] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2372.820989] ? oom_evaluate_task+0x302/0x540 [ 2372.825409] out_of_memory+0xa84/0x1430 [ 2372.829407] ? oom_killer_disable+0x3a0/0x3a0 [ 2372.833907] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2372.838848] ? __ww_mutex_check_waiters+0x160/0x160 [ 2372.843878] __alloc_pages_slowpath+0x232c/0x2de0 [ 2372.848754] ? warn_alloc+0x120/0x120 [ 2372.852561] ? mark_held_locks+0x130/0x130 [ 2372.856820] ? find_get_entry+0xaae/0x1120 [ 2372.861067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2372.866627] ? check_preemption_disabled+0x48/0x280 [ 2372.871659] ? filemap_map_pages+0x1a20/0x1a20 [ 2372.876249] ? debug_smp_processor_id+0x1c/0x20 [ 2372.880924] ? perf_trace_lock+0x14d/0x7a0 [ 2372.885183] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2372.890723] ? should_fail+0x22d/0xd01 [ 2372.894627] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2372.899738] ? zap_class+0x640/0x640 [ 2372.903481] ? __lock_is_held+0xb5/0x140 [ 2372.907556] ? mark_held_locks+0x130/0x130 [ 2372.911816] ? lock_release+0xa00/0xa00 [ 2372.915796] ? perf_trace_sched_process_exec+0x860/0x860 [ 2372.921260] ? xa_load+0x2ba/0x460 [ 2372.924804] ? lock_downgrade+0x900/0x900 [ 2372.928960] ? __might_sleep+0x95/0x190 [ 2372.932949] __alloc_pages_nodemask+0xad8/0xea0 [ 2372.937638] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2372.942659] ? __page_cache_alloc+0x191/0x5c0 [ 2372.947155] ? xa_load+0x2e1/0x460 [ 2372.950699] ? xa_clear_mark+0x40/0x40 [ 2372.954631] ? zap_class+0x640/0x640 [ 2372.958371] ? zap_class+0x640/0x640 [ 2372.962086] ? zap_class+0x640/0x640 [ 2372.965803] ? __do_page_cache_readahead+0x663/0x810 [ 2372.970922] ? find_held_lock+0x36/0x1c0 [ 2372.975011] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2372.980559] alloc_pages_current+0x173/0x350 [ 2372.985022] __page_cache_alloc+0x38c/0x5c0 [ 2372.989345] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2372.994277] ? kasan_check_read+0x11/0x20 [ 2372.998430] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2373.003716] ? generic_perform_write+0x6a0/0x6a0 [ 2373.008518] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2373.014107] ? check_preemption_disabled+0x48/0x280 [ 2373.019159] filemap_fault+0x1595/0x25f0 [ 2373.023248] ? __lock_page_or_retry+0xa00/0xa00 [ 2373.027920] ? mark_held_locks+0x130/0x130 [ 2373.032169] ? filemap_map_pages+0xd6b/0x1a20 [ 2373.036670] ? lock_downgrade+0x900/0x900 [ 2373.040820] ? check_preemption_disabled+0x48/0x280 [ 2373.045841] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2373.050776] ? kasan_check_read+0x11/0x20 [ 2373.054925] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2373.060206] ? rcu_softirq_qs+0x20/0x20 [ 2373.064197] ? filemap_map_pages+0xd92/0x1a20 [ 2373.068711] ? find_get_entries_tag+0x1400/0x1400 [ 2373.073580] ? __kernel_text_address+0xd/0x40 [ 2373.078102] ? unwind_get_return_address+0x61/0xa0 [ 2373.083055] ? lock_acquire+0x1ed/0x520 [ 2373.087030] ? ext4_filemap_fault+0x7a/0xad [ 2373.091366] ? lock_release+0xa00/0xa00 [ 2373.095346] ? perf_trace_sched_process_exec+0x860/0x860 [ 2373.100798] ? print_usage_bug+0xc0/0xc0 [ 2373.104865] ? print_usage_bug+0xc0/0xc0 [ 2373.108927] ? __x64_sys_read+0x73/0xb0 [ 2373.112904] ? print_usage_bug+0xc0/0xc0 [ 2373.116996] ? down_read+0x8d/0x120 [ 2373.120627] ? ext4_filemap_fault+0x7a/0xad [ 2373.124955] ? __down_interruptible+0x700/0x700 [ 2373.129649] ext4_filemap_fault+0x82/0xad [ 2373.133809] __do_fault+0x100/0x6b0 [ 2373.137442] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2373.142552] ? mark_held_locks+0x130/0x130 [ 2373.146815] ? mark_held_locks+0x130/0x130 [ 2373.151054] ? lock_is_held_type+0x210/0x210 [ 2373.155481] ? do_syslog+0x147b/0x1690 [ 2373.159376] ? do_syslog+0x309/0x1690 [ 2373.163183] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2373.168734] __handle_mm_fault+0x3ea6/0x5be0 [ 2373.173155] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2373.178001] ? lock_is_held_type+0x210/0x210 [ 2373.182411] ? find_held_lock+0x36/0x1c0 [ 2373.186510] ? zap_class+0x640/0x640 [ 2373.190243] ? zap_class+0x640/0x640 [ 2373.193976] ? find_held_lock+0x36/0x1c0 [ 2373.198074] ? handle_mm_fault+0x42a/0xc70 [ 2373.202314] ? lock_downgrade+0x900/0x900 [ 2373.206470] ? check_preemption_disabled+0x48/0x280 [ 2373.211663] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2373.216618] ? kasan_check_read+0x11/0x20 [ 2373.220773] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2373.226056] ? rcu_softirq_qs+0x20/0x20 [ 2373.230044] ? trace_hardirqs_off_caller+0x310/0x310 [ 2373.235155] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.240696] ? sync_mm_rss+0x9a/0x1c0 [ 2373.244505] handle_mm_fault+0x54f/0xc70 [ 2373.248582] ? __handle_mm_fault+0x5be0/0x5be0 [ 2373.253208] ? find_vma+0x34/0x190 [ 2373.256762] __do_page_fault+0x5e8/0xe60 [ 2373.260830] ? trace_hardirqs_off+0xb8/0x310 [ 2373.265239] ? kernel_write+0x120/0x120 [ 2373.269269] do_page_fault+0xf2/0x7e0 [ 2373.273075] ? vmalloc_sync_all+0x30/0x30 [ 2373.277245] ? error_entry+0x70/0xd0 [ 2373.280976] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2373.285994] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2373.290931] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2373.295866] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2373.300712] ? trace_hardirqs_on_caller+0x310/0x310 [ 2373.305738] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2373.311199] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2373.316246] ? page_fault+0x8/0x30 [ 2373.319789] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2373.324639] ? page_fault+0x8/0x30 [ 2373.328208] page_fault+0x1e/0x30 [ 2373.331664] RIP: 0033:0x7f5b991d81fd [ 2373.335403] Code: Bad RIP value. [ 2373.338763] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2373.344129] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2373.351398] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2373.358670] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2373.365940] R10: 6b205d3037363335 R11: 0000000000000293 R12: 000000000065e420 [ 2373.373222] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2373.387773] Mem-Info: [ 2373.390271] active_anon:116390 inactive_anon:216 isolated_anon:0 [ 2373.390271] active_file:12 inactive_file:15 isolated_file:0 [ 2373.390271] unevictable:1 dirty:0 writeback:0 unstable:0 [ 2373.390271] slab_reclaimable:12271 slab_unreclaimable:114757 [ 2373.390271] mapped:49168 shmem:392 pagetables:1756 bounce:0 [ 2373.390271] free:19055 free_pcp:770 free_cma:0 [ 2373.425993] Node 0 active_anon:465560kB inactive_anon:864kB active_file:48kB inactive_file:60kB unevictable:4kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 116736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2373.455133] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2373.483089] lowmem_reserve[]: 0 2818 6321 6321 [ 2373.489343] Node 0 DMA32 free:33024kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1328kB local_pcp:0kB free_cma:0kB [ 2373.519632] lowmem_reserve[]: 0 0 3503 3503 [ 2373.529121] Node 0 Normal free:173328kB min:37364kB low:46704kB high:56044kB active_anon:465520kB inactive_anon:864kB active_file:48kB inactive_file:2060kB unevictable:4kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8288kB pagetables:7024kB bounce:0kB free_pcp:1772kB local_pcp:512kB free_cma:0kB [ 2373.560976] lowmem_reserve[]: 0 0 0 0 [ 2373.566110] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2373.586694] Node 0 DMA32: 11*4kB (UM) 12*8kB (UME) 9*16kB (UM) 6*32kB (UME) 9*64kB (UME) 6*128kB (UME) 4*256kB (UME) 7*512kB (UME) 6*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 33052kB [ 2373.605519] Node 0 Normal: 12448*4kB (UME) 8715*8kB (UME) 1808*16kB (UM) 2084*32kB (UM) 653*64kB (U) 3*128kB (U) 2*256kB (U) 0*512kB 0*1024kB 3*2048kB (M) 0*4096kB = 263960kB [ 2373.622718] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2373.631581] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2373.642407] 1289 total pagecache pages [ 2373.647399] 0 pages in swap cache [ 2373.650867] Swap cache stats: add 0, delete 0, find 0/0 [ 2373.656315] Free swap = 0kB [ 2373.659344] Total swap = 0kB [ 2373.662404] 1965979 pages RAM [ 2373.665510] 0 pages HighMem/MovableOnly [ 2373.669492] 342853 pages reserved [ 2373.674413] 0 pages cma reserved [ 2373.678884] Out of memory: Kill process 23911 (syz-executor4) score 1005 or sacrifice child [ 2373.690164] Killed process 23911 (syz-executor4) total-vm:70472kB, anon-rss:2212kB, file-rss:32768kB, shmem-rss:0kB 06:18:08 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x11Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:09 executing program 0: syz_open_dev$midi(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000540)="66660f3882811344bd85b87f7800000f23c80f21f8350000f0000f23f866ba2100b0faee0f01f70f20c035040000000f22c0360f00d6660f3801a7627a33460f234cb83e0000000f23d00f21f835100000020f23f866baa10066ed", 0x5b}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000380), 0x2) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) 06:18:12 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffeffffff]}}}) 06:18:12 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfffffe00}]) 06:18:12 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[$Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:12 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x48, 0xffffffffffffffff]}}}) 06:18:12 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:12 executing program 0: syz_open_dev$midi(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000540)="66660f3882811344bd85b87f7800000f23c80f21f8350000f0000f23f866ba2100b0faee0f01f70f20c035040000000f22c0360f00d6660f3801a7627a33460f234cb83e0000000f23d00f21f835100000020f23f866baa10066ed", 0x5b}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000380), 0x2) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) [ 2377.703397] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:12 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:12 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x5000000}]) [ 2377.866842] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:13 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfeffff}]) [ 2378.038896] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:13 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x2000000}]) [ 2378.211551] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2378.263808] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2382.506810] oom_reaper: reaped process 25914 (syz-executor4), now anon-rss:0kB, file-rss:32004kB, shmem-rss:0kB [ 2382.536827] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2382.548281] rsyslogd cpuset=/ mems_allowed=0 [ 2382.552768] CPU: 0 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2382.559627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2382.568987] Call Trace: [ 2382.571633] dump_stack+0x244/0x39d [ 2382.575281] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2382.580486] ? mark_held_locks+0x130/0x130 [ 2382.584799] ? mark_held_locks+0x130/0x130 [ 2382.589055] dump_header+0x27b/0xf72 [ 2382.592792] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.598345] ? check_preemption_disabled+0x48/0x280 [ 2382.603377] ? pagefault_out_of_memory+0x197/0x197 [ 2382.608317] ? debug_smp_processor_id+0x1c/0x20 [ 2382.612997] ? perf_trace_lock+0x14d/0x7a0 [ 2382.617244] ? mark_held_locks+0x130/0x130 [ 2382.621513] ? lock_is_held_type+0x210/0x210 [ 2382.625946] ? debug_smp_processor_id+0x1c/0x20 [ 2382.630648] ? perf_trace_lock+0x14d/0x7a0 [ 2382.634927] ? zap_class+0x640/0x640 [ 2382.638658] ? print_usage_bug+0xc0/0xc0 [ 2382.642732] ? lock_is_held_type+0x210/0x210 [ 2382.647165] ? perf_trace_lock+0x14d/0x7a0 [ 2382.651418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.656973] ? find_held_lock+0x36/0x1c0 [ 2382.661058] ? mark_held_locks+0xc7/0x130 [ 2382.665217] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2382.670328] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2382.675441] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2382.680048] ? trace_hardirqs_on+0xbd/0x310 [ 2382.684389] ? kasan_check_read+0x11/0x20 [ 2382.688526] ? ___ratelimit+0x3b4/0x672 [ 2382.691983] syz-executor4: vmalloc: allocation failure, allocated 898691072 of 4278194176 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2382.692498] ? trace_hardirqs_off_caller+0x310/0x310 [ 2382.706164] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2382.711205] ? trace_hardirqs_on+0x310/0x310 [ 2382.720719] ? lock_downgrade+0x900/0x900 [ 2382.724887] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2382.729997] ? ___ratelimit+0x3b9/0x672 [ 2382.733996] ? idr_get_free+0xf70/0xf70 [ 2382.738010] ? lock_is_held_type+0x210/0x210 [ 2382.742434] oom_kill_process.cold.27+0x10/0x903 [ 2382.747196] ? zap_class+0x640/0x640 [ 2382.750918] ? _raw_spin_unlock+0x2c/0x50 [ 2382.755086] ? oom_badness+0xe6/0xaa0 [ 2382.758904] ? oom_evaluate_task+0x540/0x540 [ 2382.763324] ? find_held_lock+0x36/0x1c0 [ 2382.767404] ? out_of_memory+0x974/0x1430 [ 2382.771557] ? lock_downgrade+0x900/0x900 [ 2382.775726] ? check_preemption_disabled+0x48/0x280 [ 2382.780754] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2382.785692] ? kasan_check_read+0x11/0x20 [ 2382.789844] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2382.795148] ? rcu_softirq_qs+0x20/0x20 [ 2382.799133] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2382.804154] ? oom_evaluate_task+0x302/0x540 [ 2382.808604] out_of_memory+0xa84/0x1430 [ 2382.812771] ? oom_killer_disable+0x3a0/0x3a0 [ 2382.817276] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2382.822216] ? __ww_mutex_check_waiters+0x160/0x160 [ 2382.827250] __alloc_pages_slowpath+0x232c/0x2de0 [ 2382.832129] ? warn_alloc+0x120/0x120 [ 2382.835934] ? mark_held_locks+0x130/0x130 [ 2382.840180] ? find_get_entry+0xaae/0x1120 [ 2382.844433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.849978] ? check_preemption_disabled+0x48/0x280 [ 2382.855046] ? filemap_map_pages+0x1a20/0x1a20 [ 2382.859653] ? debug_smp_processor_id+0x1c/0x20 [ 2382.864327] ? perf_trace_lock+0x14d/0x7a0 [ 2382.868586] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2382.874139] ? should_fail+0x22d/0xd01 [ 2382.878036] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2382.883151] ? zap_class+0x640/0x640 [ 2382.886900] ? __lock_is_held+0xb5/0x140 [ 2382.890975] ? mark_held_locks+0x130/0x130 [ 2382.895221] ? lock_release+0xa00/0xa00 [ 2382.899211] ? perf_trace_sched_process_exec+0x860/0x860 [ 2382.904669] ? xa_load+0x2ba/0x460 [ 2382.908221] ? lock_downgrade+0x900/0x900 [ 2382.912408] ? __might_sleep+0x95/0x190 [ 2382.916410] __alloc_pages_nodemask+0xad8/0xea0 [ 2382.921092] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2382.926121] ? __page_cache_alloc+0x191/0x5c0 [ 2382.930645] ? xa_load+0x2e1/0x460 [ 2382.934193] ? xa_clear_mark+0x40/0x40 [ 2382.938085] ? zap_class+0x640/0x640 [ 2382.941838] ? zap_class+0x640/0x640 [ 2382.945588] ? zap_class+0x640/0x640 [ 2382.949313] ? __do_page_cache_readahead+0x663/0x810 [ 2382.954441] ? find_held_lock+0x36/0x1c0 [ 2382.958514] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2382.964072] alloc_pages_current+0x173/0x350 [ 2382.968495] __page_cache_alloc+0x38c/0x5c0 [ 2382.972821] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2382.977752] ? kasan_check_read+0x11/0x20 [ 2382.981918] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2382.987209] ? generic_perform_write+0x6a0/0x6a0 [ 2382.991992] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2382.997587] ? check_preemption_disabled+0x48/0x280 [ 2383.002633] filemap_fault+0x1595/0x25f0 [ 2383.006715] ? __lock_page_or_retry+0xa00/0xa00 [ 2383.011390] ? mark_held_locks+0x130/0x130 [ 2383.015661] ? filemap_map_pages+0xd6b/0x1a20 [ 2383.020166] ? lock_downgrade+0x900/0x900 [ 2383.024319] ? check_preemption_disabled+0x48/0x280 [ 2383.029343] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2383.034277] ? kasan_check_read+0x11/0x20 [ 2383.038425] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2383.043707] ? rcu_softirq_qs+0x20/0x20 [ 2383.047726] ? filemap_map_pages+0xd92/0x1a20 [ 2383.052243] ? find_get_entries_tag+0x1400/0x1400 [ 2383.057091] ? __kernel_text_address+0xd/0x40 [ 2383.061622] ? unwind_get_return_address+0x61/0xa0 [ 2383.066589] ? lock_acquire+0x1ed/0x520 [ 2383.070587] ? ext4_filemap_fault+0x7a/0xad [ 2383.074930] ? lock_release+0xa00/0xa00 [ 2383.079370] ? perf_trace_sched_process_exec+0x860/0x860 [ 2383.084823] ? print_usage_bug+0xc0/0xc0 [ 2383.088893] ? print_usage_bug+0xc0/0xc0 [ 2383.092976] ? __x64_sys_read+0x73/0xb0 [ 2383.096953] ? print_usage_bug+0xc0/0xc0 [ 2383.101031] ? down_read+0x8d/0x120 [ 2383.104663] ? ext4_filemap_fault+0x7a/0xad [ 2383.108989] ? __down_interruptible+0x700/0x700 [ 2383.113677] ext4_filemap_fault+0x82/0xad [ 2383.117839] __do_fault+0x100/0x6b0 [ 2383.121499] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2383.126629] ? mark_held_locks+0x130/0x130 [ 2383.130875] ? mark_held_locks+0x130/0x130 [ 2383.135116] ? lock_is_held_type+0x210/0x210 [ 2383.139540] ? do_syslog+0x147b/0x1690 [ 2383.143479] ? do_syslog+0x309/0x1690 [ 2383.147300] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2383.152849] __handle_mm_fault+0x3ea6/0x5be0 [ 2383.157295] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2383.162148] ? lock_is_held_type+0x210/0x210 [ 2383.166586] ? find_held_lock+0x36/0x1c0 [ 2383.170680] ? zap_class+0x640/0x640 [ 2383.174402] ? zap_class+0x640/0x640 [ 2383.178133] ? find_held_lock+0x36/0x1c0 [ 2383.182212] ? handle_mm_fault+0x42a/0xc70 [ 2383.186467] ? lock_downgrade+0x900/0x900 [ 2383.190625] ? check_preemption_disabled+0x48/0x280 [ 2383.195652] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2383.200618] ? kasan_check_read+0x11/0x20 [ 2383.204775] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2383.210179] ? rcu_softirq_qs+0x20/0x20 [ 2383.214176] ? trace_hardirqs_off_caller+0x310/0x310 [ 2383.219289] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2383.224832] ? check_preemption_disabled+0x48/0x280 [ 2383.229865] handle_mm_fault+0x54f/0xc70 [ 2383.233956] ? __handle_mm_fault+0x5be0/0x5be0 [ 2383.238589] ? find_vma+0x34/0x190 [ 2383.242166] __do_page_fault+0x5e8/0xe60 [ 2383.246233] ? trace_hardirqs_off+0xb8/0x310 [ 2383.250642] ? kernel_write+0x120/0x120 [ 2383.254657] do_page_fault+0xf2/0x7e0 [ 2383.258463] ? vmalloc_sync_all+0x30/0x30 [ 2383.262629] ? error_entry+0x70/0xd0 [ 2383.266352] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2383.271371] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2383.276305] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2383.281241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.286095] ? trace_hardirqs_on_caller+0x310/0x310 [ 2383.291118] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2383.296624] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2383.301645] ? page_fault+0x8/0x30 [ 2383.305196] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.310056] ? page_fault+0x8/0x30 [ 2383.313635] page_fault+0x1e/0x30 [ 2383.317120] RIP: 0033:0x7f5b991d81fd [ 2383.320850] Code: Bad RIP value. [ 2383.324214] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2383.329587] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2383.336868] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2383.344137] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2383.351411] R10: 352e38373332205b R11: 0000000000000293 R12: 000000000065e420 [ 2383.358685] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2383.365988] CPU: 1 PID: 25914 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2383.373382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2383.375896] Mem-Info: [ 2383.382735] Call Trace: [ 2383.382762] dump_stack+0x244/0x39d [ 2383.382788] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2383.390249] active_anon:116405 inactive_anon:216 isolated_anon:0 [ 2383.390249] active_file:15 inactive_file:16 isolated_file:0 [ 2383.390249] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2383.390249] slab_reclaimable:12293 slab_unreclaimable:114097 [ 2383.390249] mapped:49168 shmem:392 pagetables:1743 bounce:0 [ 2383.390249] free:15910 free_pcp:164 free_cma:0 [ 2383.391425] warn_alloc.cold.116+0xb7/0x1bd [ 2383.396653] Node 0 active_anon:465620kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2383.429690] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2383.429710] ? __lock_is_held+0xb5/0x140 [ 2383.429771] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2383.434085] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2383.461658] __vmalloc_node_range+0x522/0x750 [ 2383.461687] ? vb2_vmalloc_alloc+0x123/0x380 [ 2383.466528] lowmem_reserve[]: 0 2818 6321 6321 [ 2383.470594] vmalloc_user+0x75/0x170 [ 2383.476140] Node 0 DMA32 free:29112kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:4kB free_cma:0kB [ 2383.502218] ? vb2_vmalloc_alloc+0x123/0x380 [ 2383.502235] vb2_vmalloc_alloc+0x123/0x380 [ 2383.502252] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2383.506729] lowmem_reserve[]: 0 0 3503 3503 [ 2383.511139] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2383.515722] Node 0 Normal free:18620kB min:37364kB low:46704kB high:56044kB active_anon:465576kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8352kB pagetables:6972kB bounce:0kB free_pcp:404kB local_pcp:144kB free_cma:0kB [ 2383.519410] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2383.546838] lowmem_reserve[]: 0 0 0 0 [ 2383.551221] __vb2_queue_alloc+0x5e1/0xfa0 [ 2383.555477] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2383.560584] ? vimc_cap_get_format+0x120/0x120 [ 2383.564949] Node 0 DMA32: 6*4kB (UM) 8*8kB (ME) 8*16kB (UM) 5*32kB (UME) 5*64kB (ME) 4*128kB (UME) 5*256kB (UME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 29112kB [ 2383.569250] vb2_core_create_bufs+0x401/0x8c0 [ 2383.598212] Node 0 Normal: 351*4kB (UME) 966*8kB (UME) 559*16kB (UME) 17*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18620kB [ 2383.603290] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2383.603312] ? debug_smp_processor_id+0x1c/0x20 [ 2383.603335] ? perf_trace_lock+0x14d/0x7a0 [ 2383.607130] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2383.611359] ? __save_stack_trace+0x8d/0xf0 [ 2383.624884] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2383.629452] vb2_create_bufs+0x4b6/0x8f0 [ 2383.645504] 423 total pagecache pages [ 2383.649969] ? v4l2_ioctl+0x154/0x1b0 [ 2383.663507] 0 pages in swap cache [ 2383.667876] ? vb2_request_queue+0x120/0x120 [ 2383.672550] Swap cache stats: add 0, delete 0, find 0/0 [ 2383.676755] ? find_held_lock+0x36/0x1c0 [ 2383.685608] Free swap = 0kB [ 2383.689898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.698470] Total swap = 0kB [ 2383.702506] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2383.702535] v4l_create_bufs+0x152/0x230 [ 2383.706315] 1965979 pages RAM [ 2383.710119] __video_do_ioctl+0x8b1/0x1050 [ 2383.713582] 0 pages HighMem/MovableOnly [ 2383.717959] ? v4l_s_fmt+0x990/0x990 [ 2383.723318] 342853 pages reserved [ 2383.727360] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2383.730349] 0 pages cma reserved [ 2383.735885] video_usercopy+0x5c1/0x1760 [ 2383.735904] ? v4l_s_fmt+0x990/0x990 [ 2383.735928] ? v4l_enumstd+0x70/0x70 [ 2383.738925] Out of memory: Kill process 13983 (syz-executor1) score 1005 or sacrifice child [ 2383.743535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.743562] ? find_held_lock+0x36/0x1c0 [ 2383.743614] ? __fget+0x4aa/0x740 [ 2383.747738] Killed process 13983 (syz-executor1) total-vm:70472kB, anon-rss:2216kB, file-rss:32768kB, shmem-rss:0kB [ 2383.750754] ? lock_downgrade+0x900/0x900 [ 2383.756419] oom_reaper: reaped process 13983 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 2383.758968] ? check_preemption_disabled+0x48/0x280 [ 2383.770284] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2383.771673] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2383.775054] rsyslogd cpuset=/ mems_allowed=0 [ 2383.779114] ? kasan_check_read+0x11/0x20 [ 2383.779147] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2383.867993] ? rcu_softirq_qs+0x20/0x20 [ 2383.872003] ? __fget+0x4d1/0x740 [ 2383.875469] ? ksys_dup3+0x680/0x680 [ 2383.879192] ? __might_fault+0x12b/0x1e0 [ 2383.883268] ? video_usercopy+0x1760/0x1760 [ 2383.887600] video_ioctl2+0x2c/0x33 [ 2383.891233] v4l2_ioctl+0x154/0x1b0 [ 2383.894865] ? video_devdata+0xa0/0xa0 [ 2383.898763] do_vfs_ioctl+0x1de/0x1790 [ 2383.902667] ? ioctl_preallocate+0x300/0x300 [ 2383.907085] ? __fget_light+0x2e9/0x430 [ 2383.911072] ? fget_raw+0x20/0x20 [ 2383.914659] ? _copy_to_user+0xc8/0x110 [ 2383.918645] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2383.924196] ? put_timespec64+0x10f/0x1b0 [ 2383.928352] ? nsecs_to_jiffies+0x30/0x30 [ 2383.932526] ? do_syscall_64+0x9a/0x820 [ 2383.936522] ? do_syscall_64+0x9a/0x820 [ 2383.940505] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2383.945106] ? security_file_ioctl+0x94/0xc0 [ 2383.949523] ksys_ioctl+0xa9/0xd0 [ 2383.952990] __x64_sys_ioctl+0x73/0xb0 [ 2383.956890] do_syscall_64+0x1b9/0x820 [ 2383.960782] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2383.966160] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2383.971130] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.976020] ? trace_hardirqs_on_caller+0x310/0x310 [ 2383.981047] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2383.986076] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2383.991147] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.996035] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2384.001244] RIP: 0033:0x457669 [ 2384.004463] Code: Bad RIP value. [ 2384.007831] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2384.015544] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2384.022826] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2384.030115] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2384.037402] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2384.044673] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2384.051975] CPU: 0 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2384.058820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2384.068186] Call Trace: [ 2384.070796] dump_stack+0x244/0x39d [ 2384.074443] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2384.079649] ? mark_held_locks+0x130/0x130 [ 2384.083897] ? mark_held_locks+0x130/0x130 [ 2384.083928] Mem-Info: [ 2384.088147] dump_header+0x27b/0xf72 [ 2384.090583] active_anon:115865 inactive_anon:216 isolated_anon:0 [ 2384.090583] active_file:15 inactive_file:16 isolated_file:0 [ 2384.090583] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2384.090583] slab_reclaimable:12290 slab_unreclaimable:114094 [ 2384.090583] mapped:49168 shmem:392 pagetables:1743 bounce:0 [ 2384.090583] free:16422 free_pcp:227 free_cma:0 [ 2384.094265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2384.094286] ? check_preemption_disabled+0x48/0x280 [ 2384.094305] ? pagefault_out_of_memory+0x197/0x197 [ 2384.094355] ? debug_smp_processor_id+0x1c/0x20 [ 2384.134245] Node 0 active_anon:463460kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2384.137947] ? perf_trace_lock+0x14d/0x7a0 [ 2384.142900] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2384.147530] ? mark_held_locks+0x130/0x130 [ 2384.181501] lowmem_reserve[]: 0 2818 6321 6321 [ 2384.205435] ? lock_is_held_type+0x210/0x210 [ 2384.205464] ? debug_smp_processor_id+0x1c/0x20 [ 2384.205479] ? perf_trace_lock+0x14d/0x7a0 [ 2384.205495] ? zap_class+0x640/0x640 [ 2384.205513] ? print_usage_bug+0xc0/0xc0 [ 2384.205529] ? lock_is_held_type+0x210/0x210 [ 2384.205543] ? perf_trace_lock+0x14d/0x7a0 [ 2384.205562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2384.205605] ? find_held_lock+0x36/0x1c0 [ 2384.217702] Node 0 DMA32 free:29112kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:248kB free_cma:0kB [ 2384.219278] ? mark_held_locks+0xc7/0x130 [ 2384.224081] lowmem_reserve[]: 0 0 3503 3503 [ 2384.228209] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2384.238297] Node 0 Normal free:20668kB min:37364kB low:46704kB high:56044kB active_anon:463416kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8320kB pagetables:6972kB bounce:0kB free_pcp:656kB local_pcp:380kB free_cma:0kB [ 2384.240454] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2384.244765] lowmem_reserve[]: 0 0 0 0 [ 2384.250215] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2384.260922] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2384.281845] ? trace_hardirqs_on+0xbd/0x310 [ 2384.281864] ? kasan_check_read+0x11/0x20 [ 2384.281896] ? ___ratelimit+0x3b4/0x672 [ 2384.281928] ? trace_hardirqs_off_caller+0x310/0x310 [ 2384.281961] ? trace_hardirqs_on+0x310/0x310 [ 2384.281978] ? lock_downgrade+0x900/0x900 [ 2384.281999] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2384.292544] Node 0 DMA32: 6*4kB (UM) 8*8kB (ME) 8*16kB (UM) 5*32kB (UME) 5*64kB (ME) 4*128kB (UME) 5*256kB (UME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 29112kB [ 2384.295543] ? ___ratelimit+0x3b9/0x672 [ 2384.331265] Node 0 Normal: 351*4kB (UME) 966*8kB (UME) 559*16kB (UME) 18*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 20700kB [ 2384.333305] ? idr_get_free+0xf70/0xf70 [ 2384.333326] ? lock_is_held_type+0x210/0x210 [ 2384.333350] oom_kill_process.cold.27+0x10/0x903 [ 2384.333368] ? zap_class+0x640/0x640 [ 2384.333386] ? _raw_spin_unlock+0x2c/0x50 [ 2384.337970] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2384.351477] ? oom_badness+0xe6/0xaa0 [ 2384.351500] ? oom_evaluate_task+0x540/0x540 [ 2384.351520] ? find_held_lock+0x36/0x1c0 [ 2384.351545] ? out_of_memory+0x974/0x1430 [ 2384.351563] ? lock_downgrade+0x900/0x900 [ 2384.351596] ? check_preemption_disabled+0x48/0x280 [ 2384.363412] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2384.364003] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2384.369089] 423 total pagecache pages [ 2384.373488] ? kasan_check_read+0x11/0x20 [ 2384.373504] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2384.373520] ? rcu_softirq_qs+0x20/0x20 [ 2384.373542] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2384.373560] ? oom_evaluate_task+0x302/0x540 [ 2384.377711] 0 pages in swap cache [ 2384.382805] out_of_memory+0xa84/0x1430 [ 2384.382831] ? oom_killer_disable+0x3a0/0x3a0 [ 2384.382849] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2384.382871] ? __ww_mutex_check_waiters+0x160/0x160 [ 2384.382899] __alloc_pages_slowpath+0x232c/0x2de0 [ 2384.405392] Swap cache stats: add 0, delete 0, find 0/0 [ 2384.416866] ? warn_alloc+0x120/0x120 [ 2384.416887] ? mark_held_locks+0x130/0x130 [ 2384.420849] Free swap = 0kB [ 2384.425257] ? find_get_entry+0xaae/0x1120 [ 2384.425283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2384.425302] ? check_preemption_disabled+0x48/0x280 [ 2384.425318] ? filemap_map_pages+0x1a20/0x1a20 [ 2384.425339] ? debug_smp_processor_id+0x1c/0x20 [ 2384.436612] Total swap = 0kB [ 2384.437943] ? perf_trace_lock+0x14d/0x7a0 [ 2384.446859] 1965979 pages RAM [ 2384.450563] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2384.461324] 0 pages HighMem/MovableOnly [ 2384.463134] ? should_fail+0x22d/0xd01 [ 2384.463156] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2384.463174] ? zap_class+0x640/0x640 [ 2384.463212] ? __lock_is_held+0xb5/0x140 [ 2384.463236] ? mark_held_locks+0x130/0x130 [ 2384.467403] 342853 pages reserved [ 2384.472379] ? lock_release+0xa00/0xa00 [ 2384.472397] ? perf_trace_sched_process_exec+0x860/0x860 [ 2384.472415] ? xa_load+0x2ba/0x460 [ 2384.472433] ? lock_downgrade+0x900/0x900 [ 2384.472453] ? __might_sleep+0x95/0x190 [ 2384.481978] 0 pages cma reserved [ 2384.485947] __alloc_pages_nodemask+0xad8/0xea0 [ 2384.652801] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2384.657831] ? __page_cache_alloc+0x191/0x5c0 [ 2384.662336] ? xa_load+0x2e1/0x460 [ 2384.665885] ? xa_clear_mark+0x40/0x40 [ 2384.669801] ? zap_class+0x640/0x640 [ 2384.673531] ? zap_class+0x640/0x640 [ 2384.677252] ? zap_class+0x640/0x640 [ 2384.681000] ? __do_page_cache_readahead+0x663/0x810 [ 2384.686118] ? find_held_lock+0x36/0x1c0 [ 2384.690195] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2384.695752] alloc_pages_current+0x173/0x350 [ 2384.700178] __page_cache_alloc+0x38c/0x5c0 [ 2384.704504] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2384.709478] ? kasan_check_read+0x11/0x20 [ 2384.713648] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2384.718941] ? generic_perform_write+0x6a0/0x6a0 [ 2384.723718] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2384.729267] ? check_preemption_disabled+0x48/0x280 [ 2384.734299] filemap_fault+0x1595/0x25f0 [ 2384.738388] ? __lock_page_or_retry+0xa00/0xa00 [ 2384.743069] ? mark_held_locks+0x130/0x130 [ 2384.747353] ? filemap_map_pages+0xd6b/0x1a20 [ 2384.751888] ? lock_downgrade+0x900/0x900 [ 2384.756048] ? check_preemption_disabled+0x48/0x280 [ 2384.761139] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2384.766076] ? kasan_check_read+0x11/0x20 [ 2384.770228] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2384.775510] ? rcu_softirq_qs+0x20/0x20 [ 2384.779509] ? filemap_map_pages+0xd92/0x1a20 [ 2384.784031] ? find_get_entries_tag+0x1400/0x1400 [ 2384.788899] ? __kernel_text_address+0xd/0x40 [ 2384.793403] ? unwind_get_return_address+0x61/0xa0 [ 2384.798408] ? lock_acquire+0x1ed/0x520 [ 2384.802396] ? ext4_filemap_fault+0x7a/0xad [ 2384.806751] ? lock_release+0xa00/0xa00 [ 2384.810732] ? perf_trace_sched_process_exec+0x860/0x860 [ 2384.816190] ? print_usage_bug+0xc0/0xc0 [ 2384.820260] ? print_usage_bug+0xc0/0xc0 [ 2384.824333] ? __x64_sys_read+0x73/0xb0 [ 2384.828315] ? print_usage_bug+0xc0/0xc0 [ 2384.832412] ? down_read+0x8d/0x120 [ 2384.836045] ? ext4_filemap_fault+0x7a/0xad [ 2384.840395] ? __down_interruptible+0x700/0x700 [ 2384.845111] ext4_filemap_fault+0x82/0xad [ 2384.849290] __do_fault+0x100/0x6b0 [ 2384.852931] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2384.858051] ? mark_held_locks+0x130/0x130 [ 2384.862297] ? mark_held_locks+0x130/0x130 [ 2384.866535] ? lock_is_held_type+0x210/0x210 [ 2384.870948] ? do_syslog+0x147b/0x1690 [ 2384.874849] ? do_syslog+0x309/0x1690 [ 2384.878661] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2384.884212] __handle_mm_fault+0x3ea6/0x5be0 [ 2384.888647] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2384.893505] ? lock_is_held_type+0x210/0x210 [ 2384.897924] ? find_held_lock+0x36/0x1c0 [ 2384.902016] ? zap_class+0x640/0x640 [ 2384.905741] ? zap_class+0x640/0x640 [ 2384.909500] ? find_held_lock+0x36/0x1c0 [ 2384.913590] ? handle_mm_fault+0x42a/0xc70 [ 2384.917845] ? lock_downgrade+0x900/0x900 [ 2384.922009] ? check_preemption_disabled+0x48/0x280 [ 2384.927037] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2384.931976] ? kasan_check_read+0x11/0x20 [ 2384.936141] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2384.941454] ? rcu_softirq_qs+0x20/0x20 [ 2384.945444] ? trace_hardirqs_off_caller+0x310/0x310 [ 2384.950584] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2384.956156] ? check_preemption_disabled+0x48/0x280 [ 2384.961210] handle_mm_fault+0x54f/0xc70 [ 2384.965330] ? __handle_mm_fault+0x5be0/0x5be0 [ 2384.969953] ? find_vma+0x34/0x190 [ 2384.973634] __do_page_fault+0x5e8/0xe60 [ 2384.977704] ? trace_hardirqs_off+0xb8/0x310 [ 2384.982123] ? kernel_write+0x120/0x120 [ 2384.986134] do_page_fault+0xf2/0x7e0 [ 2384.989941] ? vmalloc_sync_all+0x30/0x30 [ 2384.994097] ? error_entry+0x70/0xd0 [ 2384.997838] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2385.002863] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2385.007800] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2385.012738] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2385.017616] ? trace_hardirqs_on_caller+0x310/0x310 [ 2385.022647] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2385.028123] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2385.033188] ? page_fault+0x8/0x30 [ 2385.036740] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2385.041638] ? page_fault+0x8/0x30 [ 2385.045207] page_fault+0x1e/0x30 [ 2385.048667] RIP: 0033:0x7f5b991d81fd [ 2385.052398] Code: Bad RIP value. [ 2385.055764] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2385.061144] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2385.068430] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2385.076184] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2385.083462] R10: 352e38373332205b R11: 0000000000000293 R12: 000000000065e420 [ 2385.090751] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2385.105673] Mem-Info: [ 2385.108129] active_anon:115861 inactive_anon:216 isolated_anon:0 [ 2385.108129] active_file:15 inactive_file:16 isolated_file:0 [ 2385.108129] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2385.108129] slab_reclaimable:12290 slab_unreclaimable:113889 [ 2385.108129] mapped:49168 shmem:392 pagetables:1742 bounce:0 [ 2385.108129] free:16592 free_pcp:270 free_cma:0 [ 2385.148067] Node 0 active_anon:463444kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 110592kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2385.182042] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2385.209385] lowmem_reserve[]: 0 2818 6321 6321 [ 2385.214209] Node 0 DMA32 free:29112kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:4kB free_cma:0kB [ 2385.248369] lowmem_reserve[]: 0 0 3503 3503 [ 2385.252760] Node 0 Normal free:21452kB min:37364kB low:46704kB high:56044kB active_anon:463400kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8320kB pagetables:6968kB bounce:0kB free_pcp:836kB local_pcp:280kB free_cma:0kB [ 2385.282669] lowmem_reserve[]: 0 0 0 0 [ 2385.286493] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2385.300159] Node 0 DMA32: 6*4kB (UM) 10*8kB (UME) 9*16kB (UM) 5*32kB (UME) 5*64kB (ME) 4*128kB (UME) 5*256kB (UME) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 29144kB [ 2385.322950] Node 0 Normal: 351*4kB (UME) 1009*8kB (UME) 559*16kB (UME) 21*32kB (UM) 0*64kB 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 21524kB [ 2385.338308] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2385.347239] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2385.362228] 423 total pagecache pages [ 2385.366066] 0 pages in swap cache [ 2385.369547] Swap cache stats: add 0, delete 0, find 0/0 [ 2385.375135] Free swap = 0kB [ 2385.378161] Total swap = 0kB [ 2385.381179] 1965979 pages RAM [ 2385.384390] 0 pages HighMem/MovableOnly [ 2385.388368] 342853 pages reserved [ 2385.391814] 0 pages cma reserved [ 2385.400454] Out of memory: Kill process 19224 (syz-executor1) score 1005 or sacrifice child [ 2385.409054] Killed process 19224 (syz-executor1) total-vm:70472kB, anon-rss:2216kB, file-rss:32768kB, shmem-rss:0kB [ 2385.433374] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2385.451242] rsyslogd cpuset=/ mems_allowed=0 [ 2385.455875] CPU: 0 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2385.462724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2385.472080] Call Trace: [ 2385.474684] dump_stack+0x244/0x39d [ 2385.478334] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2385.483540] ? mark_held_locks+0x130/0x130 [ 2385.487793] ? mark_held_locks+0x130/0x130 [ 2385.492072] dump_header+0x27b/0xf72 [ 2385.495825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.501369] ? check_preemption_disabled+0x48/0x280 [ 2385.506401] ? pagefault_out_of_memory+0x197/0x197 [ 2385.511338] ? debug_smp_processor_id+0x1c/0x20 [ 2385.516017] ? perf_trace_lock+0x14d/0x7a0 [ 2385.520282] ? mark_held_locks+0x130/0x130 [ 2385.524530] ? lock_is_held_type+0x210/0x210 [ 2385.528957] ? debug_smp_processor_id+0x1c/0x20 [ 2385.533635] ? perf_trace_lock+0x14d/0x7a0 [ 2385.537878] ? zap_class+0x640/0x640 [ 2385.541613] ? print_usage_bug+0xc0/0xc0 [ 2385.545689] ? lock_is_held_type+0x210/0x210 [ 2385.550108] ? perf_trace_lock+0x14d/0x7a0 [ 2385.554361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.559913] ? find_held_lock+0x36/0x1c0 [ 2385.563997] ? mark_held_locks+0xc7/0x130 [ 2385.568187] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2385.573296] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2385.578406] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2385.582997] ? trace_hardirqs_on+0xbd/0x310 [ 2385.587328] ? kasan_check_read+0x11/0x20 [ 2385.591501] ? ___ratelimit+0x3b4/0x672 [ 2385.595488] ? trace_hardirqs_off_caller+0x310/0x310 [ 2385.600631] ? trace_hardirqs_on+0x310/0x310 [ 2385.605063] ? lock_downgrade+0x900/0x900 [ 2385.609229] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2385.614341] ? ___ratelimit+0x3b9/0x672 [ 2385.618350] ? idr_get_free+0xf70/0xf70 [ 2385.622334] ? lock_is_held_type+0x210/0x210 [ 2385.626759] oom_kill_process.cold.27+0x10/0x903 [ 2385.631538] ? zap_class+0x640/0x640 [ 2385.635257] ? _raw_spin_unlock+0x2c/0x50 [ 2385.639407] ? oom_badness+0xe6/0xaa0 [ 2385.643223] ? oom_evaluate_task+0x540/0x540 [ 2385.647657] ? find_held_lock+0x36/0x1c0 [ 2385.651737] ? out_of_memory+0x974/0x1430 [ 2385.655897] ? lock_downgrade+0x900/0x900 [ 2385.660051] ? check_preemption_disabled+0x48/0x280 [ 2385.665135] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2385.670073] ? kasan_check_read+0x11/0x20 [ 2385.674247] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2385.679532] ? rcu_softirq_qs+0x20/0x20 [ 2385.683520] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2385.688545] ? oom_evaluate_task+0x302/0x540 [ 2385.692976] out_of_memory+0xa84/0x1430 [ 2385.696967] ? oom_killer_disable+0x3a0/0x3a0 [ 2385.701469] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2385.706411] ? __ww_mutex_check_waiters+0x160/0x160 [ 2385.711449] __alloc_pages_slowpath+0x232c/0x2de0 [ 2385.716334] ? warn_alloc+0x120/0x120 [ 2385.720141] ? mark_held_locks+0x130/0x130 [ 2385.724393] ? find_get_entry+0xaae/0x1120 [ 2385.728652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.734199] ? check_preemption_disabled+0x48/0x280 [ 2385.739225] ? filemap_map_pages+0x1a20/0x1a20 [ 2385.743820] ? debug_smp_processor_id+0x1c/0x20 [ 2385.748501] ? perf_trace_lock+0x14d/0x7a0 [ 2385.752755] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2385.758303] ? should_fail+0x22d/0xd01 [ 2385.762205] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2385.767318] ? zap_class+0x640/0x640 [ 2385.771069] ? __lock_is_held+0xb5/0x140 [ 2385.775152] ? mark_held_locks+0x130/0x130 [ 2385.779402] ? lock_release+0xa00/0xa00 [ 2385.783384] ? perf_trace_sched_process_exec+0x860/0x860 [ 2385.788844] ? xa_load+0x2ba/0x460 [ 2385.792394] ? lock_downgrade+0x900/0x900 [ 2385.796556] ? __might_sleep+0x95/0x190 [ 2385.800553] __alloc_pages_nodemask+0xad8/0xea0 [ 2385.805246] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2385.810274] ? __page_cache_alloc+0x191/0x5c0 [ 2385.814779] ? xa_load+0x2e1/0x460 [ 2385.818328] ? xa_clear_mark+0x40/0x40 [ 2385.822231] ? zap_class+0x640/0x640 [ 2385.825967] ? zap_class+0x640/0x640 [ 2385.829693] ? zap_class+0x640/0x640 [ 2385.833421] ? __do_page_cache_readahead+0x663/0x810 [ 2385.838538] ? find_held_lock+0x36/0x1c0 [ 2385.842626] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2385.848188] alloc_pages_current+0x173/0x350 [ 2385.852630] __page_cache_alloc+0x38c/0x5c0 [ 2385.856962] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2385.861899] ? kasan_check_read+0x11/0x20 [ 2385.866061] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2385.871350] ? generic_perform_write+0x6a0/0x6a0 [ 2385.876141] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2385.881696] ? check_preemption_disabled+0x48/0x280 [ 2385.886730] filemap_fault+0x1595/0x25f0 [ 2385.890819] ? __lock_page_or_retry+0xa00/0xa00 [ 2385.895503] ? mark_held_locks+0x130/0x130 [ 2385.899756] ? filemap_map_pages+0xd6b/0x1a20 [ 2385.904263] ? lock_downgrade+0x900/0x900 [ 2385.908425] ? check_preemption_disabled+0x48/0x280 [ 2385.913453] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2385.918420] ? kasan_check_read+0x11/0x20 [ 2385.922627] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2385.927919] ? rcu_softirq_qs+0x20/0x20 [ 2385.931917] ? filemap_map_pages+0xd92/0x1a20 [ 2385.936455] ? find_get_entries_tag+0x1400/0x1400 [ 2385.941302] ? __kernel_text_address+0xd/0x40 [ 2385.945810] ? unwind_get_return_address+0x61/0xa0 [ 2385.950771] ? lock_acquire+0x1ed/0x520 [ 2385.954757] ? ext4_filemap_fault+0x7a/0xad [ 2385.959097] ? lock_release+0xa00/0xa00 [ 2385.963079] ? perf_trace_sched_process_exec+0x860/0x860 [ 2385.968550] ? print_usage_bug+0xc0/0xc0 [ 2385.972644] ? print_usage_bug+0xc0/0xc0 [ 2385.976714] ? __x64_sys_read+0x73/0xb0 [ 2385.980700] ? print_usage_bug+0xc0/0xc0 [ 2385.984789] ? down_read+0x8d/0x120 [ 2385.988419] ? ext4_filemap_fault+0x7a/0xad [ 2385.992750] ? __down_interruptible+0x700/0x700 [ 2385.997453] ext4_filemap_fault+0x82/0xad [ 2386.001635] __do_fault+0x100/0x6b0 [ 2386.005313] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2386.010432] ? mark_held_locks+0x130/0x130 [ 2386.014693] ? mark_held_locks+0x130/0x130 [ 2386.018936] ? lock_is_held_type+0x210/0x210 [ 2386.023353] ? do_syslog+0x147b/0x1690 [ 2386.027260] ? do_syslog+0x309/0x1690 [ 2386.031074] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2386.036634] __handle_mm_fault+0x3ea6/0x5be0 [ 2386.041059] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2386.045973] ? lock_is_held_type+0x210/0x210 [ 2386.050413] ? find_held_lock+0x36/0x1c0 [ 2386.054504] ? zap_class+0x640/0x640 [ 2386.058239] ? zap_class+0x640/0x640 [ 2386.061969] ? find_held_lock+0x36/0x1c0 [ 2386.066049] ? handle_mm_fault+0x42a/0xc70 [ 2386.070293] ? lock_downgrade+0x900/0x900 [ 2386.074452] ? check_preemption_disabled+0x48/0x280 [ 2386.079490] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2386.084447] ? kasan_check_read+0x11/0x20 [ 2386.088621] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2386.093907] ? rcu_softirq_qs+0x20/0x20 [ 2386.097891] ? trace_hardirqs_off_caller+0x310/0x310 [ 2386.103037] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2386.108587] ? check_preemption_disabled+0x48/0x280 [ 2386.113628] handle_mm_fault+0x54f/0xc70 [ 2386.117695] ? __handle_mm_fault+0x5be0/0x5be0 [ 2386.122285] ? find_vma+0x34/0x190 [ 2386.125836] __do_page_fault+0x5e8/0xe60 [ 2386.129902] ? trace_hardirqs_off+0xb8/0x310 [ 2386.134340] ? kernel_write+0x120/0x120 [ 2386.138328] do_page_fault+0xf2/0x7e0 [ 2386.142135] ? vmalloc_sync_all+0x30/0x30 [ 2386.146285] ? error_entry+0x70/0xd0 [ 2386.150004] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2386.155025] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2386.159962] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2386.164897] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2386.169746] ? trace_hardirqs_on_caller+0x310/0x310 [ 2386.174764] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2386.180226] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2386.185269] ? page_fault+0x8/0x30 [ 2386.188826] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2386.193680] ? page_fault+0x8/0x30 [ 2386.197235] page_fault+0x1e/0x30 [ 2386.200687] RIP: 0033:0x7f5b991d81fd [ 2386.204427] Code: Bad RIP value. [ 2386.207790] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2386.213155] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2386.220427] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2386.227697] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2386.234965] R10: 352e38373332205b R11: 0000000000000293 R12: 000000000065e420 [ 2386.242247] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2386.257060] Mem-Info: [ 2386.259533] active_anon:115318 inactive_anon:216 isolated_anon:0 [ 2386.259533] active_file:22 inactive_file:9 isolated_file:0 [ 2386.259533] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2386.259533] slab_reclaimable:12284 slab_unreclaimable:113842 [ 2386.259533] mapped:49168 shmem:392 pagetables:1693 bounce:0 [ 2386.259533] free:17464 free_pcp:672 free_cma:0 [ 2386.293180] Node 0 active_anon:461272kB inactive_anon:864kB active_file:88kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 108544kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2386.320886] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2386.347494] lowmem_reserve[]: 0 2818 6321 6321 [ 2386.352193] Node 0 DMA32 free:130112kB min:30052kB low:37564kB high:45076kB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:900kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1852kB local_pcp:452kB free_cma:0kB [ 2386.381161] lowmem_reserve[]: 0 0 3503 3503 [ 2386.386649] Node 0 Normal free:23604kB min:37364kB low:46704kB high:56044kB active_anon:461228kB inactive_anon:864kB active_file:88kB inactive_file:36kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8288kB pagetables:6772kB bounce:0kB free_pcp:1088kB local_pcp:804kB free_cma:0kB [ 2386.416716] lowmem_reserve[]: 0 0 0 0 [ 2386.420546] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2386.435212] Node 0 DMA32: 5*4kB (UE) 4*8kB (UME) 6*16kB (UM) 6*32kB (UME) 6*64kB (UME) 5*128kB (UE) 6*256kB (UM) 6*512kB (UME) 6*1024kB (UME) 8*2048kB (UME) 45*4096kB (UM) = 212820kB [ 2386.452080] Node 0 Normal: 351*4kB (UME) 1009*8kB (UME) 559*16kB (UME) 22*32kB (UM) 0*64kB 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 2*2048kB (M) 0*4096kB = 23604kB [ 2386.466987] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2386.475918] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2386.484572] 1866 total pagecache pages [ 2386.488512] 0 pages in swap cache [ 2386.492034] Swap cache stats: add 0, delete 0, find 0/0 [ 2386.497402] Free swap = 0kB [ 2386.500439] Total swap = 0kB [ 2386.504460] 1965979 pages RAM [ 2386.507601] 0 pages HighMem/MovableOnly [ 2386.511585] 342853 pages reserved [ 2386.516143] 0 pages cma reserved [ 2386.519526] Out of memory: Kill process 19621 (syz-executor1) score 1005 or sacrifice child [ 2386.528158] Killed process 19621 (syz-executor1) total-vm:70472kB, anon-rss:2216kB, file-rss:32768kB, shmem-rss:0kB 06:18:24 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff00100e00]}}}) 06:18:24 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\tZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:24 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x74, 0xffffffffffffffff]}}}) 06:18:24 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x4000000}]) 06:18:24 executing program 0: syz_open_dev$midi(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000540)="66660f3882811344bd85b87f7800000f23c80f21f8350000f0000f23f866ba2100b0faee0f01f70f20c035040000000f22c0360f00d6660f3801a7627a33460f234cb83e0000000f23d00f21f835100000020f23f866baa10066ed", 0x5b}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000380), 0x2) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) 06:18:24 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2389.528396] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:24 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:24 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x3}]) [ 2389.678679] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:24 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2389.877440] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:25 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x1000000}]) 06:18:25 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:25 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x40000000000000]}}}) [ 2389.997439] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2390.032196] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2390.037374] CPU: 1 PID: 25957 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2390.044764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2390.054139] Call Trace: [ 2390.056759] dump_stack+0x244/0x39d [ 2390.060429] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2390.065657] ? __video_do_ioctl+0x8b1/0x1050 [ 2390.070092] ? video_usercopy+0x5c1/0x1760 [ 2390.074363] ? video_ioctl2+0x2c/0x33 [ 2390.075053] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2390.078186] ? do_vfs_ioctl+0x1de/0x1790 [ 2390.078213] warn_alloc.cold.116+0xb7/0x1bd 06:18:25 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2390.078234] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2390.078257] ? zap_class+0x640/0x640 [ 2390.078288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2390.108931] ? check_preemption_disabled+0x48/0x280 [ 2390.113994] __vmalloc_node_range+0x472/0x750 [ 2390.118525] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2390.123572] ? vb2_vmalloc_alloc+0x123/0x380 [ 2390.128034] vmalloc_user+0x75/0x170 [ 2390.131774] ? vb2_vmalloc_alloc+0x123/0x380 [ 2390.132532] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2390.136228] vb2_vmalloc_alloc+0x123/0x380 [ 2390.136251] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2390.136269] ? debug_mutex_wake_waiter+0x630/0x630 [ 2390.136284] ? mutex_destroy+0x200/0x200 [ 2390.136305] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2390.136322] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2390.136342] __vb2_queue_alloc+0x5e1/0xfa0 [ 2390.176629] ? vimc_cap_get_format+0x120/0x120 [ 2390.181242] vb2_core_create_bufs+0x401/0x8c0 [ 2390.185771] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2390.190204] ? debug_smp_processor_id+0x1c/0x20 [ 2390.194895] ? perf_trace_lock+0x14d/0x7a0 [ 2390.199175] ? __save_stack_trace+0x8d/0xf0 [ 2390.203542] vb2_create_bufs+0x4b6/0x8f0 [ 2390.208160] ? v4l2_ioctl+0x154/0x1b0 [ 2390.211988] ? vb2_request_queue+0x120/0x120 [ 2390.216422] ? find_held_lock+0x36/0x1c0 [ 2390.220502] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2390.226064] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2390.230676] v4l_create_bufs+0x152/0x230 [ 2390.234765] __video_do_ioctl+0x8b1/0x1050 [ 2390.239031] ? v4l_s_fmt+0x990/0x990 [ 2390.242776] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2390.248341] video_usercopy+0x5c1/0x1760 [ 2390.252419] ? v4l_s_fmt+0x990/0x990 [ 2390.256160] ? v4l_enumstd+0x70/0x70 [ 2390.259899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2390.265459] ? find_held_lock+0x36/0x1c0 [ 2390.269549] ? __fget+0x4aa/0x740 [ 2390.273042] ? lock_downgrade+0x900/0x900 [ 2390.277208] ? check_preemption_disabled+0x48/0x280 [ 2390.282245] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2390.287196] ? kasan_check_read+0x11/0x20 [ 2390.291364] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2390.296659] ? rcu_softirq_qs+0x20/0x20 [ 2390.300671] ? __fget+0x4d1/0x740 [ 2390.304153] ? ksys_dup3+0x680/0x680 [ 2390.307891] ? __might_fault+0x12b/0x1e0 [ 2390.311974] ? video_usercopy+0x1760/0x1760 [ 2390.316316] video_ioctl2+0x2c/0x33 [ 2390.319965] v4l2_ioctl+0x154/0x1b0 [ 2390.323628] ? video_devdata+0xa0/0xa0 [ 2390.327542] do_vfs_ioctl+0x1de/0x1790 [ 2390.331475] ? ioctl_preallocate+0x300/0x300 [ 2390.335902] ? __fget_light+0x2e9/0x430 [ 2390.339948] ? fget_raw+0x20/0x20 [ 2390.343418] ? _copy_to_user+0xc8/0x110 [ 2390.347421] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2390.352978] ? put_timespec64+0x10f/0x1b0 [ 2390.357147] ? nsecs_to_jiffies+0x30/0x30 [ 2390.361320] ? do_syscall_64+0x9a/0x820 [ 2390.365312] ? do_syscall_64+0x9a/0x820 [ 2390.369312] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2390.373918] ? security_file_ioctl+0x94/0xc0 [ 2390.378348] ksys_ioctl+0xa9/0xd0 [ 2390.381828] __x64_sys_ioctl+0x73/0xb0 [ 2390.385736] do_syscall_64+0x1b9/0x820 [ 2390.389643] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2390.395029] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2390.399976] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.404844] ? trace_hardirqs_on_caller+0x310/0x310 [ 2390.409878] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2390.414916] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2390.419958] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.424831] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2390.430032] RIP: 0033:0x457669 [ 2390.433251] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2390.452170] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2390.459894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2390.467179] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000004 [ 2390.474460] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2390.481795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2390.489078] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2390.563327] Mem-Info: [ 2390.566542] active_anon:115917 inactive_anon:215 isolated_anon:0 [ 2390.566542] active_file:849 inactive_file:3155 isolated_file:0 [ 2390.566542] unevictable:0 dirty:103 writeback:0 unstable:0 [ 2390.566542] slab_reclaimable:11091 slab_unreclaimable:119398 [ 2390.566542] mapped:51858 shmem:392 pagetables:1765 bounce:0 [ 2390.566542] free:1275037 free_pcp:1354 free_cma:0 [ 2390.602070] Node 0 active_anon:463544kB inactive_anon:852kB active_file:3424kB inactive_file:12528kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:207356kB dirty:432kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2390.633831] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2390.660811] lowmem_reserve[]: 0 2818 6321 6321 [ 2390.665626] Node 0 DMA32 free:2869892kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:856kB inactive_file:8988kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2676kB local_pcp:1344kB free_cma:0kB [ 2390.699487] lowmem_reserve[]: 0 0 3503 3503 [ 2390.705628] Node 0 Normal free:2223084kB min:37364kB low:46704kB high:56044kB active_anon:463504kB inactive_anon:852kB active_file:2568kB inactive_file:3540kB unevictable:0kB writepending:228kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8416kB pagetables:6976kB bounce:0kB free_pcp:2712kB local_pcp:1448kB free_cma:0kB [ 2390.735732] lowmem_reserve[]: 0 0 0 0 [ 2390.739619] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2390.753473] Node 0 DMA32: 35*4kB (UM) 59*8kB (UME) 64*16kB (UME) 59*32kB (UE) 67*64kB (UME) 70*128kB (UE) 61*256kB (UM) 52*512kB (UE) 49*1024kB (UME) 46*2048kB (UME) 651*4096kB (UM) = 2869892kB [ 2390.771084] Node 0 Normal: 13114*4kB (UME) 9363*8kB (UME) 1815*16kB (UME) 2422*32kB (UME) 1501*64kB (UME) 803*128kB (UM) 337*256kB (U) 146*512kB (U) 69*1024kB (U) 71*2048kB (U) 345*4096kB (UM) = 2222960kB [ 2390.789605] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2390.789627] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2390.807131] 4380 total pagecache pages [ 2390.807151] 0 pages in swap cache [ 2390.807162] Swap cache stats: add 0, delete 0, find 0/0 [ 2390.807168] Free swap = 0kB [ 2390.807174] Total swap = 0kB [ 2390.807190] 1965979 pages RAM [ 2390.814611] 0 pages HighMem/MovableOnly [ 2390.814618] 342853 pages reserved [ 2390.814624] 0 pages cma reserved [ 2390.836125] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2390.851708] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2390.857417] CPU: 0 PID: 25984 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 06:18:26 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x00a\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:26 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:26 executing program 0: syz_open_dev$midi(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000540)="66660f3882811344bd85b87f7800000f23c80f21f8350000f0000f23f866ba2100b0faee0f01f70f20c035040000000f22c0360f00d6660f3801a7627a33460f234cb83e0000000f23d00f21f835100000020f23f866baa10066ed", 0x5b}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000380), 0x2) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) 06:18:26 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfdef}]) 06:18:26 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x2000000000000, 0xffffffffffffffff]}}}) [ 2390.864804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2390.874177] Call Trace: [ 2390.876795] dump_stack+0x244/0x39d [ 2390.880457] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2390.885674] ? __video_do_ioctl+0x8b1/0x1050 [ 2390.890110] ? video_usercopy+0x5c1/0x1760 [ 2390.894368] ? video_ioctl2+0x2c/0x33 [ 2390.898191] ? do_vfs_ioctl+0x1de/0x1790 [ 2390.902282] warn_alloc.cold.116+0xb7/0x1bd [ 2390.906649] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2390.911525] ? zap_class+0x640/0x640 [ 2390.915267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2390.920822] ? check_preemption_disabled+0x48/0x280 [ 2390.925874] __vmalloc_node_range+0x472/0x750 [ 2390.930394] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2390.935427] ? vb2_vmalloc_alloc+0x123/0x380 [ 2390.939850] vmalloc_user+0x75/0x170 [ 2390.943578] ? vb2_vmalloc_alloc+0x123/0x380 [ 2390.948029] vb2_vmalloc_alloc+0x123/0x380 [ 2390.952284] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2390.957405] ? debug_mutex_wake_waiter+0x630/0x630 [ 2390.962348] ? mutex_destroy+0x200/0x200 [ 2390.966424] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2390.970763] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2390.975885] __vb2_queue_alloc+0x5e1/0xfa0 [ 2390.980158] ? vimc_cap_get_format+0x120/0x120 [ 2390.984753] vb2_core_create_bufs+0x401/0x8c0 [ 2390.989277] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2390.993707] ? debug_smp_processor_id+0x1c/0x20 [ 2390.998389] ? perf_trace_lock+0x14d/0x7a0 [ 2391.002650] ? __save_stack_trace+0x8d/0xf0 [ 2391.007015] vb2_create_bufs+0x4b6/0x8f0 [ 2391.011084] ? v4l2_ioctl+0x154/0x1b0 [ 2391.014905] ? vb2_request_queue+0x120/0x120 [ 2391.019333] ? find_held_lock+0x36/0x1c0 [ 2391.023408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2391.028963] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2391.033570] v4l_create_bufs+0x152/0x230 [ 2391.037678] __video_do_ioctl+0x8b1/0x1050 [ 2391.041937] ? v4l_s_fmt+0x990/0x990 [ 2391.045673] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2391.051229] video_usercopy+0x5c1/0x1760 [ 2391.055303] ? v4l_s_fmt+0x990/0x990 [ 2391.059037] ? v4l_enumstd+0x70/0x70 [ 2391.062772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2391.068330] ? find_held_lock+0x36/0x1c0 [ 2391.072416] ? __fget+0x4aa/0x740 [ 2391.076381] ? lock_downgrade+0x900/0x900 [ 2391.080546] ? check_preemption_disabled+0x48/0x280 [ 2391.085623] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.090568] ? kasan_check_read+0x11/0x20 [ 2391.094752] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2391.100043] ? rcu_softirq_qs+0x20/0x20 [ 2391.104044] ? __fget+0x4d1/0x740 [ 2391.107521] ? ksys_dup3+0x680/0x680 [ 2391.111250] ? __might_fault+0x12b/0x1e0 [ 2391.115329] ? video_usercopy+0x1760/0x1760 [ 2391.119667] video_ioctl2+0x2c/0x33 [ 2391.123308] v4l2_ioctl+0x154/0x1b0 [ 2391.126952] ? video_devdata+0xa0/0xa0 [ 2391.130854] do_vfs_ioctl+0x1de/0x1790 [ 2391.134767] ? ioctl_preallocate+0x300/0x300 [ 2391.139188] ? __fget_light+0x2e9/0x430 [ 2391.143175] ? fget_raw+0x20/0x20 [ 2391.146646] ? _copy_to_user+0xc8/0x110 [ 2391.150647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2391.156198] ? put_timespec64+0x10f/0x1b0 [ 2391.160360] ? nsecs_to_jiffies+0x30/0x30 [ 2391.164528] ? do_syscall_64+0x9a/0x820 [ 2391.168514] ? do_syscall_64+0x9a/0x820 [ 2391.172504] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2391.177104] ? security_file_ioctl+0x94/0xc0 [ 2391.181531] ksys_ioctl+0xa9/0xd0 [ 2391.185005] __x64_sys_ioctl+0x73/0xb0 [ 2391.188909] do_syscall_64+0x1b9/0x820 [ 2391.192808] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2391.198190] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2391.203130] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.208152] ? trace_hardirqs_on_caller+0x310/0x310 [ 2391.213186] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2391.218221] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.223088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2391.228287] RIP: 0033:0x457669 [ 2391.231494] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2391.250404] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2391.258123] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2391.265401] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2391.272684] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2391.279962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2391.287243] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2391.304523] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:26 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x60000000]}}}) [ 2391.331060] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2391.362085] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2391.369738] CPU: 0 PID: 26005 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2391.377126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2391.386491] Call Trace: [ 2391.386523] dump_stack+0x244/0x39d [ 2391.386561] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2391.392801] ? __video_do_ioctl+0x8b1/0x1050 [ 2391.392818] ? video_usercopy+0x5c1/0x1760 [ 2391.392834] ? video_ioctl2+0x2c/0x33 [ 2391.392852] ? do_vfs_ioctl+0x1de/0x1790 [ 2391.392877] warn_alloc.cold.116+0xb7/0x1bd [ 2391.392896] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2391.392919] ? zap_class+0x640/0x640 [ 2391.392944] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2391.392967] ? check_preemption_disabled+0x48/0x280 [ 2391.402620] __vmalloc_node_range+0x472/0x750 [ 2391.402646] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2391.402666] ? vb2_vmalloc_alloc+0x123/0x380 [ 2391.402685] vmalloc_user+0x75/0x170 [ 2391.402708] ? vb2_vmalloc_alloc+0x123/0x380 [ 2391.410754] vb2_vmalloc_alloc+0x123/0x380 [ 2391.410775] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2391.410798] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2391.410816] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2391.424153] __vb2_queue_alloc+0x5e1/0xfa0 [ 2391.424196] ? vimc_cap_get_format+0x120/0x120 [ 2391.424213] vb2_core_create_bufs+0x401/0x8c0 [ 2391.424238] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2391.424257] ? debug_smp_processor_id+0x1c/0x20 [ 2391.424273] ? perf_trace_lock+0x14d/0x7a0 [ 2391.424292] ? __save_stack_trace+0x8d/0xf0 [ 2391.424333] vb2_create_bufs+0x4b6/0x8f0 [ 2391.433567] ? v4l2_ioctl+0x154/0x1b0 [ 2391.433620] ? vb2_request_queue+0x120/0x120 [ 2391.433646] ? find_held_lock+0x36/0x1c0 [ 2391.433664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2391.433686] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2391.443208] v4l_create_bufs+0x152/0x230 [ 2391.443231] __video_do_ioctl+0x8b1/0x1050 [ 2391.443259] ? v4l_s_fmt+0x990/0x990 [ 2391.443286] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2391.443309] video_usercopy+0x5c1/0x1760 [ 2391.456557] ? v4l_s_fmt+0x990/0x990 [ 2391.456613] ? v4l_enumstd+0x70/0x70 [ 2391.456634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2391.456659] ? find_held_lock+0x36/0x1c0 [ 2391.465315] ? __fget+0x4aa/0x740 [ 2391.465334] ? lock_downgrade+0x900/0x900 [ 2391.465352] ? check_preemption_disabled+0x48/0x280 [ 2391.465374] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.465392] ? kasan_check_read+0x11/0x20 [ 2391.465408] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2391.465424] ? rcu_softirq_qs+0x20/0x20 [ 2391.465452] ? __fget+0x4d1/0x740 [ 2391.474885] ? ksys_dup3+0x680/0x680 [ 2391.474907] ? __might_fault+0x12b/0x1e0 [ 2391.474926] ? video_usercopy+0x1760/0x1760 [ 2391.493342] video_ioctl2+0x2c/0x33 [ 2391.493361] v4l2_ioctl+0x154/0x1b0 [ 2391.493379] ? video_devdata+0xa0/0xa0 [ 2391.493397] do_vfs_ioctl+0x1de/0x1790 [ 2391.493421] ? ioctl_preallocate+0x300/0x300 [ 2391.493437] ? __fget_light+0x2e9/0x430 [ 2391.493462] ? fget_raw+0x20/0x20 [ 2391.649462] ? _copy_to_user+0xc8/0x110 [ 2391.653460] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2391.659012] ? put_timespec64+0x10f/0x1b0 [ 2391.663175] ? nsecs_to_jiffies+0x30/0x30 [ 2391.667339] ? do_syscall_64+0x9a/0x820 [ 2391.671326] ? do_syscall_64+0x9a/0x820 [ 2391.675315] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2391.679914] ? security_file_ioctl+0x94/0xc0 [ 2391.684341] ksys_ioctl+0xa9/0xd0 [ 2391.687812] __x64_sys_ioctl+0x73/0xb0 [ 2391.691714] do_syscall_64+0x1b9/0x820 [ 2391.695635] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2391.701069] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2391.706012] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.710876] ? trace_hardirqs_on_caller+0x310/0x310 [ 2391.715907] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2391.720942] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2391.725980] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.730849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2391.736048] RIP: 0033:0x457669 [ 2391.739257] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2391.758167] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2391.765891] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2391.773171] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 06:18:26 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2391.780451] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2391.787732] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2391.795010] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:18:26 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x700}]) [ 2391.850721] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2391.866551] warn_alloc_show_mem: 1 callbacks suppressed [ 2391.866556] Mem-Info: 06:18:27 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2391.894548] active_anon:116420 inactive_anon:214 isolated_anon:0 [ 2391.894548] active_file:893 inactive_file:3107 isolated_file:0 [ 2391.894548] unevictable:0 dirty:120 writeback:0 unstable:0 [ 2391.894548] slab_reclaimable:10592 slab_unreclaimable:120603 [ 2391.894548] mapped:51873 shmem:392 pagetables:1794 bounce:0 [ 2391.894548] free:1273882 free_pcp:1237 free_cma:0 [ 2391.987520] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2391.989733] Node 0 active_anon:470004kB inactive_anon:856kB active_file:3572kB inactive_file:12428kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:207492kB dirty:480kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 06:18:27 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff\xfe\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2392.025239] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2392.052313] lowmem_reserve[]: 0 2818 6321 6321 [ 2392.057115] Node 0 DMA32 free:2869892kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:916kB inactive_file:8928kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2676kB local_pcp:1344kB free_cma:0kB 06:18:27 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x5}]) [ 2392.103088] lowmem_reserve[]: 0 0 3503 3503 [ 2392.122461] Node 0 Normal free:2209484kB min:37364kB low:46704kB high:56044kB active_anon:465704kB inactive_anon:856kB active_file:2656kB inactive_file:3500kB unevictable:0kB writepending:276kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8544kB pagetables:7028kB bounce:0kB free_pcp:2296kB local_pcp:1040kB free_cma:0kB 06:18:27 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='io.weight\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=ANY=[@ANYRESDEC], 0x86) [ 2392.203579] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2392.204816] lowmem_reserve[]: 0 0 0 0 [ 2392.223844] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2392.238918] Node 0 DMA32: 35*4kB (UM) 59*8kB (UME) 64*16kB (UME) 59*32kB (UE) 67*64kB (UME) 70*128kB (UE) 61*256kB (UM) 52*512kB (UE) 49*1024kB (UME) 46*2048kB (UME) 651*4096kB (UM) = 2869892kB [ 2392.257082] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2392.271063] Node 0 Normal: 13095*4kB (UE) 8678*8kB (UME) 1665*16kB (UME) 2422*32kB (UME) 1501*64kB (UME) 775*128kB (UM) 336*256kB (U) 146*512kB (U) 69*1024kB (U) 72*2048kB (UM) 344*4096kB (UM) = 2209116kB [ 2392.314596] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2392.338772] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2392.365631] 4392 total pagecache pages [ 2392.377760] 0 pages in swap cache [ 2392.381421] Swap cache stats: add 0, delete 0, find 0/0 [ 2392.387365] Free swap = 0kB [ 2392.390620] Total swap = 0kB [ 2392.395543] 1965979 pages RAM [ 2392.398892] 0 pages HighMem/MovableOnly [ 2392.403416] 342853 pages reserved [ 2392.407106] 0 pages cma reserved [ 2392.410884] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2392.422795] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2392.428205] CPU: 0 PID: 26011 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2392.435694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2392.445138] Call Trace: [ 2392.447724] dump_stack+0x244/0x39d [ 2392.451345] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2392.456529] ? __video_do_ioctl+0x8b1/0x1050 [ 2392.460937] ? video_usercopy+0x5c1/0x1760 [ 2392.465171] ? video_ioctl2+0x2c/0x33 [ 2392.468976] ? do_vfs_ioctl+0x1de/0x1790 [ 2392.473053] warn_alloc.cold.116+0xb7/0x1bd [ 2392.477371] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2392.482208] ? zap_class+0x640/0x640 [ 2392.485929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2392.491474] ? check_preemption_disabled+0x48/0x280 [ 2392.496501] __vmalloc_node_range+0x472/0x750 [ 2392.501013] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2392.506022] ? vb2_vmalloc_alloc+0x123/0x380 [ 2392.510422] vmalloc_user+0x75/0x170 [ 2392.514126] ? vb2_vmalloc_alloc+0x123/0x380 [ 2392.518526] vb2_vmalloc_alloc+0x123/0x380 [ 2392.522753] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2392.527848] ? debug_mutex_wake_waiter+0x630/0x630 [ 2392.532769] ? mutex_destroy+0x200/0x200 [ 2392.536826] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2392.541152] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2392.546260] __vb2_queue_alloc+0x5e1/0xfa0 [ 2392.550495] ? vimc_cap_get_format+0x120/0x120 [ 2392.555068] vb2_core_create_bufs+0x401/0x8c0 [ 2392.559556] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2392.564011] ? debug_smp_processor_id+0x1c/0x20 [ 2392.568682] ? perf_trace_lock+0x14d/0x7a0 [ 2392.572907] ? __save_stack_trace+0x8d/0xf0 [ 2392.577233] vb2_create_bufs+0x4b6/0x8f0 [ 2392.581282] ? v4l2_ioctl+0x154/0x1b0 [ 2392.585118] ? vb2_request_queue+0x120/0x120 [ 2392.589546] ? find_held_lock+0x36/0x1c0 [ 2392.593645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2392.599177] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2392.603755] v4l_create_bufs+0x152/0x230 [ 2392.607840] __video_do_ioctl+0x8b1/0x1050 [ 2392.612070] ? v4l_s_fmt+0x990/0x990 [ 2392.615821] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2392.621367] video_usercopy+0x5c1/0x1760 [ 2392.625432] ? v4l_s_fmt+0x990/0x990 [ 2392.629140] ? v4l_enumstd+0x70/0x70 [ 2392.632849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2392.638394] ? find_held_lock+0x36/0x1c0 [ 2392.642470] ? __fget+0x4aa/0x740 [ 2392.645915] ? lock_downgrade+0x900/0x900 [ 2392.650061] ? check_preemption_disabled+0x48/0x280 [ 2392.655070] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2392.659991] ? kasan_check_read+0x11/0x20 [ 2392.664131] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2392.669396] ? rcu_softirq_qs+0x20/0x20 [ 2392.673368] ? __fget+0x4d1/0x740 [ 2392.676815] ? ksys_dup3+0x680/0x680 [ 2392.680522] ? __might_fault+0x12b/0x1e0 [ 2392.684595] ? video_usercopy+0x1760/0x1760 [ 2392.688911] video_ioctl2+0x2c/0x33 [ 2392.692528] v4l2_ioctl+0x154/0x1b0 [ 2392.696143] ? video_devdata+0xa0/0xa0 [ 2392.700034] do_vfs_ioctl+0x1de/0x1790 [ 2392.703929] ? ioctl_preallocate+0x300/0x300 [ 2392.708330] ? __fget_light+0x2e9/0x430 [ 2392.712294] ? fget_raw+0x20/0x20 [ 2392.715745] ? _copy_to_user+0xc8/0x110 [ 2392.719713] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2392.725259] ? put_timespec64+0x10f/0x1b0 [ 2392.729401] ? nsecs_to_jiffies+0x30/0x30 [ 2392.733553] ? do_syscall_64+0x9a/0x820 [ 2392.737518] ? do_syscall_64+0x9a/0x820 [ 2392.741494] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2392.746069] ? security_file_ioctl+0x94/0xc0 [ 2392.750469] ksys_ioctl+0xa9/0xd0 [ 2392.753915] __x64_sys_ioctl+0x73/0xb0 [ 2392.757811] do_syscall_64+0x1b9/0x820 [ 2392.761692] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2392.767046] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2392.771989] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2392.776824] ? trace_hardirqs_on_caller+0x310/0x310 [ 2392.781837] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2392.786859] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2392.791881] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2392.796764] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2392.801966] RIP: 0033:0x457669 [ 2392.805161] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2392.824068] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2392.831765] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2392.839023] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2392.846279] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2392.853533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2392.860791] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:18:28 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x17Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:28 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:28 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x200000000000000}]) 06:18:28 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x900, 0xffffffffffffffff]}}}) 06:18:28 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) stat(0x0, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000140), 0x4) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0x0) 06:18:28 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0xfecaedfe]}}}) [ 2392.986212] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2392.996682] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:28 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c6, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write$9p(r0, &(0x7f0000000800)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb9693dd6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b804bfe70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9ca8bec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b60fca627576ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c46a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca0403b3c6da327afe21720024881def9fa15ec15bb0cb39374f19d63b357936a748e0bb2099ec2a79035bec4a89224cf37c93b534a5348ee94ba3f5f55fa92acaf8e0061598d802fcdc1f7253969a3278154696f42eaf07c89aacdfb016fcb0485a72fc2cdfd7d72f132ff82028a47b61d4dd4d1201d87bd883f74ac1710e05a8fe598dbd94c78adc2ad0e9ae6cb911691b61feaf07539d17c2b05a608dc1f71011c10c92f7faae952e304f0b6c94f754b11e416c4df32f5ca6c0caa6070ee04bfd47adf2f90843fc143b52d2ff50e63ea46a2677baf1df09e67c0768ee6382a8de5dc91eb5552dbd3ba7647b47efc8dc6c9de913710ad2314e3e94a2f9193c5fc3120474261c4914925707530c3a41ec98741aa30fabd70fc38cc57c6707bead0cf24b369f8989b366507b6a261842c727efa97032314f09626954d357374b42fee36fafd448fd0836bea7397b2ac03dff44372e987316fdacf8477befe768dc1505eb58bdb052a5eb3ab1a79014008c8ab55b3ea432beba4434f5199fc6f3b08934cc3fb4cc62b7a733826030153750fa61bbf0dbc1cdfef66ef77aa047c04b9ceb80ff0b99959fdeeaec0e3838dced78e9f12f997bcd992ef36baff4de252999d00406a379272912bab80fbecbd334eb4b844c66c0018312dc20ccb52f36dc84ba4c3876fe9f5b49f39e49e9348f38bcfb4a77a36790971c41c0ed554ebf03c145336e77bca86fcce945c43075d583233b2c36ff471d140ff8b4d91b33ad13540f5f2cffe0ced42839848a13cbc66f1d7393f01a8fe63b37619665d1c98bc1ae09fa9dcc642f2047a555bc8aab2ebfc00b13b902494b139ebe4b96026bf5c441b30b11611371386fac1ccf99df87093bd6609b24f7e7a1bfc175e720c7bb496c45d6f42acfacc216307f7f3bebb96f443e68717442b6ae5a9c29e10a5be02f30007653c9debdaa1e69c28d15d3bfd69232dfafae13622f4cbe9a030ae880375f7415d10770aae1c8271393546f40fa07e6e205de1f52ab215d7c2a1dc474d28e79081913f19c2c53fc8b8d86c699523e836a548c1315610ca4542b0ae145a1fac88d417252fdbec86b4d2d824ca2702102b18062a7194e2f96904dd210c1d2cbd12d253f4243324f61cbb42a0271527d7b871a1ddee9b55030a173ed9573a5cce7924946474c21e39bdddd559aa5f85e981d6ca79e967d5edb484ed6c70bf1d1c57f3ad64b5ede6ba51158d044578d395c561abd382335c5342883d6588d94fb860c0025adab4df23b2c9c00638fe33816b609267ad80e2b6b04d6b7872db753b3ed3dba724bec6c02d5a40cca99e074682f0fc6e0db69a265e5b2757dafd5db7d8a9d5f00b94e6afe662b180b750bedbbb3ba03c52bee15be40b259471fca2fd32696d241d6f9dea3beac4054146e334969e4dae0ef929a4b762bd44612353dbe8275ed21b3f34bf9b38d64e7cfbd8aebf826bd40eb2cb2331b410ca7753c40250954fa8ad12c09e7a54e18a645ad1e501d93e540c6560e702e80e360def60ccab4fd18bc3a33a9ef798aa77ccd30a0175e35b1d6df6963a489322b149d673d920695294f0e6267a4a078c4ab4b2e2cfefb7e81f45f6dd7207e2c8b7e57ac9d988856fa8c0c4c6e49be3c4f9dc7aa078f76268f0be9e2af88a0fe658b243ded33b3836d559a1fb480278f82e546eec2666def860686e9abb898d80f018edb937f7a902238194a16be357e91fd86eaab3c19ae9446a27810dfe586f2d354e251c4afdd89af87421f943d7b9e12b6640897459bd988ef31960784c8072184456fa99d33c3978a0dfc5dd88bfe941da4681d6e31894f5100b2e6fdbd75e51f2f32a0bc00976721b453c5c670b04ca27c23232be7734c35f2898512c3138c78d42626693084826d195299fdb4467db31c79761e40112d1e47d8fe1b846bec1dc7f92d59d088af95a7d4b0d10b7ece85bf6aef12693c429e3df8f7f27289857e16005a233ac1c526afcfa2d4a82ffdd0d52724b3a635e4415d7c0fbcacd1c24294919ad8bd6edc2dcc7e8c66f5980b8483d50a9f5b2204d2f9fbfccffd578dd718b342a1443be5e4f18fbc10691c678ec837ea9a37c8456dde7e3f420bd61e918270b83c3f5c3f9495b33c7be6ea81b78df808cdd55862beb2ad246bf402cbc909", 0xc00) sendfile(r0, r1, 0x0, 0x10000) [ 2393.033309] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2393.052296] CPU: 1 PID: 26045 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2393.059684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2393.069040] Call Trace: [ 2393.069072] dump_stack+0x244/0x39d [ 2393.069100] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2393.069143] ? __video_do_ioctl+0x8b1/0x1050 [ 2393.075509] ? video_usercopy+0x5c1/0x1760 [ 2393.075518] ? video_ioctl2+0x2c/0x33 [ 2393.075530] ? do_vfs_ioctl+0x1de/0x1790 [ 2393.075544] warn_alloc.cold.116+0xb7/0x1bd [ 2393.075555] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2393.075568] ? zap_class+0x640/0x640 [ 2393.075593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2393.075614] ? check_preemption_disabled+0x48/0x280 [ 2393.075655] __vmalloc_node_range+0x472/0x750 [ 2393.075681] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2393.130292] ? vb2_vmalloc_alloc+0x123/0x380 [ 2393.134716] vmalloc_user+0x75/0x170 [ 2393.138470] ? vb2_vmalloc_alloc+0x123/0x380 [ 2393.142898] vb2_vmalloc_alloc+0x123/0x380 [ 2393.147169] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2393.152294] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2393.156656] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2393.161782] __vb2_queue_alloc+0x5e1/0xfa0 [ 2393.166088] ? vimc_cap_get_format+0x120/0x120 [ 2393.170699] vb2_core_create_bufs+0x401/0x8c0 [ 2393.175217] ? __vb2_queue_alloc+0xfa0/0xfa0 06:18:28 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:28 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r0, 0x0) [ 2393.179646] ? debug_smp_processor_id+0x1c/0x20 [ 2393.184329] ? perf_trace_lock+0x14d/0x7a0 [ 2393.188576] ? __save_stack_trace+0x8d/0xf0 [ 2393.192953] vb2_create_bufs+0x4b6/0x8f0 [ 2393.197056] ? v4l2_ioctl+0x154/0x1b0 [ 2393.200882] ? vb2_request_queue+0x120/0x120 [ 2393.205313] ? find_held_lock+0x36/0x1c0 [ 2393.209909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2393.215475] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2393.220084] v4l_create_bufs+0x152/0x230 [ 2393.224176] __video_do_ioctl+0x8b1/0x1050 [ 2393.228424] ? v4l_s_fmt+0x990/0x990 06:18:28 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x80040, 0x0) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000140)={0x92, @link_local}) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000200)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000040)={0x11}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000001c0)={0xfffbffff80000013}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000939ff4)={0x7}) epoll_pwait(r2, &(0x7f0000000080)=[{}], 0x69c, 0x0, 0x0, 0xfffffe2c) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x10040, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r5, 0xc0106407, &(0x7f00000000c0)={0x5, 0x5, 0x2, 0xfff}) [ 2393.232163] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2393.237709] video_usercopy+0x5c1/0x1760 [ 2393.241789] ? v4l_s_fmt+0x990/0x990 [ 2393.245528] ? v4l_enumstd+0x70/0x70 [ 2393.249261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2393.254822] ? find_held_lock+0x36/0x1c0 [ 2393.258914] ? __fget+0x4aa/0x740 [ 2393.262476] ? lock_downgrade+0x900/0x900 [ 2393.266642] ? check_preemption_disabled+0x48/0x280 [ 2393.271685] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2393.276648] ? kasan_check_read+0x11/0x20 06:18:28 executing program 0: setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000440), 0xfffffffffffffff5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0x10, 0x4001, 0x80000002) sendmsg(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@nl, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000000)="5500000018007f5300fe01b2a4a280930a602c0fffa8430291000000390009002b000c000b0000001900050000000000000008dc1338d54402009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f00000000c0)}, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000400)='/dev/input/mouse#\x00', 0x9, 0x4000) ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000480)) sync_file_range(r0, 0x3, 0x0, 0x1) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000380), &(0x7f00000003c0)=0x8) fchmodat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x100) r2 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x0, 0x2) setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f00000002c0)={@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x0, 0x4, 0x0, 0x4, {0xa, 0x4e24, 0x1, @empty, 0xb4}}}, {&(0x7f0000000240)=""/21, 0x15}, &(0x7f0000000280), 0x2e}, 0xa0) flock(r0, 0x0) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000800000000002004e22e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002004e220000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20ac14141800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e24ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081a32b5f339ad170c5dd00000002004e21ac1414bb0000000000000000000000000000000000a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x290) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080)=0x9, 0x4) [ 2393.280807] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2393.286110] ? rcu_softirq_qs+0x20/0x20 [ 2393.290120] ? __fget+0x4d1/0x740 [ 2393.293613] ? ksys_dup3+0x680/0x680 [ 2393.297337] ? __might_fault+0x12b/0x1e0 [ 2393.301387] ? video_usercopy+0x1760/0x1760 [ 2393.305695] video_ioctl2+0x2c/0x33 [ 2393.309325] v4l2_ioctl+0x154/0x1b0 [ 2393.312956] ? video_devdata+0xa0/0xa0 [ 2393.316854] do_vfs_ioctl+0x1de/0x1790 [ 2393.320752] ? ioctl_preallocate+0x300/0x300 [ 2393.325171] ? __fget_light+0x2e9/0x430 [ 2393.329160] ? fget_raw+0x20/0x20 [ 2393.332655] ? _copy_to_user+0xc8/0x110 [ 2393.336692] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2393.342281] ? put_timespec64+0x10f/0x1b0 [ 2393.346447] ? nsecs_to_jiffies+0x30/0x30 [ 2393.350622] ? do_syscall_64+0x9a/0x820 [ 2393.354620] ? do_syscall_64+0x9a/0x820 [ 2393.358617] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2393.363216] ? security_file_ioctl+0x94/0xc0 [ 2393.367666] ksys_ioctl+0xa9/0xd0 [ 2393.371166] __x64_sys_ioctl+0x73/0xb0 [ 2393.375090] do_syscall_64+0x1b9/0x820 [ 2393.379017] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2393.384410] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2393.389368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2393.394228] ? trace_hardirqs_on_caller+0x310/0x310 [ 2393.399278] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2393.404286] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2393.409314] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2393.414151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2393.419336] RIP: 0033:0x457669 06:18:28 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f000002c000)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000903000)='./file0\x00', 0x0, 0x100000, 0x0) r0 = syz_open_dev$swradio(&(0x7f00000006c0)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000700)={0x0, 0x401, 0x2, [0x4, 0x2]}, &(0x7f0000000740)=0xc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000780)={r1, @in={{0x2, 0x4e21, @empty}}, [0x5, 0x37aa, 0x7, 0x1, 0xfffffffffffffff8, 0x9, 0x9, 0xfffffffffffff7f4, 0x4, 0x3d7, 0x7, 0x7, 0x8, 0x3c4000000, 0x9]}, &(0x7f0000000880)=0x100) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x3080, 0x0) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="c7621ec24b54f5c24ed0d5ffdf14cba65da0a67bfeb2db55205b567b1c"], &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x182, 0x0) mkdirat(r2, &(0x7f0000000180)='./file0//ile0\x00', 0x4) mount(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='cgroup2\x00', 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0//ile0\x00', 0x6000, 0xffffffffffffffff) lstat(&(0x7f0000000280)='./file0//ile0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f00000004c0)=0xe8) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x800, &(0x7f0000000540)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1ff}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0xc00}}], [{@uid_lt={'uid<', r5}}, {@subj_user={'subj_user', 0x3d, 'cgroup2\x00'}}, {@appraise_type='appraise_type=imasig'}]}}) mount(0x0, &(0x7f0000000cc0)='./file0\x00', &(0x7f0000000d00)='proc\x00', 0x200001, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f0000000640)=""/19, &(0x7f0000000680)=0x13) [ 2393.422538] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2393.441426] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2393.449146] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2393.456424] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2393.463708] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2393.470989] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2393.478297] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2393.492671] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2393.543798] warn_alloc_show_mem: 1 callbacks suppressed [ 2393.543810] Mem-Info: [ 2393.543847] active_anon:116919 inactive_anon:213 isolated_anon:0 [ 2393.543847] active_file:965 inactive_file:3506 isolated_file:0 [ 2393.543847] unevictable:0 dirty:150 writeback:0 unstable:0 [ 2393.543847] slab_reclaimable:10537 slab_unreclaimable:120595 [ 2393.543847] mapped:52178 shmem:392 pagetables:1744 bounce:0 [ 2393.543847] free:1273171 free_pcp:1165 free_cma:0 [ 2393.551768] Node 0 active_anon:467676kB inactive_anon:852kB active_file:3860kB inactive_file:14024kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208712kB dirty:600kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 108544kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2393.616347] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2393.649182] lowmem_reserve[]: 0 2818 6321 6321 [ 2393.656686] Node 0 DMA32 free:2869892kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:924kB inactive_file:8920kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2680kB local_pcp:1336kB free_cma:0kB [ 2393.727785] lowmem_reserve[]: 0 0 3503 3503 [ 2393.738986] Node 0 Normal free:2210128kB min:37364kB low:46704kB high:56044kB active_anon:463552kB inactive_anon:864kB active_file:2968kB inactive_file:5164kB unevictable:0kB writepending:396kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8384kB pagetables:6792kB bounce:0kB free_pcp:2152kB local_pcp:1420kB free_cma:0kB [ 2393.772146] lowmem_reserve[]: 0 0 0 0 [ 2393.776157] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2393.792812] Node 0 DMA32: 35*4kB (UM) 59*8kB (UME) 64*16kB (UME) 59*32kB (UE) 67*64kB (UME) 70*128kB (UE) 61*256kB (UM) 52*512kB (UE) 49*1024kB (UME) 46*2048kB (UME) 651*4096kB (UM) = 2869892kB [ 2393.810946] Node 0 Normal: 13181*4kB (UME) 8314*8kB (UME) 1715*16kB (UME) 2433*32kB (UME) 1498*64kB (UME) 775*128kB (UM) 336*256kB (U) 147*512kB (U) 69*1024kB (U) 71*2048kB (U) 345*4096kB (UM) = 2210068kB [ 2393.851974] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2393.860910] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2393.882010] 4890 total pagecache pages [ 2393.886051] 0 pages in swap cache [ 2393.889616] Swap cache stats: add 0, delete 0, find 0/0 [ 2393.901950] Free swap = 0kB [ 2393.905128] Total swap = 0kB [ 2393.914100] 1965979 pages RAM [ 2393.923091] 0 pages HighMem/MovableOnly [ 2393.928504] 342853 pages reserved [ 2393.932433] 0 pages cma reserved [ 2393.936070] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2393.947880] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2393.953101] CPU: 1 PID: 26046 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2393.960478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2393.969838] Call Trace: [ 2393.972433] dump_stack+0x244/0x39d [ 2393.976168] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2393.981366] ? __video_do_ioctl+0x8b1/0x1050 [ 2393.985766] ? video_usercopy+0x5c1/0x1760 [ 2393.989989] ? video_ioctl2+0x2c/0x33 [ 2393.993793] ? do_vfs_ioctl+0x1de/0x1790 [ 2393.997863] warn_alloc.cold.116+0xb7/0x1bd [ 2394.002174] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2394.007009] ? zap_class+0x640/0x640 [ 2394.010814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2394.016391] ? check_preemption_disabled+0x48/0x280 [ 2394.021429] __vmalloc_node_range+0x472/0x750 [ 2394.025937] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2394.030990] ? vb2_vmalloc_alloc+0x123/0x380 [ 2394.035426] vmalloc_user+0x75/0x170 [ 2394.039143] ? vb2_vmalloc_alloc+0x123/0x380 [ 2394.043543] vb2_vmalloc_alloc+0x123/0x380 [ 2394.047786] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2394.052896] ? debug_mutex_wake_waiter+0x630/0x630 [ 2394.057812] ? mutex_destroy+0x200/0x200 [ 2394.061888] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2394.066221] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2394.071338] __vb2_queue_alloc+0x5e1/0xfa0 [ 2394.075596] ? vimc_cap_get_format+0x120/0x120 [ 2394.080169] vb2_core_create_bufs+0x401/0x8c0 [ 2394.084659] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2394.089057] ? debug_smp_processor_id+0x1c/0x20 [ 2394.093732] ? perf_trace_lock+0x14d/0x7a0 [ 2394.097972] ? __save_stack_trace+0x8d/0xf0 [ 2394.102314] vb2_create_bufs+0x4b6/0x8f0 [ 2394.106379] ? v4l2_ioctl+0x154/0x1b0 [ 2394.110186] ? vb2_request_queue+0x120/0x120 [ 2394.114596] ? find_held_lock+0x36/0x1c0 [ 2394.118663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2394.124236] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2394.128846] v4l_create_bufs+0x152/0x230 [ 2394.132913] __video_do_ioctl+0x8b1/0x1050 [ 2394.137141] ? v4l_s_fmt+0x990/0x990 [ 2394.140937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2394.146468] video_usercopy+0x5c1/0x1760 [ 2394.150531] ? v4l_s_fmt+0x990/0x990 [ 2394.154271] ? v4l_enumstd+0x70/0x70 [ 2394.157999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2394.163535] ? find_held_lock+0x36/0x1c0 [ 2394.167636] ? __fget+0x4aa/0x740 [ 2394.171125] ? lock_downgrade+0x900/0x900 [ 2394.175303] ? check_preemption_disabled+0x48/0x280 [ 2394.180314] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2394.185233] ? kasan_check_read+0x11/0x20 [ 2394.189370] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2394.194663] ? rcu_softirq_qs+0x20/0x20 [ 2394.198655] ? __fget+0x4d1/0x740 [ 2394.202103] ? ksys_dup3+0x680/0x680 [ 2394.205830] ? __might_fault+0x12b/0x1e0 [ 2394.209900] ? video_usercopy+0x1760/0x1760 [ 2394.214223] video_ioctl2+0x2c/0x33 [ 2394.217896] v4l2_ioctl+0x154/0x1b0 [ 2394.221532] ? video_devdata+0xa0/0xa0 [ 2394.225425] do_vfs_ioctl+0x1de/0x1790 [ 2394.229321] ? ioctl_preallocate+0x300/0x300 [ 2394.233718] ? __fget_light+0x2e9/0x430 [ 2394.237685] ? fget_raw+0x20/0x20 [ 2394.241132] ? _copy_to_user+0xc8/0x110 [ 2394.245095] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2394.250640] ? put_timespec64+0x10f/0x1b0 [ 2394.254864] ? nsecs_to_jiffies+0x30/0x30 [ 2394.259006] ? do_syscall_64+0x9a/0x820 [ 2394.262990] ? do_syscall_64+0x9a/0x820 [ 2394.266953] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2394.271554] ? security_file_ioctl+0x94/0xc0 [ 2394.275977] ksys_ioctl+0xa9/0xd0 [ 2394.279458] __x64_sys_ioctl+0x73/0xb0 [ 2394.283363] do_syscall_64+0x1b9/0x820 [ 2394.287249] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2394.292632] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2394.297561] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2394.302414] ? trace_hardirqs_on_caller+0x310/0x310 [ 2394.307418] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2394.312423] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2394.317445] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2394.322290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2394.327468] RIP: 0033:0x457669 [ 2394.330671] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2394.349557] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2394.357257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2394.364521] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2394.371788] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2394.379056] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2394.386314] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:18:29 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\fZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:29 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xeffdffffffffffff}]) 06:18:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:29 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f000002c000)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000903000)='./file0\x00', 0x0, 0x100000, 0x0) r0 = syz_open_dev$swradio(&(0x7f00000006c0)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000700)={0x0, 0x401, 0x2, [0x4, 0x2]}, &(0x7f0000000740)=0xc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000780)={r1, @in={{0x2, 0x4e21, @empty}}, [0x5, 0x37aa, 0x7, 0x1, 0xfffffffffffffff8, 0x9, 0x9, 0xfffffffffffff7f4, 0x4, 0x3d7, 0x7, 0x7, 0x8, 0x3c4000000, 0x9]}, &(0x7f0000000880)=0x100) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x3080, 0x0) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="c7621ec24b54f5c24ed0d5ffdf14cba65da0a67bfeb2db55205b567b1c"], &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x182, 0x0) mkdirat(r2, &(0x7f0000000180)='./file0//ile0\x00', 0x4) mount(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='cgroup2\x00', 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0//ile0\x00', 0x6000, 0xffffffffffffffff) lstat(&(0x7f0000000280)='./file0//ile0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f00000004c0)=0xe8) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x800, &(0x7f0000000540)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1ff}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0xc00}}], [{@uid_lt={'uid<', r5}}, {@subj_user={'subj_user', 0x3d, 'cgroup2\x00'}}, {@appraise_type='appraise_type=imasig'}]}}) mount(0x0, &(0x7f0000000cc0)='./file0\x00', &(0x7f0000000d00)='proc\x00', 0x200001, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f0000000640)=""/19, &(0x7f0000000680)=0x13) 06:18:29 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x6c000000, 0xffffffffffffffff]}}}) 06:18:29 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0xffffff7f]}}}) [ 2394.484389] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2394.492204] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2394.509707] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2394.517799] CPU: 1 PID: 26078 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2394.525207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 06:18:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2394.534574] Call Trace: [ 2394.534612] dump_stack+0x244/0x39d [ 2394.534640] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2394.534664] ? __video_do_ioctl+0x8b1/0x1050 [ 2394.534687] ? video_usercopy+0x5c1/0x1760 [ 2394.550467] ? video_ioctl2+0x2c/0x33 [ 2394.550486] ? do_vfs_ioctl+0x1de/0x1790 [ 2394.550511] warn_alloc.cold.116+0xb7/0x1bd [ 2394.550531] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2394.566960] ? zap_class+0x640/0x640 [ 2394.566987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2394.567008] ? check_preemption_disabled+0x48/0x280 [ 2394.567059] __vmalloc_node_range+0x472/0x750 [ 2394.575620] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2394.575642] ? vb2_vmalloc_alloc+0x123/0x380 [ 2394.575661] vmalloc_user+0x75/0x170 [ 2394.575680] ? vb2_vmalloc_alloc+0x123/0x380 [ 2394.586233] vb2_vmalloc_alloc+0x123/0x380 [ 2394.586268] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2394.586291] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2394.586309] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2394.586349] __vb2_queue_alloc+0x5e1/0xfa0 [ 2394.600275] ? vimc_cap_get_format+0x120/0x120 [ 2394.600294] vb2_core_create_bufs+0x401/0x8c0 [ 2394.600319] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2394.600340] ? debug_smp_processor_id+0x1c/0x20 [ 2394.608462] ? perf_trace_lock+0x14d/0x7a0 [ 2394.608482] ? __save_stack_trace+0x8d/0xf0 [ 2394.608527] vb2_create_bufs+0x4b6/0x8f0 [ 2394.615303] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2394.617871] ? v4l2_ioctl+0x154/0x1b0 [ 2394.617898] ? vb2_request_queue+0x120/0x120 [ 2394.617922] ? find_held_lock+0x36/0x1c0 06:18:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2394.617945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2394.627366] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2394.627392] v4l_create_bufs+0x152/0x230 [ 2394.627414] __video_do_ioctl+0x8b1/0x1050 [ 2394.627440] ? v4l_s_fmt+0x990/0x990 [ 2394.636268] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2394.649840] video_usercopy+0x5c1/0x1760 [ 2394.649859] ? v4l_s_fmt+0x990/0x990 [ 2394.649885] ? v4l_enumstd+0x70/0x70 [ 2394.649906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2394.670677] ? find_held_lock+0x36/0x1c0 [ 2394.670735] ? __fget+0x4aa/0x740 06:18:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2394.670753] ? lock_downgrade+0x900/0x900 [ 2394.670774] ? check_preemption_disabled+0x48/0x280 [ 2394.683059] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2394.683077] ? kasan_check_read+0x11/0x20 [ 2394.683095] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2394.693224] ? rcu_softirq_qs+0x20/0x20 [ 2394.701528] ? __fget+0x4d1/0x740 [ 2394.701554] ? ksys_dup3+0x680/0x680 [ 2394.701575] ? __might_fault+0x12b/0x1e0 [ 2394.710838] ? video_usercopy+0x1760/0x1760 [ 2394.710856] video_ioctl2+0x2c/0x33 [ 2394.710875] v4l2_ioctl+0x154/0x1b0 [ 2394.710895] ? video_devdata+0xa0/0xa0 [ 2394.721749] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2394.722369] do_vfs_ioctl+0x1de/0x1790 [ 2394.722394] ? ioctl_preallocate+0x300/0x300 [ 2394.722412] ? __fget_light+0x2e9/0x430 [ 2394.722429] ? fget_raw+0x20/0x20 [ 2394.722445] ? _copy_to_user+0xc8/0x110 [ 2394.722466] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2394.778549] ? put_timespec64+0x10f/0x1b0 [ 2394.778570] ? nsecs_to_jiffies+0x30/0x30 [ 2394.778601] ? do_syscall_64+0x9a/0x820 06:18:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff\xfe\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2394.778634] ? do_syscall_64+0x9a/0x820 [ 2394.785894] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2394.785917] ? security_file_ioctl+0x94/0xc0 [ 2394.785940] ksys_ioctl+0xa9/0xd0 [ 2394.785960] __x64_sys_ioctl+0x73/0xb0 [ 2394.819292] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2394.823185] do_syscall_64+0x1b9/0x820 [ 2394.823205] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2394.823240] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2394.823256] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2394.823277] ? trace_hardirqs_on_caller+0x310/0x310 [ 2394.823323] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2394.823374] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2394.864135] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2394.864162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2394.864191] RIP: 0033:0x457669 [ 2394.864210] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 06:18:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2394.873541] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2394.873557] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2394.873567] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2394.873577] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2394.873597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2394.873607] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2394.900626] warn_alloc_show_mem: 1 callbacks suppressed [ 2394.900632] Mem-Info: [ 2394.927097] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2394.931678] active_anon:116947 inactive_anon:214 isolated_anon:0 [ 2394.931678] active_file:975 inactive_file:3534 isolated_file:0 [ 2394.931678] unevictable:0 dirty:170 writeback:0 unstable:0 [ 2394.931678] slab_reclaimable:10538 slab_unreclaimable:120803 [ 2394.931678] mapped:52210 shmem:392 pagetables:1768 bounce:0 [ 2394.931678] free:1272954 free_pcp:1031 free_cma:0 [ 2395.012666] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:30 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfffffdef}]) [ 2395.065011] Node 0 active_anon:469860kB inactive_anon:856kB active_file:3900kB inactive_file:14136kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208840kB dirty:680kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2395.176925] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2395.223204] lowmem_reserve[]: 0 2818 6321 6321 [ 2395.228003] Node 0 DMA32 free:2869892kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:928kB inactive_file:8916kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2680kB local_pcp:1336kB free_cma:0kB [ 2395.257440] lowmem_reserve[]: 0 0 3503 3503 [ 2395.262061] Node 0 Normal free:2206832kB min:37364kB low:46704kB high:56044kB active_anon:465656kB inactive_anon:856kB active_file:2972kB inactive_file:5220kB unevictable:0kB writepending:476kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8416kB pagetables:6924kB bounce:0kB free_pcp:2160kB local_pcp:976kB free_cma:0kB [ 2395.294934] lowmem_reserve[]: 0 0 0 0 [ 2395.298904] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2395.323432] Node 0 DMA32: 35*4kB (UM) 59*8kB (UME) 64*16kB (UME) 59*32kB (UE) 67*64kB (UME) 70*128kB (UE) 61*256kB (UM) 52*512kB (UE) 49*1024kB (UME) 46*2048kB (UME) 651*4096kB (UM) = 2869892kB [ 2395.395320] Node 0 Normal: 13072*4kB (UE) 8036*8kB (UME) 1771*16kB (UME) 2443*32kB (UME) 1501*64kB (UME) 777*128kB (UME) 336*256kB (U) 146*512kB (U) 70*1024kB (U) 71*2048kB (U) 345*4096kB (UM) = 2209584kB [ 2395.427994] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2395.437354] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2395.446458] 4910 total pagecache pages [ 2395.450515] 0 pages in swap cache [ 2395.454531] Swap cache stats: add 0, delete 0, find 0/0 [ 2395.460044] Free swap = 0kB [ 2395.463518] Total swap = 0kB [ 2395.466696] 1965979 pages RAM [ 2395.470053] 0 pages HighMem/MovableOnly [ 2395.474450] 342853 pages reserved [ 2395.477915] 0 pages cma reserved [ 2395.483944] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2395.494900] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2395.500123] CPU: 1 PID: 26085 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2395.507491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2395.507500] Call Trace: [ 2395.507529] dump_stack+0x244/0x39d [ 2395.507555] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2395.507579] ? __video_do_ioctl+0x8b1/0x1050 [ 2395.507608] ? video_usercopy+0x5c1/0x1760 [ 2395.507633] ? video_ioctl2+0x2c/0x33 [ 2395.519570] ? do_vfs_ioctl+0x1de/0x1790 [ 2395.519608] warn_alloc.cold.116+0xb7/0x1bd [ 2395.519628] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2395.519654] ? zap_class+0x640/0x640 [ 2395.528480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2395.528502] ? check_preemption_disabled+0x48/0x280 [ 2395.528541] __vmalloc_node_range+0x472/0x750 [ 2395.537193] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2395.537215] ? vb2_vmalloc_alloc+0x123/0x380 [ 2395.537233] vmalloc_user+0x75/0x170 [ 2395.537252] ? vb2_vmalloc_alloc+0x123/0x380 [ 2395.545114] vb2_vmalloc_alloc+0x123/0x380 [ 2395.545136] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2395.545153] ? debug_mutex_wake_waiter+0x630/0x630 [ 2395.545168] ? mutex_destroy+0x200/0x200 [ 2395.545189] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2395.545208] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2395.554476] __vb2_queue_alloc+0x5e1/0xfa0 [ 2395.554520] ? vimc_cap_get_format+0x120/0x120 [ 2395.554539] vb2_core_create_bufs+0x401/0x8c0 [ 2395.563824] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2395.563846] ? debug_smp_processor_id+0x1c/0x20 [ 2395.563862] ? perf_trace_lock+0x14d/0x7a0 [ 2395.563881] ? __save_stack_trace+0x8d/0xf0 [ 2395.563923] vb2_create_bufs+0x4b6/0x8f0 [ 2395.573423] ? v4l2_ioctl+0x154/0x1b0 [ 2395.573463] ? vb2_request_queue+0x120/0x120 [ 2395.573486] ? find_held_lock+0x36/0x1c0 [ 2395.573517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2395.573556] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2395.573579] v4l_create_bufs+0x152/0x230 [ 2395.583024] __video_do_ioctl+0x8b1/0x1050 [ 2395.583068] ? v4l_s_fmt+0x990/0x990 [ 2395.583093] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2395.583123] video_usercopy+0x5c1/0x1760 [ 2395.583141] ? v4l_s_fmt+0x990/0x990 [ 2395.591256] ? v4l_enumstd+0x70/0x70 [ 2395.591278] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2395.591302] ? find_held_lock+0x36/0x1c0 [ 2395.591328] ? __fget+0x4aa/0x740 [ 2395.600664] ? lock_downgrade+0x900/0x900 [ 2395.600681] ? check_preemption_disabled+0x48/0x280 [ 2395.600703] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2395.600721] ? kasan_check_read+0x11/0x20 [ 2395.600740] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2395.609737] ? rcu_softirq_qs+0x20/0x20 [ 2395.609768] ? __fget+0x4d1/0x740 [ 2395.609793] ? ksys_dup3+0x680/0x680 [ 2395.609813] ? __might_fault+0x12b/0x1e0 [ 2395.619260] ? video_usercopy+0x1760/0x1760 [ 2395.619278] video_ioctl2+0x2c/0x33 [ 2395.619296] v4l2_ioctl+0x154/0x1b0 [ 2395.619313] ? video_devdata+0xa0/0xa0 [ 2395.619331] do_vfs_ioctl+0x1de/0x1790 [ 2395.628151] ? ioctl_preallocate+0x300/0x300 [ 2395.628169] ? __fget_light+0x2e9/0x430 [ 2395.628185] ? fget_raw+0x20/0x20 [ 2395.628206] ? _copy_to_user+0xc8/0x110 [ 2395.637097] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2395.637121] ? put_timespec64+0x10f/0x1b0 [ 2395.637140] ? nsecs_to_jiffies+0x30/0x30 [ 2395.637162] ? do_syscall_64+0x9a/0x820 [ 2395.646047] ? do_syscall_64+0x9a/0x820 [ 2395.646067] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2395.646089] ? security_file_ioctl+0x94/0xc0 [ 2395.646117] ksys_ioctl+0xa9/0xd0 [ 2395.654513] __x64_sys_ioctl+0x73/0xb0 [ 2395.654534] do_syscall_64+0x1b9/0x820 [ 2395.654551] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2395.654572] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2395.654597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2395.654635] ? trace_hardirqs_on_caller+0x310/0x310 [ 2395.662818] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2395.662839] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2395.662864] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2395.662889] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2395.662903] RIP: 0033:0x457669 [ 2395.662922] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2395.896713] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2395.904408] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2395.911680] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2395.918949] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2395.926205] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2395.933461] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2395.943128] Mem-Info: [ 2395.945576] active_anon:115874 inactive_anon:217 isolated_anon:0 [ 2395.945576] active_file:976 inactive_file:3531 isolated_file:0 [ 2395.945576] unevictable:0 dirty:170 writeback:0 unstable:0 [ 2395.945576] slab_reclaimable:10534 slab_unreclaimable:117682 [ 2395.945576] mapped:52200 shmem:392 pagetables:1712 bounce:0 [ 2395.945576] free:1277032 free_pcp:1260 free_cma:0 [ 2395.980293] Node 0 active_anon:463496kB inactive_anon:868kB active_file:3904kB inactive_file:14124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208800kB dirty:680kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 114688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2396.008854] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2396.035096] lowmem_reserve[]: 0 2818 6321 6321 [ 2396.039726] Node 0 DMA32 free:2869892kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:932kB inactive_file:8912kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2680kB local_pcp:1336kB free_cma:0kB [ 2396.068473] lowmem_reserve[]: 0 0 3503 3503 [ 2396.068497] Node 0 Normal free:2222328kB min:37364kB low:46704kB high:56044kB active_anon:463456kB inactive_anon:868kB active_file:2972kB inactive_file:5212kB unevictable:0kB writepending:476kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8448kB pagetables:6848kB bounce:0kB free_pcp:2356kB local_pcp:1200kB free_cma:0kB [ 2396.068544] lowmem_reserve[]: 0 0 0 0 [ 2396.103837] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2396.120334] Node 0 DMA32: 35*4kB (UM) 59*8kB (UME) 64*16kB (UME) 59*32kB (UE) 67*64kB (UME) 70*128kB (UE) 61*256kB (UM) 52*512kB (UE) 49*1024kB (UME) 46*2048kB (UME) 651*4096kB (UM) = 2869892kB 06:18:31 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x15Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:31 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\xff\xff\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:31 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f000002c000)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000903000)='./file0\x00', 0x0, 0x100000, 0x0) r0 = syz_open_dev$swradio(&(0x7f00000006c0)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000700)={0x0, 0x401, 0x2, [0x4, 0x2]}, &(0x7f0000000740)=0xc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000780)={r1, @in={{0x2, 0x4e21, @empty}}, [0x5, 0x37aa, 0x7, 0x1, 0xfffffffffffffff8, 0x9, 0x9, 0xfffffffffffff7f4, 0x4, 0x3d7, 0x7, 0x7, 0x8, 0x3c4000000, 0x9]}, &(0x7f0000000880)=0x100) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x3080, 0x0) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="c7621ec24b54f5c24ed0d5ffdf14cba65da0a67bfeb2db55205b567b1c"], &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x182, 0x0) mkdirat(r2, &(0x7f0000000180)='./file0//ile0\x00', 0x4) mount(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='cgroup2\x00', 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0//ile0\x00', 0x6000, 0xffffffffffffffff) lstat(&(0x7f0000000280)='./file0//ile0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f00000004c0)=0xe8) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x800, &(0x7f0000000540)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1ff}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0xc00}}], [{@uid_lt={'uid<', r5}}, {@subj_user={'subj_user', 0x3d, 'cgroup2\x00'}}, {@appraise_type='appraise_type=imasig'}]}}) mount(0x0, &(0x7f0000000cc0)='./file0\x00', &(0x7f0000000d00)='proc\x00', 0x200001, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f0000000640)=""/19, &(0x7f0000000680)=0x13) 06:18:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfffffffffffffdef}]) [ 2396.137864] Node 0 Normal: 13072*4kB (UE) 8049*8kB (UME) 1919*16kB (UME) 2479*32kB (UME) 1510*64kB (UME) 768*128kB (UME) 360*256kB (U) 147*512kB (U) 73*1024kB (U) 72*2048kB (UM) 345*4096kB (UM) = 2224408kB [ 2396.170731] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2396.188220] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2396.212172] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2396.231214] 4908 total pagecache pages [ 2396.239403] 0 pages in swap cache [ 2396.243433] Swap cache stats: add 0, delete 0, find 0/0 [ 2396.256995] Free swap = 0kB [ 2396.260131] Total swap = 0kB [ 2396.275065] 1965979 pages RAM [ 2396.288999] 0 pages HighMem/MovableOnly [ 2396.293095] 342853 pages reserved [ 2396.296577] 0 pages cma reserved 06:18:31 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x6c00, 0xffffffffffffffff]}}}) 06:18:31 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:31 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f000002c000)='./file0\x00', &(0x7f0000000500)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000903000)='./file0\x00', 0x0, 0x100000, 0x0) r0 = syz_open_dev$swradio(&(0x7f00000006c0)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000700)={0x0, 0x401, 0x2, [0x4, 0x2]}, &(0x7f0000000740)=0xc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000780)={r1, @in={{0x2, 0x4e21, @empty}}, [0x5, 0x37aa, 0x7, 0x1, 0xfffffffffffffff8, 0x9, 0x9, 0xfffffffffffff7f4, 0x4, 0x3d7, 0x7, 0x7, 0x8, 0x3c4000000, 0x9]}, &(0x7f0000000880)=0x100) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x3080, 0x0) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="c7621ec24b54f5c24ed0d5ffdf14cba65da0a67bfeb2db55205b567b1c"], &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x182, 0x0) mkdirat(r2, &(0x7f0000000180)='./file0//ile0\x00', 0x4) mount(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='cgroup2\x00', 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0//ile0\x00', 0x6000, 0xffffffffffffffff) lstat(&(0x7f0000000280)='./file0//ile0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f00000004c0)=0xe8) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x800, &(0x7f0000000540)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1ff}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0xc00}}], [{@uid_lt={'uid<', r5}}, {@subj_user={'subj_user', 0x3d, 'cgroup2\x00'}}, {@appraise_type='appraise_type=imasig'}]}}) mount(0x0, &(0x7f0000000cc0)='./file0\x00', &(0x7f0000000d00)='proc\x00', 0x200001, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f0000000640)=""/19, &(0x7f0000000680)=0x13) 06:18:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfcfdffffffffffff}]) 06:18:31 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x5]}}}) [ 2396.364916] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2396.402033] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 06:18:31 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2396.431019] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2396.436732] CPU: 1 PID: 26134 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2396.444141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2396.453502] Call Trace: [ 2396.456125] dump_stack+0x244/0x39d [ 2396.459778] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2396.464985] ? __video_do_ioctl+0x8b1/0x1050 [ 2396.469425] ? video_usercopy+0x5c1/0x1760 [ 2396.473708] ? video_ioctl2+0x2c/0x33 [ 2396.477538] ? do_vfs_ioctl+0x1de/0x1790 [ 2396.481631] warn_alloc.cold.116+0xb7/0x1bd [ 2396.485972] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2396.490837] ? zap_class+0x640/0x640 [ 2396.494574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2396.500143] ? check_preemption_disabled+0x48/0x280 [ 2396.505196] __vmalloc_node_range+0x472/0x750 [ 2396.509800] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2396.514837] ? vb2_vmalloc_alloc+0x123/0x380 [ 2396.519261] vmalloc_user+0x75/0x170 [ 2396.522990] ? vb2_vmalloc_alloc+0x123/0x380 [ 2396.527415] vb2_vmalloc_alloc+0x123/0x380 [ 2396.531684] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2396.536807] ? preempt_notifier_register+0x200/0x200 [ 2396.541921] ? __switch_to_asm+0x34/0x70 [ 2396.546000] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2396.550337] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2396.555453] __vb2_queue_alloc+0x5e1/0xfa0 [ 2396.559731] ? vimc_cap_get_format+0x120/0x120 [ 2396.564327] vb2_core_create_bufs+0x401/0x8c0 [ 2396.568852] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2396.573280] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2396.578093] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2396.582691] ? retint_kernel+0x2d/0x2d [ 2396.586604] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2396.591377] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2396.596838] ? retint_kernel+0x1b/0x2d [ 2396.600765] vb2_create_bufs+0x4b6/0x8f0 [ 2396.604851] ? vb2_request_queue+0x120/0x120 [ 2396.609308] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2396.613914] v4l_create_bufs+0x152/0x230 [ 2396.618013] __video_do_ioctl+0x8b1/0x1050 [ 2396.622293] ? v4l_s_fmt+0x990/0x990 [ 2396.626030] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2396.631598] video_usercopy+0x5c1/0x1760 [ 2396.635678] ? v4l_s_fmt+0x990/0x990 [ 2396.639428] ? v4l_enumstd+0x70/0x70 [ 2396.643157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2396.648712] ? find_held_lock+0x36/0x1c0 [ 2396.652798] ? __fget+0x4aa/0x740 [ 2396.656267] ? lock_downgrade+0x900/0x900 [ 2396.660432] ? check_preemption_disabled+0x48/0x280 [ 2396.665472] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2396.670415] ? kasan_check_read+0x11/0x20 [ 2396.674626] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2396.679919] ? rcu_softirq_qs+0x20/0x20 [ 2396.683928] ? __fget+0x4d1/0x740 [ 2396.687406] ? ksys_dup3+0x680/0x680 [ 2396.691156] ? __might_fault+0x12b/0x1e0 [ 2396.695233] ? video_usercopy+0x1760/0x1760 [ 2396.699568] video_ioctl2+0x2c/0x33 [ 2396.703215] v4l2_ioctl+0x154/0x1b0 [ 2396.706857] ? video_devdata+0xa0/0xa0 [ 2396.710766] do_vfs_ioctl+0x1de/0x1790 [ 2396.714675] ? ioctl_preallocate+0x300/0x300 [ 2396.719120] ? __fget_light+0x2e9/0x430 [ 2396.723136] ? fget_raw+0x20/0x20 [ 2396.726611] ? _copy_to_user+0xc8/0x110 [ 2396.730618] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2396.736181] ? put_timespec64+0x10f/0x1b0 [ 2396.740344] ? nsecs_to_jiffies+0x30/0x30 [ 2396.744533] ? do_syscall_64+0x9a/0x820 [ 2396.748534] ? do_syscall_64+0x9a/0x820 [ 2396.752533] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2396.757137] ? security_file_ioctl+0x94/0xc0 [ 2396.761568] ksys_ioctl+0xa9/0xd0 [ 2396.765045] __x64_sys_ioctl+0x73/0xb0 [ 2396.768964] do_syscall_64+0x1b9/0x820 [ 2396.772868] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2396.778258] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2396.783206] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2396.788083] ? trace_hardirqs_on_caller+0x310/0x310 [ 2396.793150] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2396.798183] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2396.803226] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2396.808086] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2396.813288] RIP: 0033:0x457669 [ 2396.816499] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2396.835408] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2396.843132] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2396.850409] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2396.857687] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2396.864967] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2396.872259] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:18:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x500000000000000}]) [ 2396.885761] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2396.894320] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2396.922103] syz-executor2 cpuset=syz2 mems_allowed=0 06:18:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2396.930285] CPU: 1 PID: 26133 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2396.937679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2396.947038] Call Trace: [ 2396.949662] dump_stack+0x244/0x39d [ 2396.953314] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2396.958543] ? __video_do_ioctl+0x8b1/0x1050 [ 2396.962983] ? video_usercopy+0x5c1/0x1760 [ 2396.967218] ? video_ioctl2+0x2c/0x33 [ 2396.971043] ? do_vfs_ioctl+0x1de/0x1790 [ 2396.975173] warn_alloc.cold.116+0xb7/0x1bd [ 2396.979533] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2396.984400] ? zap_class+0x640/0x640 [ 2396.984428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2396.984449] ? check_preemption_disabled+0x48/0x280 [ 2396.984487] __vmalloc_node_range+0x472/0x750 [ 2396.993730] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2396.993750] ? vb2_vmalloc_alloc+0x123/0x380 [ 2396.993769] vmalloc_user+0x75/0x170 [ 2396.993786] ? vb2_vmalloc_alloc+0x123/0x380 [ 2396.993804] vb2_vmalloc_alloc+0x123/0x380 [ 2397.000896] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2397.003322] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2397.003341] ? debug_mutex_wake_waiter+0x630/0x630 [ 2397.003356] ? mutex_destroy+0x200/0x200 [ 2397.003376] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2397.003394] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2397.003443] __vb2_queue_alloc+0x5e1/0xfa0 [ 2397.003502] ? vimc_cap_get_format+0x120/0x120 [ 2397.012915] vb2_core_create_bufs+0x401/0x8c0 [ 2397.012941] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2397.012961] ? debug_smp_processor_id+0x1c/0x20 [ 2397.012978] ? perf_trace_lock+0x14d/0x7a0 [ 2397.012998] ? __save_stack_trace+0x8d/0xf0 [ 2397.013040] vb2_create_bufs+0x4b6/0x8f0 [ 2397.021150] ? v4l2_ioctl+0x154/0x1b0 [ 2397.021177] ? vb2_request_queue+0x120/0x120 [ 2397.021203] ? find_held_lock+0x36/0x1c0 [ 2397.021222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2397.021244] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2397.114772] v4l_create_bufs+0x152/0x230 [ 2397.118859] __video_do_ioctl+0x8b1/0x1050 [ 2397.123161] ? v4l_s_fmt+0x990/0x990 [ 2397.126906] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2397.132463] video_usercopy+0x5c1/0x1760 [ 2397.136525] ? v4l_s_fmt+0x990/0x990 [ 2397.140262] ? v4l_enumstd+0x70/0x70 [ 2397.143999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2397.149552] ? find_held_lock+0x36/0x1c0 [ 2397.153621] ? __fget+0x4aa/0x740 [ 2397.157068] ? lock_downgrade+0x900/0x900 [ 2397.161206] ? check_preemption_disabled+0x48/0x280 [ 2397.166226] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2397.171164] ? kasan_check_read+0x11/0x20 [ 2397.175330] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2397.180608] ? rcu_softirq_qs+0x20/0x20 [ 2397.184629] ? __fget+0x4d1/0x740 [ 2397.188079] ? ksys_dup3+0x680/0x680 [ 2397.191800] ? __might_fault+0x12b/0x1e0 [ 2397.195875] ? video_usercopy+0x1760/0x1760 [ 2397.200203] video_ioctl2+0x2c/0x33 [ 2397.203853] v4l2_ioctl+0x154/0x1b0 [ 2397.207967] ? video_devdata+0xa0/0xa0 [ 2397.211869] do_vfs_ioctl+0x1de/0x1790 [ 2397.215779] ? ioctl_preallocate+0x300/0x300 [ 2397.220191] ? __fget_light+0x2e9/0x430 [ 2397.224172] ? fget_raw+0x20/0x20 [ 2397.227629] ? _copy_to_user+0xc8/0x110 [ 2397.231624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2397.237175] ? put_timespec64+0x10f/0x1b0 [ 2397.241334] ? nsecs_to_jiffies+0x30/0x30 [ 2397.245503] ? do_syscall_64+0x9a/0x820 [ 2397.249482] ? do_syscall_64+0x9a/0x820 [ 2397.253467] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2397.258060] ? security_file_ioctl+0x94/0xc0 [ 2397.262478] ksys_ioctl+0xa9/0xd0 [ 2397.265945] __x64_sys_ioctl+0x73/0xb0 [ 2397.269841] do_syscall_64+0x1b9/0x820 [ 2397.273736] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2397.279111] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2397.284047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2397.288902] ? trace_hardirqs_on_caller+0x310/0x310 [ 2397.293926] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2397.298950] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2397.303979] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2397.308835] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2397.314033] RIP: 0033:0x457669 [ 2397.317231] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2397.336135] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2397.343849] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2397.351126] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2397.358405] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2397.365677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2397.372946] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2397.384066] warn_alloc_show_mem: 1 callbacks suppressed [ 2397.384071] Mem-Info: [ 2397.394713] active_anon:116433 inactive_anon:217 isolated_anon:0 [ 2397.394713] active_file:1001 inactive_file:3530 isolated_file:0 [ 2397.394713] unevictable:0 dirty:184 writeback:0 unstable:0 [ 2397.394713] slab_reclaimable:10478 slab_unreclaimable:117937 [ 2397.394713] mapped:52223 shmem:392 pagetables:1738 bounce:0 [ 2397.394713] free:1276181 free_pcp:1309 free_cma:0 [ 2397.428888] Node 0 active_anon:465732kB inactive_anon:868kB active_file:4004kB inactive_file:14120kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208892kB dirty:736kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2397.457202] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2397.483418] lowmem_reserve[]: 0 2818 6321 6321 [ 2397.488018] Node 0 DMA32 free:2869892kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:932kB inactive_file:8912kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2680kB local_pcp:1336kB free_cma:0kB [ 2397.517455] lowmem_reserve[]: 0 0 3503 3503 [ 2397.521786] Node 0 Normal free:2219652kB min:37364kB low:46704kB high:56044kB active_anon:465692kB inactive_anon:868kB active_file:3072kB inactive_file:5208kB unevictable:0kB writepending:532kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8448kB pagetables:6952kB bounce:0kB free_pcp:2556kB local_pcp:1480kB free_cma:0kB [ 2397.551735] lowmem_reserve[]: 0 0 0 0 [ 2397.555676] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 06:18:32 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x10Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2397.580724] Node 0 DMA32: 35*4kB (UM) 59*8kB (UME) 64*16kB (UME) 59*32kB (UE) 67*64kB (UME) 70*128kB (UE) 61*256kB (UM) 52*512kB (UE) 49*1024kB (UME) 46*2048kB (UME) 651*4096kB (UM) = 2869892kB [ 2397.600706] Node 0 Normal: 13054*4kB (UME) 7835*8kB (UME) 1842*16kB (UME) 2429*32kB (UME) 1480*64kB (UME) 743*128kB (UME) 368*256kB (U) 151*512kB (U) 76*1024kB (U) 72*2048kB (U) 344*4096kB (UM) = 2217744kB [ 2397.620765] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2397.643101] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2397.656040] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2397.664914] 4943 total pagecache pages [ 2397.668829] 0 pages in swap cache [ 2397.672356] Swap cache stats: add 0, delete 0, find 0/0 [ 2397.677724] Free swap = 0kB [ 2397.677732] Total swap = 0kB [ 2397.677740] 1965979 pages RAM [ 2397.677746] 0 pages HighMem/MovableOnly 06:18:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfffffdfc}]) [ 2397.677752] 342853 pages reserved [ 2397.677759] 0 pages cma reserved [ 2397.678153] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2397.749745] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2397.808468] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2397.827084] CPU: 1 PID: 26134 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2397.834478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2397.843845] Call Trace: [ 2397.846455] dump_stack+0x244/0x39d [ 2397.850104] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2397.855353] ? __video_do_ioctl+0x8b1/0x1050 [ 2397.855370] ? video_usercopy+0x5c1/0x1760 [ 2397.855400] ? video_ioctl2+0x2c/0x33 [ 2397.855418] ? do_vfs_ioctl+0x1de/0x1790 [ 2397.855442] warn_alloc.cold.116+0xb7/0x1bd [ 2397.864100] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2397.864129] ? zap_class+0x640/0x640 [ 2397.864153] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2397.864172] ? check_preemption_disabled+0x48/0x280 [ 2397.864223] __vmalloc_node_range+0x472/0x750 [ 2397.864245] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2397.905017] ? vb2_vmalloc_alloc+0x123/0x380 [ 2397.909445] vmalloc_user+0x75/0x170 [ 2397.913171] ? vb2_vmalloc_alloc+0x123/0x380 [ 2397.917596] vb2_vmalloc_alloc+0x123/0x380 [ 2397.921838] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2397.926955] ? debug_mutex_wake_waiter+0x630/0x630 [ 2397.931899] ? mutex_destroy+0x200/0x200 [ 2397.935973] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2397.940370] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2397.945474] __vb2_queue_alloc+0x5e1/0xfa0 [ 2397.949722] ? vimc_cap_get_format+0x120/0x120 [ 2397.954307] vb2_core_create_bufs+0x401/0x8c0 [ 2397.958797] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2397.963209] ? debug_smp_processor_id+0x1c/0x20 [ 2397.967890] ? perf_trace_lock+0x14d/0x7a0 [ 2397.972155] ? __save_stack_trace+0x8d/0xf0 [ 2397.976495] vb2_create_bufs+0x4b6/0x8f0 [ 2397.980548] ? v4l2_ioctl+0x154/0x1b0 [ 2397.984357] ? vb2_request_queue+0x120/0x120 [ 2397.988775] ? find_held_lock+0x36/0x1c0 [ 2397.992839] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2397.998367] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2398.002965] v4l_create_bufs+0x152/0x230 [ 2398.007036] __video_do_ioctl+0x8b1/0x1050 [ 2398.011297] ? v4l_s_fmt+0x990/0x990 [ 2398.015047] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2398.020600] video_usercopy+0x5c1/0x1760 [ 2398.024674] ? v4l_s_fmt+0x990/0x990 [ 2398.028405] ? v4l_enumstd+0x70/0x70 [ 2398.032137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2398.037675] ? find_held_lock+0x36/0x1c0 [ 2398.041760] ? __fget+0x4aa/0x740 [ 2398.045204] ? lock_downgrade+0x900/0x900 [ 2398.049355] ? check_preemption_disabled+0x48/0x280 [ 2398.054408] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2398.059331] ? kasan_check_read+0x11/0x20 [ 2398.063518] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2398.068793] ? rcu_softirq_qs+0x20/0x20 [ 2398.072784] ? __fget+0x4d1/0x740 [ 2398.076259] ? ksys_dup3+0x680/0x680 [ 2398.079986] ? __might_fault+0x12b/0x1e0 [ 2398.084051] ? video_usercopy+0x1760/0x1760 [ 2398.088389] video_ioctl2+0x2c/0x33 [ 2398.092016] v4l2_ioctl+0x154/0x1b0 [ 2398.095664] ? video_devdata+0xa0/0xa0 [ 2398.099541] do_vfs_ioctl+0x1de/0x1790 [ 2398.103437] ? ioctl_preallocate+0x300/0x300 [ 2398.107865] ? __fget_light+0x2e9/0x430 [ 2398.111847] ? fget_raw+0x20/0x20 [ 2398.115302] ? _copy_to_user+0xc8/0x110 [ 2398.119281] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2398.124830] ? put_timespec64+0x10f/0x1b0 [ 2398.128973] ? nsecs_to_jiffies+0x30/0x30 [ 2398.133131] ? do_syscall_64+0x9a/0x820 [ 2398.137132] ? do_syscall_64+0x9a/0x820 [ 2398.141117] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2398.145693] ? security_file_ioctl+0x94/0xc0 [ 2398.150114] ksys_ioctl+0xa9/0xd0 [ 2398.153566] __x64_sys_ioctl+0x73/0xb0 [ 2398.157451] do_syscall_64+0x1b9/0x820 [ 2398.161367] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2398.166746] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2398.171687] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2398.176534] ? trace_hardirqs_on_caller+0x310/0x310 [ 2398.181553] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2398.186558] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2398.191575] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2398.196431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2398.201625] RIP: 0033:0x457669 [ 2398.204811] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2398.223713] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2398.231418] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2398.238699] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000004 [ 2398.245969] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2398.253245] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 06:18:33 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x4, 0xffffffffffffffff]}}}) 06:18:33 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) accept$unix(r0, &(0x7f0000000000), &(0x7f00000000c0)=0x6e) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x8804, 0x0) 06:18:33 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:33 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0xffffff7f00000000]}}}) 06:18:33 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x7000000}]) [ 2398.260504] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2398.339015] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2398.352682] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2398.400066] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2398.411436] CPU: 1 PID: 26171 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2398.418818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2398.428177] Call Trace: [ 2398.430784] dump_stack+0x244/0x39d [ 2398.434436] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2398.439649] ? __video_do_ioctl+0x8b1/0x1050 [ 2398.444075] ? video_usercopy+0x5c1/0x1760 [ 2398.448325] ? video_ioctl2+0x2c/0x33 [ 2398.452140] ? do_vfs_ioctl+0x1de/0x1790 [ 2398.456243] warn_alloc.cold.116+0xb7/0x1bd [ 2398.460598] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2398.465491] ? zap_class+0x640/0x640 [ 2398.469238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2398.474808] ? check_preemption_disabled+0x48/0x280 [ 2398.479862] __vmalloc_node_range+0x472/0x750 [ 2398.484381] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2398.489407] ? vb2_vmalloc_alloc+0x123/0x380 [ 2398.493828] vmalloc_user+0x75/0x170 [ 2398.497557] ? vb2_vmalloc_alloc+0x123/0x380 [ 2398.502098] vb2_vmalloc_alloc+0x123/0x380 [ 2398.506363] ? retint_kernel+0x2d/0x2d [ 2398.510264] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2398.515388] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2398.520511] __vb2_queue_alloc+0x5e1/0xfa0 [ 2398.524783] ? vimc_cap_get_format+0x120/0x120 [ 2398.529380] vb2_core_create_bufs+0x401/0x8c0 [ 2398.533928] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2398.538378] ? debug_smp_processor_id+0x1c/0x20 [ 2398.543060] ? perf_trace_lock+0x14d/0x7a0 [ 2398.547309] ? __save_stack_trace+0x8d/0xf0 [ 2398.551675] vb2_create_bufs+0x4b6/0x8f0 [ 2398.555744] ? v4l2_ioctl+0x154/0x1b0 [ 2398.559563] ? vb2_request_queue+0x120/0x120 [ 2398.564030] ? find_held_lock+0x36/0x1c0 [ 2398.568104] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2398.573667] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2398.578273] v4l_create_bufs+0x152/0x230 [ 2398.582355] __video_do_ioctl+0x8b1/0x1050 [ 2398.586625] ? v4l_s_fmt+0x990/0x990 [ 2398.590360] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2398.595917] video_usercopy+0x5c1/0x1760 [ 2398.599994] ? v4l_s_fmt+0x990/0x990 [ 2398.603733] ? v4l_enumstd+0x70/0x70 [ 2398.607459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2398.613035] ? find_held_lock+0x36/0x1c0 [ 2398.617124] ? __fget+0x4aa/0x740 [ 2398.620605] ? lock_downgrade+0x900/0x900 [ 2398.624768] ? check_preemption_disabled+0x48/0x280 [ 2398.629808] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2398.634752] ? kasan_check_read+0x11/0x20 [ 2398.638916] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2398.644204] ? rcu_softirq_qs+0x20/0x20 [ 2398.648209] ? __fget+0x4d1/0x740 [ 2398.651687] ? ksys_dup3+0x680/0x680 [ 2398.655433] ? __might_fault+0x12b/0x1e0 [ 2398.659512] ? video_usercopy+0x1760/0x1760 [ 2398.663876] video_ioctl2+0x2c/0x33 [ 2398.667521] v4l2_ioctl+0x154/0x1b0 [ 2398.671193] ? video_devdata+0xa0/0xa0 [ 2398.675100] do_vfs_ioctl+0x1de/0x1790 [ 2398.679014] ? ioctl_preallocate+0x300/0x300 [ 2398.683440] ? __fget_light+0x2e9/0x430 [ 2398.687438] ? fget_raw+0x20/0x20 [ 2398.690903] ? _copy_to_user+0xc8/0x110 [ 2398.694899] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2398.700444] ? put_timespec64+0x10f/0x1b0 [ 2398.704626] ? nsecs_to_jiffies+0x30/0x30 [ 2398.708787] ? do_syscall_64+0x9a/0x820 [ 2398.712772] ? do_syscall_64+0x9a/0x820 [ 2398.716750] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2398.721329] ? security_file_ioctl+0x94/0xc0 [ 2398.725744] ksys_ioctl+0xa9/0xd0 [ 2398.729212] __x64_sys_ioctl+0x73/0xb0 [ 2398.733091] do_syscall_64+0x1b9/0x820 [ 2398.736973] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2398.742325] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2398.747303] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2398.752164] ? trace_hardirqs_on_caller+0x310/0x310 [ 2398.757185] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2398.762190] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2398.767199] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2398.772069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2398.777272] RIP: 0033:0x457669 [ 2398.780467] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2398.799364] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2398.807072] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2398.814330] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2398.821596] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2398.828858] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2398.836157] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2398.844822] warn_alloc_show_mem: 1 callbacks suppressed 06:18:33 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2398.844828] Mem-Info: [ 2398.850244] active_anon:116431 inactive_anon:215 isolated_anon:0 [ 2398.850244] active_file:1001 inactive_file:3576 isolated_file:0 [ 2398.850244] unevictable:0 dirty:211 writeback:0 unstable:0 [ 2398.850244] slab_reclaimable:10476 slab_unreclaimable:121128 [ 2398.850244] mapped:52218 shmem:392 pagetables:1733 bounce:0 [ 2398.850244] free:1273030 free_pcp:1244 free_cma:0 06:18:34 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfe00}]) [ 2398.908789] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2398.909167] Node 0 active_anon:465652kB inactive_anon:864kB active_file:4004kB inactive_file:14312kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208868kB dirty:852kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 06:18:34 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:34 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\bZ\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:34 executing program 0: unshare(0x6c060000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$userio(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xf7c1, 0x0) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000180)={'security\x00'}, &(0x7f0000000140)=0x54) 06:18:34 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2399.017638] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:34 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfcfd}]) [ 2399.095444] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2399.122172] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2399.150426] IPVS: ftp: loaded support on port[0] = 21 [ 2399.191611] lowmem_reserve[]: 0 2818 6321 6321 [ 2399.206343] Node 0 DMA32 free:2869900kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:932kB inactive_file:8912kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2688kB local_pcp:1344kB free_cma:0kB [ 2399.288270] lowmem_reserve[]: 0 0 3503 3503 [ 2399.293468] Node 0 Normal free:2200680kB min:37364kB low:46704kB high:56044kB active_anon:463624kB inactive_anon:3564kB active_file:3072kB inactive_file:5400kB unevictable:0kB writepending:648kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8576kB pagetables:7084kB bounce:0kB free_pcp:1868kB local_pcp:1264kB free_cma:0kB [ 2399.366254] lowmem_reserve[]: 0 0 0 0 [ 2399.382072] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2399.411998] Node 0 DMA32: 35*4kB (UM) 58*8kB (UME) 63*16kB (UME) 58*32kB (UE) 66*64kB (UME) 69*128kB (UE) 60*256kB (UM) 51*512kB (UE) 48*1024kB (UME) 45*2048kB (UME) 652*4096kB (UM) = 2869900kB [ 2399.431987] Node 0 Normal: 13082*4kB (UE) 7278*8kB (UME) 1099*16kB (UME) 2171*32kB (UME) 1477*64kB (UME) 742*128kB (UME) 371*256kB (UE) 151*512kB (U) 76*1024kB (U) 74*2048kB (UM) 344*4096kB (UM) = 2197800kB [ 2399.476567] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2399.500922] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2399.517651] 7846 total pagecache pages [ 2399.528573] 0 pages in swap cache [ 2399.532347] Swap cache stats: add 0, delete 0, find 0/0 [ 2399.537945] Free swap = 0kB [ 2399.541181] Total swap = 0kB [ 2399.544713] 1965979 pages RAM [ 2399.548056] 0 pages HighMem/MovableOnly [ 2399.552309] 342853 pages reserved [ 2399.555989] 0 pages cma reserved [ 2399.559719] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2399.570911] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2399.576350] CPU: 0 PID: 26176 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2399.583725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2399.593083] Call Trace: [ 2399.595705] dump_stack+0x244/0x39d [ 2399.599363] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2399.604569] ? __video_do_ioctl+0x8b1/0x1050 [ 2399.609000] ? video_usercopy+0x5c1/0x1760 [ 2399.613242] ? video_ioctl2+0x2c/0x33 [ 2399.617057] ? do_vfs_ioctl+0x1de/0x1790 [ 2399.621136] warn_alloc.cold.116+0xb7/0x1bd [ 2399.625475] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2399.630335] ? zap_class+0x640/0x640 [ 2399.634066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2399.639632] ? check_preemption_disabled+0x48/0x280 [ 2399.644689] __vmalloc_node_range+0x472/0x750 [ 2399.649201] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2399.654231] ? vb2_vmalloc_alloc+0x123/0x380 [ 2399.658655] vmalloc_user+0x75/0x170 [ 2399.662378] ? vb2_vmalloc_alloc+0x123/0x380 [ 2399.666798] vb2_vmalloc_alloc+0x123/0x380 [ 2399.671033] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2399.676131] ? debug_mutex_wake_waiter+0x630/0x630 [ 2399.681051] ? mutex_destroy+0x200/0x200 [ 2399.685102] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2399.689415] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2399.694509] __vb2_queue_alloc+0x5e1/0xfa0 [ 2399.698748] ? vimc_cap_get_format+0x120/0x120 [ 2399.703318] vb2_core_create_bufs+0x401/0x8c0 [ 2399.707806] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2399.712204] ? debug_smp_processor_id+0x1c/0x20 [ 2399.716865] ? perf_trace_lock+0x14d/0x7a0 [ 2399.721089] ? __save_stack_trace+0x8d/0xf0 [ 2399.725437] vb2_create_bufs+0x4b6/0x8f0 [ 2399.729512] ? v4l2_ioctl+0x154/0x1b0 [ 2399.733319] ? vb2_request_queue+0x120/0x120 [ 2399.737739] ? find_held_lock+0x36/0x1c0 [ 2399.741807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2399.747334] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2399.751915] v4l_create_bufs+0x152/0x230 [ 2399.755971] __video_do_ioctl+0x8b1/0x1050 [ 2399.760219] ? v4l_s_fmt+0x990/0x990 [ 2399.763934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2399.769479] video_usercopy+0x5c1/0x1760 [ 2399.773532] ? v4l_s_fmt+0x990/0x990 [ 2399.777242] ? v4l_enumstd+0x70/0x70 [ 2399.780948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2399.786482] ? find_held_lock+0x36/0x1c0 [ 2399.790540] ? __fget+0x4aa/0x740 [ 2399.793984] ? lock_downgrade+0x900/0x900 [ 2399.798126] ? check_preemption_disabled+0x48/0x280 [ 2399.803136] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2399.808055] ? kasan_check_read+0x11/0x20 [ 2399.812190] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2399.817457] ? rcu_softirq_qs+0x20/0x20 [ 2399.821427] ? __fget+0x4d1/0x740 [ 2399.824875] ? ksys_dup3+0x680/0x680 [ 2399.828597] ? __might_fault+0x12b/0x1e0 [ 2399.832665] ? video_usercopy+0x1760/0x1760 [ 2399.836975] video_ioctl2+0x2c/0x33 [ 2399.840599] v4l2_ioctl+0x154/0x1b0 [ 2399.844244] ? video_devdata+0xa0/0xa0 [ 2399.848134] do_vfs_ioctl+0x1de/0x1790 [ 2399.852056] ? ioctl_preallocate+0x300/0x300 [ 2399.856456] ? __fget_light+0x2e9/0x430 [ 2399.860418] ? fget_raw+0x20/0x20 [ 2399.863858] ? _copy_to_user+0xc8/0x110 [ 2399.867845] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2399.873387] ? put_timespec64+0x10f/0x1b0 [ 2399.877536] ? nsecs_to_jiffies+0x30/0x30 [ 2399.881674] ? do_syscall_64+0x9a/0x820 [ 2399.885651] ? do_syscall_64+0x9a/0x820 [ 2399.889627] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2399.894200] ? security_file_ioctl+0x94/0xc0 [ 2399.898612] ksys_ioctl+0xa9/0xd0 [ 2399.902059] __x64_sys_ioctl+0x73/0xb0 [ 2399.905938] do_syscall_64+0x1b9/0x820 [ 2399.909813] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2399.915183] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2399.920135] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2399.924970] ? trace_hardirqs_on_caller+0x310/0x310 [ 2399.929975] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2399.934981] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2399.939991] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2399.944826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2399.950002] RIP: 0033:0x457669 [ 2399.953213] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2399.972131] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2399.979822] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2399.987084] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2399.994346] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2400.001605] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2400.008877] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2400.022871] Mem-Info: [ 2400.025439] active_anon:115911 inactive_anon:3086 isolated_anon:0 [ 2400.025439] active_file:1001 inactive_file:3587 isolated_file:0 [ 2400.025439] unevictable:0 dirty:222 writeback:0 unstable:0 [ 2400.025439] slab_reclaimable:10476 slab_unreclaimable:121532 [ 2400.025439] mapped:55096 shmem:3262 pagetables:1740 bounce:0 [ 2400.025439] free:1270251 free_pcp:1202 free_cma:0 [ 2400.059738] Node 0 active_anon:463644kB inactive_anon:12344kB active_file:4004kB inactive_file:14348kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:220384kB dirty:888kB writeback:0kB shmem:13048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 114688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2400.089839] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2400.116318] lowmem_reserve[]: 0 2818 6321 6321 [ 2400.121062] Node 0 DMA32 free:2869900kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:932kB inactive_file:8912kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2696kB local_pcp:1344kB free_cma:0kB [ 2400.152483] lowmem_reserve[]: 0 0 3503 3503 [ 2400.157084] Node 0 Normal free:2203252kB min:37364kB low:46704kB high:56044kB active_anon:474404kB inactive_anon:1044kB active_file:3072kB inactive_file:5436kB unevictable:0kB writepending:684kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8544kB pagetables:6960kB bounce:0kB free_pcp:2396kB local_pcp:948kB free_cma:0kB [ 2400.187208] lowmem_reserve[]: 0 0 0 0 [ 2400.191070] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2400.191554] IPVS: ftp: loaded support on port[0] = 21 [ 2400.204939] Node 0 DMA32: 35*4kB (UM) 54*8kB (UME) 59*16kB (UME) 54*32kB (UE) 62*64kB (UME) 65*128kB (UE) 56*256kB (UM) 47*512kB (UE) 44*1024kB (UME) 41*2048kB (UME) 656*4096kB (UM) = 2869932kB [ 2400.228009] Node 0 Normal: 13254*4kB (UME) 7903*8kB (UME) 1397*16kB (UME) 2175*32kB (UME) 1476*64kB (UME) 741*128kB (UME) 372*256kB (UE) 151*512kB (U) 76*1024kB (U) 74*2048kB (UM) 344*4096kB (UM) = 2208448kB [ 2400.246948] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2400.255956] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2400.255964] 5725 total pagecache pages [ 2400.255982] 0 pages in swap cache [ 2400.255993] Swap cache stats: add 0, delete 0, find 0/0 [ 2400.255999] Free swap = 0kB 06:18:35 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x2000480000000000, 0xffffffffffffffff]}}}) 06:18:35 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:35 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfffffffffffffdfc}]) [ 2400.256005] Total swap = 0kB [ 2400.256013] 1965979 pages RAM [ 2400.256019] 0 pages HighMem/MovableOnly [ 2400.256025] 342853 pages reserved [ 2400.256031] 0 pages cma reserved [ 2400.321656] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 06:18:35 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x3f00000000000000]}}}) [ 2400.334054] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2400.354432] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2400.363667] CPU: 0 PID: 26217 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2400.371054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2400.380420] Call Trace: [ 2400.383026] dump_stack+0x244/0x39d [ 2400.383055] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2400.383081] ? __video_do_ioctl+0x8b1/0x1050 [ 2400.396290] ? video_usercopy+0x5c1/0x1760 [ 2400.400543] ? video_ioctl2+0x2c/0x33 [ 2400.400562] ? do_vfs_ioctl+0x1de/0x1790 [ 2400.400599] warn_alloc.cold.116+0xb7/0x1bd [ 2400.408456] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2400.408480] ? zap_class+0x640/0x640 [ 2400.408509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.417661] ? check_preemption_disabled+0x48/0x280 [ 2400.417701] __vmalloc_node_range+0x472/0x750 [ 2400.426934] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2400.426955] ? vb2_vmalloc_alloc+0x123/0x380 [ 2400.426975] vmalloc_user+0x75/0x170 [ 2400.426995] ? vb2_vmalloc_alloc+0x123/0x380 [ 2400.436495] vb2_vmalloc_alloc+0x123/0x380 [ 2400.436516] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2400.436538] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2400.445945] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2400.445965] __vb2_queue_alloc+0x5e1/0xfa0 [ 2400.446008] ? vimc_cap_get_format+0x120/0x120 [ 2400.446027] vb2_core_create_bufs+0x401/0x8c0 [ 2400.454138] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2400.454161] ? debug_smp_processor_id+0x1c/0x20 [ 2400.454183] ? perf_trace_lock+0x14d/0x7a0 [ 2400.463500] ? __save_stack_trace+0x8d/0xf0 [ 2400.463547] vb2_create_bufs+0x4b6/0x8f0 [ 2400.463566] ? v4l2_ioctl+0x154/0x1b0 [ 2400.472993] ? vb2_request_queue+0x120/0x120 [ 2400.473019] ? find_held_lock+0x36/0x1c0 [ 2400.473038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.473060] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2400.481868] v4l_create_bufs+0x152/0x230 [ 2400.481892] __video_do_ioctl+0x8b1/0x1050 [ 2400.481920] ? v4l_s_fmt+0x990/0x990 [ 2400.481944] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2400.490838] video_usercopy+0x5c1/0x1760 [ 2400.490857] ? v4l_s_fmt+0x990/0x990 [ 2400.490881] ? v4l_enumstd+0x70/0x70 [ 2400.499788] ? kasan_check_read+0x11/0x20 [ 2400.499807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.499829] ? find_held_lock+0x36/0x1c0 [ 2400.508204] ? __fget+0x4aa/0x740 [ 2400.508230] ? lock_downgrade+0x900/0x900 [ 2400.516423] ? check_preemption_disabled+0x48/0x280 [ 2400.516445] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2400.516465] ? kasan_check_read+0x11/0x20 [ 2400.526040] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2400.526057] ? rcu_softirq_qs+0x20/0x20 [ 2400.526087] ? __fget+0x4d1/0x740 [ 2400.526111] ? ksys_dup3+0x680/0x680 [ 2400.534762] ? __might_fault+0x12b/0x1e0 [ 2400.534783] ? video_usercopy+0x1760/0x1760 [ 2400.534815] video_ioctl2+0x2c/0x33 [ 2400.534833] v4l2_ioctl+0x154/0x1b0 [ 2400.534851] ? video_devdata+0xa0/0xa0 [ 2400.542783] do_vfs_ioctl+0x1de/0x1790 [ 2400.542808] ? ioctl_preallocate+0x300/0x300 [ 2400.542825] ? __fget_light+0x2e9/0x430 [ 2400.542842] ? fget_raw+0x20/0x20 [ 2400.542862] ? _copy_to_user+0xc8/0x110 [ 2400.552471] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2400.552489] ? put_timespec64+0x10f/0x1b0 [ 2400.552522] ? nsecs_to_jiffies+0x30/0x30 [ 2400.552558] ? do_syscall_64+0x9a/0x820 [ 2400.552576] ? do_syscall_64+0x9a/0x820 [ 2400.560003] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2400.560025] ? security_file_ioctl+0x94/0xc0 [ 2400.560045] ksys_ioctl+0xa9/0xd0 [ 2400.569720] __x64_sys_ioctl+0x73/0xb0 [ 2400.569741] do_syscall_64+0x1b9/0x820 [ 2400.569762] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2400.577256] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2400.577271] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2400.577292] ? trace_hardirqs_on_caller+0x310/0x310 [ 2400.586450] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2400.586471] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2400.586495] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2400.586534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2400.595625] RIP: 0033:0x457669 [ 2400.595645] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2400.595660] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2400.604891] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2400.604902] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2400.604911] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2400.604921] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2400.604936] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2400.617046] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2400.624777] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2400.632601] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2400.662287] CPU: 0 PID: 26221 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 06:18:36 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x800000000000000}]) [ 2400.670208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2400.670216] Call Trace: [ 2400.670240] dump_stack+0x244/0x39d [ 2400.670264] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2400.670284] ? __video_do_ioctl+0x8b1/0x1050 [ 2400.670304] ? video_usercopy+0x5c1/0x1760 [ 2400.678842] ? video_ioctl2+0x2c/0x33 [ 2400.678861] ? do_vfs_ioctl+0x1de/0x1790 [ 2400.678887] warn_alloc.cold.116+0xb7/0x1bd [ 2400.678906] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2400.678928] ? zap_class+0x640/0x640 [ 2400.686779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.686801] ? check_preemption_disabled+0x48/0x280 [ 2400.686841] __vmalloc_node_range+0x472/0x750 [ 2400.686865] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2400.694634] ? vb2_vmalloc_alloc+0x123/0x380 [ 2400.694655] vmalloc_user+0x75/0x170 [ 2400.694672] ? vb2_vmalloc_alloc+0x123/0x380 [ 2400.694690] vb2_vmalloc_alloc+0x123/0x380 [ 2400.694710] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2400.694728] ? debug_mutex_wake_waiter+0x630/0x630 [ 2400.694746] ? mutex_destroy+0x200/0x200 [ 2400.705023] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2400.705043] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2400.705064] __vb2_queue_alloc+0x5e1/0xfa0 [ 2400.705104] ? vimc_cap_get_format+0x120/0x120 [ 2400.714946] vb2_core_create_bufs+0x401/0x8c0 [ 2400.714973] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2400.714994] ? debug_smp_processor_id+0x1c/0x20 [ 2400.715011] ? perf_trace_lock+0x14d/0x7a0 [ 2400.715030] ? __save_stack_trace+0x8d/0xf0 [ 2400.715072] vb2_create_bufs+0x4b6/0x8f0 [ 2400.725073] ? v4l2_ioctl+0x154/0x1b0 [ 2400.725100] ? vb2_request_queue+0x120/0x120 [ 2400.725124] ? find_held_lock+0x36/0x1c0 [ 2400.725143] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.725167] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2400.725192] v4l_create_bufs+0x152/0x230 [ 2400.725213] __video_do_ioctl+0x8b1/0x1050 [ 2400.735240] ? v4l_s_fmt+0x990/0x990 [ 2400.735268] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2400.735293] video_usercopy+0x5c1/0x1760 [ 2400.735311] ? v4l_s_fmt+0x990/0x990 [ 2400.735335] ? v4l_enumstd+0x70/0x70 [ 2400.757418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.757443] ? find_held_lock+0x36/0x1c0 [ 2400.757471] ? __fget+0x4aa/0x740 [ 2400.757495] ? lock_downgrade+0x900/0x900 [ 2400.772464] ? check_preemption_disabled+0x48/0x280 [ 2400.772487] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2400.772506] ? kasan_check_read+0x11/0x20 [ 2400.772522] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2400.772538] ? rcu_softirq_qs+0x20/0x20 [ 2400.772565] ? __fget+0x4d1/0x740 [ 2400.787092] ? ksys_dup3+0x680/0x680 [ 2400.787113] ? __might_fault+0x12b/0x1e0 [ 2400.787136] ? video_usercopy+0x1760/0x1760 [ 2400.787153] video_ioctl2+0x2c/0x33 [ 2400.787171] v4l2_ioctl+0x154/0x1b0 [ 2400.787188] ? video_devdata+0xa0/0xa0 [ 2400.787208] do_vfs_ioctl+0x1de/0x1790 [ 2400.801745] ? ioctl_preallocate+0x300/0x300 [ 2400.801764] ? __fget_light+0x2e9/0x430 [ 2400.801782] ? fget_raw+0x20/0x20 [ 2400.801798] ? _copy_to_user+0xc8/0x110 [ 2400.801820] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2400.820779] ? put_timespec64+0x10f/0x1b0 [ 2400.820800] ? nsecs_to_jiffies+0x30/0x30 [ 2400.820822] ? do_syscall_64+0x9a/0x820 06:18:36 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:36 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x19Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2400.820841] ? do_syscall_64+0x9a/0x820 [ 2400.833287] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2400.833311] ? security_file_ioctl+0x94/0xc0 [ 2400.833332] ksys_ioctl+0xa9/0xd0 [ 2400.833354] __x64_sys_ioctl+0x73/0xb0 [ 2400.833374] do_syscall_64+0x1b9/0x820 [ 2400.833392] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2400.833413] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2400.845336] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2400.845359] ? trace_hardirqs_on_caller+0x310/0x310 [ 2400.845378] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2400.845397] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2400.845421] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2400.854224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2400.854240] RIP: 0033:0x457669 [ 2400.854259] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2400.854268] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:18:36 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2400.854285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2400.854295] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2400.854305] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2400.854315] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2400.854330] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2400.874880] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2400.885499] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2400.896991] CPU: 0 PID: 26217 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2400.916577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2400.925900] Call Trace: [ 2400.925924] dump_stack+0x244/0x39d [ 2400.925947] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2400.925968] ? __video_do_ioctl+0x8b1/0x1050 [ 2400.925988] ? video_usercopy+0x5c1/0x1760 [ 2400.939262] ? video_ioctl2+0x2c/0x33 [ 2400.939281] ? do_vfs_ioctl+0x1de/0x1790 [ 2400.939307] warn_alloc.cold.116+0xb7/0x1bd [ 2400.939332] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2400.957726] ? zap_class+0x640/0x640 [ 2400.957753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.957773] ? check_preemption_disabled+0x48/0x280 [ 2400.957811] __vmalloc_node_range+0x472/0x750 [ 2400.975405] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2400.975427] ? vb2_vmalloc_alloc+0x123/0x380 [ 2400.975447] vmalloc_user+0x75/0x170 [ 2400.975464] ? vb2_vmalloc_alloc+0x123/0x380 [ 2400.975481] vb2_vmalloc_alloc+0x123/0x380 [ 2400.975500] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 06:18:36 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2400.987782] ? debug_mutex_wake_waiter+0x630/0x630 [ 2400.987798] ? mutex_destroy+0x200/0x200 [ 2400.987819] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2400.987837] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2400.987856] __vb2_queue_alloc+0x5e1/0xfa0 [ 2400.997464] ? vimc_cap_get_format+0x120/0x120 [ 2400.997482] vb2_core_create_bufs+0x401/0x8c0 [ 2400.997506] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2401.014059] ? debug_smp_processor_id+0x1c/0x20 [ 2401.014079] ? perf_trace_lock+0x14d/0x7a0 [ 2401.014098] ? __save_stack_trace+0x8d/0xf0 [ 2401.014140] vb2_create_bufs+0x4b6/0x8f0 [ 2401.023704] ? v4l2_ioctl+0x154/0x1b0 [ 2401.023729] ? vb2_request_queue+0x120/0x120 [ 2401.023754] ? find_held_lock+0x36/0x1c0 [ 2401.023773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2401.023796] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2401.036735] v4l_create_bufs+0x152/0x230 [ 2401.036759] __video_do_ioctl+0x8b1/0x1050 [ 2401.036786] ? v4l_s_fmt+0x990/0x990 [ 2401.053434] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2401.053461] video_usercopy+0x5c1/0x1760 [ 2401.053480] ? v4l_s_fmt+0x990/0x990 [ 2401.053506] ? v4l_enumstd+0x70/0x70 [ 2401.053529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2401.062603] ? find_held_lock+0x36/0x1c0 [ 2401.062638] ? __fget+0x4aa/0x740 [ 2401.062658] ? lock_downgrade+0x900/0x900 [ 2401.062676] ? check_preemption_disabled+0x48/0x280 [ 2401.062697] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2401.071934] ? kasan_check_read+0x11/0x20 [ 2401.071966] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2401.071983] ? rcu_softirq_qs+0x20/0x20 [ 2401.072012] ? __fget+0x4d1/0x740 [ 2401.072051] ? ksys_dup3+0x680/0x680 [ 2401.072086] ? __might_fault+0x12b/0x1e0 [ 2401.079344] ? video_usercopy+0x1760/0x1760 [ 2401.079362] video_ioctl2+0x2c/0x33 [ 2401.079380] v4l2_ioctl+0x154/0x1b0 [ 2401.079398] ? video_devdata+0xa0/0xa0 [ 2401.087764] do_vfs_ioctl+0x1de/0x1790 [ 2401.087789] ? ioctl_preallocate+0x300/0x300 [ 2401.087807] ? __fget_light+0x2e9/0x430 [ 2401.087824] ? fget_raw+0x20/0x20 [ 2401.087849] ? _copy_to_user+0xc8/0x110 [ 2401.095091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2401.095109] ? put_timespec64+0x10f/0x1b0 [ 2401.095128] ? nsecs_to_jiffies+0x30/0x30 [ 2401.095150] ? do_syscall_64+0x9a/0x820 [ 2401.095166] ? do_syscall_64+0x9a/0x820 [ 2401.095185] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2401.095207] ? security_file_ioctl+0x94/0xc0 [ 2401.107359] ksys_ioctl+0xa9/0xd0 [ 2401.107383] __x64_sys_ioctl+0x73/0xb0 [ 2401.107403] do_syscall_64+0x1b9/0x820 [ 2401.107424] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2401.114844] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2401.114861] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2401.114883] ? trace_hardirqs_on_caller+0x310/0x310 [ 2401.114902] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2401.114922] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2401.114945] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2401.124441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2401.124457] RIP: 0033:0x457669 [ 2401.124476] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2401.124492] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2401.132788] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2401.132798] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000004 [ 2401.132809] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2401.132819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2401.132829] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2401.177973] warn_alloc_show_mem: 2 callbacks suppressed [ 2401.177978] Mem-Info: [ 2401.197850] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2401.210698] active_anon:116444 inactive_anon:274 isolated_anon:0 [ 2401.210698] active_file:1001 inactive_file:3608 isolated_file:0 [ 2401.210698] unevictable:0 dirty:250 writeback:0 unstable:0 [ 2401.210698] slab_reclaimable:10457 slab_unreclaimable:119407 [ 2401.210698] mapped:52302 shmem:450 pagetables:1784 bounce:0 [ 2401.210698] free:1274461 free_pcp:1306 free_cma:0 [ 2401.295490] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2401.309660] Node 0 active_anon:465788kB inactive_anon:1096kB active_file:4004kB inactive_file:14432kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209308kB dirty:1000kB writeback:0kB shmem:1800kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 114688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2401.325824] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2401.364678] lowmem_reserve[]: 0 2818 6321 6321 [ 2401.418124] Node 0 DMA32 free:2869932kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:932kB inactive_file:8912kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2696kB local_pcp:1344kB free_cma:0kB [ 2401.427379] lowmem_reserve[]: 0 0 3503 3503 [ 2401.441714] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2401.444079] Node 0 Normal free:2209732kB min:37364kB low:46704kB high:56044kB active_anon:467868kB inactive_anon:1096kB active_file:3072kB inactive_file:5620kB unevictable:0kB writepending:796kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8544kB pagetables:7136kB bounce:0kB free_pcp:2304kB local_pcp:1156kB free_cma:0kB [ 2401.665324] lowmem_reserve[]: 0 0 0 0 [ 2401.715665] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2401.728841] Node 0 DMA32: 35*4kB (UM) 54*8kB (UME) 59*16kB (UME) 54*32kB (UE) 62*64kB (UME) 65*128kB (UE) 56*256kB (UM) 47*512kB (UE) 44*1024kB (UME) 41*2048kB (UME) 656*4096kB (UM) = 2869932kB [ 2401.737301] Node 0 Normal: 13237*4kB (UME) 7969*8kB (UME) 1727*16kB (UME) 2213*32kB (UME) 1473*64kB (UME) 740*128kB (UME) 375*256kB (UE) 151*512kB (U) 76*1024kB (U) 74*2048kB (UM) 344*4096kB (UM) = 2215852kB [ 2401.785265] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2401.849782] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2401.917878] 5085 total pagecache pages [ 2401.935608] 0 pages in swap cache [ 2401.981388] Swap cache stats: add 0, delete 0, find 0/0 [ 2402.001623] Free swap = 0kB [ 2402.004872] Total swap = 0kB [ 2402.010262] 1965979 pages RAM [ 2402.015810] 0 pages HighMem/MovableOnly [ 2402.024360] 342853 pages reserved [ 2402.031294] 0 pages cma reserved [ 2402.038656] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2402.055355] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2402.060598] CPU: 0 PID: 26221 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2402.067975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2402.077329] Call Trace: [ 2402.079954] dump_stack+0x244/0x39d [ 2402.083637] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2402.088841] ? __video_do_ioctl+0x8b1/0x1050 [ 2402.093258] ? video_usercopy+0x5c1/0x1760 [ 2402.097499] ? video_ioctl2+0x2c/0x33 [ 2402.101317] ? do_vfs_ioctl+0x1de/0x1790 [ 2402.105407] warn_alloc.cold.116+0xb7/0x1bd [ 2402.109745] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2402.114620] ? zap_class+0x640/0x640 [ 2402.118358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2402.123911] ? check_preemption_disabled+0x48/0x280 [ 2402.128964] __vmalloc_node_range+0x472/0x750 [ 2402.133491] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2402.138523] ? vb2_vmalloc_alloc+0x123/0x380 [ 2402.142943] vmalloc_user+0x75/0x170 [ 2402.146670] ? vb2_vmalloc_alloc+0x123/0x380 [ 2402.151091] vb2_vmalloc_alloc+0x123/0x380 [ 2402.155343] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2402.160456] ? debug_mutex_wake_waiter+0x630/0x630 [ 2402.165397] ? mutex_destroy+0x200/0x200 [ 2402.169472] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2402.173803] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2402.178919] __vb2_queue_alloc+0x5e1/0xfa0 [ 2402.183193] ? vimc_cap_get_format+0x120/0x120 [ 2402.187783] vb2_core_create_bufs+0x401/0x8c0 [ 2402.192299] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2402.196724] ? debug_smp_processor_id+0x1c/0x20 [ 2402.201405] ? perf_trace_lock+0x14d/0x7a0 [ 2402.205659] ? __save_stack_trace+0x8d/0xf0 [ 2402.210020] vb2_create_bufs+0x4b6/0x8f0 [ 2402.214091] ? v4l2_ioctl+0x154/0x1b0 [ 2402.217908] ? vb2_request_queue+0x120/0x120 [ 2402.222335] ? find_held_lock+0x36/0x1c0 [ 2402.226409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2402.231964] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2402.236564] v4l_create_bufs+0x152/0x230 [ 2402.240656] __video_do_ioctl+0x8b1/0x1050 [ 2402.244914] ? v4l_s_fmt+0x990/0x990 [ 2402.248671] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2402.254232] video_usercopy+0x5c1/0x1760 [ 2402.258309] ? v4l_s_fmt+0x990/0x990 [ 2402.262041] ? v4l_enumstd+0x70/0x70 [ 2402.265769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2402.271320] ? find_held_lock+0x36/0x1c0 [ 2402.275400] ? __fget+0x4aa/0x740 [ 2402.278864] ? lock_downgrade+0x900/0x900 [ 2402.283030] ? check_preemption_disabled+0x48/0x280 [ 2402.288060] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2402.292999] ? kasan_check_read+0x11/0x20 [ 2402.297157] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2402.302445] ? rcu_softirq_qs+0x20/0x20 [ 2402.306453] ? __fget+0x4d1/0x740 [ 2402.309926] ? ksys_dup3+0x680/0x680 [ 2402.313660] ? __might_fault+0x12b/0x1e0 [ 2402.317734] ? video_usercopy+0x1760/0x1760 [ 2402.322064] video_ioctl2+0x2c/0x33 [ 2402.325712] v4l2_ioctl+0x154/0x1b0 [ 2402.329352] ? video_devdata+0xa0/0xa0 [ 2402.333253] do_vfs_ioctl+0x1de/0x1790 [ 2402.337172] ? ioctl_preallocate+0x300/0x300 [ 2402.341599] ? __fget_light+0x2e9/0x430 [ 2402.345605] ? fget_raw+0x20/0x20 [ 2402.349073] ? _copy_to_user+0xc8/0x110 [ 2402.353064] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2402.358632] ? put_timespec64+0x10f/0x1b0 [ 2402.362794] ? nsecs_to_jiffies+0x30/0x30 [ 2402.366962] ? do_syscall_64+0x9a/0x820 [ 2402.370947] ? do_syscall_64+0x9a/0x820 [ 2402.374933] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2402.379529] ? security_file_ioctl+0x94/0xc0 [ 2402.383955] ksys_ioctl+0xa9/0xd0 [ 2402.387425] __x64_sys_ioctl+0x73/0xb0 [ 2402.391327] do_syscall_64+0x1b9/0x820 [ 2402.395227] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2402.400623] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2402.405576] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2402.410464] ? trace_hardirqs_on_caller+0x310/0x310 [ 2402.415506] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2402.420552] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2402.425607] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2402.430482] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2402.435677] RIP: 0033:0x457669 [ 2402.438885] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2402.457792] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2402.465504] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2402.472781] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000004 [ 2402.480058] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2402.487336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2402.494621] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2402.519938] Mem-Info: [ 2402.531977] active_anon:115910 inactive_anon:273 isolated_anon:0 [ 2402.531977] active_file:1002 inactive_file:3643 isolated_file:0 [ 2402.531977] unevictable:0 dirty:279 writeback:0 unstable:0 [ 2402.531977] slab_reclaimable:10384 slab_unreclaimable:122316 [ 2402.531977] mapped:52272 shmem:450 pagetables:1746 bounce:0 [ 2402.531977] free:1272284 free_pcp:1271 free_cma:0 [ 2402.582042] Node 0 active_anon:463640kB inactive_anon:1092kB active_file:4008kB inactive_file:14572kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209088kB dirty:1116kB writeback:0kB shmem:1800kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 110592kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2402.631963] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2402.663316] lowmem_reserve[]: 0 2818 6321 6321 [ 2402.667933] Node 0 DMA32 free:2869932kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:932kB inactive_file:8912kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2708kB local_pcp:1364kB free_cma:0kB [ 2402.702059] lowmem_reserve[]: 0 0 3503 3503 [ 2402.706513] Node 0 Normal free:2203256kB min:37364kB low:46704kB high:56044kB active_anon:463604kB inactive_anon:1096kB active_file:3072kB inactive_file:5660kB unevictable:0kB writepending:912kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8416kB pagetables:6940kB bounce:0kB free_pcp:2384kB local_pcp:1172kB free_cma:0kB [ 2402.742031] lowmem_reserve[]: 0 0 0 0 [ 2402.745961] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2402.779832] Node 0 DMA32: 35*4kB (UM) 54*8kB (UME) 59*16kB (UME) 54*32kB (UE) 62*64kB (UME) 65*128kB (UE) 56*256kB (UM) 47*512kB (UE) 44*1024kB (UME) 41*2048kB (UME) 656*4096kB (UM) = 2869932kB [ 2402.823763] Node 0 Normal: 13270*4kB (UME) 7880*8kB (UME) 980*16kB (UME) 2212*32kB (UME) 1473*64kB (UME) 740*128kB (UME) 375*256kB (UE) 151*512kB (U) 76*1024kB (U) 74*2048kB (UM) 344*4096kB (UM) = 2203288kB [ 2402.874882] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2402.897418] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2402.917328] 5094 total pagecache pages [ 2402.927828] 0 pages in swap cache [ 2402.935849] Swap cache stats: add 0, delete 0, find 0/0 [ 2402.941359] Free swap = 0kB [ 2402.944928] Total swap = 0kB [ 2402.948053] 1965979 pages RAM [ 2402.951241] 0 pages HighMem/MovableOnly [ 2402.955658] 342853 pages reserved [ 2402.959213] 0 pages cma reserved 06:18:38 executing program 0: r0 = socket(0xb, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000000)={'ip6_vti0\x00', @ifru_data=&(0x7f00000000c0)="a325d3c91116bf66fed2b246a94500aa6593352d29be1746fd84168b6ef37b32"}) setxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.evm\x00', &(0x7f0000000100)=@md5={0x1, "f71102f5cb31dc7910d4ce3583e93d6f"}, 0x11, 0x3) setxattr$trusted_overlay_opaque(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x8000, 0x0) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f0000000240)=""/249) 06:18:38 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:38 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfefdffffffffffff}]) 06:18:38 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x600000000000000, 0xffffffffffffffff]}}}) 06:18:38 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x10000000000000]}}}) 06:18:38 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x14Z\x00\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2403.638989] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2403.647258] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2403.658335] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2403.665374] CPU: 1 PID: 26250 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2403.672779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2403.672787] Call Trace: [ 2403.672815] dump_stack+0x244/0x39d [ 2403.672843] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2403.672871] ? __video_do_ioctl+0x8b1/0x1050 [ 2403.697992] ? video_usercopy+0x5c1/0x1760 [ 2403.702245] ? video_ioctl2+0x2c/0x33 [ 2403.706071] ? do_vfs_ioctl+0x1de/0x1790 [ 2403.710155] warn_alloc.cold.116+0xb7/0x1bd [ 2403.714497] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2403.719373] ? zap_class+0x640/0x640 [ 2403.723100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2403.723129] ? check_preemption_disabled+0x48/0x280 [ 2403.723170] __vmalloc_node_range+0x472/0x750 [ 2403.723195] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2403.723215] ? vb2_vmalloc_alloc+0x123/0x380 [ 2403.733757] vmalloc_user+0x75/0x170 [ 2403.733775] ? vb2_vmalloc_alloc+0x123/0x380 [ 2403.733793] vb2_vmalloc_alloc+0x123/0x380 [ 2403.733814] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2403.733837] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2403.733853] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2403.733873] __vb2_queue_alloc+0x5e1/0xfa0 [ 2403.733912] ? vimc_cap_get_format+0x120/0x120 [ 2403.743391] vb2_core_create_bufs+0x401/0x8c0 06:18:38 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2403.743418] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2403.743440] ? debug_smp_processor_id+0x1c/0x20 [ 2403.743457] ? perf_trace_lock+0x14d/0x7a0 [ 2403.743476] ? __save_stack_trace+0x8d/0xf0 [ 2403.743514] vb2_create_bufs+0x4b6/0x8f0 [ 2403.743526] ? v4l2_ioctl+0x154/0x1b0 [ 2403.743550] ? vb2_request_queue+0x120/0x120 [ 2403.743574] ? find_held_lock+0x36/0x1c0 [ 2403.743618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2403.751730] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2403.751757] v4l_create_bufs+0x152/0x230 [ 2403.751779] __video_do_ioctl+0x8b1/0x1050 [ 2403.751806] ? v4l_s_fmt+0x990/0x990 [ 2403.760441] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2403.760467] video_usercopy+0x5c1/0x1760 [ 2403.760486] ? v4l_s_fmt+0x990/0x990 [ 2403.760511] ? v4l_enumstd+0x70/0x70 [ 2403.769923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2403.769961] ? find_held_lock+0x36/0x1c0 [ 2403.770017] ? __fget+0x4aa/0x740 [ 2403.770039] ? lock_downgrade+0x900/0x900 [ 2403.779361] ? check_preemption_disabled+0x48/0x280 [ 2403.779384] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2403.779402] ? kasan_check_read+0x11/0x20 [ 2403.779418] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2403.779435] ? rcu_softirq_qs+0x20/0x20 [ 2403.788504] ? __fget+0x4d1/0x740 [ 2403.788531] ? ksys_dup3+0x680/0x680 [ 2403.788551] ? __might_fault+0x12b/0x1e0 [ 2403.788571] ? video_usercopy+0x1760/0x1760 [ 2403.797658] video_ioctl2+0x2c/0x33 [ 2403.797678] v4l2_ioctl+0x154/0x1b0 [ 2403.797695] ? video_devdata+0xa0/0xa0 [ 2403.797714] do_vfs_ioctl+0x1de/0x1790 [ 2403.797737] ? ioctl_preallocate+0x300/0x300 06:18:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2403.806276] ? __fget_light+0x2e9/0x430 [ 2403.806294] ? fget_raw+0x20/0x20 [ 2403.806310] ? _copy_to_user+0xc8/0x110 [ 2403.806332] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2403.806353] ? put_timespec64+0x10f/0x1b0 [ 2403.814198] ? nsecs_to_jiffies+0x30/0x30 [ 2403.814220] ? do_syscall_64+0x9a/0x820 [ 2403.814237] ? do_syscall_64+0x9a/0x820 [ 2403.814256] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2403.814278] ? security_file_ioctl+0x94/0xc0 [ 2403.814313] ksys_ioctl+0xa9/0xd0 [ 2403.814344] __x64_sys_ioctl+0x73/0xb0 [ 2403.814360] do_syscall_64+0x1b9/0x820 [ 2403.814376] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2403.814395] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2403.954373] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2403.954413] ? trace_hardirqs_on_caller+0x310/0x310 [ 2403.954431] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2403.954450] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2403.954473] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2403.954499] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2403.954513] RIP: 0033:0x457669 06:18:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2403.954532] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2403.962814] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2403.962831] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2403.962842] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2403.962852] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2403.962862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2403.962873] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2403.973623] Mem-Info: [ 2404.010082] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2404.012545] active_anon:117497 inactive_anon:224 isolated_anon:0 [ 2404.012545] active_file:1026 inactive_file:3704 isolated_file:0 [ 2404.012545] unevictable:0 dirty:305 writeback:0 unstable:0 [ 2404.012545] slab_reclaimable:10384 slab_unreclaimable:122021 [ 2404.012545] mapped:52277 shmem:400 pagetables:1771 bounce:0 [ 2404.012545] free:1271023 free_pcp:1049 free_cma:0 [ 2404.084612] Node 0 active_anon:467744kB inactive_anon:896kB active_file:4304kB inactive_file:14816kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208908kB dirty:1220kB writeback:0kB shmem:1600kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 104448kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 06:18:39 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x10000, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000080)=0x7, 0x4) ioctl$sock_SIOCETHTOOL(r0, 0x8970, &(0x7f0000000040)={'veth1_to_bond:\x00', 0x0}) 06:18:39 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfffffdfe}]) [ 2404.138075] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2404.204830] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:39 executing program 0: fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f00000003c0)) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000005c0)=0x0) getpgid(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000180)=0x7f, 0xfffffffffffffe5d) ioctl(r2, 0x800000000008982, &(0x7f0000000080)) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) mount(&(0x7f0000000980)=ANY=[@ANYBLOB="cb2b4d8d30ea9b5255175d43fca389e342de5ec740fe96132329bdfbaa11c5521288697c83a9f28c7ed0d8df70f2c6849d443d5bc274a1f1576385a885b764dc4babfdf01646fa85765072f75f3267f1ced252e7419523d2075fb98f5696f4bf38817b25525ef2a46b39c1d223d17b505512d51a0a1e845f76eeccda0bdcfc6253f8e26cded92ba381b83d2692b7fa7ffd3f81026e3e999bc157521a8e9799fe114e204db050bf9aa8bd4cd371f401cff939fa559e71ce024fc3c4540465cd73fd534855cb35571f6c01fbcad172ee88d3a2c1108134b2e349048cb3fd136752e22ad37130a3014904c8afeb025f1a5b426943fccea7e868b819004d05a20bfcb27e1b682765f16ba1733cc86ddf9b7cbfc1cea713a9279937652b78963ed3d352daa19eb5b567f8156ef8661d302699acb35b9eb5efb6010000002386c06e90c13ede70e584d826126e08008d9d6c446b45fa4912d4c3f513a0c375fc672a4905617dbefd2030c5593984a7d00339e80b4932fdd35a0864cad3db9d9b14c550c89efb9d79987bd170f9f580ef8fe820fffb7aff479d3d0b77cbfab7c263b06b28e41bcf9beb1232ca4a6e129cd719b48d5b02024a550fff93550891090fce28c6ae0db6028873d9ef9a2d85679395f05b4fa857f333aca961427cba61ef75b215861b2bb8ce0545af9ccaca0c2d87524f6b23c37997f988e42f22fa55ae0e57099661d3f982869fc3b6b96f4c88f901a2da76a358b8d68b1c31880e8e177700c6f32a8dab9eb2b917516734badbf94fe95b76f375f1dee7b85c1d95a7896742b513d057ab4e714b800000000000000000000000590929826ae094545e6934ddfa6a62ad4a6a4f7a661515fd0e881a424601a449e163e48b9d22df740eb77a5fcac2bdff2134063e778d2dd9a54f78112fcb6f0a6c5b14bcdda5cc6f6fe6cbcfb57b3ecfed3367afe71dcaad055dc3f82f9616c0468f689be4c682752142f99034bc69f337e52ff6432a3c1730ff49b8b09b03b7d3995f8c86f3002d1a512e68a7defe2207efc71a2f4c165d1cf73e85d49df17abbfdf3f848b0011b877a2844ae7ebb0dbe917989071979e7856a0c05bc7ac87283847296a084bbddaa7cec0c72f0231962cbe1581096dbff49c29dce62b68372c502e9a788b3f11d6ac853de1df842048c51df53d67e41ace1ef9782443131222672e3bbcd8c79fc33bf73a0f95a52e5406ba921c17a7db96bdb109cc0d86933512f329837891fedfe1f84a5997124c91ea4f1160fd0dd92a9af84293aeb94e60ef794c7b83b31025108ba564bd051c15b04ac504dba6886cbf17e03ca33fe6485fbbf213b4028839f48d35699bd639b50b06e82d2205e00456c86076d00000000000000000000073ed09a434c70a383a3498f8948c38653c10666421590e72f9113dcf8d7b1636daae0342662b88a2950b8cbc706d4f344ca8552f059f667e8c7c662010602626fbb9dc19077125a3c00973d3712e4799d24a94dbc63f7638ffc6c87520327b3d06d81200924baca8b02bf3f1886460e4ce1e991239e194947555ee70ad86cd33a1c742228104226c5bda1aefa463fd0b3cc4dcc10877050deb4e4318ef0bb968323a256ef2756f4e8fddf86003ef5e8446fc707763d88117ccf8312145307d1958cca104e07a93880"], 0x0, &(0x7f0000000200)='cgrQup2\x00', 0x2000011, 0x0) ioctl$TIOCNXCL(r1, 0x540d) r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x0, 0x82) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000a80)=ANY=[], &(0x7f0000000100)) ioctl$SG_GET_PACK_ID(r3, 0x227c, &(0x7f0000000400)) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f00000002c0), 0x8) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x2) r6 = memfd_create(&(0x7f0000001100)='cgrQup2\x00', 0x3) syz_open_dev$usbmon(&(0x7f0000000900)='/dev/usbmon#\x00', 0x6, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) io_setup(0x9, &(0x7f0000000000)=0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000540)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f00000000c0)={r8, 0x0, &(0x7f00000014c0)}, &(0x7f0000000100)=0xd) io_submit(r7, 0x1, &(0x7f0000000580)=[&(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x80000000000, r3, &(0x7f0000000800)="ca4d01a556a38bdba6a973757d83b72db7a4dc63b899b8d1baa0107cb4ebb94a084ea9c7901bb60e2ed72a06c220943bb6714a8a992146589b3877774138c48ca2ddf02bd042e9c9a9ad0a46d06cc6e0582464d237dc30f145188949f03e56a407224b55bf72b84689d074a958d8365426bec620501864b12c6464ea72e87b4dfd16a45cfbc3b77fe92bbf14ffc862e6a6e6562b5ada557455cf5748347559f01d8382a4d7fffec585b79b7355951bf512893ffb3e8c07b80860442cc5517ed8b31549620916e338a697a8b7d898567b5b6f5670de84366ce1b7e56c57a04f4343b11b48f1ff180c5b", 0xe9, 0x5, 0x0, 0x1, r6}]) pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000440)='\'', 0x1}], 0x1, 0x81806) sendmsg(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000004c0)=@nl=@kern={0x10, 0x0, 0x0, 0x80000}, 0xa63bd3268fd06628, &(0x7f00000007c0), 0xffffffffffffeb5, &(0x7f0000000e00)=ANY=[], 0x0, 0x840}, 0x0) ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r2) memfd_create(&(0x7f0000000640)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xe4\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dsp\x00', 0x4000, 0x0) sendfile(r5, r6, &(0x7f0000000380), 0x2000005) [ 2404.333459] lowmem_reserve[]: 0 2818 6321 6321 [ 2404.339743] Node 0 DMA32 free:2869932kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:932kB inactive_file:8912kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2712kB local_pcp:1368kB free_cma:0kB [ 2404.340381] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2404.370656] lowmem_reserve[]: 0 0 3503 3503 06:18:39 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x3000000}]) [ 2404.406629] Node 0 Normal free:2198260kB min:37364kB low:46704kB high:56044kB active_anon:469956kB inactive_anon:896kB active_file:3372kB inactive_file:5904kB unevictable:0kB writepending:1016kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8576kB pagetables:7232kB bounce:0kB free_pcp:1344kB local_pcp:632kB free_cma:0kB [ 2404.487912] lowmem_reserve[]: 0 0 0 0 [ 2404.499922] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 06:18:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2404.543857] Node 0 DMA32: 35*4kB (UM) 54*8kB (UME) 59*16kB (UME) 54*32kB (UE) 62*64kB (UME) 65*128kB (UE) 56*256kB (UM) 47*512kB (UE) 44*1024kB (UME) 41*2048kB (UME) 656*4096kB (UM) = 2869932kB [ 2404.596022] Node 0 Normal: 13182*4kB (UME) 7828*8kB (UME) 1061*16kB (UME) 2223*32kB (UME) 1479*64kB (UME) 741*128kB (UME) 375*256kB (UE) 151*512kB (U) 76*1024kB (U) 72*2048kB (U) 344*4096kB (UM) = 2200584kB [ 2404.659225] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2404.660390] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2404.697857] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2404.707371] 5144 total pagecache pages [ 2404.719551] 0 pages in swap cache [ 2404.729110] Swap cache stats: add 0, delete 0, find 0/0 [ 2404.742795] Free swap = 0kB [ 2404.746686] Total swap = 0kB [ 2404.760966] 1965979 pages RAM [ 2404.766817] 0 pages HighMem/MovableOnly [ 2404.776927] 342853 pages reserved [ 2404.786171] 0 pages cma reserved [ 2404.797175] syz-executor2: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2404.808769] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2404.814527] CPU: 1 PID: 26246 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2404.821906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2404.831265] Call Trace: [ 2404.833899] dump_stack+0x244/0x39d [ 2404.837546] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2404.842763] ? __video_do_ioctl+0x8b1/0x1050 [ 2404.847209] ? video_usercopy+0x5c1/0x1760 [ 2404.851484] ? video_ioctl2+0x2c/0x33 [ 2404.855295] ? do_vfs_ioctl+0x1de/0x1790 [ 2404.859373] warn_alloc.cold.116+0xb7/0x1bd [ 2404.863722] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2404.868583] ? zap_class+0x640/0x640 [ 2404.872329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2404.877882] ? check_preemption_disabled+0x48/0x280 [ 2404.882932] __vmalloc_node_range+0x472/0x750 [ 2404.887443] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2404.892474] ? vb2_vmalloc_alloc+0x123/0x380 [ 2404.896921] vmalloc_user+0x75/0x170 [ 2404.900662] ? vb2_vmalloc_alloc+0x123/0x380 [ 2404.905084] vb2_vmalloc_alloc+0x123/0x380 [ 2404.909367] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2404.914501] ? debug_mutex_wake_waiter+0x630/0x630 [ 2404.919451] ? mutex_destroy+0x200/0x200 [ 2404.923526] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2404.927858] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2404.932972] __vb2_queue_alloc+0x5e1/0xfa0 [ 2404.937241] ? vimc_cap_get_format+0x120/0x120 [ 2404.941847] vb2_core_create_bufs+0x401/0x8c0 [ 2404.946362] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2404.950784] ? debug_smp_processor_id+0x1c/0x20 [ 2404.955466] ? perf_trace_lock+0x14d/0x7a0 [ 2404.959715] ? __save_stack_trace+0x8d/0xf0 [ 2404.964103] vb2_create_bufs+0x4b6/0x8f0 [ 2404.968228] ? v4l2_ioctl+0x154/0x1b0 [ 2404.972046] ? vb2_request_queue+0x120/0x120 [ 2404.976521] ? find_held_lock+0x36/0x1c0 [ 2404.980618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2404.986173] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2404.990774] v4l_create_bufs+0x152/0x230 [ 2404.994850] __video_do_ioctl+0x8b1/0x1050 [ 2404.999130] ? v4l_s_fmt+0x990/0x990 [ 2405.002866] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2405.008422] video_usercopy+0x5c1/0x1760 [ 2405.012491] ? v4l_s_fmt+0x990/0x990 [ 2405.016245] ? v4l_enumstd+0x70/0x70 [ 2405.020014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2405.025566] ? find_held_lock+0x36/0x1c0 [ 2405.029657] ? __fget+0x4aa/0x740 [ 2405.033130] ? lock_downgrade+0x900/0x900 [ 2405.037317] ? check_preemption_disabled+0x48/0x280 [ 2405.042346] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2405.047293] ? kasan_check_read+0x11/0x20 [ 2405.051446] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2405.056736] ? rcu_softirq_qs+0x20/0x20 [ 2405.060729] ? __fget+0x4d1/0x740 [ 2405.064215] ? ksys_dup3+0x680/0x680 [ 2405.067956] ? __might_fault+0x12b/0x1e0 [ 2405.072055] ? video_usercopy+0x1760/0x1760 [ 2405.076583] video_ioctl2+0x2c/0x33 [ 2405.080265] v4l2_ioctl+0x154/0x1b0 [ 2405.083904] ? video_devdata+0xa0/0xa0 [ 2405.087808] do_vfs_ioctl+0x1de/0x1790 [ 2405.091717] ? ioctl_preallocate+0x300/0x300 [ 2405.096140] ? __fget_light+0x2e9/0x430 [ 2405.100134] ? fget_raw+0x20/0x20 [ 2405.103606] ? _copy_to_user+0xc8/0x110 [ 2405.107603] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2405.113181] ? put_timespec64+0x10f/0x1b0 [ 2405.117366] ? nsecs_to_jiffies+0x30/0x30 [ 2405.121537] ? do_syscall_64+0x9a/0x820 [ 2405.125519] ? do_syscall_64+0x9a/0x820 [ 2405.129509] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2405.134103] ? security_file_ioctl+0x94/0xc0 [ 2405.138536] ksys_ioctl+0xa9/0xd0 [ 2405.142003] __x64_sys_ioctl+0x73/0xb0 [ 2405.145902] do_syscall_64+0x1b9/0x820 [ 2405.149803] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2405.155178] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2405.160122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2405.164981] ? trace_hardirqs_on_caller+0x310/0x310 [ 2405.170006] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2405.175037] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2405.180071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2405.184930] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2405.190134] RIP: 0033:0x457669 [ 2405.193343] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2405.212825] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2405.220538] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2405.227821] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2405.235095] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2405.242387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2405.249661] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2405.263409] Mem-Info: [ 2405.271955] active_anon:116418 inactive_anon:217 isolated_anon:0 [ 2405.271955] active_file:1085 inactive_file:3682 isolated_file:0 [ 2405.271955] unevictable:0 dirty:317 writeback:0 unstable:0 [ 2405.271955] slab_reclaimable:10382 slab_unreclaimable:120073 [ 2405.271955] mapped:52217 shmem:393 pagetables:1734 bounce:0 [ 2405.271955] free:1273926 free_pcp:1177 free_cma:0 [ 2405.311368] Node 0 active_anon:465672kB inactive_anon:868kB active_file:4340kB inactive_file:14828kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208868kB dirty:1268kB writeback:0kB shmem:1572kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2405.342090] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2405.381152] lowmem_reserve[]: 0 2818 6321 6321 [ 2405.387701] Node 0 DMA32 free:2869932kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:956kB inactive_file:8888kB unevictable:0kB writepending:204kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2712kB local_pcp:1368kB free_cma:0kB [ 2405.417864] lowmem_reserve[]: 0 0 3503 3503 [ 2405.422614] Node 0 Normal free:2216344kB min:37364kB low:46704kB high:56044kB active_anon:463504kB inactive_anon:868kB active_file:3384kB inactive_file:5940kB unevictable:0kB writepending:1064kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8576kB pagetables:6936kB bounce:0kB free_pcp:2084kB local_pcp:1268kB free_cma:0kB [ 2405.456170] lowmem_reserve[]: 0 0 0 0 [ 2405.460015] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2405.474181] Node 0 DMA32: 35*4kB (UM) 54*8kB (UME) 59*16kB (UME) 54*32kB (UE) 62*64kB (UME) 65*128kB (UE) 56*256kB (UM) 47*512kB (UE) 44*1024kB (UME) 41*2048kB (UME) 656*4096kB (UM) = 2869932kB [ 2405.498276] Node 0 Normal: 13114*4kB (UME) 7807*8kB (UME) 1820*16kB (UME) 2229*32kB (UME) 1480*64kB (UME) 744*128kB (UME) 375*256kB (UE) 151*512kB (U) 76*1024kB (U) 72*2048kB (U) 345*4096kB (UM) = 2217024kB [ 2405.532700] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2405.541558] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2405.551356] 5197 total pagecache pages 06:18:40 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff4a000000]}}}) [ 2405.562257] 0 pages in swap cache [ 2405.565730] Swap cache stats: add 0, delete 0, find 0/0 [ 2405.571093] Free swap = 0kB [ 2405.586338] Total swap = 0kB [ 2405.591081] 1965979 pages RAM [ 2405.594799] 0 pages HighMem/MovableOnly [ 2405.598787] 342853 pages reserved [ 2405.602632] 0 pages cma reserved 06:18:40 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:40 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x68000000]}}}) 06:18:40 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\x02\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:40 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xeffdffff}]) 06:18:40 executing program 0: fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f00000003c0)) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000005c0)=0x0) getpgid(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000180)=0x7f, 0xfffffffffffffe5d) ioctl(r2, 0x800000000008982, &(0x7f0000000080)) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) mount(&(0x7f0000000980)=ANY=[@ANYBLOB="cb2b4d8d30ea9b5255175d43fca389e342de5ec740fe96132329bdfbaa11c5521288697c83a9f28c7ed0d8df70f2c6849d443d5bc274a1f1576385a885b764dc4babfdf01646fa85765072f75f3267f1ced252e7419523d2075fb98f5696f4bf38817b25525ef2a46b39c1d223d17b505512d51a0a1e845f76eeccda0bdcfc6253f8e26cded92ba381b83d2692b7fa7ffd3f81026e3e999bc157521a8e9799fe114e204db050bf9aa8bd4cd371f401cff939fa559e71ce024fc3c4540465cd73fd534855cb35571f6c01fbcad172ee88d3a2c1108134b2e349048cb3fd136752e22ad37130a3014904c8afeb025f1a5b426943fccea7e868b819004d05a20bfcb27e1b682765f16ba1733cc86ddf9b7cbfc1cea713a9279937652b78963ed3d352daa19eb5b567f8156ef8661d302699acb35b9eb5efb6010000002386c06e90c13ede70e584d826126e08008d9d6c446b45fa4912d4c3f513a0c375fc672a4905617dbefd2030c5593984a7d00339e80b4932fdd35a0864cad3db9d9b14c550c89efb9d79987bd170f9f580ef8fe820fffb7aff479d3d0b77cbfab7c263b06b28e41bcf9beb1232ca4a6e129cd719b48d5b02024a550fff93550891090fce28c6ae0db6028873d9ef9a2d85679395f05b4fa857f333aca961427cba61ef75b215861b2bb8ce0545af9ccaca0c2d87524f6b23c37997f988e42f22fa55ae0e57099661d3f982869fc3b6b96f4c88f901a2da76a358b8d68b1c31880e8e177700c6f32a8dab9eb2b917516734badbf94fe95b76f375f1dee7b85c1d95a7896742b513d057ab4e714b800000000000000000000000590929826ae094545e6934ddfa6a62ad4a6a4f7a661515fd0e881a424601a449e163e48b9d22df740eb77a5fcac2bdff2134063e778d2dd9a54f78112fcb6f0a6c5b14bcdda5cc6f6fe6cbcfb57b3ecfed3367afe71dcaad055dc3f82f9616c0468f689be4c682752142f99034bc69f337e52ff6432a3c1730ff49b8b09b03b7d3995f8c86f3002d1a512e68a7defe2207efc71a2f4c165d1cf73e85d49df17abbfdf3f848b0011b877a2844ae7ebb0dbe917989071979e7856a0c05bc7ac87283847296a084bbddaa7cec0c72f0231962cbe1581096dbff49c29dce62b68372c502e9a788b3f11d6ac853de1df842048c51df53d67e41ace1ef9782443131222672e3bbcd8c79fc33bf73a0f95a52e5406ba921c17a7db96bdb109cc0d86933512f329837891fedfe1f84a5997124c91ea4f1160fd0dd92a9af84293aeb94e60ef794c7b83b31025108ba564bd051c15b04ac504dba6886cbf17e03ca33fe6485fbbf213b4028839f48d35699bd639b50b06e82d2205e00456c86076d00000000000000000000073ed09a434c70a383a3498f8948c38653c10666421590e72f9113dcf8d7b1636daae0342662b88a2950b8cbc706d4f344ca8552f059f667e8c7c662010602626fbb9dc19077125a3c00973d3712e4799d24a94dbc63f7638ffc6c87520327b3d06d81200924baca8b02bf3f1886460e4ce1e991239e194947555ee70ad86cd33a1c742228104226c5bda1aefa463fd0b3cc4dcc10877050deb4e4318ef0bb968323a256ef2756f4e8fddf86003ef5e8446fc707763d88117ccf8312145307d1958cca104e07a93880"], 0x0, &(0x7f0000000200)='cgrQup2\x00', 0x2000011, 0x0) ioctl$TIOCNXCL(r1, 0x540d) r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x0, 0x82) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000a80)=ANY=[], &(0x7f0000000100)) ioctl$SG_GET_PACK_ID(r3, 0x227c, &(0x7f0000000400)) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f00000002c0), 0x8) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x2) r6 = memfd_create(&(0x7f0000001100)='cgrQup2\x00', 0x3) syz_open_dev$usbmon(&(0x7f0000000900)='/dev/usbmon#\x00', 0x6, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) io_setup(0x9, &(0x7f0000000000)=0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000540)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f00000000c0)={r8, 0x0, &(0x7f00000014c0)}, &(0x7f0000000100)=0xd) io_submit(r7, 0x1, &(0x7f0000000580)=[&(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x80000000000, r3, &(0x7f0000000800)="ca4d01a556a38bdba6a973757d83b72db7a4dc63b899b8d1baa0107cb4ebb94a084ea9c7901bb60e2ed72a06c220943bb6714a8a992146589b3877774138c48ca2ddf02bd042e9c9a9ad0a46d06cc6e0582464d237dc30f145188949f03e56a407224b55bf72b84689d074a958d8365426bec620501864b12c6464ea72e87b4dfd16a45cfbc3b77fe92bbf14ffc862e6a6e6562b5ada557455cf5748347559f01d8382a4d7fffec585b79b7355951bf512893ffb3e8c07b80860442cc5517ed8b31549620916e338a697a8b7d898567b5b6f5670de84366ce1b7e56c57a04f4343b11b48f1ff180c5b", 0xe9, 0x5, 0x0, 0x1, r6}]) pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000440)='\'', 0x1}], 0x1, 0x81806) sendmsg(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000004c0)=@nl=@kern={0x10, 0x0, 0x0, 0x80000}, 0xa63bd3268fd06628, &(0x7f00000007c0), 0xffffffffffffeb5, &(0x7f0000000e00)=ANY=[], 0x0, 0x840}, 0x0) ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r2) memfd_create(&(0x7f0000000640)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xe4\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dsp\x00', 0x4000, 0x0) sendfile(r5, r6, &(0x7f0000000380), 0x2000005) [ 2405.705239] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:40 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:40 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfdfc}]) [ 2405.829768] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:41 executing program 0: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x103000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x5, 0x400) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e21, @multicast2}}, [0x800, 0xfc74, 0x3, 0x8001, 0x400, 0x0, 0x101, 0x2, 0x9, 0xff, 0x20000000000, 0x6, 0xa86, 0x0, 0x7]}, &(0x7f0000000180)=0x100) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={r1, 0xba9}, &(0x7f0000000240)=0x8) r2 = fanotify_init(0x0, 0x0) r3 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) r4 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x5, 0x0) connect$inet(r3, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f00000002c0)={r1, 0x5}, 0x8) fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) recvmmsg(r3, &(0x7f000000a500), 0x400000000000259, 0x0, &(0x7f000000a780)={0x77359400}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, &(0x7f00000009c0)={0xf, 0x8}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000b40)) ioctl$EVIOCGUNIQ(0xffffffffffffffff, 0x80404508, 0x0) 06:18:41 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2405.999518] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:41 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xeffd}]) 06:18:41 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2406.157903] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2410.681585] oom_reaper: reaped process 26310 (syz-executor2), now anon-rss:0kB, file-rss:32004kB, shmem-rss:0kB [ 2410.750224] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2410.767903] rsyslogd cpuset=/ mems_allowed=0 [ 2410.772509] CPU: 0 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2410.779353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2410.788735] Call Trace: [ 2410.791336] dump_stack+0x244/0x39d [ 2410.794983] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2410.800192] ? mark_held_locks+0x130/0x130 [ 2410.804435] ? mark_held_locks+0x130/0x130 [ 2410.808686] dump_header+0x27b/0xf72 [ 2410.812430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2410.817979] ? check_preemption_disabled+0x48/0x280 [ 2410.823011] ? pagefault_out_of_memory+0x197/0x197 [ 2410.827952] ? debug_smp_processor_id+0x1c/0x20 [ 2410.832643] ? perf_trace_lock+0x14d/0x7a0 [ 2410.836896] ? lock_is_held_type+0x210/0x210 [ 2410.841325] ? debug_smp_processor_id+0x1c/0x20 [ 2410.846009] ? perf_trace_lock+0x14d/0x7a0 [ 2410.850251] ? zap_class+0x640/0x640 [ 2410.853978] ? print_usage_bug+0xc0/0xc0 [ 2410.858040] ? lock_is_held_type+0x210/0x210 [ 2410.862432] ? perf_trace_lock+0x14d/0x7a0 [ 2410.866654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2410.872084] syz-executor2: vmalloc: allocation failure, allocated 212545536 of 1241518080 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2410.872188] ? find_held_lock+0x36/0x1c0 [ 2410.885852] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2410.889857] ? mark_held_locks+0xc7/0x130 [ 2410.899083] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2410.904199] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2410.909310] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2410.913904] ? trace_hardirqs_on+0xbd/0x310 [ 2410.918234] ? kasan_check_read+0x11/0x20 [ 2410.922414] ? ___ratelimit+0x3b4/0x672 [ 2410.926393] ? trace_hardirqs_off_caller+0x310/0x310 [ 2410.931502] ? trace_hardirqs_on+0x310/0x310 [ 2410.935919] ? lock_downgrade+0x900/0x900 [ 2410.940075] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2410.945183] ? ___ratelimit+0x3b9/0x672 [ 2410.949165] ? idr_get_free+0xf70/0xf70 [ 2410.953147] ? lock_is_held_type+0x210/0x210 [ 2410.957574] oom_kill_process.cold.27+0x10/0x903 [ 2410.962352] ? zap_class+0x640/0x640 [ 2410.966088] ? check_preemption_disabled+0x48/0x280 [ 2410.971129] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2410.976062] ? kasan_check_read+0x11/0x20 [ 2410.980221] ? oom_evaluate_task+0x540/0x540 [ 2410.984646] ? find_held_lock+0x36/0x1c0 [ 2410.988720] ? out_of_memory+0x974/0x1430 [ 2410.992878] ? lock_downgrade+0x900/0x900 [ 2410.997029] ? check_preemption_disabled+0x48/0x280 [ 2411.002053] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.006988] ? kasan_check_read+0x11/0x20 [ 2411.011143] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2411.016428] ? rcu_softirq_qs+0x20/0x20 [ 2411.020414] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2411.025953] ? oom_evaluate_task+0x302/0x540 [ 2411.030418] out_of_memory+0xa84/0x1430 [ 2411.034418] ? oom_killer_disable+0x3a0/0x3a0 [ 2411.038929] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2411.043870] ? __ww_mutex_check_waiters+0x160/0x160 [ 2411.048904] __alloc_pages_slowpath+0x232c/0x2de0 [ 2411.053802] ? warn_alloc+0x120/0x120 [ 2411.057634] ? mark_held_locks+0x130/0x130 [ 2411.061889] ? find_get_entry+0xaae/0x1120 [ 2411.066138] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2411.071697] ? check_preemption_disabled+0x48/0x280 [ 2411.077132] ? filemap_map_pages+0x1a20/0x1a20 [ 2411.081727] ? debug_smp_processor_id+0x1c/0x20 [ 2411.086415] ? perf_trace_lock+0x14d/0x7a0 [ 2411.090678] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2411.096249] ? should_fail+0x22d/0xd01 [ 2411.100147] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2411.105256] ? zap_class+0x640/0x640 [ 2411.109007] ? __lock_is_held+0xb5/0x140 [ 2411.113082] ? mark_held_locks+0x130/0x130 [ 2411.117338] ? lock_release+0xa00/0xa00 [ 2411.121317] ? perf_trace_sched_process_exec+0x860/0x860 [ 2411.126772] ? xa_load+0x2ba/0x460 [ 2411.130317] ? lock_downgrade+0x900/0x900 [ 2411.134476] ? __might_sleep+0x95/0x190 [ 2411.138459] __alloc_pages_nodemask+0xad8/0xea0 [ 2411.143176] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2411.148202] ? __page_cache_alloc+0x191/0x5c0 [ 2411.152702] ? xa_load+0x2e1/0x460 [ 2411.156250] ? xa_clear_mark+0x40/0x40 [ 2411.160143] ? zap_class+0x640/0x640 [ 2411.163876] ? zap_class+0x640/0x640 [ 2411.167593] ? zap_class+0x640/0x640 [ 2411.171326] ? __do_page_cache_readahead+0x663/0x810 [ 2411.176439] ? find_held_lock+0x36/0x1c0 [ 2411.180511] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2411.186064] alloc_pages_current+0x173/0x350 [ 2411.190518] __page_cache_alloc+0x38c/0x5c0 [ 2411.194846] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.199783] ? kasan_check_read+0x11/0x20 [ 2411.203938] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2411.209352] ? generic_perform_write+0x6a0/0x6a0 [ 2411.214144] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2411.219704] ? check_preemption_disabled+0x48/0x280 [ 2411.224737] filemap_fault+0x1595/0x25f0 [ 2411.228820] ? __lock_page_or_retry+0xa00/0xa00 [ 2411.233497] ? mark_held_locks+0x130/0x130 [ 2411.237746] ? filemap_map_pages+0xd6b/0x1a20 [ 2411.242254] ? lock_downgrade+0x900/0x900 [ 2411.246406] ? check_preemption_disabled+0x48/0x280 [ 2411.251430] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.256367] ? kasan_check_read+0x11/0x20 [ 2411.260518] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2411.265799] ? rcu_softirq_qs+0x20/0x20 [ 2411.269792] ? filemap_map_pages+0xd92/0x1a20 [ 2411.274324] ? find_get_entries_tag+0x1400/0x1400 [ 2411.279178] ? __kernel_text_address+0xd/0x40 [ 2411.283679] ? unwind_get_return_address+0x61/0xa0 [ 2411.288643] ? lock_acquire+0x1ed/0x520 [ 2411.292639] ? ext4_filemap_fault+0x7a/0xad [ 2411.296972] ? lock_release+0xa00/0xa00 [ 2411.300953] ? perf_trace_sched_process_exec+0x860/0x860 [ 2411.306434] ? print_usage_bug+0xc0/0xc0 [ 2411.310514] ? print_usage_bug+0xc0/0xc0 [ 2411.314582] ? __x64_sys_read+0x73/0xb0 [ 2411.318575] ? print_usage_bug+0xc0/0xc0 [ 2411.322679] ? down_read+0x8d/0x120 [ 2411.326311] ? ext4_filemap_fault+0x7a/0xad [ 2411.330642] ? __down_interruptible+0x700/0x700 [ 2411.335332] ext4_filemap_fault+0x82/0xad [ 2411.339488] __do_fault+0x100/0x6b0 [ 2411.343125] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2411.348237] ? mark_held_locks+0x130/0x130 [ 2411.352496] ? mark_held_locks+0x130/0x130 [ 2411.356738] ? lock_is_held_type+0x210/0x210 [ 2411.361151] ? do_syslog+0x147b/0x1690 [ 2411.365077] ? do_syslog+0x309/0x1690 [ 2411.368883] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2411.374431] __handle_mm_fault+0x3ea6/0x5be0 [ 2411.378856] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2411.383707] ? lock_is_held_type+0x210/0x210 [ 2411.388118] ? find_held_lock+0x36/0x1c0 [ 2411.392219] ? zap_class+0x640/0x640 [ 2411.395952] ? zap_class+0x640/0x640 [ 2411.399679] ? find_held_lock+0x36/0x1c0 [ 2411.403759] ? handle_mm_fault+0x42a/0xc70 [ 2411.408000] ? lock_downgrade+0x900/0x900 [ 2411.412172] ? check_preemption_disabled+0x48/0x280 [ 2411.417198] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.422132] ? kasan_check_read+0x11/0x20 [ 2411.426283] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2411.431562] ? rcu_softirq_qs+0x20/0x20 [ 2411.435550] ? trace_hardirqs_off_caller+0x310/0x310 [ 2411.440660] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2411.446202] ? check_preemption_disabled+0x48/0x280 [ 2411.451230] handle_mm_fault+0x54f/0xc70 [ 2411.455302] ? __handle_mm_fault+0x5be0/0x5be0 [ 2411.459893] ? find_vma+0x34/0x190 [ 2411.463449] __do_page_fault+0x5e8/0xe60 [ 2411.467512] ? trace_hardirqs_off+0xb8/0x310 [ 2411.471924] ? kernel_write+0x120/0x120 [ 2411.475912] do_page_fault+0xf2/0x7e0 [ 2411.479721] ? vmalloc_sync_all+0x30/0x30 [ 2411.483876] ? error_entry+0x70/0xd0 [ 2411.487623] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2411.492674] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2411.497623] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2411.502556] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2411.507403] ? trace_hardirqs_on_caller+0x310/0x310 [ 2411.512421] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2411.517883] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2411.522904] ? page_fault+0x8/0x30 [ 2411.526453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2411.531302] ? page_fault+0x8/0x30 [ 2411.534853] page_fault+0x1e/0x30 [ 2411.538311] RIP: 0033:0x7f5b991d81fd [ 2411.542040] Code: Bad RIP value. [ 2411.545408] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2411.550774] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2411.558054] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2411.565338] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2411.572615] R10: 6b205d3333343139 R11: 0000000000000293 R12: 000000000065e420 [ 2411.579892] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2411.587188] CPU: 1 PID: 26310 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2411.594607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2411.595895] Mem-Info: [ 2411.603964] Call Trace: [ 2411.603987] dump_stack+0x244/0x39d [ 2411.604016] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2411.606439] active_anon:114776 inactive_anon:216 isolated_anon:0 [ 2411.606439] active_file:15 inactive_file:16 isolated_file:0 [ 2411.606439] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2411.606439] slab_reclaimable:10290 slab_unreclaimable:118505 [ 2411.606439] mapped:49168 shmem:392 pagetables:1668 bounce:0 [ 2411.606439] free:16018 free_pcp:177 free_cma:0 [ 2411.608995] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2411.612675] Node 0 active_anon:459104kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 106496kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2411.617837] warn_alloc.cold.116+0xb7/0x1bd [ 2411.650890] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2411.655635] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2411.655654] ? __lock_is_held+0xb5/0x140 [ 2411.655674] ? ntfs_truncate+0x930/0x2c50 [ 2411.683261] lowmem_reserve[]: 0 2818 6321 6321 [ 2411.687569] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2411.713677] Node 0 DMA32 free:28752kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2411.718504] __vmalloc_node_range+0x522/0x750 [ 2411.722570] lowmem_reserve[]: 0 0 3503 3503 [ 2411.726710] ? vb2_vmalloc_alloc+0x123/0x380 [ 2411.731266] Node 0 Normal free:19412kB min:37364kB low:46704kB high:56044kB active_anon:459064kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8256kB pagetables:6672kB bounce:0kB free_pcp:460kB local_pcp:80kB free_cma:0kB [ 2411.736801] vmalloc_user+0x75/0x170 [ 2411.736817] ? vb2_vmalloc_alloc+0x123/0x380 [ 2411.736836] vb2_vmalloc_alloc+0x123/0x380 [ 2411.764255] lowmem_reserve[]: 0 0 0 0 [ 2411.768727] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2411.773080] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2411.777462] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2411.806266] Node 0 DMA32: 6*4kB (UM) 7*8kB (ME) 8*16kB (ME) 6*32kB (ME) 7*64kB (UME) 6*128kB (ME) 4*256kB (M) 5*512kB (ME) 5*1024kB (UME) 5*2048kB (UME) 2*4096kB (M) = 28752kB [ 2411.809954] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2411.814361] Node 0 Normal: 633*4kB (UME) 1076*8kB (UME) 504*16kB (UME) 0*32kB 0*64kB 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19460kB [ 2411.818570] __vb2_queue_alloc+0x5e1/0xfa0 [ 2411.822391] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2411.827478] ? vimc_cap_get_format+0x120/0x120 [ 2411.840989] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2411.845275] vb2_core_create_bufs+0x401/0x8c0 [ 2411.845301] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2411.845324] ? debug_smp_processor_id+0x1c/0x20 [ 2411.861108] 423 total pagecache pages [ 2411.866179] ? perf_trace_lock+0x14d/0x7a0 [ 2411.866199] ? __save_stack_trace+0x8d/0xf0 [ 2411.866242] vb2_create_bufs+0x4b6/0x8f0 [ 2411.879758] 0 pages in swap cache [ 2411.883949] ? v4l2_ioctl+0x154/0x1b0 [ 2411.883989] ? vb2_request_queue+0x120/0x120 [ 2411.884013] ? find_held_lock+0x36/0x1c0 [ 2411.892850] Swap cache stats: add 0, delete 0, find 0/0 [ 2411.897408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2411.905983] Free swap = 0kB [ 2411.910454] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2411.914862] Total swap = 0kB [ 2411.919510] v4l_create_bufs+0x152/0x230 [ 2411.923308] 1965979 pages RAM [ 2411.927517] __video_do_ioctl+0x8b1/0x1050 [ 2411.931817] 0 pages HighMem/MovableOnly [ 2411.935878] ? v4l_s_fmt+0x990/0x990 [ 2411.935904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2411.939337] 342853 pages reserved [ 2411.943151] video_usercopy+0x5c1/0x1760 [ 2411.943184] ? v4l_s_fmt+0x990/0x990 [ 2411.943209] ? v4l_enumstd+0x70/0x70 [ 2411.947603] 0 pages cma reserved [ 2411.951681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2411.957245] Unreclaimable slab info: [ 2411.962554] ? find_held_lock+0x36/0x1c0 [ 2411.962581] ? __fget+0x4aa/0x740 [ 2411.962610] ? lock_downgrade+0x900/0x900 [ 2411.962638] ? check_preemption_disabled+0x48/0x280 [ 2411.962660] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.962679] ? kasan_check_read+0x11/0x20 [ 2411.962698] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2411.962715] ? rcu_softirq_qs+0x20/0x20 [ 2411.962744] ? __fget+0x4d1/0x740 [ 2411.962770] ? ksys_dup3+0x680/0x680 [ 2411.962790] ? __might_fault+0x12b/0x1e0 [ 2411.966354] Name Used Total [ 2411.970934] ? video_usercopy+0x1760/0x1760 [ 2411.974081] pid_3 0KB 3KB [ 2411.977986] video_ioctl2+0x2c/0x33 [ 2411.981086] pid_2 73KB 192KB [ 2411.985300] v4l2_ioctl+0x154/0x1b0 [ 2411.985317] ? video_devdata+0xa0/0xa0 [ 2411.985351] do_vfs_ioctl+0x1de/0x1790 [ 2411.989363] SMC 2KB 6KB [ 2411.993030] ? ioctl_preallocate+0x300/0x300 [ 2411.993047] ? __fget_light+0x2e9/0x430 [ 2411.993064] ? fget_raw+0x20/0x20 [ 2411.998588] TIPC 11KB 21KB [ 2412.002054] ? _copy_to_user+0xc8/0x110 [ 2412.002076] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2412.002096] ? put_timespec64+0x10f/0x1b0 [ 2412.006141] rds_connection 0KB 3KB [ 2412.009845] ? nsecs_to_jiffies+0x30/0x30 [ 2412.013569] SCTPv6 16KB 24KB [ 2412.016901] ? do_syscall_64+0x9a/0x820 [ 2412.022445] sctp_bind_bucket 0KB 3KB [ 2412.026131] ? do_syscall_64+0x9a/0x820 [ 2412.030165] DCCPv6 19KB 29KB [ 2412.033617] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2412.033640] ? security_file_ioctl+0x94/0xc0 [ 2412.033663] ksys_ioctl+0xa9/0xd0 [ 2412.037794] DCCP 18KB 20KB [ 2412.042807] __x64_sys_ioctl+0x73/0xb0 [ 2412.042827] do_syscall_64+0x1b9/0x820 [ 2412.042848] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2412.047777] bridge_fdb_cache 11KB 27KB [ 2412.051903] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2412.051920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2412.051942] ? trace_hardirqs_on_caller+0x310/0x310 [ 2412.057196] fib6_nodes 90KB 132KB [ 2412.061162] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2412.064637] ip6_dst_cache 104KB 262KB [ 2412.068315] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2412.072381] ip6_mrt_cache 0KB 4KB [ 2412.077887] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2412.082214] RAWv6 78KB 91KB [ 2412.087547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2412.091151] UDPv6 3KB 3KB [ 2412.096497] RIP: 0033:0x457669 [ 2412.096527] Code: Bad RIP value. [ 2412.100141] TCPv6 26KB 29KB [ 2412.104011] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2412.104027] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2412.104037] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2412.104051] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2412.107930] nf_conntrack 3KB 11KB [ 2412.113275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2412.113285] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2412.134902] Mem-Info: [ 2412.140556] ashmem_area_cache 27KB 47KB [ 2412.150940] active_anon:114776 inactive_anon:216 isolated_anon:0 [ 2412.150940] active_file:15 inactive_file:16 isolated_file:0 [ 2412.150940] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2412.150940] slab_reclaimable:10288 slab_unreclaimable:118483 [ 2412.150940] mapped:49168 shmem:392 pagetables:1668 bounce:0 [ 2412.150940] free:16197 free_pcp:0 free_cma:0 [ 2412.156710] sd_ext_cdb 0KB 3KB [ 2412.159424] Node 0 active_anon:459104kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 106496kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2412.163400] scsi_sense_cache 1056KB 1060KB [ 2412.163412] virtio_scsi_cmd 16KB 16KB [ 2412.163430] sgpool-128 8KB 8KB [ 2412.163444] sgpool-64 4KB 6KB [ 2412.177565] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2412.180857] sgpool-32 2KB 7KB [ 2412.182816] lowmem_reserve[]: 0 2818 6321 6321 [ 2412.187231] sgpool-16 1KB 3KB [ 2412.190667] Node 0 DMA32 free:28952kB min:30052kB low:37564kB high:45076kB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2412.196092] sgpool-8 0KB 3KB [ 2412.196110] mqueue_inode_cache 11KB 21KB [ 2412.196133] bio_post_read_ctx 14KB 15KB [ 2412.207349] lowmem_reserve[]: 0 0 3503 3503 [ 2412.216494] bio-2 14KB 15KB [ 2412.219741] Node 0 Normal free:19928kB min:37364kB low:46704kB high:56044kB active_anon:459064kB inactive_anon:864kB active_file:60kB inactive_file:64kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8256kB pagetables:6672kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2412.224593] jfs_mp 7KB 7KB [ 2412.224672] nfs_commit_data 3KB 7KB [ 2412.231626] lowmem_reserve[]: 0 0 0 0 [ 2412.246725] nfs_write_data 32KB 32KB [ 2412.256248] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2412.260806] ext4_system_zone 0KB 3KB [ 2412.266223] Node 0 DMA32: 6*4kB (UM) 8*8kB (UME) 9*16kB (UME) 7*32kB (UME) 6*64kB (ME) 6*128kB (ME) 5*256kB (UM) 5*512kB (ME) 5*1024kB (UME) 5*2048kB (UME) 2*4096kB (M) = 29000kB [ 2412.276126] kioctx 45KB 66KB [ 2412.283321] Node 0 Normal: 741*4kB (UME) 1086*8kB (UME) 505*16kB (UME) 0*32kB 0*64kB 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19988kB [ 2412.283410] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2412.283424] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2412.283436] 423 total pagecache pages [ 2412.296004] aio_kiocb 17KB 40KB [ 2412.296571] 0 pages in swap cache [ 2412.312756] bio-1 1KB 3KB [ 2412.325021] Swap cache stats: add 0, delete 0, find 0/0 [ 2412.342205] pid_namespace 3KB 11KB [ 2412.352585] Free swap = 0kB [ 2412.388318] rpc_buffers 17KB 19KB [ 2412.419652] Total swap = 0kB [ 2412.434711] rpc_tasks 2KB 3KB [ 2412.466399] 1965979 pages RAM [ 2412.479101] UNIX 9KB 14KB [ 2412.503065] 0 pages HighMem/MovableOnly [ 2412.521537] UDP-Lite 1KB 6KB [ 2412.523578] 342853 pages reserved [ 2412.523585] 0 pages cma reserved [ 2412.719735] tcp_bind_bucket 2KB 12KB [ 2412.725155] inet_peer_cache 14KB 20KB [ 2412.730532] ip_fib_trie 13KB 23KB [ 2412.735945] ip_fib_alias 60KB 94KB [ 2412.741314] ip_dst_cache 8KB 48KB [ 2412.746726] RAW 46KB 57KB [ 2412.752142] UDP 17KB 26KB [ 2412.757519] TCP 8KB 16KB [ 2412.762926] hugetlbfs_inode_cache 2KB 7KB [ 2412.768650] fscache_cookie_jar 1KB 7KB [ 2412.774146] eventpoll_pwq 18KB 47KB [ 2412.779516] eventpoll_epi 39KB 82KB [ 2412.784924] inotify_inode_mark 33KB 78KB [ 2412.790381] request_queue 160KB 160KB [ 2412.795788] blkdev_ioc 12KB 23KB [ 2412.801171] bio-0 530KB 570KB [ 2412.806577] biovec-max 1897KB 1897KB [ 2412.812041] biovec-64 545KB 606KB [ 2412.817411] biovec-16 55KB 67KB [ 2412.822824] bio_integrity_payload 1KB 3KB [ 2412.828558] khugepaged_mm_slot 13KB 31KB [ 2412.838961] user_namespace 5KB 11KB [ 2412.851031] dmaengine-unmap-256 2KB 6KB [ 2412.868651] dmaengine-unmap-128 1KB 3KB [ 2412.876407] dmaengine-unmap-16 0KB 4KB [ 2412.881915] dmaengine-unmap-2 0KB 3KB [ 2412.887284] skbuff_fclone_cache 103KB 251KB [ 2412.906436] skbuff_head_cache 670KB 1833KB [ 2412.911816] configfs_dir_cache 0KB 4KB [ 2412.930340] file_lock_cache 0KB 3KB [ 2412.937487] file_lock_ctx 0KB 3KB [ 2412.949468] fsnotify_mark_connector 21KB 47KB [ 2412.967754] net_namespace 69KB 69KB [ 2412.974324] shmem_inode_cache 5186KB 5561KB [ 2412.979696] task_delay_info 80KB 257KB [ 2412.985137] taskstats 84KB 187KB [ 2412.990525] proc_dir_entry 730KB 821KB [ 2413.008835] pde_opener 1KB 7KB [ 2413.014878] seq_file 131KB 295KB [ 2413.020251] sigqueue 25KB 153KB [ 2413.026064] kernfs_node_cache 12924KB 13009KB [ 2413.032826] mnt_cache 183KB 188KB [ 2413.039567] filp 2048KB 4286KB [ 2413.045608] names_cache 47026KB 47026KB [ 2413.051826] iint_cache 23KB 67KB [ 2413.057263] key_jar 9KB 37KB [ 2413.066347] uts_namespace 3KB 7KB [ 2413.073924] nsproxy 3KB 27KB [ 2413.079700] vm_area_struct 3289KB 6183KB [ 2413.085144] mm_struct 498KB 949KB [ 2413.092304] fs_cache 51KB 184KB [ 2413.097719] files_cache 181KB 311KB [ 2413.103163] signal_cache 518KB 1042KB [ 2413.108535] sighand_cache 499KB 548KB [ 2413.114995] task_struct 2227KB 2277KB [ 2413.120371] cred_jar 328KB 1232KB [ 2413.125786] anon_vma_chain 1960KB 5008KB [ 2413.131153] anon_vma 144KB 350KB [ 2413.136570] pid 51KB 180KB [ 2413.142150] Acpi-Operand 106KB 166KB [ 2413.147538] Acpi-Namespace 19KB 23KB [ 2413.152964] numa_policy 0KB 3KB [ 2413.158339] debug_objects_cache 1250KB 1506KB [ 2413.164924] trace_event_file 260KB 262KB [ 2413.171172] ftrace_event_field 376KB 378KB [ 2413.176734] pool_workqueue 104KB 124KB [ 2413.183067] task_group 5KB 7KB [ 2413.189452] page->ptl 961KB 3107KB [ 2413.197832] kmalloc-2M 2050KB 2050KB [ 2413.203286] kmalloc-512k 2056KB 2056KB [ 2413.209184] kmalloc-256k 1290KB 1290KB [ 2413.214614] kmalloc-128k 2730KB 2730KB [ 2413.220893] kmalloc-64k 10890KB 11022KB [ 2413.226366] kmalloc-32k 1419KB 1419KB [ 2413.232882] kmalloc-16k 759KB 759KB [ 2413.240022] kmalloc-8k 97845KB 97902KB [ 2413.245488] kmalloc-4k 13336KB 13357KB [ 2413.250866] kmalloc-2k 16657KB 16664KB [ 2413.256293] kmalloc-1k 4093KB 6843KB [ 2413.261665] kmalloc-512 2750KB 5265KB [ 2413.267998] kmalloc-256 2901KB 3858KB [ 2413.274586] kmalloc-128 796KB 1193KB [ 2413.280731] kmalloc-96 1711KB 3804KB [ 2413.286176] kmalloc-64 1707KB 2184KB [ 2413.291553] kmalloc-32 1484KB 2019KB [ 2413.297148] kmalloc-192 829KB 1100KB [ 2413.302627] kmem_cache 290KB 292KB [ 2413.307999] Out of memory: Kill process 8779 (syz-executor2) score 1005 or sacrifice child [ 2413.317347] Killed process 8779 (syz-executor2) total-vm:70472kB, anon-rss:2208kB, file-rss:32768kB, shmem-rss:0kB 06:18:51 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff04000000]}}}) 06:18:51 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfffffffffffffe00}]) 06:18:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:51 executing program 0: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x0, 0x6) writev(r1, &(0x7f0000001500)=[{&(0x7f0000000100)="171e38d5", 0x4}], 0x1) fcntl$setlease(r0, 0x400, 0x0) 06:18:51 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\x00\x1f\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:51 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x7a000000]}}}) [ 2416.446247] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\xff\xff\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:51 executing program 0: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x20008000) syz_open_dev$amidi(0x0, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$int_in(r1, 0x800000c0045002, &(0x7f0000000200)) readv(r1, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, &(0x7f0000000140)) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@remote, @in6=@loopback}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='vegas\x00', 0x2f7) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, 0x0, 0x0) 06:18:51 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x7}]) [ 2416.572338] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:51 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x4}]) [ 2416.723396] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2416.850104] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2417.031294] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:55 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0000000a]}}}) 06:18:55 executing program 0: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x20008000) syz_open_dev$amidi(0x0, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$int_in(r1, 0x800000c0045002, &(0x7f0000000200)) readv(r1, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, &(0x7f0000000140)) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@remote, @in6=@loopback}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='vegas\x00', 0x2f7) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, 0x0, 0x0) 06:18:55 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x400000000000000}]) 06:18:55 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:55 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\x00\x12\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:55 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x5000000]}}}) [ 2419.952982] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2419.977802] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 06:18:55 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2420.029458] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2420.073470] CPU: 1 PID: 26405 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2420.080862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2420.089668] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2420.090219] Call Trace: [ 2420.090262] dump_stack+0x244/0x39d [ 2420.090292] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2420.090320] ? __video_do_ioctl+0x8b1/0x1050 [ 2420.114343] ? video_usercopy+0x5c1/0x1760 [ 2420.118600] ? video_ioctl2+0x2c/0x33 06:18:55 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2420.122448] ? do_vfs_ioctl+0x1de/0x1790 [ 2420.126577] warn_alloc.cold.116+0xb7/0x1bd [ 2420.130947] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2420.135818] ? zap_class+0x640/0x640 [ 2420.139559] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2420.142162] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2420.145113] ? check_preemption_disabled+0x48/0x280 [ 2420.145163] __vmalloc_node_range+0x472/0x750 [ 2420.145205] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2420.167874] ? vb2_vmalloc_alloc+0x123/0x380 06:18:55 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) write$RDMA_USER_CM_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) 06:18:55 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xff\xff\xfe\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2420.172302] vmalloc_user+0x75/0x170 [ 2420.176029] ? vb2_vmalloc_alloc+0x123/0x380 [ 2420.180461] vb2_vmalloc_alloc+0x123/0x380 [ 2420.184712] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2420.189829] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2420.194165] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2420.199290] __vb2_queue_alloc+0x5e1/0xfa0 [ 2420.203567] ? vimc_cap_get_format+0x120/0x120 [ 2420.208692] vb2_core_create_bufs+0x401/0x8c0 [ 2420.209536] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:55 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2420.213210] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2420.213234] ? debug_smp_processor_id+0x1c/0x20 [ 2420.213254] ? perf_trace_lock+0x14d/0x7a0 [ 2420.213273] ? __save_stack_trace+0x8d/0xf0 [ 2420.213315] vb2_create_bufs+0x4b6/0x8f0 [ 2420.243096] ? v4l2_ioctl+0x154/0x1b0 [ 2420.246928] ? vb2_request_queue+0x120/0x120 [ 2420.251366] ? find_held_lock+0x36/0x1c0 [ 2420.255450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2420.261042] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2420.265706] v4l_create_bufs+0x152/0x230 [ 2420.269795] __video_do_ioctl+0x8b1/0x1050 06:18:55 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2420.273886] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2420.274051] ? v4l_s_fmt+0x990/0x990 [ 2420.285915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2420.291482] video_usercopy+0x5c1/0x1760 [ 2420.295561] ? v4l_s_fmt+0x990/0x990 [ 2420.299297] ? v4l_enumstd+0x70/0x70 [ 2420.303030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2420.308599] ? find_held_lock+0x36/0x1c0 [ 2420.312741] ? __fget+0x4aa/0x740 [ 2420.316216] ? lock_downgrade+0x900/0x900 [ 2420.320389] ? check_preemption_disabled+0x48/0x280 [ 2420.325427] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2420.326870] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2420.330369] ? kasan_check_read+0x11/0x20 [ 2420.330387] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2420.330403] ? rcu_softirq_qs+0x20/0x20 [ 2420.330462] ? __fget+0x4d1/0x740 [ 2420.330485] ? ksys_dup3+0x680/0x680 [ 2420.330505] ? __might_fault+0x12b/0x1e0 [ 2420.363228] ? video_usercopy+0x1760/0x1760 [ 2420.367566] video_ioctl2+0x2c/0x33 [ 2420.371224] v4l2_ioctl+0x154/0x1b0 [ 2420.374870] ? video_devdata+0xa0/0xa0 [ 2420.378779] do_vfs_ioctl+0x1de/0x1790 [ 2420.382667] ? ioctl_preallocate+0x300/0x300 [ 2420.387070] ? __fget_light+0x2e9/0x430 [ 2420.391034] ? fget_raw+0x20/0x20 [ 2420.394476] ? _copy_to_user+0xc8/0x110 [ 2420.398461] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2420.404043] ? put_timespec64+0x10f/0x1b0 [ 2420.408207] ? nsecs_to_jiffies+0x30/0x30 [ 2420.412363] ? do_syscall_64+0x9a/0x820 [ 2420.416335] ? do_syscall_64+0x9a/0x820 [ 2420.420309] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2420.424885] ? security_file_ioctl+0x94/0xc0 [ 2420.429282] ksys_ioctl+0xa9/0xd0 [ 2420.432726] __x64_sys_ioctl+0x73/0xb0 [ 2420.436614] do_syscall_64+0x1b9/0x820 [ 2420.440537] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2420.445906] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2420.450824] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2420.455682] ? trace_hardirqs_on_caller+0x310/0x310 [ 2420.460712] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2420.465746] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2420.470754] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2420.475618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2420.480812] RIP: 0033:0x457669 [ 2420.484000] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2420.503021] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2420.510716] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2420.518000] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2420.525271] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2420.532529] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2420.539787] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2420.549013] Mem-Info: [ 2420.552318] active_anon:116380 inactive_anon:214 isolated_anon:0 [ 2420.552318] active_file:946 inactive_file:3252 isolated_file:0 [ 2420.552318] unevictable:0 dirty:79 writeback:0 unstable:0 [ 2420.552318] slab_reclaimable:10231 slab_unreclaimable:121759 [ 2420.552318] mapped:52004 shmem:392 pagetables:1742 bounce:0 [ 2420.552318] free:1273412 free_pcp:917 free_cma:0 [ 2420.595595] Node 0 active_anon:463372kB inactive_anon:864kB active_file:3788kB inactive_file:13032kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:207988kB dirty:340kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2420.631978] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2420.667708] lowmem_reserve[]: 0 2818 6321 6321 [ 2420.672947] Node 0 DMA32 free:2879388kB min:30052kB low:37564kB high:45076kB active_anon:28kB inactive_anon:0kB active_file:424kB inactive_file:1108kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1584kB local_pcp:1476kB free_cma:0kB [ 2420.705576] lowmem_reserve[]: 0 0 3503 3503 [ 2420.710033] Node 0 Normal free:2200056kB min:37364kB low:46704kB high:56044kB active_anon:463344kB inactive_anon:864kB active_file:3364kB inactive_file:11924kB unevictable:0kB writepending:340kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8448kB pagetables:6728kB bounce:0kB free_pcp:2304kB local_pcp:1040kB free_cma:0kB [ 2420.740795] lowmem_reserve[]: 0 0 0 0 [ 2420.745453] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2420.759676] Node 0 DMA32: 31*4kB (UM) 52*8kB (UME) 58*16kB (UME) 55*32kB (UME) 60*64kB (UE) 64*128kB (UME) 60*256kB (UM) 52*512kB (UME) 42*1024kB (UME) 41*2048kB (UME) 658*4096kB (UM) = 2879388kB [ 2420.777954] Node 0 Normal: 13626*4kB (UME) 7694*8kB (UME) 2180*16kB (UME) 1887*32kB (UME) 1435*64kB (UME) 743*128kB (UM) 364*256kB (U) 161*512kB (U) 84*1024kB (U) 78*2048kB (U) 337*4096kB (UM) = 2199992kB [ 2420.797309] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2420.806792] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2420.817059] 4599 total pagecache pages [ 2420.821198] 0 pages in swap cache [ 2420.825224] Swap cache stats: add 0, delete 0, find 0/0 [ 2420.830823] Free swap = 0kB [ 2420.834374] Total swap = 0kB [ 2420.837644] 1965979 pages RAM [ 2420.840964] 0 pages HighMem/MovableOnly [ 2420.845485] 342853 pages reserved [ 2420.849165] 0 pages cma reserved 06:18:56 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:56 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x2}]) 06:18:56 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0000000b]}}}) 06:18:56 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x4c00]}}}) [ 2420.926098] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2420.986670] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2421.022186] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2421.033980] CPU: 1 PID: 26440 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2421.041370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2421.050734] Call Trace: [ 2421.053352] dump_stack+0x244/0x39d [ 2421.057012] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2421.062225] ? __video_do_ioctl+0x8b1/0x1050 [ 2421.066649] ? video_usercopy+0x5c1/0x1760 [ 2421.070895] ? video_ioctl2+0x2c/0x33 [ 2421.074709] ? do_vfs_ioctl+0x1de/0x1790 [ 2421.078793] warn_alloc.cold.116+0xb7/0x1bd [ 2421.083139] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2421.087999] ? zap_class+0x640/0x640 [ 2421.091739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2421.097303] ? check_preemption_disabled+0x48/0x280 [ 2421.102352] __vmalloc_node_range+0x472/0x750 [ 2421.102377] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2421.102397] ? vb2_vmalloc_alloc+0x123/0x380 [ 2421.116309] vmalloc_user+0x75/0x170 [ 2421.120036] ? vb2_vmalloc_alloc+0x123/0x380 [ 2421.124463] vb2_vmalloc_alloc+0x123/0x380 [ 2421.128726] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2421.133851] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2421.138187] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2421.143310] __vb2_queue_alloc+0x5e1/0xfa0 [ 2421.147582] ? vimc_cap_get_format+0x120/0x120 [ 2421.152197] vb2_core_create_bufs+0x401/0x8c0 [ 2421.156721] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2421.161181] ? debug_smp_processor_id+0x1c/0x20 [ 2421.165864] ? perf_trace_lock+0x14d/0x7a0 [ 2421.170114] ? __save_stack_trace+0x8d/0xf0 [ 2421.174523] vb2_create_bufs+0x4b6/0x8f0 [ 2421.178630] ? v4l2_ioctl+0x154/0x1b0 [ 2421.182466] ? vb2_request_queue+0x120/0x120 [ 2421.186922] ? find_held_lock+0x36/0x1c0 [ 2421.190995] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2421.196556] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2421.201167] v4l_create_bufs+0x152/0x230 [ 2421.205253] __video_do_ioctl+0x8b1/0x1050 [ 2421.209988] ? v4l_s_fmt+0x990/0x990 [ 2421.213729] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2421.219286] video_usercopy+0x5c1/0x1760 [ 2421.223362] ? v4l_s_fmt+0x990/0x990 [ 2421.227097] ? v4l_enumstd+0x70/0x70 [ 2421.230837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2421.236396] ? find_held_lock+0x36/0x1c0 [ 2421.240484] ? __fget+0x4aa/0x740 [ 2421.243953] ? lock_downgrade+0x900/0x900 [ 2421.248113] ? check_preemption_disabled+0x48/0x280 [ 2421.253161] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2421.258121] ? kasan_check_read+0x11/0x20 [ 2421.262314] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2421.267600] ? rcu_softirq_qs+0x20/0x20 [ 2421.271645] ? __fget+0x4d1/0x740 [ 2421.275114] ? ksys_dup3+0x680/0x680 [ 2421.278881] ? __might_fault+0x12b/0x1e0 [ 2421.282960] ? video_usercopy+0x1760/0x1760 [ 2421.287291] video_ioctl2+0x2c/0x33 [ 2421.290925] v4l2_ioctl+0x154/0x1b0 [ 2421.294566] ? video_devdata+0xa0/0xa0 [ 2421.298480] do_vfs_ioctl+0x1de/0x1790 [ 2421.302420] ? ioctl_preallocate+0x300/0x300 [ 2421.306844] ? __fget_light+0x2e9/0x430 [ 2421.310834] ? fget_raw+0x20/0x20 [ 2421.314322] ? _copy_to_user+0xc8/0x110 [ 2421.318320] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2421.323863] ? put_timespec64+0x10f/0x1b0 [ 2421.327999] ? nsecs_to_jiffies+0x30/0x30 [ 2421.332144] ? do_syscall_64+0x9a/0x820 [ 2421.336103] ? do_syscall_64+0x9a/0x820 [ 2421.340069] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2421.344641] ? security_file_ioctl+0x94/0xc0 [ 2421.349036] ksys_ioctl+0xa9/0xd0 [ 2421.352479] __x64_sys_ioctl+0x73/0xb0 [ 2421.356351] do_syscall_64+0x1b9/0x820 [ 2421.360256] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2421.365626] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2421.370540] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2421.375370] ? trace_hardirqs_on_caller+0x310/0x310 [ 2421.380371] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2421.385372] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2421.390394] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2421.395229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2421.400403] RIP: 0033:0x457669 [ 2421.403584] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2421.422473] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2421.430162] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 06:18:56 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\x00\x0f\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:18:56 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:56 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffeffffff]}}}) 06:18:56 executing program 0: socketpair$unix(0x1, 0x400000001, 0x0, &(0x7f0000000200)) dup2(0xffffffffffffffff, 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) write(r1, &(0x7f0000000340), 0x10000014c) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x19) 06:18:56 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfffffffffffffdfe}]) [ 2421.437449] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2421.444701] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2421.451954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2421.459206] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff 06:18:56 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x4000]}}}) [ 2421.541151] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2421.559289] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2421.573886] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2421.579275] CPU: 0 PID: 26458 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2421.586691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2421.596053] Call Trace: [ 2421.598691] dump_stack+0x244/0x39d [ 2421.602360] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2421.607571] ? __video_do_ioctl+0x8b1/0x1050 [ 2421.612003] ? video_usercopy+0x5c1/0x1760 [ 2421.616251] ? video_ioctl2+0x2c/0x33 [ 2421.620068] ? do_vfs_ioctl+0x1de/0x1790 [ 2421.624151] warn_alloc.cold.116+0xb7/0x1bd [ 2421.628492] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2421.633349] ? zap_class+0x640/0x640 [ 2421.637137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2421.642712] ? check_preemption_disabled+0x48/0x280 [ 2421.647737] __vmalloc_node_range+0x472/0x750 [ 2421.652247] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2421.657293] ? vb2_vmalloc_alloc+0x123/0x380 [ 2421.661736] vmalloc_user+0x75/0x170 [ 2421.665452] ? vb2_vmalloc_alloc+0x123/0x380 [ 2421.669850] vb2_vmalloc_alloc+0x123/0x380 [ 2421.674078] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2421.679175] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2421.683486] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2421.688589] __vb2_queue_alloc+0x5e1/0xfa0 [ 2421.692868] ? vimc_cap_get_format+0x120/0x120 [ 2421.697453] vb2_core_create_bufs+0x401/0x8c0 [ 2421.701957] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2421.706370] ? debug_smp_processor_id+0x1c/0x20 [ 2421.711059] ? perf_trace_lock+0x14d/0x7a0 [ 2421.715309] ? __save_stack_trace+0x8d/0xf0 [ 2421.719690] vb2_create_bufs+0x4b6/0x8f0 [ 2421.723739] ? v4l2_ioctl+0x154/0x1b0 [ 2421.727532] ? vb2_request_queue+0x120/0x120 [ 2421.731949] ? find_held_lock+0x36/0x1c0 [ 2421.736009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2421.741555] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2421.746160] v4l_create_bufs+0x152/0x230 [ 2421.750232] __video_do_ioctl+0x8b1/0x1050 [ 2421.754467] ? v4l_s_fmt+0x990/0x990 [ 2421.758194] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2421.763728] video_usercopy+0x5c1/0x1760 [ 2421.767791] ? v4l_s_fmt+0x990/0x990 [ 2421.771503] ? v4l_enumstd+0x70/0x70 [ 2421.775219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2421.780753] ? find_held_lock+0x36/0x1c0 [ 2421.784822] ? __fget+0x4aa/0x740 [ 2421.788306] ? lock_downgrade+0x900/0x900 [ 2421.792472] ? check_preemption_disabled+0x48/0x280 [ 2421.797498] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2421.802448] ? kasan_check_read+0x11/0x20 [ 2421.806594] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2421.812335] ? rcu_softirq_qs+0x20/0x20 [ 2421.816310] ? __fget+0x4d1/0x740 [ 2421.819786] ? ksys_dup3+0x680/0x680 [ 2421.823493] ? __might_fault+0x12b/0x1e0 [ 2421.827544] ? video_usercopy+0x1760/0x1760 [ 2421.831862] video_ioctl2+0x2c/0x33 [ 2421.835494] v4l2_ioctl+0x154/0x1b0 [ 2421.839133] ? video_devdata+0xa0/0xa0 [ 2421.843011] do_vfs_ioctl+0x1de/0x1790 [ 2421.846891] ? ioctl_preallocate+0x300/0x300 [ 2421.851301] ? __fget_light+0x2e9/0x430 [ 2421.855292] ? fget_raw+0x20/0x20 [ 2421.858756] ? _copy_to_user+0xc8/0x110 [ 2421.862737] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2421.868274] ? put_timespec64+0x10f/0x1b0 [ 2421.872417] ? nsecs_to_jiffies+0x30/0x30 [ 2421.876601] ? do_syscall_64+0x9a/0x820 [ 2421.880618] ? do_syscall_64+0x9a/0x820 [ 2421.884588] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2421.889190] ? security_file_ioctl+0x94/0xc0 [ 2421.893615] ksys_ioctl+0xa9/0xd0 [ 2421.897089] __x64_sys_ioctl+0x73/0xb0 [ 2421.900966] do_syscall_64+0x1b9/0x820 [ 2421.904848] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2421.910201] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2421.915116] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2421.919951] ? trace_hardirqs_on_caller+0x310/0x310 [ 2421.924964] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2421.929973] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2421.934991] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2421.939842] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2421.945041] RIP: 0033:0x457669 [ 2421.948239] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2421.967130] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2421.974874] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2421.982143] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 06:18:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2421.989409] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2421.996672] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2422.003940] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2422.022268] warn_alloc_show_mem: 1 callbacks suppressed [ 2422.022274] Mem-Info: [ 2422.037446] active_anon:116426 inactive_anon:213 isolated_anon:0 [ 2422.037446] active_file:1002 inactive_file:3217 isolated_file:0 [ 2422.037446] unevictable:0 dirty:98 writeback:0 unstable:0 [ 2422.037446] slab_reclaimable:10231 slab_unreclaimable:121929 [ 2422.037446] mapped:52090 shmem:392 pagetables:1744 bounce:0 [ 2422.037446] free:1273163 free_pcp:872 free_cma:0 [ 2422.077466] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:18:57 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xf0ffffff7f0000}]) [ 2422.107983] Node 0 active_anon:465564kB inactive_anon:852kB active_file:4008kB inactive_file:12868kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208260kB dirty:392kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 112640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2422.152663] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2422.208273] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2422.242863] lowmem_reserve[]: 0 2818 6321 6321 06:18:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2422.249075] Node 0 DMA32 free:2879388kB min:30052kB low:37564kB high:45076kB active_anon:28kB inactive_anon:0kB active_file:424kB inactive_file:1108kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1584kB local_pcp:1476kB free_cma:0kB [ 2422.287736] lowmem_reserve[]: 0 0 3503 3503 06:18:57 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfeffffffffffff}]) [ 2422.299688] Node 0 Normal free:2186928kB min:37364kB low:46704kB high:56044kB active_anon:475860kB inactive_anon:852kB active_file:3584kB inactive_file:11760kB unevictable:0kB writepending:392kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8576kB pagetables:6976kB bounce:0kB free_pcp:1544kB local_pcp:528kB free_cma:0kB [ 2422.348588] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:18:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2422.424567] lowmem_reserve[]: 0 0 0 0 [ 2422.440620] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2422.466031] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2422.498093] Node 0 DMA32: 31*4kB (UM) 52*8kB (UME) 58*16kB (UME) 55*32kB (UME) 60*64kB (UE) 64*128kB (UME) 60*256kB (UM) 52*512kB (UME) 42*1024kB (UME) 41*2048kB (UME) 658*4096kB (UM) = 2879388kB [ 2422.556945] Node 0 Normal: 13562*4kB (UE) 6926*8kB (UE) 2220*16kB (UME) 2064*32kB (UME) 1438*64kB (UME) 746*128kB (UM) 366*256kB (U) 161*512kB (U) 84*1024kB (U) 79*2048kB (UM) 337*4096kB (UM) = 2203032kB [ 2422.592777] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2422.601808] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2422.612257] 4612 total pagecache pages [ 2422.616314] 0 pages in swap cache [ 2422.619915] Swap cache stats: add 0, delete 0, find 0/0 [ 2422.625530] Free swap = 0kB [ 2422.628715] Total swap = 0kB [ 2422.632863] 1965979 pages RAM [ 2422.636140] 0 pages HighMem/MovableOnly [ 2422.640259] 342853 pages reserved [ 2422.644221] 0 pages cma reserved 06:18:57 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x8000000}]) 06:18:57 executing program 0: syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x400000000000402) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm-monitor\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) capset(&(0x7f00000000c0)={0x20080522}, &(0x7f0000000100)={0x8, 0x400, 0x80000001, 0x80000001, 0x40, 0x9}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/94, 0x5e}], 0x1, 0x0) r0 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000340)={0x0, 0x0, 0x4, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp6\x00') preadv(r1, &(0x7f0000000480), 0x1000000000000052, 0x0) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000200), &(0x7f0000000300)=0x4) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000240)) [ 2426.914132] oom_reaper: reaped process 26447 (syz-executor2), now anon-rss:0kB, file-rss:32008kB, shmem-rss:0kB [ 2426.937378] syz-fuzzer invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2426.962036] syz-fuzzer cpuset=/ mems_allowed=0 [ 2426.966722] CPU: 0 PID: 6040 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #379 [ 2426.973738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2426.983093] Call Trace: [ 2426.985697] dump_stack+0x244/0x39d [ 2426.989314] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2426.994495] ? mark_held_locks+0x130/0x130 [ 2426.998769] ? mark_held_locks+0x130/0x130 [ 2427.001983] syz-executor2: vmalloc: allocation failure, allocated 900521984 of 4278194176 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2427.003009] dump_header+0x27b/0xf72 [ 2427.020384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2427.024256] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2427.025964] ? check_preemption_disabled+0x48/0x280 [ 2427.036055] ? pagefault_out_of_memory+0x197/0x197 [ 2427.040986] ? debug_smp_processor_id+0x1c/0x20 [ 2427.045666] ? perf_trace_lock+0x14d/0x7a0 [ 2427.049915] ? mark_held_locks+0x130/0x130 [ 2427.054161] ? lock_is_held_type+0x210/0x210 [ 2427.058620] ? debug_smp_processor_id+0x1c/0x20 [ 2427.063300] ? perf_trace_lock+0x14d/0x7a0 [ 2427.067565] ? zap_class+0x640/0x640 [ 2427.071318] ? print_usage_bug+0xc0/0xc0 [ 2427.075864] ? lock_is_held_type+0x210/0x210 [ 2427.080279] ? perf_trace_lock+0x14d/0x7a0 [ 2427.084526] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2427.090084] ? find_held_lock+0x36/0x1c0 [ 2427.094164] ? mark_held_locks+0xc7/0x130 [ 2427.098327] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2427.103436] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2427.108552] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2427.113148] ? trace_hardirqs_on+0xbd/0x310 [ 2427.117503] ? kasan_check_read+0x11/0x20 [ 2427.121658] ? ___ratelimit+0x3b4/0x672 [ 2427.125655] ? trace_hardirqs_off_caller+0x310/0x310 [ 2427.130773] ? trace_hardirqs_on+0x310/0x310 [ 2427.135191] ? lock_downgrade+0x900/0x900 [ 2427.139352] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2427.144464] ? ___ratelimit+0x3b9/0x672 [ 2427.148454] ? idr_get_free+0xf70/0xf70 [ 2427.152454] ? lock_is_held_type+0x210/0x210 [ 2427.156905] oom_kill_process.cold.27+0x10/0x903 [ 2427.161682] ? zap_class+0x640/0x640 [ 2427.165406] ? _raw_spin_unlock+0x2c/0x50 [ 2427.169560] ? oom_badness+0xe6/0xaa0 [ 2427.173397] ? oom_evaluate_task+0x540/0x540 [ 2427.177819] ? find_held_lock+0x36/0x1c0 [ 2427.181895] ? out_of_memory+0x974/0x1430 [ 2427.186057] ? lock_downgrade+0x900/0x900 [ 2427.190218] ? check_preemption_disabled+0x48/0x280 [ 2427.195253] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2427.200188] ? kasan_check_read+0x11/0x20 [ 2427.204345] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2427.209792] ? rcu_softirq_qs+0x20/0x20 [ 2427.213786] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2427.218807] ? oom_evaluate_task+0x302/0x540 [ 2427.223225] out_of_memory+0xa84/0x1430 [ 2427.227217] ? oom_killer_disable+0x3a0/0x3a0 [ 2427.231738] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2427.236684] ? __ww_mutex_check_waiters+0x160/0x160 [ 2427.241722] __alloc_pages_slowpath+0x232c/0x2de0 [ 2427.246603] ? warn_alloc+0x120/0x120 [ 2427.250431] ? mark_held_locks+0x130/0x130 [ 2427.254682] ? find_get_entry+0xaae/0x1120 [ 2427.258932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2427.264484] ? check_preemption_disabled+0x48/0x280 [ 2427.269512] ? filemap_map_pages+0x1a20/0x1a20 [ 2427.274111] ? debug_smp_processor_id+0x1c/0x20 [ 2427.278789] ? perf_trace_lock+0x14d/0x7a0 [ 2427.283041] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2427.288588] ? should_fail+0x22d/0xd01 [ 2427.292500] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2427.297617] ? zap_class+0x640/0x640 [ 2427.301367] ? __lock_is_held+0xb5/0x140 [ 2427.305446] ? mark_held_locks+0x130/0x130 [ 2427.309697] ? lock_release+0xa00/0xa00 [ 2427.313699] ? perf_trace_sched_process_exec+0x860/0x860 [ 2427.319156] ? xa_load+0x2ba/0x460 [ 2427.322717] ? __might_sleep+0x95/0x190 [ 2427.326706] __alloc_pages_nodemask+0xad8/0xea0 [ 2427.331394] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2427.336424] ? __page_cache_alloc+0x191/0x5c0 [ 2427.340923] ? xa_load+0x2e1/0x460 [ 2427.344475] ? xa_clear_mark+0x40/0x40 [ 2427.348390] ? up_read_non_owner+0x100/0x100 [ 2427.352806] ? zap_class+0x640/0x640 [ 2427.356544] ? zap_class+0x640/0x640 [ 2427.360265] ? zap_class+0x640/0x640 [ 2427.363990] ? __do_page_cache_readahead+0x663/0x810 [ 2427.369110] ? find_held_lock+0x36/0x1c0 [ 2427.373199] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2427.378751] alloc_pages_current+0x173/0x350 [ 2427.383178] __page_cache_alloc+0x38c/0x5c0 [ 2427.387515] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2427.392453] ? kasan_check_read+0x11/0x20 [ 2427.396640] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2427.401926] ? generic_perform_write+0x6a0/0x6a0 [ 2427.406698] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2427.412246] ? check_preemption_disabled+0x48/0x280 [ 2427.417279] filemap_fault+0x1595/0x25f0 [ 2427.421360] ? __lock_page_or_retry+0xa00/0xa00 [ 2427.426040] ? mark_held_locks+0x130/0x130 [ 2427.430332] ? filemap_map_pages+0xd6b/0x1a20 [ 2427.434849] ? lock_downgrade+0x900/0x900 [ 2427.439006] ? check_preemption_disabled+0x48/0x280 [ 2427.444032] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2427.449003] ? kasan_check_read+0x11/0x20 [ 2427.453152] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2427.458464] ? rcu_softirq_qs+0x20/0x20 [ 2427.462470] ? filemap_map_pages+0xd92/0x1a20 [ 2427.467021] ? find_get_entries_tag+0x1400/0x1400 [ 2427.471900] ? lock_acquire+0x1ed/0x520 [ 2427.475885] ? ext4_filemap_fault+0x7a/0xad [ 2427.480222] ? lock_release+0xa00/0xa00 [ 2427.484203] ? perf_trace_sched_process_exec+0x860/0x860 [ 2427.489667] ? print_usage_bug+0xc0/0xc0 [ 2427.493744] ? print_usage_bug+0xc0/0xc0 [ 2427.497826] ? down_read+0x8d/0x120 [ 2427.501464] ? ext4_filemap_fault+0x7a/0xad [ 2427.505798] ? __down_interruptible+0x700/0x700 [ 2427.510492] ext4_filemap_fault+0x82/0xad [ 2427.514661] __do_fault+0x100/0x6b0 [ 2427.518298] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2427.523415] ? mark_held_locks+0x130/0x130 [ 2427.527667] ? mark_held_locks+0x130/0x130 [ 2427.531911] ? do_raw_spin_trylock+0x270/0x270 [ 2427.536501] ? debug_smp_processor_id+0x1c/0x20 [ 2427.541175] ? perf_trace_lock+0x14d/0x7a0 [ 2427.545442] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2427.551008] __handle_mm_fault+0x3ea6/0x5be0 [ 2427.555439] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2427.560290] ? lock_is_held_type+0x210/0x210 [ 2427.564732] ? zap_class+0x640/0x640 [ 2427.568454] ? zap_class+0x640/0x640 [ 2427.572177] ? __x64_sys_futex+0x53e/0x6a0 [ 2427.576423] ? find_held_lock+0x36/0x1c0 [ 2427.580500] ? handle_mm_fault+0x42a/0xc70 [ 2427.584746] ? lock_downgrade+0x900/0x900 [ 2427.588904] ? check_preemption_disabled+0x48/0x280 [ 2427.593931] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2427.598869] ? kasan_check_read+0x11/0x20 [ 2427.603022] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2427.608307] ? rcu_softirq_qs+0x20/0x20 [ 2427.612292] ? trace_hardirqs_off_caller+0x310/0x310 [ 2427.617404] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2427.622950] ? check_preemption_disabled+0x48/0x280 [ 2427.627984] handle_mm_fault+0x54f/0xc70 [ 2427.632061] ? __handle_mm_fault+0x5be0/0x5be0 [ 2427.636661] ? find_vma+0x34/0x190 [ 2427.640214] __do_page_fault+0x5e8/0xe60 [ 2427.644281] ? trace_hardirqs_off+0xb8/0x310 [ 2427.648712] do_page_fault+0xf2/0x7e0 [ 2427.652536] ? vmalloc_sync_all+0x30/0x30 [ 2427.656694] ? error_entry+0x70/0xd0 [ 2427.660418] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2427.665440] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2427.670382] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2427.675321] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2427.680171] ? trace_hardirqs_on_caller+0x310/0x310 [ 2427.685191] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2427.690660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2427.696205] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2427.701229] ? page_fault+0x8/0x30 [ 2427.704798] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2427.709667] ? page_fault+0x8/0x30 [ 2427.713219] page_fault+0x1e/0x30 [ 2427.716675] RIP: 0033:0x40f9c0 [ 2427.719882] Code: Bad RIP value. [ 2427.723250] RSP: 002b:000000c42001eef8 EFLAGS: 00010216 [ 2427.728624] RAX: ffffffffffffff92 RBX: 0000000010643759 RCX: 000000000045ddf3 [ 2427.735904] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001585d20 [ 2427.743175] RBP: 000000c42001ef20 R08: 0000000000000000 R09: 0000000000000000 [ 2427.750449] R10: 000000c42001eed8 R11: 0000000000000206 R12: 0000000000000001 [ 2427.757750] R13: 0000000000000020 R14: 0000000000000013 R15: 000000c43218d058 [ 2427.766672] Mem-Info: [ 2427.767874] CPU: 1 PID: 26447 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2427.769136] active_anon:114230 inactive_anon:216 isolated_anon:0 [ 2427.769136] active_file:14 inactive_file:15 isolated_file:0 [ 2427.769136] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2427.769136] slab_reclaimable:10194 slab_unreclaimable:117955 [ 2427.769136] mapped:49168 shmem:392 pagetables:1643 bounce:0 [ 2427.769136] free:16073 free_pcp:211 free_cma:0 [ 2427.776488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2427.776494] Call Trace: [ 2427.776518] dump_stack+0x244/0x39d [ 2427.776551] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2427.776570] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2427.776642] warn_alloc.cold.116+0xb7/0x1bd [ 2427.809812] Node 0 active_anon:456920kB inactive_anon:864kB active_file:56kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 104448kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2427.819055] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2427.819074] ? __lock_is_held+0xb5/0x140 [ 2427.819110] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2427.821663] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2427.825300] __vmalloc_node_range+0x522/0x750 [ 2427.825330] ? vb2_vmalloc_alloc+0x123/0x380 [ 2427.830488] lowmem_reserve[]: 0 2818 6321 6321 [ 2427.835412] vmalloc_user+0x75/0x170 [ 2427.835429] ? vb2_vmalloc_alloc+0x123/0x380 [ 2427.835447] vb2_vmalloc_alloc+0x123/0x380 [ 2427.839754] Node 0 DMA32 free:28832kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2427.867353] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2427.867371] ? mutex_destroy+0x200/0x200 [ 2427.867392] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2427.872239] lowmem_reserve[]: 0 0 3503 3503 [ 2427.876279] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2427.881797] Node 0 Normal free:19552kB min:37364kB low:46704kB high:56044kB active_anon:456884kB inactive_anon:864kB active_file:56kB inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8224kB pagetables:6572kB bounce:0kB free_pcp:596kB local_pcp:148kB free_cma:0kB [ 2427.907905] __vb2_queue_alloc+0x5e1/0xfa0 [ 2427.907946] ? vimc_cap_get_format+0x120/0x120 [ 2427.912435] lowmem_reserve[]: 0 0 0 0 [ 2427.916822] vb2_core_create_bufs+0x401/0x8c0 [ 2427.921387] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2427.925138] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2427.925163] ? debug_smp_processor_id+0x1c/0x20 [ 2427.929553] Node 0 DMA32: 4*4kB (M) 7*8kB (UME) 8*16kB (UME) 7*32kB (ME) 6*64kB (ME) 7*128kB (UME) 2*256kB (M) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28840kB [ 2427.933783] ? perf_trace_lock+0x14d/0x7a0 [ 2427.933802] ? __save_stack_trace+0x8d/0xf0 [ 2427.933844] vb2_create_bufs+0x4b6/0x8f0 [ 2427.961237] Node 0 Normal: 672*4kB (UME) 991*8kB (UME) 508*16kB (UME) 3*32kB (U) 0*64kB 4*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19608kB [ 2427.966337] ? v4l2_ioctl+0x154/0x1b0 [ 2427.966378] ? vb2_request_queue+0x120/0x120 [ 2427.966402] ? find_held_lock+0x36/0x1c0 [ 2427.970463] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2427.974771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2427.974795] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2427.974820] v4l_create_bufs+0x152/0x230 [ 2427.979144] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2427.984238] __video_do_ioctl+0x8b1/0x1050 [ 2427.984267] ? v4l_s_fmt+0x990/0x990 [ 2428.013160] 421 total pagecache pages [ 2428.017374] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2428.021968] 0 pages in swap cache [ 2428.025734] video_usercopy+0x5c1/0x1760 [ 2428.030210] Swap cache stats: add 0, delete 0, find 0/0 [ 2428.043726] ? v4l_s_fmt+0x990/0x990 [ 2428.043752] ? v4l_enumstd+0x70/0x70 [ 2428.043772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2428.048162] Free swap = 0kB [ 2428.052830] ? find_held_lock+0x36/0x1c0 [ 2428.052859] ? __fget+0x4aa/0x740 [ 2428.068728] Total swap = 0kB [ 2428.072937] ? lock_downgrade+0x900/0x900 [ 2428.072958] ? check_preemption_disabled+0x48/0x280 [ 2428.072978] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2428.077783] 1965979 pages RAM [ 2428.081849] ? kasan_check_read+0x11/0x20 [ 2428.096002] 0 pages HighMem/MovableOnly [ 2428.099773] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2428.104183] 342853 pages reserved [ 2428.108264] ? rcu_softirq_qs+0x20/0x20 [ 2428.117107] 0 pages cma reserved [ 2428.122642] ? __fget+0x4d1/0x740 [ 2428.122667] ? ksys_dup3+0x680/0x680 [ 2428.127230] Unreclaimable slab info: [ 2428.131287] ? __might_fault+0x12b/0x1e0 [ 2428.139864] Name Used Total [ 2428.144069] ? video_usercopy+0x1760/0x1760 [ 2428.144086] video_ioctl2+0x2c/0x33 [ 2428.144105] v4l2_ioctl+0x154/0x1b0 [ 2428.147835] pid_2 76KB 192KB [ 2428.151595] ? video_devdata+0xa0/0xa0 [ 2428.157214] TIPC 11KB 21KB [ 2428.160580] do_vfs_ioctl+0x1de/0x1790 [ 2428.164668] rds_connection 0KB 3KB [ 2428.169989] ? ioctl_preallocate+0x300/0x300 [ 2428.173703] SCTPv6 16KB 24KB [ 2428.177384] ? __fget_light+0x2e9/0x430 [ 2428.182929] sctp_bind_bucket 0KB 3KB [ 2428.185913] ? fget_raw+0x20/0x20 [ 2428.189953] DCCPv6 19KB 29KB [ 2428.193391] ? _copy_to_user+0xc8/0x110 [ 2428.193416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2428.193446] ? put_timespec64+0x10f/0x1b0 [ 2428.196440] DCCP 18KB 20KB [ 2428.200585] ? nsecs_to_jiffies+0x30/0x30 [ 2428.205644] bridge_fdb_cache 10KB 27KB [ 2428.211022] ? do_syscall_64+0x9a/0x820 [ 2428.214143] fib6_nodes 90KB 132KB [ 2428.218253] ? do_syscall_64+0x9a/0x820 [ 2428.222267] ip6_dst_cache 101KB 262KB [ 2428.227514] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2428.230946] ip6_mrt_cache 0KB 4KB [ 2428.234914] ? security_file_ioctl+0x94/0xc0 [ 2428.234936] ksys_ioctl+0xa9/0xd0 [ 2428.234959] __x64_sys_ioctl+0x73/0xb0 [ 2428.238318] RAWv6 78KB 91KB [ 2428.241765] do_syscall_64+0x1b9/0x820 [ 2428.245484] UDPv6 3KB 3KB [ 2428.249171] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2428.253239] TCPv6 26KB 29KB [ 2428.258742] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2428.263077] nf_conntrack 1KB 11KB [ 2428.266677] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2428.270280] ashmem_area_cache 32KB 47KB [ 2428.275641] ? trace_hardirqs_on_caller+0x310/0x310 [ 2428.275661] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2428.275680] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2428.279574] sd_ext_cdb 0KB 3KB [ 2428.284911] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2428.284954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2428.288828] scsi_sense_cache 1056KB 1060KB [ 2428.294180] RIP: 0033:0x457669 [ 2428.294211] Code: Bad RIP value. [ 2428.298604] virtio_scsi_cmd 16KB 16KB [ 2428.303963] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2428.303979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2428.303989] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2428.304003] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2428.308022] sgpool-128 8KB 8KB [ 2428.313377] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2428.313387] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2428.328883] Mem-Info: [ 2428.336828] sgpool-64 4KB 6KB [ 2428.341544] active_anon:114230 inactive_anon:216 isolated_anon:0 [ 2428.341544] active_file:14 inactive_file:15 isolated_file:0 [ 2428.341544] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2428.341544] slab_reclaimable:10194 slab_unreclaimable:117929 [ 2428.341544] mapped:49168 shmem:392 pagetables:1643 bounce:0 [ 2428.341544] free:16073 free_pcp:216 free_cma:0 [ 2428.345698] sgpool-32 2KB 7KB [ 2428.345710] sgpool-16 1KB 3KB [ 2428.345722] sgpool-8 0KB 3KB [ 2428.345739] mqueue_inode_cache 11KB 21KB [ 2428.351952] Node 0 active_anon:456920kB inactive_anon:864kB active_file:56kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 104448kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2428.361182] bio_post_read_ctx 14KB 15KB [ 2428.370440] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2428.380582] bio-2 14KB 15KB [ 2428.390210] lowmem_reserve[]: 0 2818 6321 6321 [ 2428.391545] jfs_mp 7KB 7KB [ 2428.396931] Node 0 DMA32 free:28832kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2428.396973] lowmem_reserve[]: 0 0 3503 3503 [ 2428.396994] Node 0 Normal free:19552kB min:37364kB low:46704kB high:56044kB active_anon:456884kB inactive_anon:864kB active_file:56kB inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8224kB pagetables:6572kB bounce:0kB free_pcp:616kB local_pcp:468kB free_cma:0kB [ 2428.397035] lowmem_reserve[]: 0 0 0 0 [ 2428.403739] nfs_commit_data 3KB 7KB [ 2428.412903] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2428.421031] nfs_write_data 32KB 32KB [ 2428.422436] Node 0 DMA32: 4*4kB (M) 7*8kB (UME) 8*16kB (UME) 7*32kB (ME) 6*64kB (ME) 7*128kB (UME) 2*256kB (M) 4*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28840kB [ 2428.427398] ext4_system_zone 0KB 3KB [ 2428.432360] Node 0 Normal: 672*4kB (UME) 998*8kB (UME) 508*16kB (UME) 3*32kB (U) 0*64kB 4*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19664kB [ 2428.439442] kioctx 47KB 66KB [ 2428.449169] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2428.452767] aio_kiocb 22KB 40KB [ 2428.452791] bio-1 1KB 3KB [ 2428.452802] fasync_cache 0KB 4KB [ 2428.452813] pid_namespace 2KB 11KB [ 2428.452832] rpc_buffers 17KB 19KB [ 2428.468829] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2428.473645] rpc_tasks 2KB 3KB [ 2428.473657] UNIX 9KB 14KB [ 2428.473673] tcp_bind_bucket 1KB 8KB [ 2428.473685] inet_peer_cache 14KB 20KB [ 2428.473700] ip_fib_trie 13KB 23KB [ 2428.477817] 421 total pagecache pages [ 2428.480276] ip_fib_alias 60KB 94KB [ 2428.491714] 0 pages in swap cache [ 2428.493416] ip_dst_cache 6KB 48KB [ 2428.493429] RAW 46KB 57KB [ 2428.493441] UDP 17KB 26KB [ 2428.493455] TCP 8KB 16KB [ 2428.493469] hugetlbfs_inode_cache 2KB 7KB [ 2428.493486] fscache_cookie_jar 1KB 7KB [ 2428.503890] Swap cache stats: add 0, delete 0, find 0/0 [ 2428.508057] eventpoll_pwq 23KB 47KB [ 2428.525376] Free swap = 0kB [ 2428.527983] eventpoll_epi 36KB 82KB [ 2428.541489] Total swap = 0kB [ 2428.543060] inotify_inode_mark 37KB 78KB [ 2428.543075] request_queue 160KB 160KB [ 2428.543120] blkdev_ioc 10KB 23KB [ 2428.589710] 1965979 pages RAM [ 2428.592357] bio-0 413KB 450KB [ 2428.592370] biovec-max 1707KB 1707KB [ 2428.592383] biovec-64 475KB 527KB [ 2428.592395] biovec-16 52KB 67KB [ 2428.592406] bio_integrity_payload 1KB 3KB [ 2428.592421] khugepaged_mm_slot 13KB 31KB [ 2428.597917] 0 pages HighMem/MovableOnly [ 2428.625486] user_namespace 5KB 11KB [ 2428.625501] dmaengine-unmap-256 2KB 6KB [ 2428.625515] dmaengine-unmap-128 1KB 3KB [ 2428.637829] 342853 pages reserved [ 2428.657064] dmaengine-unmap-16 0KB 4KB [ 2428.657076] dmaengine-unmap-2 0KB 3KB [ 2428.657090] skbuff_fclone_cache 103KB 232KB [ 2428.657101] skbuff_head_cache 653KB 1815KB [ 2428.657113] configfs_dir_cache 0KB 4KB [ 2428.657127] file_lock_cache 0KB 7KB [ 2428.668936] 0 pages cma reserved [ 2428.677898] file_lock_ctx 0KB 3KB [ 2429.059186] fsnotify_mark_connector 21KB 47KB [ 2429.065123] net_namespace 69KB 69KB [ 2429.070493] shmem_inode_cache 5222KB 5554KB [ 2429.075900] task_delay_info 76KB 246KB [ 2429.081274] taskstats 88KB 187KB [ 2429.086695] proc_dir_entry 729KB 821KB [ 2429.092107] pde_opener 0KB 7KB [ 2429.097479] seq_file 128KB 291KB [ 2429.102888] sigqueue 29KB 153KB [ 2429.108266] kernfs_node_cache 12855KB 12970KB [ 2429.113687] mnt_cache 183KB 188KB [ 2429.119063] filp 2011KB 4260KB [ 2429.128365] names_cache 51123KB 51123KB [ 2429.140346] iint_cache 22KB 63KB [ 2429.157563] key_jar 9KB 37KB [ 2429.164209] uts_namespace 3KB 7KB [ 2429.169581] nsproxy 2KB 27KB [ 2429.175164] vm_area_struct 3495KB 6094KB [ 2429.180529] mm_struct 492KB 942KB [ 2429.199887] fs_cache 51KB 180KB [ 2429.205348] files_cache 169KB 303KB [ 2429.211209] signal_cache 510KB 1027KB [ 2429.229977] sighand_cache 504KB 548KB [ 2429.237068] task_struct 2221KB 2246KB [ 2429.248904] cred_jar 313KB 1212KB [ 2429.261172] anon_vma_chain 2092KB 5000KB [ 2429.280793] anon_vma 160KB 350KB [ 2429.286230] pid 48KB 180KB [ 2429.291624] Acpi-Operand 106KB 166KB [ 2429.309934] Acpi-Namespace 19KB 23KB [ 2429.315991] numa_policy 0KB 3KB [ 2429.321391] debug_objects_cache 1248KB 1506KB [ 2429.339846] trace_event_file 260KB 262KB [ 2429.345315] ftrace_event_field 376KB 378KB [ 2429.350773] pool_workqueue 103KB 124KB [ 2429.363683] task_group 5KB 7KB [ 2429.369060] page->ptl 986KB 3103KB [ 2429.375130] kmalloc-2M 2050KB 2050KB [ 2429.380511] kmalloc-512k 2056KB 2056KB [ 2429.386031] kmalloc-256k 1290KB 1290KB [ 2429.391400] kmalloc-128k 2600KB 2730KB [ 2429.403236] kmalloc-64k 7392KB 7986KB [ 2429.408619] kmalloc-32k 1419KB 1419KB [ 2429.414891] kmalloc-16k 742KB 742KB [ 2429.420271] kmalloc-8k 96318KB 96393KB [ 2429.425690] kmalloc-4k 13502KB 13502KB [ 2429.431070] kmalloc-2k 16311KB 16613KB [ 2429.442776] kmalloc-1k 4149KB 6843KB [ 2429.448158] kmalloc-512 2673KB 5242KB [ 2429.455149] kmalloc-256 2916KB 3858KB [ 2429.460519] kmalloc-128 801KB 1193KB [ 2429.465932] kmalloc-96 1744KB 3804KB [ 2429.471299] kmalloc-64 1701KB 2184KB [ 2429.483189] kmalloc-32 1488KB 2019KB [ 2429.488576] kmalloc-192 817KB 1100KB [ 2429.495965] kmem_cache 290KB 292KB [ 2429.501348] Out of memory: Kill process 25636 (syz-executor2) score 1005 or sacrifice child [ 2429.509958] Killed process 25636 (syz-executor2) total-vm:70472kB, anon-rss:2208kB, file-rss:32768kB, shmem-rss:0kB [ 2429.547953] syz-fuzzer invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2429.569887] syz-fuzzer cpuset=/ mems_allowed=0 [ 2429.574566] CPU: 1 PID: 6040 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #379 [ 2429.581582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2429.590945] Call Trace: [ 2429.593545] dump_stack+0x244/0x39d [ 2429.597183] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2429.602385] ? mark_held_locks+0x130/0x130 [ 2429.606633] ? mark_held_locks+0x130/0x130 [ 2429.610879] dump_header+0x27b/0xf72 [ 2429.614645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2429.620192] ? check_preemption_disabled+0x48/0x280 [ 2429.625219] ? pagefault_out_of_memory+0x197/0x197 [ 2429.630156] ? debug_smp_processor_id+0x1c/0x20 [ 2429.634836] ? perf_trace_lock+0x14d/0x7a0 [ 2429.639080] ? mark_held_locks+0x130/0x130 [ 2429.643323] ? lock_is_held_type+0x210/0x210 [ 2429.647749] ? debug_smp_processor_id+0x1c/0x20 [ 2429.652421] ? perf_trace_lock+0x14d/0x7a0 [ 2429.656663] ? zap_class+0x640/0x640 [ 2429.660386] ? print_usage_bug+0xc0/0xc0 [ 2429.664455] ? lock_is_held_type+0x210/0x210 [ 2429.668869] ? perf_trace_lock+0x14d/0x7a0 [ 2429.673125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2429.678678] ? find_held_lock+0x36/0x1c0 [ 2429.682755] ? mark_held_locks+0xc7/0x130 [ 2429.686916] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2429.692027] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2429.697146] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2429.701739] ? trace_hardirqs_on+0xbd/0x310 [ 2429.706072] ? kasan_check_read+0x11/0x20 [ 2429.710242] ? ___ratelimit+0x3b4/0x672 [ 2429.714224] ? trace_hardirqs_off_caller+0x310/0x310 [ 2429.719338] ? trace_hardirqs_on+0x310/0x310 [ 2429.723753] ? lock_downgrade+0x900/0x900 [ 2429.727917] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2429.733028] ? ___ratelimit+0x3b9/0x672 [ 2429.737008] ? idr_get_free+0xf70/0xf70 [ 2429.740992] ? lock_is_held_type+0x210/0x210 [ 2429.745415] oom_kill_process.cold.27+0x10/0x903 [ 2429.750181] ? zap_class+0x640/0x640 [ 2429.753902] ? _raw_spin_unlock+0x2c/0x50 [ 2429.758057] ? oom_badness+0xe6/0xaa0 [ 2429.761869] ? oom_evaluate_task+0x540/0x540 [ 2429.766294] ? find_held_lock+0x36/0x1c0 [ 2429.770373] ? out_of_memory+0x974/0x1430 [ 2429.774531] ? lock_downgrade+0x900/0x900 [ 2429.778691] ? check_preemption_disabled+0x48/0x280 [ 2429.783718] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2429.788660] ? kasan_check_read+0x11/0x20 [ 2429.792818] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2429.798102] ? rcu_softirq_qs+0x20/0x20 [ 2429.802095] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2429.807121] ? oom_evaluate_task+0x302/0x540 [ 2429.811546] out_of_memory+0xa84/0x1430 [ 2429.815537] ? oom_killer_disable+0x3a0/0x3a0 [ 2429.820038] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2429.824982] ? __ww_mutex_check_waiters+0x160/0x160 [ 2429.830018] __alloc_pages_slowpath+0x232c/0x2de0 [ 2429.834902] ? warn_alloc+0x120/0x120 [ 2429.838712] ? mark_held_locks+0x130/0x130 [ 2429.842959] ? find_get_entry+0xaae/0x1120 [ 2429.847212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2429.852757] ? check_preemption_disabled+0x48/0x280 [ 2429.857777] ? filemap_map_pages+0x1a20/0x1a20 [ 2429.862370] ? debug_smp_processor_id+0x1c/0x20 [ 2429.867046] ? perf_trace_lock+0x14d/0x7a0 [ 2429.871299] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2429.876847] ? should_fail+0x22d/0xd01 [ 2429.880745] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2429.885855] ? zap_class+0x640/0x640 [ 2429.889603] ? __lock_is_held+0xb5/0x140 [ 2429.893699] ? mark_held_locks+0x130/0x130 [ 2429.897945] ? lock_release+0xa00/0xa00 [ 2429.901943] ? perf_trace_sched_process_exec+0x860/0x860 [ 2429.907399] ? xa_load+0x2ba/0x460 [ 2429.910957] ? __might_sleep+0x95/0x190 [ 2429.914959] __alloc_pages_nodemask+0xad8/0xea0 [ 2429.919707] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2429.924731] ? __page_cache_alloc+0x191/0x5c0 [ 2429.929231] ? xa_load+0x2e1/0x460 [ 2429.932781] ? xa_clear_mark+0x40/0x40 [ 2429.936677] ? up_read_non_owner+0x100/0x100 [ 2429.941092] ? zap_class+0x640/0x640 [ 2429.944825] ? zap_class+0x640/0x640 [ 2429.948545] ? zap_class+0x640/0x640 [ 2429.952272] ? __do_page_cache_readahead+0x663/0x810 [ 2429.957393] ? find_held_lock+0x36/0x1c0 [ 2429.961489] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2429.967037] alloc_pages_current+0x173/0x350 [ 2429.971498] __page_cache_alloc+0x38c/0x5c0 [ 2429.975862] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2429.980797] ? kasan_check_read+0x11/0x20 [ 2429.984977] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2429.990264] ? generic_perform_write+0x6a0/0x6a0 [ 2429.995032] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2430.000578] ? check_preemption_disabled+0x48/0x280 [ 2430.005626] filemap_fault+0x1595/0x25f0 [ 2430.009709] ? __lock_page_or_retry+0xa00/0xa00 [ 2430.014385] ? mark_held_locks+0x130/0x130 [ 2430.018647] ? filemap_map_pages+0xd6b/0x1a20 [ 2430.023159] ? lock_downgrade+0x900/0x900 [ 2430.027318] ? check_preemption_disabled+0x48/0x280 [ 2430.032347] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2430.037283] ? kasan_check_read+0x11/0x20 [ 2430.041431] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2430.046715] ? rcu_softirq_qs+0x20/0x20 [ 2430.050704] ? filemap_map_pages+0xd92/0x1a20 [ 2430.055215] ? find_get_entries_tag+0x1400/0x1400 [ 2430.060093] ? lock_acquire+0x1ed/0x520 [ 2430.064073] ? ext4_filemap_fault+0x7a/0xad [ 2430.068407] ? lock_release+0xa00/0xa00 [ 2430.072384] ? perf_trace_sched_process_exec+0x860/0x860 [ 2430.077840] ? print_usage_bug+0xc0/0xc0 [ 2430.081925] ? print_usage_bug+0xc0/0xc0 [ 2430.086002] ? down_read+0x8d/0x120 [ 2430.089665] ? ext4_filemap_fault+0x7a/0xad [ 2430.094011] ? __down_interruptible+0x700/0x700 [ 2430.098724] ext4_filemap_fault+0x82/0xad [ 2430.102884] __do_fault+0x100/0x6b0 [ 2430.106532] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2430.111644] ? mark_held_locks+0x130/0x130 [ 2430.115891] ? mark_held_locks+0x130/0x130 [ 2430.120142] ? do_raw_spin_trylock+0x270/0x270 [ 2430.124732] ? debug_smp_processor_id+0x1c/0x20 [ 2430.129409] ? perf_trace_lock+0x14d/0x7a0 [ 2430.133683] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2430.139254] __handle_mm_fault+0x3ea6/0x5be0 [ 2430.143688] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2430.148534] ? lock_is_held_type+0x210/0x210 [ 2430.152968] ? zap_class+0x640/0x640 [ 2430.156690] ? zap_class+0x640/0x640 [ 2430.160406] ? __x64_sys_futex+0x53e/0x6a0 [ 2430.164650] ? find_held_lock+0x36/0x1c0 [ 2430.168727] ? handle_mm_fault+0x42a/0xc70 [ 2430.172976] ? lock_downgrade+0x900/0x900 [ 2430.177130] ? check_preemption_disabled+0x48/0x280 [ 2430.182170] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2430.187101] ? kasan_check_read+0x11/0x20 [ 2430.191254] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2430.196531] ? rcu_softirq_qs+0x20/0x20 [ 2430.200507] ? trace_hardirqs_off_caller+0x310/0x310 [ 2430.205625] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2430.211976] ? check_preemption_disabled+0x48/0x280 [ 2430.217034] handle_mm_fault+0x54f/0xc70 [ 2430.221105] ? __handle_mm_fault+0x5be0/0x5be0 [ 2430.225733] ? find_vma+0x34/0x190 [ 2430.229310] __do_page_fault+0x5e8/0xe60 [ 2430.233373] ? trace_hardirqs_off+0xb8/0x310 [ 2430.237808] do_page_fault+0xf2/0x7e0 [ 2430.241622] ? vmalloc_sync_all+0x30/0x30 [ 2430.245777] ? error_entry+0x70/0xd0 [ 2430.249498] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2430.254514] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2430.259444] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2430.264375] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2430.269220] ? trace_hardirqs_on_caller+0x310/0x310 [ 2430.274252] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2430.279707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2430.285247] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2430.290265] ? page_fault+0x8/0x30 [ 2430.293814] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2430.298660] ? page_fault+0x8/0x30 [ 2430.302203] page_fault+0x1e/0x30 [ 2430.305672] RIP: 0033:0x40f9c0 [ 2430.308876] Code: Bad RIP value. [ 2430.312241] RSP: 002b:000000c42001eef8 EFLAGS: 00010216 [ 2430.317602] RAX: ffffffffffffff92 RBX: 0000000010643759 RCX: 000000000045ddf3 [ 2430.324885] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001585d20 [ 2430.332157] RBP: 000000c42001ef20 R08: 0000000000000000 R09: 0000000000000000 [ 2430.339422] R10: 000000c42001eed8 R11: 0000000000000206 R12: 0000000000000001 [ 2430.346688] R13: 0000000000000020 R14: 0000000000000013 R15: 000000c43218d058 [ 2430.370265] Mem-Info: [ 2430.379545] active_anon:113690 inactive_anon:216 isolated_anon:0 [ 2430.379545] active_file:14 inactive_file:15 isolated_file:0 [ 2430.379545] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2430.379545] slab_reclaimable:10191 slab_unreclaimable:117841 [ 2430.379545] mapped:49168 shmem:392 pagetables:1642 bounce:0 [ 2430.379545] free:20893 free_pcp:671 free_cma:0 [ 2430.414270] Node 0 active_anon:454760kB inactive_anon:864kB active_file:56kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 102400kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2430.442471] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2430.469583] lowmem_reserve[]: 0 2818 6321 6321 [ 2430.475214] Node 0 DMA32 free:162632kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:400kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1776kB local_pcp:336kB free_cma:0kB [ 2430.505381] lowmem_reserve[]: 0 0 3503 3503 [ 2430.509727] Node 0 Normal free:22024kB min:37364kB low:46704kB high:56044kB active_anon:454724kB inactive_anon:864kB active_file:84kB inactive_file:32kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8192kB pagetables:6568kB bounce:0kB free_pcp:900kB local_pcp:580kB free_cma:0kB [ 2430.539590] lowmem_reserve[]: 0 0 0 0 [ 2430.543474] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2430.557172] Node 0 DMA32: 2*4kB (U) 7*8kB (UE) 13*16kB (UME) 9*32kB (UE) 10*64kB (UE) 10*128kB (UME) 8*256kB (UM) 7*512kB (UME) 9*1024kB (UME) 9*2048kB (UME) 57*4096kB (UM) = 269232kB [ 2430.574788] Node 0 Normal: 672*4kB (UME) 1001*8kB (UME) 510*16kB (UME) 4*32kB (U) 0*64kB 6*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 22056kB [ 2430.590458] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2430.600894] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2430.610243] 773 total pagecache pages [ 2430.619798] 0 pages in swap cache [ 2430.631916] Swap cache stats: add 0, delete 0, find 0/0 [ 2430.637297] Free swap = 0kB [ 2430.640315] Total swap = 0kB [ 2430.643397] 1965979 pages RAM [ 2430.646512] 0 pages HighMem/MovableOnly [ 2430.650505] 342853 pages reserved [ 2430.654016] 0 pages cma reserved [ 2430.657392] Unreclaimable slab info: [ 2430.661104] Name Used Total [ 2430.666753] pid_2 71KB 192KB [ 2430.672213] TIPC 11KB 21KB [ 2430.677590] rds_connection 0KB 3KB [ 2430.683045] SCTPv6 16KB 24KB [ 2430.688427] sctp_bind_bucket 0KB 3KB [ 2430.693865] DCCPv6 19KB 29KB [ 2430.699239] DCCP 18KB 20KB [ 2430.704713] bridge_fdb_cache 10KB 27KB [ 2430.710093] fib6_nodes 90KB 132KB [ 2430.715528] ip6_dst_cache 98KB 262KB [ 2430.720905] ip6_mrt_cache 0KB 4KB [ 2430.726334] RAWv6 78KB 91KB [ 2430.731716] UDPv6 3KB 3KB [ 2430.737178] TCPv6 26KB 29KB [ 2430.742700] nf_conntrack 1KB 11KB [ 2430.748161] ashmem_area_cache 27KB 47KB [ 2430.753623] sd_ext_cdb 0KB 3KB [ 2430.759002] scsi_sense_cache 1056KB 1060KB [ 2430.764437] virtio_scsi_cmd 16KB 16KB [ 2430.769812] sgpool-128 8KB 8KB [ 2430.775243] sgpool-64 4KB 6KB [ 2430.780638] sgpool-32 2KB 7KB [ 2430.786073] sgpool-16 1KB 3KB [ 2430.791442] sgpool-8 0KB 3KB [ 2430.796884] mqueue_inode_cache 11KB 21KB [ 2430.802385] bio_post_read_ctx 14KB 15KB [ 2430.807794] bio-2 14KB 15KB [ 2430.813227] jfs_mp 7KB 7KB [ 2430.818630] nfs_commit_data 3KB 7KB [ 2430.824082] nfs_write_data 32KB 32KB [ 2430.829493] ext4_system_zone 0KB 3KB [ 2430.834941] kioctx 42KB 66KB [ 2430.840316] aio_kiocb 18KB 40KB [ 2430.845763] bio-1 1KB 3KB [ 2430.851135] fasync_cache 0KB 4KB [ 2430.856580] pid_namespace 2KB 11KB [ 2430.862017] rpc_buffers 17KB 19KB [ 2430.867383] rpc_tasks 2KB 3KB [ 2430.872814] UNIX 9KB 14KB [ 2430.878197] tcp_bind_bucket 1KB 8KB [ 2430.883647] inet_peer_cache 14KB 20KB [ 2430.889026] ip_fib_trie 13KB 23KB [ 2430.894462] ip_fib_alias 60KB 94KB [ 2430.899839] ip_dst_cache 6KB 48KB [ 2430.905280] RAW 46KB 57KB [ 2430.910654] UDP 17KB 26KB [ 2430.916094] TCP 8KB 16KB [ 2430.921469] hugetlbfs_inode_cache 2KB 7KB [ 2430.927250] fscache_cookie_jar 1KB 7KB [ 2430.932749] eventpoll_pwq 18KB 47KB [ 2430.938115] eventpoll_epi 31KB 82KB [ 2430.943557] inotify_inode_mark 31KB 78KB [ 2430.949021] request_queue 160KB 160KB [ 2430.954455] blkdev_ioc 10KB 23KB [ 2430.959833] bio-0 410KB 450KB [ 2430.965265] biovec-max 1707KB 1707KB [ 2430.970667] biovec-64 470KB 519KB [ 2430.976103] biovec-16 49KB 67KB [ 2430.981473] bio_integrity_payload 1KB 3KB [ 2430.987260] khugepaged_mm_slot 12KB 31KB [ 2430.992779] user_namespace 5KB 11KB [ 2430.998153] dmaengine-unmap-256 2KB 6KB [ 2431.003775] dmaengine-unmap-128 1KB 3KB [ 2431.009326] dmaengine-unmap-16 0KB 4KB [ 2431.014847] dmaengine-unmap-2 0KB 3KB [ 2431.020235] skbuff_fclone_cache 102KB 228KB [ 2431.025843] skbuff_head_cache 649KB 1815KB [ 2431.031224] configfs_dir_cache 0KB 4KB [ 2431.036746] file_lock_cache 0KB 7KB [ 2431.042170] file_lock_ctx 0KB 3KB [ 2431.047553] fsnotify_mark_connector 18KB 47KB [ 2431.053508] net_namespace 69KB 69KB [ 2431.058891] shmem_inode_cache 5213KB 5554KB [ 2431.072125] task_delay_info 72KB 246KB [ 2431.077524] taskstats 79KB 187KB [ 2431.092847] proc_dir_entry 728KB 821KB [ 2431.098237] pde_opener 0KB 7KB [ 2431.103737] seq_file 127KB 291KB [ 2431.110399] sigqueue 23KB 153KB [ 2431.116689] kernfs_node_cache 12849KB 12970KB [ 2431.122159] mnt_cache 183KB 188KB [ 2431.127666] filp 2008KB 4256KB [ 2431.133249] names_cache 51140KB 51140KB [ 2431.138638] iint_cache 21KB 63KB [ 2431.144252] key_jar 9KB 37KB [ 2431.149653] uts_namespace 3KB 7KB [ 2431.156226] nsproxy 2KB 27KB [ 2431.161617] vm_area_struct 3495KB 6094KB [ 2431.167071] mm_struct 490KB 942KB [ 2431.172686] fs_cache 44KB 180KB [ 2431.178194] files_cache 164KB 303KB [ 2431.183774] signal_cache 501KB 1027KB [ 2431.190097] sighand_cache 481KB 548KB [ 2431.196703] task_struct 2221KB 2246KB [ 2431.202316] cred_jar 306KB 1200KB [ 2431.207792] anon_vma_chain 2089KB 5000KB [ 2431.215815] anon_vma 149KB 350KB [ 2431.223809] pid 45KB 180KB [ 2431.229188] Acpi-Operand 106KB 166KB [ 2431.234772] Acpi-Namespace 19KB 23KB [ 2431.240257] numa_policy 0KB 3KB [ 2431.245773] debug_objects_cache 1247KB 1506KB [ 2431.251325] trace_event_file 260KB 262KB [ 2431.256951] ftrace_event_field 376KB 378KB [ 2431.262690] pool_workqueue 103KB 124KB [ 2431.269045] task_group 5KB 7KB [ 2431.275789] page->ptl 985KB 3103KB [ 2431.281747] kmalloc-2M 2050KB 2050KB [ 2431.287908] kmalloc-512k 2056KB 2056KB [ 2431.293457] kmalloc-256k 1290KB 1290KB [ 2431.298936] kmalloc-128k 2600KB 2730KB [ 2431.306554] kmalloc-64k 7194KB 7788KB [ 2431.312067] kmalloc-32k 1419KB 1419KB [ 2431.317533] kmalloc-16k 742KB 742KB [ 2431.323082] kmalloc-8k 96285KB 96360KB [ 2431.328813] kmalloc-4k 13502KB 13502KB [ 2431.334588] kmalloc-2k 16290KB 16587KB [ 2431.339997] kmalloc-1k 4262KB 6843KB [ 2431.347189] kmalloc-512 2665KB 5235KB [ 2431.352708] kmalloc-256 2911KB 3858KB [ 2431.358084] kmalloc-128 792KB 1193KB [ 2431.363533] kmalloc-96 1743KB 3804KB [ 2431.369899] kmalloc-64 1695KB 2184KB [ 2431.376373] kmalloc-32 1485KB 2019KB [ 2431.390882] kmalloc-192 813KB 1100KB [ 2431.396746] kmem_cache 289KB 292KB [ 2431.402342] Out of memory: Kill process 25655 (syz-executor2) score 1005 or sacrifice child [ 2431.411532] Killed process 25655 (syz-executor2) total-vm:70472kB, anon-rss:2208kB, file-rss:32768kB, shmem-rss:0kB 06:19:09 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfefdffff}]) 06:19:09 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff00000002]}}}) 06:19:09 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\x11\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:19:09 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x68]}}}) 06:19:09 executing program 0: openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/94, 0x5e}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp6\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000052, 0x0) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, 0x0) 06:19:09 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:09 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff00000004]}}}) [ 2434.028317] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2434.040275] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2434.045535] CPU: 0 PID: 26507 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2434.052900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2434.062240] Call Trace: [ 2434.064821] dump_stack+0x244/0x39d [ 2434.068440] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2434.073652] ? __video_do_ioctl+0x8b1/0x1050 [ 2434.078068] ? video_usercopy+0x5c1/0x1760 [ 2434.082306] ? video_ioctl2+0x2c/0x33 [ 2434.086106] ? do_vfs_ioctl+0x1de/0x1790 [ 2434.090172] warn_alloc.cold.116+0xb7/0x1bd [ 2434.094492] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2434.099350] ? zap_class+0x640/0x640 [ 2434.103071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2434.108607] ? check_preemption_disabled+0x48/0x280 [ 2434.113662] __vmalloc_node_range+0x472/0x750 [ 2434.118154] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2434.123171] ? vb2_vmalloc_alloc+0x123/0x380 [ 2434.127583] vmalloc_user+0x75/0x170 [ 2434.131298] ? vb2_vmalloc_alloc+0x123/0x380 [ 2434.135724] vb2_vmalloc_alloc+0x123/0x380 [ 2434.139962] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2434.145060] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2434.149377] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2434.154471] __vb2_queue_alloc+0x5e1/0xfa0 [ 2434.158709] ? vimc_cap_get_format+0x120/0x120 [ 2434.163280] vb2_core_create_bufs+0x401/0x8c0 [ 2434.167770] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2434.172189] ? debug_smp_processor_id+0x1c/0x20 [ 2434.176860] ? perf_trace_lock+0x14d/0x7a0 [ 2434.181084] ? __save_stack_trace+0x8d/0xf0 [ 2434.185436] vb2_create_bufs+0x4b6/0x8f0 [ 2434.189488] ? v4l2_ioctl+0x154/0x1b0 [ 2434.193296] ? vb2_request_queue+0x120/0x120 [ 2434.197732] ? find_held_lock+0x36/0x1c0 [ 2434.201797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2434.207348] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2434.211940] v4l_create_bufs+0x152/0x230 [ 2434.215999] __video_do_ioctl+0x8b1/0x1050 [ 2434.220232] ? v4l_s_fmt+0x990/0x990 [ 2434.223942] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2434.229485] video_usercopy+0x5c1/0x1760 [ 2434.233549] ? v4l_s_fmt+0x990/0x990 [ 2434.237270] ? v4l_enumstd+0x70/0x70 [ 2434.240990] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2434.246523] ? find_held_lock+0x36/0x1c0 [ 2434.250595] ? __fget+0x4aa/0x740 [ 2434.254044] ? lock_downgrade+0x900/0x900 [ 2434.258185] ? check_preemption_disabled+0x48/0x280 [ 2434.263193] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2434.268111] ? kasan_check_read+0x11/0x20 [ 2434.272256] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2434.277543] ? rcu_softirq_qs+0x20/0x20 [ 2434.281545] ? __fget+0x4d1/0x740 [ 2434.284990] ? ksys_dup3+0x680/0x680 [ 2434.288696] ? __might_fault+0x12b/0x1e0 [ 2434.292753] ? video_usercopy+0x1760/0x1760 [ 2434.297076] video_ioctl2+0x2c/0x33 [ 2434.300709] v4l2_ioctl+0x154/0x1b0 [ 2434.304324] ? video_devdata+0xa0/0xa0 [ 2434.308212] do_vfs_ioctl+0x1de/0x1790 [ 2434.312120] ? ioctl_preallocate+0x300/0x300 [ 2434.316529] ? __fget_light+0x2e9/0x430 [ 2434.320502] ? fget_raw+0x20/0x20 [ 2434.323946] ? _copy_to_user+0xc8/0x110 [ 2434.327915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2434.333445] ? put_timespec64+0x10f/0x1b0 [ 2434.337585] ? nsecs_to_jiffies+0x30/0x30 [ 2434.341724] ? do_syscall_64+0x9a/0x820 [ 2434.345685] ? do_syscall_64+0x9a/0x820 [ 2434.349653] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2434.354243] ? security_file_ioctl+0x94/0xc0 [ 2434.358673] ksys_ioctl+0xa9/0xd0 [ 2434.362142] __x64_sys_ioctl+0x73/0xb0 [ 2434.366029] do_syscall_64+0x1b9/0x820 [ 2434.369919] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2434.375271] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2434.380186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2434.385032] ? trace_hardirqs_on_caller+0x310/0x310 [ 2434.390090] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2434.395095] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2434.400107] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2434.404945] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2434.410133] RIP: 0033:0x457669 [ 2434.413329] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2434.432216] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2434.439910] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2434.447179] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2434.454442] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2434.461714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2434.468988] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2434.484843] Mem-Info: [ 2434.487347] active_anon:114180 inactive_anon:216 isolated_anon:0 [ 2434.487347] active_file:588 inactive_file:3054 isolated_file:0 [ 2434.487347] unevictable:0 dirty:61 writeback:0 unstable:0 [ 2434.487347] slab_reclaimable:10169 slab_unreclaimable:117147 [ 2434.487347] mapped:51468 shmem:392 pagetables:1642 bounce:0 [ 2434.487347] free:1280867 free_pcp:1005 free_cma:0 [ 2434.523114] Node 0 active_anon:458928kB inactive_anon:864kB active_file:2352kB inactive_file:12316kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:206072kB dirty:244kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 98304kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2434.551547] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:09 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfdfe}]) 06:19:09 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2434.632040] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 06:19:09 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe0\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2434.688310] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2434.724370] lowmem_reserve[]: 0 2818 6321 6321 [ 2434.746512] Node 0 DMA32 free:2877936kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:872kB inactive_file:908kB unevictable:0kB writepending:208kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2740kB local_pcp:1408kB free_cma:0kB [ 2434.782670] lowmem_reserve[]: 0 0 3503 3503 06:19:09 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x500}]) [ 2434.793287] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2434.793556] Node 0 Normal free:2211180kB min:37364kB low:46704kB high:56044kB active_anon:463236kB inactive_anon:864kB active_file:2176kB inactive_file:10844kB unevictable:0kB writepending:148kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8448kB pagetables:6768kB bounce:0kB free_pcp:1460kB local_pcp:672kB free_cma:0kB [ 2434.856018] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:10 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x7ffffffff000}]) [ 2434.984819] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2435.025593] lowmem_reserve[]: 0 0 0 0 [ 2435.045242] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 06:19:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2435.092548] Node 0 DMA32: 32*4kB (UM) 60*8kB (UME) 67*16kB (UME) 63*32kB (UME) 68*64kB (UME) 67*128kB (UE) 61*256kB (U) 54*512kB (UME) 48*1024kB (UME) 46*2048kB (UME) 653*4096kB (UM) = 2877936kB [ 2435.143220] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2435.256636] Node 0 Normal: 13227*4kB (UE) 6248*8kB (UME) 2186*16kB (UME) 2224*32kB (UME) 1465*64kB (UME) 779*128kB (UM) 371*256kB (UM) 163*512kB (U) 86*1024kB (U) 78*2048kB (U) 338*4096kB (UM) = 2213196kB [ 2435.325267] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2435.335155] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2435.344740] 4092 total pagecache pages [ 2435.348797] 0 pages in swap cache [ 2435.352770] Swap cache stats: add 0, delete 0, find 0/0 [ 2435.358302] Free swap = 0kB [ 2435.361453] Total swap = 0kB [ 2435.364642] 1965979 pages RAM [ 2435.367844] 0 pages HighMem/MovableOnly [ 2435.371976] 342853 pages reserved [ 2435.375523] 0 pages cma reserved 06:19:10 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\x05\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:19:10 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x400000000000000}]) 06:19:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:10 executing program 0: openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/94, 0x5e}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp6\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000052, 0x0) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, 0x0) 06:19:10 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x400000000000]}}}) 06:19:10 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0a000000]}}}) [ 2435.469517] syz-executor4: vmalloc: allocation failure: 0 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2435.488736] syz-executor4 cpuset=syz4 mems_allowed=0 [ 2435.494300] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2435.517900] CPU: 1 PID: 26555 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #379 [ 2435.525285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2435.534651] Call Trace: [ 2435.537277] dump_stack+0x244/0x39d [ 2435.540946] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2435.546167] ? __video_do_ioctl+0x8b1/0x1050 [ 2435.550594] ? video_usercopy+0x5c1/0x1760 [ 2435.554899] ? video_ioctl2+0x2c/0x33 [ 2435.558718] ? do_vfs_ioctl+0x1de/0x1790 [ 2435.562803] warn_alloc.cold.116+0xb7/0x1bd [ 2435.567146] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2435.572017] ? zap_class+0x640/0x640 [ 2435.575754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2435.581311] ? check_preemption_disabled+0x48/0x280 [ 2435.581354] __vmalloc_node_range+0x472/0x750 [ 2435.581384] ? rcu_read_lock_sched_held+0x14f/0x180 [ 2435.590891] ? vb2_vmalloc_alloc+0x123/0x380 [ 2435.590912] vmalloc_user+0x75/0x170 [ 2435.590929] ? vb2_vmalloc_alloc+0x123/0x380 [ 2435.590947] vb2_vmalloc_alloc+0x123/0x380 [ 2435.590967] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2435.617813] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2435.622157] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2435.627280] __vb2_queue_alloc+0x5e1/0xfa0 [ 2435.631556] ? vimc_cap_get_format+0x120/0x120 [ 2435.636156] vb2_core_create_bufs+0x401/0x8c0 [ 2435.640674] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2435.645107] ? debug_smp_processor_id+0x1c/0x20 [ 2435.649798] ? perf_trace_lock+0x14d/0x7a0 [ 2435.654053] ? __save_stack_trace+0x8d/0xf0 [ 2435.658439] vb2_create_bufs+0x4b6/0x8f0 [ 2435.662519] ? v4l2_ioctl+0x154/0x1b0 [ 2435.666344] ? vb2_request_queue+0x120/0x120 [ 2435.670779] ? find_held_lock+0x36/0x1c0 [ 2435.674865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2435.680429] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2435.685038] v4l_create_bufs+0x152/0x230 [ 2435.689132] __video_do_ioctl+0x8b1/0x1050 [ 2435.693406] ? v4l_s_fmt+0x990/0x990 [ 2435.697149] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2435.702711] video_usercopy+0x5c1/0x1760 [ 2435.706790] ? v4l_s_fmt+0x990/0x990 [ 2435.710528] ? v4l_enumstd+0x70/0x70 [ 2435.714261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2435.719817] ? find_held_lock+0x36/0x1c0 [ 2435.723907] ? __fget+0x4aa/0x740 [ 2435.727374] ? lock_downgrade+0x900/0x900 [ 2435.731534] ? check_preemption_disabled+0x48/0x280 [ 2435.736570] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2435.741513] ? kasan_check_read+0x11/0x20 [ 2435.745676] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2435.750964] ? rcu_softirq_qs+0x20/0x20 [ 2435.754967] ? __fget+0x4d1/0x740 [ 2435.758441] ? ksys_dup3+0x680/0x680 [ 2435.762179] ? __might_fault+0x12b/0x1e0 [ 2435.766258] ? video_usercopy+0x1760/0x1760 [ 2435.770590] video_ioctl2+0x2c/0x33 [ 2435.774244] v4l2_ioctl+0x154/0x1b0 [ 2435.777884] ? video_devdata+0xa0/0xa0 [ 2435.781784] do_vfs_ioctl+0x1de/0x1790 [ 2435.785693] ? ioctl_preallocate+0x300/0x300 [ 2435.790116] ? __fget_light+0x2e9/0x430 [ 2435.794110] ? fget_raw+0x20/0x20 [ 2435.797582] ? _copy_to_user+0xc8/0x110 [ 2435.801583] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2435.807149] ? put_timespec64+0x10f/0x1b0 [ 2435.811316] ? nsecs_to_jiffies+0x30/0x30 [ 2435.815481] ? do_syscall_64+0x9a/0x820 [ 2435.819469] ? do_syscall_64+0x9a/0x820 [ 2435.823462] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2435.828062] ? security_file_ioctl+0x94/0xc0 [ 2435.832485] ksys_ioctl+0xa9/0xd0 [ 2435.835960] __x64_sys_ioctl+0x73/0xb0 [ 2435.839867] do_syscall_64+0x1b9/0x820 [ 2435.843768] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2435.849150] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2435.854123] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2435.859007] ? trace_hardirqs_on_caller+0x310/0x310 [ 2435.864037] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2435.869077] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2435.874113] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2435.878983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2435.884178] RIP: 0033:0x457669 [ 2435.887387] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2435.906298] RSP: 002b:00007f3d559e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2435.914020] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 06:19:11 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:11 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000280)={0x0, 0x0, 0x5, 0x0, [], [], [], 0x0, 0x8, 0x0, 0x0, "d780c00f286033084650d622d22e7277"}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, 0x0) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x20008000) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$int_in(r2, 0x800000c0045002, &(0x7f0000000200)=0x1000) readv(r2, &(0x7f00000014c0)=[{&(0x7f0000001500)=""/4096, 0x1002}], 0x1) readv(r2, &(0x7f0000000c00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7]}, 0x2c) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@remote, @in6=@loopback}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x400200007fd, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYRES16], 0x2) recvmsg(0xffffffffffffffff, 0x0, 0x0) [ 2435.921300] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2435.928581] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2435.935871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d559e56d4 [ 2435.943149] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2435.962516] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:11 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xfdfc}]) 06:19:11 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2436.019682] Mem-Info: [ 2436.032773] active_anon:114749 inactive_anon:216 isolated_anon:0 [ 2436.032773] active_file:864 inactive_file:2944 isolated_file:0 [ 2436.032773] unevictable:0 dirty:104 writeback:0 unstable:0 [ 2436.032773] slab_reclaimable:10167 slab_unreclaimable:120769 [ 2436.032773] mapped:51712 shmem:392 pagetables:1660 bounce:0 [ 2436.032773] free:1276460 free_pcp:1090 free_cma:0 [ 2436.109683] Node 0 active_anon:461184kB inactive_anon:864kB active_file:3456kB inactive_file:11776kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:206848kB dirty:416kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 110592kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2436.142747] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:11 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:11 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x700}]) [ 2436.177444] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2436.254953] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2436.302781] lowmem_reserve[]: 0 2818 6321 6321 [ 2436.314569] Node 0 DMA32 free:2877936kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:1036kB inactive_file:744kB unevictable:0kB writepending:208kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:2740kB local_pcp:1408kB free_cma:0kB [ 2436.353723] lowmem_reserve[]: 0 0 3503 3503 [ 2436.369304] Node 0 Normal free:2210428kB min:37364kB low:46704kB high:56044kB active_anon:461128kB inactive_anon:864kB active_file:2420kB inactive_file:11032kB unevictable:0kB writepending:208kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8448kB pagetables:6788kB bounce:0kB free_pcp:1460kB local_pcp:1192kB free_cma:0kB [ 2436.417834] lowmem_reserve[]: 0 0 0 0 [ 2436.421852] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2436.499000] Node 0 DMA32: 32*4kB (UM) 60*8kB (UME) 67*16kB (UME) 63*32kB (UME) 68*64kB (UME) 67*128kB (UE) 61*256kB (U) 54*512kB (UME) 48*1024kB (UME) 46*2048kB (UME) 653*4096kB (UM) = 2877936kB [ 2436.556218] Node 0 Normal: 13228*4kB (UME) 5955*8kB (UME) 2153*16kB (UME) 2249*32kB (UME) 1457*64kB (UME) 793*128kB (UM) 371*256kB (UM) 163*512kB (U) 87*1024kB (U) 78*2048kB (U) 338*4096kB (UM) = 2213432kB [ 2436.595360] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2436.604406] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2436.613256] 4229 total pagecache pages [ 2436.617309] 0 pages in swap cache [ 2436.620902] Swap cache stats: add 0, delete 0, find 0/0 [ 2436.626489] Free swap = 0kB [ 2436.629679] Total swap = 0kB [ 2436.632934] 1965979 pages RAM [ 2436.636181] 0 pages HighMem/MovableOnly [ 2436.640293] 342853 pages reserved [ 2436.643981] 0 pages cma reserved 06:19:11 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Zj\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:19:11 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:11 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xfffffffffffffdfc}]) 06:19:11 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000280)={0x0, 0x0, 0x5, 0x0, [], [], [], 0x0, 0x8, 0x0, 0x0, "d780c00f286033084650d622d22e7277"}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, 0x0) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x20008000) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$int_in(r2, 0x800000c0045002, &(0x7f0000000200)=0x1000) readv(r2, &(0x7f00000014c0)=[{&(0x7f0000001500)=""/4096, 0x1002}], 0x1) readv(r2, &(0x7f0000000c00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7]}, 0x2c) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@remote, @in6=@loopback}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x400200007fd, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYRES16], 0x2) recvmsg(0xffffffffffffffff, 0x0, 0x0) [ 2436.752129] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2441.156231] oom_reaper: reaped process 26556 (syz-executor2), now anon-rss:0kB, file-rss:32008kB, shmem-rss:0kB [ 2441.185147] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2441.196502] rsyslogd cpuset=/ mems_allowed=0 [ 2441.200947] CPU: 1 PID: 5923 Comm: rsyslogd Not tainted 4.20.0-rc7+ #379 [ 2441.208246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2441.217601] Call Trace: [ 2441.220218] dump_stack+0x244/0x39d [ 2441.223866] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2441.229079] ? mark_held_locks+0x130/0x130 [ 2441.233328] ? mark_held_locks+0x130/0x130 [ 2441.237582] dump_header+0x27b/0xf72 [ 2441.241328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2441.246878] ? check_preemption_disabled+0x48/0x280 [ 2441.251911] ? pagefault_out_of_memory+0x197/0x197 [ 2441.256851] ? debug_smp_processor_id+0x1c/0x20 [ 2441.261530] ? perf_trace_lock+0x14d/0x7a0 [ 2441.265779] ? mark_held_locks+0x130/0x130 [ 2441.270027] ? lock_is_held_type+0x210/0x210 [ 2441.274460] ? debug_smp_processor_id+0x1c/0x20 [ 2441.279144] ? perf_trace_lock+0x14d/0x7a0 [ 2441.283399] ? zap_class+0x640/0x640 [ 2441.287132] ? print_usage_bug+0xc0/0xc0 [ 2441.291215] ? lock_is_held_type+0x210/0x210 [ 2441.295643] ? perf_trace_lock+0x14d/0x7a0 [ 2441.299896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2441.305449] ? find_held_lock+0x36/0x1c0 [ 2441.309530] ? mark_held_locks+0xc7/0x130 [ 2441.313692] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2441.318805] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2441.323910] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2441.328485] ? trace_hardirqs_on+0xbd/0x310 [ 2441.332791] ? kasan_check_read+0x11/0x20 [ 2441.336924] ? ___ratelimit+0x3b4/0x672 [ 2441.340887] ? trace_hardirqs_off_caller+0x310/0x310 [ 2441.342049] syz-executor2: vmalloc: allocation failure, allocated 161603584 of 167776256 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2441.345995] ? trace_hardirqs_on+0x310/0x310 [ 2441.359580] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2441.363917] ? lock_downgrade+0x900/0x900 [ 2441.363942] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2441.363960] ? ___ratelimit+0x3b9/0x672 [ 2441.382265] ? idr_get_free+0xf70/0xf70 [ 2441.386249] ? lock_is_held_type+0x210/0x210 [ 2441.390677] oom_kill_process.cold.27+0x10/0x903 [ 2441.395442] ? zap_class+0x640/0x640 [ 2441.399168] ? _raw_spin_unlock+0x2c/0x50 [ 2441.403321] ? oom_badness+0xe6/0xaa0 [ 2441.407135] ? oom_evaluate_task+0x540/0x540 [ 2441.411561] ? find_held_lock+0x36/0x1c0 [ 2441.415645] ? out_of_memory+0x974/0x1430 [ 2441.419804] ? lock_downgrade+0x900/0x900 [ 2441.423961] ? check_preemption_disabled+0x48/0x280 [ 2441.428985] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2441.433926] ? kasan_check_read+0x11/0x20 [ 2441.438110] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2441.443399] ? rcu_softirq_qs+0x20/0x20 [ 2441.447384] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2441.452403] ? oom_evaluate_task+0x302/0x540 [ 2441.456822] out_of_memory+0xa84/0x1430 [ 2441.460813] ? oom_killer_disable+0x3a0/0x3a0 [ 2441.465315] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2441.470259] ? __ww_mutex_check_waiters+0x160/0x160 [ 2441.475295] __alloc_pages_slowpath+0x232c/0x2de0 [ 2441.480181] ? warn_alloc+0x120/0x120 [ 2441.483987] ? mark_held_locks+0x130/0x130 [ 2441.488233] ? find_get_entry+0xaae/0x1120 [ 2441.492486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2441.498033] ? check_preemption_disabled+0x48/0x280 [ 2441.503053] ? filemap_map_pages+0x1a20/0x1a20 [ 2441.507654] ? debug_smp_processor_id+0x1c/0x20 [ 2441.512342] ? perf_trace_lock+0x14d/0x7a0 [ 2441.516593] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2441.522180] ? should_fail+0x22d/0xd01 [ 2441.526077] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2441.531191] ? zap_class+0x640/0x640 [ 2441.534944] ? __lock_is_held+0xb5/0x140 [ 2441.539022] ? mark_held_locks+0x130/0x130 [ 2441.543265] ? lock_release+0xa00/0xa00 [ 2441.547245] ? perf_trace_sched_process_exec+0x860/0x860 [ 2441.552701] ? xa_load+0x2ba/0x460 [ 2441.556251] ? lock_downgrade+0x900/0x900 [ 2441.560411] ? __might_sleep+0x95/0x190 [ 2441.564401] __alloc_pages_nodemask+0xad8/0xea0 [ 2441.569085] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2441.574108] ? __page_cache_alloc+0x191/0x5c0 [ 2441.578614] ? xa_load+0x2e1/0x460 [ 2441.582180] ? xa_clear_mark+0x40/0x40 [ 2441.586078] ? zap_class+0x640/0x640 [ 2441.589806] ? zap_class+0x640/0x640 [ 2441.593555] ? zap_class+0x640/0x640 [ 2441.597314] ? __do_page_cache_readahead+0x663/0x810 [ 2441.602433] ? find_held_lock+0x36/0x1c0 [ 2441.606507] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2441.612063] alloc_pages_current+0x173/0x350 [ 2441.616490] __page_cache_alloc+0x38c/0x5c0 [ 2441.620819] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2441.625779] ? kasan_check_read+0x11/0x20 [ 2441.629937] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2441.635227] ? generic_perform_write+0x6a0/0x6a0 [ 2441.640005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2441.645554] ? check_preemption_disabled+0x48/0x280 [ 2441.650586] filemap_fault+0x1595/0x25f0 [ 2441.654687] ? __lock_page_or_retry+0xa00/0xa00 [ 2441.659370] ? mark_held_locks+0x130/0x130 [ 2441.663631] ? filemap_map_pages+0xd6b/0x1a20 [ 2441.668133] ? lock_downgrade+0x900/0x900 [ 2441.672294] ? check_preemption_disabled+0x48/0x280 [ 2441.677319] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2441.682254] ? kasan_check_read+0x11/0x20 [ 2441.686410] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2441.691694] ? rcu_softirq_qs+0x20/0x20 [ 2441.695708] ? filemap_map_pages+0xd92/0x1a20 [ 2441.700227] ? find_get_entries_tag+0x1400/0x1400 [ 2441.705079] ? __kernel_text_address+0xd/0x40 [ 2441.709580] ? unwind_get_return_address+0x61/0xa0 [ 2441.714535] ? lock_acquire+0x1ed/0x520 [ 2441.718513] ? ext4_filemap_fault+0x7a/0xad [ 2441.722847] ? lock_release+0xa00/0xa00 [ 2441.726829] ? perf_trace_sched_process_exec+0x860/0x860 [ 2441.732290] ? print_usage_bug+0xc0/0xc0 [ 2441.736363] ? print_usage_bug+0xc0/0xc0 [ 2441.740427] ? __x64_sys_read+0x73/0xb0 [ 2441.744406] ? print_usage_bug+0xc0/0xc0 [ 2441.748490] ? down_read+0x8d/0x120 [ 2441.752206] ? ext4_filemap_fault+0x7a/0xad [ 2441.756535] ? __down_interruptible+0x700/0x700 [ 2441.761221] ext4_filemap_fault+0x82/0xad [ 2441.765377] __do_fault+0x100/0x6b0 [ 2441.769012] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2441.774125] ? mark_held_locks+0x130/0x130 [ 2441.778372] ? mark_held_locks+0x130/0x130 [ 2441.782628] ? lock_is_held_type+0x210/0x210 [ 2441.787038] ? do_syslog+0x147b/0x1690 [ 2441.790933] ? do_syslog+0x309/0x1690 [ 2441.794741] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2441.800294] __handle_mm_fault+0x3ea6/0x5be0 [ 2441.804722] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2441.809575] ? lock_is_held_type+0x210/0x210 [ 2441.814001] ? find_held_lock+0x36/0x1c0 [ 2441.818091] ? zap_class+0x640/0x640 [ 2441.821861] ? zap_class+0x640/0x640 [ 2441.825595] ? find_held_lock+0x36/0x1c0 [ 2441.829680] ? handle_mm_fault+0x42a/0xc70 [ 2441.833924] ? lock_downgrade+0x900/0x900 [ 2441.838082] ? check_preemption_disabled+0x48/0x280 [ 2441.843106] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2441.848053] ? kasan_check_read+0x11/0x20 [ 2441.852206] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2441.857491] ? rcu_softirq_qs+0x20/0x20 [ 2441.861476] ? trace_hardirqs_off_caller+0x310/0x310 [ 2441.866590] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2441.872165] ? check_preemption_disabled+0x48/0x280 [ 2441.877228] handle_mm_fault+0x54f/0xc70 [ 2441.881315] ? __handle_mm_fault+0x5be0/0x5be0 [ 2441.885908] ? find_vma+0x34/0x190 [ 2441.889461] __do_page_fault+0x5e8/0xe60 [ 2441.893528] ? trace_hardirqs_off+0xb8/0x310 [ 2441.897939] ? kernel_write+0x120/0x120 [ 2441.901935] do_page_fault+0xf2/0x7e0 [ 2441.905746] ? vmalloc_sync_all+0x30/0x30 [ 2441.909900] ? error_entry+0x70/0xd0 [ 2441.913630] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2441.918654] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2441.923590] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2441.928535] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2441.933388] ? trace_hardirqs_on_caller+0x310/0x310 [ 2441.938410] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2441.943871] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2441.948892] ? page_fault+0x8/0x30 [ 2441.952441] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2441.957296] ? page_fault+0x8/0x30 [ 2441.960843] page_fault+0x1e/0x30 [ 2441.964299] RIP: 0033:0x7f5b991d81fd [ 2441.968049] Code: Bad RIP value. [ 2441.971412] RSP: 002b:00007f5b96777e30 EFLAGS: 00010293 [ 2441.976776] RAX: 0000000000000076 RBX: 0000000001736650 RCX: 00007f5b991d81fd [ 2441.984049] RDX: 0000000000000fff RSI: 00007f5b97fac5a0 RDI: 0000000000000004 [ 2441.991320] RBP: 0000000000000000 R08: 0000000001721260 R09: 0000000000000000 [ 2441.998590] R10: 6b205d3935383934 R11: 0000000000000293 R12: 000000000065e420 [ 2442.005868] R13: 00007f5b967789c0 R14: 00007f5b9981d040 R15: 0000000000000003 [ 2442.013179] CPU: 0 PID: 26556 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2442.020561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2442.023377] Mem-Info: [ 2442.029922] Call Trace: [ 2442.034961] dump_stack+0x244/0x39d [ 2442.036608] active_anon:112751 inactive_anon:216 isolated_anon:0 [ 2442.036608] active_file:14 inactive_file:13 isolated_file:0 [ 2442.036608] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2442.036608] slab_reclaimable:10129 slab_unreclaimable:117539 [ 2442.036608] mapped:49168 shmem:392 pagetables:1641 bounce:0 [ 2442.036608] free:15794 free_pcp:151 free_cma:0 [ 2442.038655] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2442.071747] Node 0 active_anon:451004kB inactive_anon:864kB active_file:56kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 104448kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2442.077356] warn_alloc.cold.116+0xb7/0x1bd [ 2442.077378] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2442.104974] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2442.109279] ? __lock_is_held+0xb5/0x140 [ 2442.114118] lowmem_reserve[]: 0 2818 6321 6321 [ 2442.140221] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2442.140255] __vmalloc_node_range+0x522/0x750 [ 2442.144309] Node 0 DMA32 free:28644kB min:30052kB low:37564kB high:45076kB active_anon:32kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:4kB free_cma:0kB [ 2442.148869] ? vb2_vmalloc_alloc+0x123/0x380 [ 2442.154400] lowmem_reserve[]: 0 0 3503 3503 [ 2442.158872] vmalloc_user+0x75/0x170 [ 2442.186310] Node 0 Normal free:18624kB min:37364kB low:46704kB high:56044kB active_anon:450972kB inactive_anon:864kB active_file:56kB inactive_file:44kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8192kB pagetables:6564kB bounce:0kB free_pcp:352kB local_pcp:104kB free_cma:0kB [ 2442.190693] ? vb2_vmalloc_alloc+0x123/0x380 [ 2442.195011] lowmem_reserve[]: 0 0 0 0 [ 2442.198698] vb2_vmalloc_alloc+0x123/0x380 [ 2442.228105] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2442.232476] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2442.232496] ? mutex_destroy+0x200/0x200 [ 2442.232518] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2442.236297] Node 0 DMA32: 7*4kB (UM) 9*8kB (UME) 8*16kB (UME) 8*32kB (ME) 8*64kB (UME) 8*128kB (UME) 4*256kB (UM) 4*512kB (UME) 3*1024kB (ME) 4*2048kB (UME) 3*4096kB (M) = 28644kB [ 2442.240530] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2442.254061] Node 0 Normal: 654*4kB (UME) 919*8kB (UME) 529*16kB (UME) 6*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18624kB [ 2442.259138] __vb2_queue_alloc+0x5e1/0xfa0 [ 2442.263216] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2442.267520] ? vimc_cap_get_format+0x120/0x120 [ 2442.283727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2442.288802] vb2_core_create_bufs+0x401/0x8c0 [ 2442.302333] 419 total pagecache pages [ 2442.306535] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2442.315379] 0 pages in swap cache [ 2442.319927] ? debug_smp_processor_id+0x1c/0x20 [ 2442.328505] Swap cache stats: add 0, delete 0, find 0/0 [ 2442.332967] ? perf_trace_lock+0x14d/0x7a0 [ 2442.332987] ? __save_stack_trace+0x8d/0xf0 [ 2442.333032] vb2_create_bufs+0x4b6/0x8f0 [ 2442.336791] Free swap = 0kB [ 2442.341200] ? v4l2_ioctl+0x154/0x1b0 [ 2442.344660] Total swap = 0kB [ 2442.349309] ? vb2_request_queue+0x120/0x120 [ 2442.354684] 1965979 pages RAM [ 2442.358902] ? find_held_lock+0x36/0x1c0 [ 2442.363247] 0 pages HighMem/MovableOnly [ 2442.367288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2442.370281] 342853 pages reserved [ 2442.374084] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2442.374128] v4l_create_bufs+0x152/0x230 [ 2442.377181] 0 pages cma reserved [ 2442.381590] __video_do_ioctl+0x8b1/0x1050 [ 2442.384698] Unreclaimable slab info: [ 2442.388734] ? v4l_s_fmt+0x990/0x990 [ 2442.392711] Name Used Total [ 2442.398226] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2442.401692] pid_2 79KB 192KB [ 2442.406242] video_usercopy+0x5c1/0x1760 [ 2442.406261] ? v4l_s_fmt+0x990/0x990 [ 2442.406286] ? v4l_enumstd+0x70/0x70 [ 2442.410379] TIPC 11KB 21KB [ 2442.413699] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2442.413723] ? find_held_lock+0x36/0x1c0 [ 2442.413750] ? __fget+0x4aa/0x740 [ 2442.417964] rds_connection 0KB 3KB [ 2442.421676] ? lock_downgrade+0x900/0x900 [ 2442.425395] SCTPv6 16KB 24KB [ 2442.430907] ? check_preemption_disabled+0x48/0x280 [ 2442.436452] sctp_bind_bucket 0KB 3KB [ 2442.441775] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2442.445849] DCCPv6 19KB 29KB [ 2442.449534] ? kasan_check_read+0x11/0x20 [ 2442.453253] DCCP 18KB 20KB [ 2442.458580] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2442.464146] bridge_fdb_cache 11KB 27KB [ 2442.468145] ? rcu_softirq_qs+0x20/0x20 [ 2442.471583] fib6_nodes 90KB 132KB [ 2442.476956] ? __fget+0x4d1/0x740 [ 2442.476981] ? ksys_dup3+0x680/0x680 [ 2442.481110] ip6_dst_cache 101KB 262KB [ 2442.486464] ? __might_fault+0x12b/0x1e0 [ 2442.486488] ? video_usercopy+0x1760/0x1760 [ 2442.486506] video_ioctl2+0x2c/0x33 [ 2442.491508] ip6_mrt_cache 0KB 4KB [ 2442.496870] v4l2_ioctl+0x154/0x1b0 [ 2442.496887] ? video_devdata+0xa0/0xa0 [ 2442.496906] do_vfs_ioctl+0x1de/0x1790 [ 2442.501819] RAWv6 78KB 91KB [ 2442.507182] ? ioctl_preallocate+0x300/0x300 [ 2442.507200] ? __fget_light+0x2e9/0x430 [ 2442.507217] ? fget_raw+0x20/0x20 [ 2442.511351] UDPv6 3KB 3KB [ 2442.516711] ? _copy_to_user+0xc8/0x110 [ 2442.516736] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2442.516756] ? put_timespec64+0x10f/0x1b0 [ 2442.522048] TCPv6 26KB 29KB [ 2442.527379] ? nsecs_to_jiffies+0x30/0x30 [ 2442.531333] nf_conntrack 1KB 11KB [ 2442.536685] ? do_syscall_64+0x9a/0x820 [ 2442.536702] ? do_syscall_64+0x9a/0x820 [ 2442.536724] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2442.540161] ashmem_area_cache 29KB 47KB [ 2442.543868] ? security_file_ioctl+0x94/0xc0 [ 2442.543891] ksys_ioctl+0xa9/0xd0 [ 2442.543912] __x64_sys_ioctl+0x73/0xb0 [ 2442.549281] sd_ext_cdb 0KB 3KB [ 2442.553310] do_syscall_64+0x1b9/0x820 [ 2442.553328] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2442.553348] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2442.557668] scsi_sense_cache 1056KB 1060KB [ 2442.561289] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2442.566695] virtio_scsi_cmd 16KB 16KB [ 2442.570297] ? trace_hardirqs_on_caller+0x310/0x310 [ 2442.574206] sgpool-128 8KB 8KB [ 2442.578041] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2442.583410] sgpool-64 4KB 6KB [ 2442.587791] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2442.591743] sgpool-32 2KB 7KB [ 2442.595194] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2442.595226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2442.600568] sgpool-16 1KB 3KB [ 2442.604529] RIP: 0033:0x457669 [ 2442.604560] Code: Bad RIP value. [ 2442.610087] sgpool-8 0KB 3KB [ 2442.614217] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2442.614234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2442.614244] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2442.614258] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2442.619609] mqueue_inode_cache 11KB 21KB [ 2442.623746] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2442.623756] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2442.624560] Mem-Info: [ 2442.629146] bio_post_read_ctx 14KB 15KB [ 2442.629194] bio-2 14KB 15KB [ 2442.633247] active_anon:112751 inactive_anon:216 isolated_anon:0 [ 2442.633247] active_file:14 inactive_file:13 isolated_file:0 [ 2442.633247] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2442.633247] slab_reclaimable:10129 slab_unreclaimable:117539 [ 2442.633247] mapped:49168 shmem:392 pagetables:1641 bounce:0 [ 2442.633247] free:15794 free_pcp:151 free_cma:0 [ 2442.633282] Node 0 active_anon:451004kB inactive_anon:864kB active_file:56kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 104448kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2442.633289] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2442.633326] lowmem_reserve[]: 0 2818 6321 6321 [ 2442.633347] Node 0 DMA32 free:28644kB min:30052kB low:37564kB high:45076kB active_anon:32kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:252kB local_pcp:248kB free_cma:0kB [ 2442.633386] lowmem_reserve[]: 0 0 3503 3503 [ 2442.633406] Node 0 Normal free:18624kB min:37364kB low:46704kB high:56044kB active_anon:450972kB inactive_anon:864kB active_file:56kB inactive_file:44kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8192kB pagetables:6564kB bounce:0kB free_pcp:352kB local_pcp:248kB free_cma:0kB [ 2442.633444] lowmem_reserve[]: 0 0 0 0 [ 2442.643199] jfs_mp 7KB 7KB [ 2442.647465] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2442.651834] nfs_commit_data 3KB 7KB [ 2442.655294] Node 0 DMA32: 7*4kB (UM) 9*8kB (UME) 8*16kB (UME) 8*32kB (ME) 8*64kB (UME) 8*128kB (UME) 4*256kB (UM) 4*512kB (UME) 3*1024kB (ME) 4*2048kB (UME) 3*4096kB (M) = 28644kB [ 2442.655401] Node 0 Normal: 654*4kB (UME) 919*8kB (UME) 529*16kB (UME) 6*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18624kB [ 2442.661306] nfs_write_data 32KB 32KB [ 2442.664756] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2442.668641] ext4_system_zone 0KB 3KB [ 2442.674016] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2442.674024] 419 total pagecache pages [ 2442.674043] 0 pages in swap cache 06:19:18 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xfffffffffffffe00}]) [ 2442.674054] Swap cache stats: add 0, delete 0, find 0/0 [ 2442.674060] Free swap = 0kB [ 2442.674066] Total swap = 0kB [ 2442.674074] 1965979 pages RAM [ 2442.674081] 0 pages HighMem/MovableOnly [ 2442.674087] 342853 pages reserved [ 2442.674097] 0 pages cma reserved [ 2442.681967] kioctx 51KB 66KB [ 2443.032973] aio_kiocb 25KB 40KB [ 2443.098372] bio-1 1KB 3KB [ 2443.103893] fasync_cache 0KB 4KB [ 2443.109465] pid_namespace 2KB 11KB [ 2443.118757] rpc_buffers 17KB 19KB [ 2443.129456] rpc_tasks 2KB 3KB [ 2443.135968] UNIX 9KB 14KB [ 2443.142013] tcp_bind_bucket 1KB 8KB [ 2443.148221] inet_peer_cache 14KB 20KB [ 2443.154090] ip_fib_trie 13KB 23KB [ 2443.159471] ip_fib_alias 60KB 94KB [ 2443.166062] ip_dst_cache 6KB 48KB [ 2443.177704] RAW 46KB 57KB [ 2443.183574] UDP 17KB 26KB [ 2443.189121] TCP 8KB 16KB [ 2443.194550] hugetlbfs_inode_cache 2KB 7KB [ 2443.200266] fscache_cookie_jar 1KB 7KB [ 2443.205837] eventpoll_pwq 24KB 47KB [ 2443.211737] eventpoll_epi 39KB 82KB [ 2443.217225] inotify_inode_mark 39KB 78KB [ 2443.222820] request_queue 160KB 160KB [ 2443.228198] blkdev_ioc 23KB 23KB [ 2443.233614] bio-0 391KB 401KB [ 2443.238997] biovec-max 1765KB 1765KB [ 2443.244466] biovec-64 426KB 456KB [ 2443.249843] biovec-16 43KB 63KB [ 2443.255267] bio_integrity_payload 1KB 3KB [ 2443.261009] khugepaged_mm_slot 15KB 31KB [ 2443.266608] user_namespace 5KB 11KB [ 2443.272076] dmaengine-unmap-256 2KB 6KB [ 2443.277634] dmaengine-unmap-128 1KB 3KB [ 2443.283287] dmaengine-unmap-16 0KB 4KB [ 2443.288743] dmaengine-unmap-2 0KB 3KB [ 2443.295214] skbuff_fclone_cache 118KB 228KB [ 2443.300769] skbuff_head_cache 675KB 1815KB [ 2443.306264] configfs_dir_cache 0KB 4KB [ 2443.311724] file_lock_cache 0KB 7KB [ 2443.330020] file_lock_ctx 0KB 3KB [ 2443.335657] fsnotify_mark_connector 22KB 47KB [ 2443.341553] net_namespace 69KB 69KB [ 2443.347041] shmem_inode_cache 5276KB 5550KB [ 2443.352463] task_delay_info 79KB 246KB [ 2443.357835] taskstats 84KB 187KB [ 2443.363345] proc_dir_entry 730KB 817KB [ 2443.369833] pde_opener 0KB 3KB [ 2443.375345] seq_file 138KB 291KB [ 2443.380724] sigqueue 17KB 149KB [ 2443.386721] kernfs_node_cache 12861KB 12966KB [ 2443.392221] mnt_cache 182KB 188KB [ 2443.397595] filp 2167KB 4248KB [ 2443.413802] names_cache 52942KB 52942KB [ 2443.419191] iint_cache 28KB 59KB [ 2443.425709] key_jar 9KB 37KB [ 2443.431083] uts_namespace 3KB 7KB [ 2443.436545] nsproxy 2KB 27KB [ 2443.441978] vm_area_struct 3670KB 5967KB [ 2443.447347] mm_struct 544KB 929KB [ 2443.452830] fs_cache 54KB 180KB [ 2443.458198] files_cache 181KB 303KB [ 2443.464217] signal_cache 526KB 1027KB [ 2443.469587] sighand_cache 511KB 548KB [ 2443.475079] task_struct 2314KB 2314KB [ 2443.480456] cred_jar 343KB 1200KB [ 2443.485878] anon_vma_chain 2215KB 4961KB [ 2443.491244] anon_vma 166KB 350KB [ 2443.496769] pid 50KB 180KB [ 2443.502190] Acpi-Operand 106KB 166KB [ 2443.507565] Acpi-Namespace 19KB 23KB [ 2443.513059] numa_policy 0KB 3KB [ 2443.518429] debug_objects_cache 1247KB 1506KB [ 2443.524008] trace_event_file 260KB 262KB [ 2443.529375] ftrace_event_field 376KB 378KB [ 2443.534942] pool_workqueue 103KB 124KB [ 2443.540311] task_group 5KB 7KB [ 2443.545829] page->ptl 1053KB 3103KB [ 2443.551230] kmalloc-2M 2050KB 2050KB [ 2443.557829] kmalloc-512k 2056KB 2056KB [ 2443.563282] kmalloc-256k 1290KB 1290KB [ 2443.568667] kmalloc-128k 2730KB 2730KB [ 2443.574166] kmalloc-64k 4026KB 4620KB [ 2443.579566] kmalloc-32k 1419KB 1419KB [ 2443.585031] kmalloc-16k 792KB 792KB [ 2443.590401] kmalloc-8k 97630KB 97704KB [ 2443.595812] kmalloc-4k 13251KB 13251KB [ 2443.601176] kmalloc-2k 16477KB 16702KB [ 2443.606656] kmalloc-1k 4329KB 6843KB [ 2443.612066] kmalloc-512 2719KB 5231KB [ 2443.617431] kmalloc-256 2923KB 3858KB [ 2443.623038] kmalloc-128 816KB 1193KB [ 2443.628407] kmalloc-96 1773KB 3804KB [ 2443.633815] kmalloc-64 1729KB 2184KB [ 2443.639186] kmalloc-32 1495KB 2019KB [ 2443.644588] kmalloc-192 829KB 1100KB [ 2443.649965] kmem_cache 288KB 292KB [ 2443.655374] Out of memory: Kill process 24983 (syz-executor0) score 1005 or sacrifice child [ 2443.664004] Killed process 24983 (syz-executor0) total-vm:70472kB, anon-rss:2212kB, file-rss:32768kB, shmem-rss:0kB [ 2443.675928] oom_reaper: reaped process 24983 (syz-executor0), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 06:19:21 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0b000000]}}}) 06:19:21 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\x00\x19\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:19:21 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x4}]) 06:19:21 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:21 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x4000000000000000]}}}) 06:19:21 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xfcfdffffffffffff}]) 06:19:21 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000280)={0x0, 0x0, 0x5, 0x0, [], [], [], 0x0, 0x8, 0x0, 0x0, "d780c00f286033084650d622d22e7277"}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, 0x0) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x20008000) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$int_in(r2, 0x800000c0045002, &(0x7f0000000200)=0x1000) readv(r2, &(0x7f00000014c0)=[{&(0x7f0000001500)=""/4096, 0x1002}], 0x1) readv(r2, &(0x7f0000000c00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7]}, 0x2c) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@remote, @in6=@loopback}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x400200007fd, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYRES16], 0x2) recvmsg(0xffffffffffffffff, 0x0, 0x0) 06:19:21 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2446.583604] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:21 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xeffdffff}]) [ 2446.684728] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:21 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:22 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x4000000}]) [ 2446.894479] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:22 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000280)={0x0, 0x0, 0x5, 0x0, [], [], [], 0x0, 0x8, 0x0, 0x0, "d780c00f286033084650d622d22e7277"}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, 0x0) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x20008000) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$int_in(r2, 0x800000c0045002, &(0x7f0000000200)=0x1000) readv(r2, &(0x7f00000014c0)=[{&(0x7f0000001500)=""/4096, 0x1002}], 0x1) readv(r2, &(0x7f0000000c00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7]}, 0x2c) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@remote, @in6=@loopback}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x400200007fd, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYRES16], 0x2) recvmsg(0xffffffffffffffff, 0x0, 0x0) 06:19:22 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\x00\x15\xe6\x03\xca\x00', @ifru_mtu=0x1}) [ 2451.699986] oom_reaper: reaped process 26617 (syz-executor2), now anon-rss:0kB, file-rss:32004kB, shmem-rss:0kB [ 2451.725073] syz-fuzzer invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2451.740107] syz-fuzzer cpuset=/ mems_allowed=0 [ 2451.744909] CPU: 1 PID: 6040 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #379 [ 2451.751935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2451.761288] Call Trace: [ 2451.763897] dump_stack+0x244/0x39d [ 2451.767545] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2451.772753] ? mark_held_locks+0x130/0x130 [ 2451.776999] ? mark_held_locks+0x130/0x130 [ 2451.781251] dump_header+0x27b/0xf72 [ 2451.784985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2451.790542] ? check_preemption_disabled+0x48/0x280 [ 2451.795579] ? pagefault_out_of_memory+0x197/0x197 [ 2451.800522] ? debug_smp_processor_id+0x1c/0x20 [ 2451.805199] ? perf_trace_lock+0x14d/0x7a0 [ 2451.809445] ? mark_held_locks+0x130/0x130 [ 2451.813699] ? lock_is_held_type+0x210/0x210 [ 2451.818144] ? debug_smp_processor_id+0x1c/0x20 [ 2451.822834] ? perf_trace_lock+0x14d/0x7a0 [ 2451.827083] ? zap_class+0x640/0x640 [ 2451.830812] ? print_usage_bug+0xc0/0xc0 [ 2451.834885] ? lock_is_held_type+0x210/0x210 [ 2451.839328] ? perf_trace_lock+0x14d/0x7a0 [ 2451.843589] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2451.849241] ? find_held_lock+0x36/0x1c0 [ 2451.853325] ? mark_held_locks+0xc7/0x130 [ 2451.857515] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2451.862660] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2451.867774] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2451.872386] ? trace_hardirqs_on+0xbd/0x310 [ 2451.876717] ? kasan_check_read+0x11/0x20 [ 2451.880903] ? ___ratelimit+0x3b4/0x672 [ 2451.884867] ? trace_hardirqs_off_caller+0x310/0x310 [ 2451.889954] ? trace_hardirqs_on+0x310/0x310 [ 2451.892009] syz-executor2: vmalloc: allocation failure, allocated 23146496 of 184553472 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 2451.894363] ? lock_downgrade+0x900/0x900 [ 2451.907875] syz-executor2 cpuset=syz2 mems_allowed=0 [ 2451.911956] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2451.911972] ? ___ratelimit+0x3b9/0x672 [ 2451.911990] ? idr_get_free+0xf70/0xf70 [ 2451.912009] ? lock_is_held_type+0x210/0x210 [ 2451.912032] oom_kill_process.cold.27+0x10/0x903 [ 2451.939287] ? zap_class+0x640/0x640 [ 2451.943006] ? _raw_spin_unlock+0x2c/0x50 [ 2451.947164] ? oom_badness+0xe6/0xaa0 [ 2451.950983] ? oom_evaluate_task+0x540/0x540 [ 2451.955401] ? find_held_lock+0x36/0x1c0 [ 2451.959476] ? out_of_memory+0x974/0x1430 [ 2451.963638] ? lock_downgrade+0x900/0x900 [ 2451.967794] ? check_preemption_disabled+0x48/0x280 [ 2451.972820] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2451.977759] ? kasan_check_read+0x11/0x20 [ 2451.981914] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2451.987198] ? rcu_softirq_qs+0x20/0x20 [ 2451.991186] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2451.996208] ? oom_evaluate_task+0x302/0x540 [ 2452.000634] out_of_memory+0xa84/0x1430 [ 2452.004643] ? oom_killer_disable+0x3a0/0x3a0 [ 2452.009145] ? __alloc_pages_slowpath+0xf5c/0x2de0 [ 2452.014097] ? __ww_mutex_check_waiters+0x160/0x160 [ 2452.019137] __alloc_pages_slowpath+0x232c/0x2de0 [ 2452.024025] ? warn_alloc+0x120/0x120 [ 2452.027829] ? mark_held_locks+0x130/0x130 [ 2452.032082] ? find_get_entry+0xaae/0x1120 [ 2452.036330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2452.041874] ? check_preemption_disabled+0x48/0x280 [ 2452.046902] ? filemap_map_pages+0x1a20/0x1a20 [ 2452.051495] ? debug_smp_processor_id+0x1c/0x20 [ 2452.056182] ? perf_trace_lock+0x14d/0x7a0 [ 2452.060461] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2452.066002] ? should_fail+0x22d/0xd01 [ 2452.069904] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2452.075016] ? zap_class+0x640/0x640 [ 2452.078916] ? __lock_is_held+0xb5/0x140 [ 2452.082996] ? mark_held_locks+0x130/0x130 [ 2452.087242] ? lock_release+0xa00/0xa00 [ 2452.091224] ? perf_trace_sched_process_exec+0x860/0x860 [ 2452.096697] ? xa_load+0x2ba/0x460 [ 2452.100252] ? __might_sleep+0x95/0x190 [ 2452.104242] __alloc_pages_nodemask+0xad8/0xea0 [ 2452.108925] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2452.113951] ? __page_cache_alloc+0x191/0x5c0 [ 2452.118454] ? xa_load+0x2e1/0x460 [ 2452.122005] ? xa_clear_mark+0x40/0x40 [ 2452.125903] ? zap_class+0x640/0x640 [ 2452.129642] ? zap_class+0x640/0x640 [ 2452.133364] ? zap_class+0x640/0x640 [ 2452.137082] ? __do_page_cache_readahead+0x663/0x810 [ 2452.142200] ? find_held_lock+0x36/0x1c0 [ 2452.146281] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2452.151833] alloc_pages_current+0x173/0x350 [ 2452.156257] __page_cache_alloc+0x38c/0x5c0 [ 2452.160585] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2452.165533] ? kasan_check_read+0x11/0x20 [ 2452.169695] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2452.174984] ? generic_perform_write+0x6a0/0x6a0 [ 2452.179749] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2452.185300] ? check_preemption_disabled+0x48/0x280 [ 2452.190333] filemap_fault+0x1595/0x25f0 [ 2452.194419] ? __lock_page_or_retry+0xa00/0xa00 [ 2452.199094] ? mark_held_locks+0x130/0x130 [ 2452.203344] ? filemap_map_pages+0xd6b/0x1a20 [ 2452.208344] ? lock_downgrade+0x900/0x900 [ 2452.212518] ? check_preemption_disabled+0x48/0x280 [ 2452.217573] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2452.222510] ? kasan_check_read+0x11/0x20 [ 2452.226666] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2452.231951] ? rcu_softirq_qs+0x20/0x20 [ 2452.235948] ? filemap_map_pages+0xd92/0x1a20 [ 2452.240481] ? find_get_entries_tag+0x1400/0x1400 [ 2452.245337] ? debug_object_destroy+0x2b0/0x2b0 [ 2452.250018] ? lock_pi_update_atomic+0x150/0x150 [ 2452.254781] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2452.260335] ? lock_acquire+0x1ed/0x520 [ 2452.264315] ? ext4_filemap_fault+0x7a/0xad [ 2452.268661] ? lock_release+0xa00/0xa00 [ 2452.272651] ? perf_trace_sched_process_exec+0x860/0x860 [ 2452.278110] ? print_usage_bug+0xc0/0xc0 [ 2452.282187] ? print_usage_bug+0xc0/0xc0 [ 2452.286271] ? down_read+0x8d/0x120 [ 2452.289899] ? ext4_filemap_fault+0x7a/0xad [ 2452.294242] ? __down_interruptible+0x700/0x700 [ 2452.298928] ext4_filemap_fault+0x82/0xad [ 2452.303084] __do_fault+0x100/0x6b0 [ 2452.306726] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2452.311853] ? mark_held_locks+0x130/0x130 [ 2452.316103] ? mark_held_locks+0x130/0x130 [ 2452.320346] ? debug_smp_processor_id+0x1c/0x20 [ 2452.325019] ? perf_trace_lock+0x14d/0x7a0 [ 2452.329266] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2452.334844] __handle_mm_fault+0x3ea6/0x5be0 [ 2452.339269] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2452.344122] ? lock_is_held_type+0x210/0x210 [ 2452.348577] ? zap_class+0x640/0x640 [ 2452.352294] ? zap_class+0x640/0x640 [ 2452.356016] ? __x64_sys_futex+0x53e/0x6a0 [ 2452.360261] ? find_held_lock+0x36/0x1c0 [ 2452.364337] ? handle_mm_fault+0x42a/0xc70 [ 2452.368609] ? lock_downgrade+0x900/0x900 [ 2452.372799] ? check_preemption_disabled+0x48/0x280 [ 2452.377823] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2452.382759] ? kasan_check_read+0x11/0x20 [ 2452.386911] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2452.392197] ? rcu_softirq_qs+0x20/0x20 [ 2452.396186] ? trace_hardirqs_off_caller+0x310/0x310 [ 2452.401310] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2452.406851] ? check_preemption_disabled+0x48/0x280 [ 2452.411882] handle_mm_fault+0x54f/0xc70 [ 2452.415957] ? __handle_mm_fault+0x5be0/0x5be0 [ 2452.420550] ? find_vma+0x34/0x190 [ 2452.424114] __do_page_fault+0x5e8/0xe60 [ 2452.428180] ? trace_hardirqs_off+0xb8/0x310 [ 2452.432610] do_page_fault+0xf2/0x7e0 [ 2452.436445] ? vmalloc_sync_all+0x30/0x30 [ 2452.440597] ? error_entry+0x70/0xd0 [ 2452.444321] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2452.449351] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2452.454320] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2452.459252] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2452.464106] ? trace_hardirqs_on_caller+0x310/0x310 [ 2452.469131] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2452.474599] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2452.479635] ? page_fault+0x8/0x30 [ 2452.483187] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2452.488038] ? page_fault+0x8/0x30 [ 2452.491595] page_fault+0x1e/0x30 [ 2452.495061] RIP: 0033:0x45ddf3 [ 2452.498268] Code: Bad RIP value. [ 2452.501643] RSP: 002b:000000c42001eea0 EFLAGS: 00010202 [ 2452.507007] RAX: ffffffffffffff92 RBX: 000000003b956db6 RCX: 000000000045ddf3 [ 2452.514301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001585d20 [ 2452.521574] RBP: 000000c42001eee8 R08: 0000000000000000 R09: 0000000000000000 [ 2452.528844] R10: 000000c42001eed8 R11: 0000000000000202 R12: 0000000000000001 [ 2452.536134] R13: 000000c435fae3c0 R14: 0000000000000001 R15: 0000000000000000 [ 2452.543450] CPU: 0 PID: 26617 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #379 [ 2452.550827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2452.554256] Mem-Info: [ 2452.560190] Call Trace: [ 2452.562662] active_anon:113286 inactive_anon:216 isolated_anon:0 [ 2452.562662] active_file:35 inactive_file:0 isolated_file:0 [ 2452.562662] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2452.562662] slab_reclaimable:10098 slab_unreclaimable:117672 [ 2452.562662] mapped:49172 shmem:392 pagetables:1665 bounce:0 [ 2452.562662] free:16089 free_pcp:181 free_cma:0 [ 2452.565208] dump_stack+0x244/0x39d [ 2452.598210] Node 0 active_anon:453144kB inactive_anon:864kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196688kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 108544kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2452.601784] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2452.629370] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2452.634545] warn_alloc.cold.116+0xb7/0x1bd [ 2452.634566] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 2452.660682] lowmem_reserve[]: 0 2818 6321 6321 [ 2452.664987] ? __lock_is_held+0xb5/0x140 [ 2452.665023] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2452.669842] Node 0 DMA32 free:28792kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2452.674435] __vmalloc_node_range+0x522/0x750 [ 2452.674463] ? vb2_vmalloc_alloc+0x123/0x380 [ 2452.678494] lowmem_reserve[]: 0 0 3503 3503 [ 2452.684025] vmalloc_user+0x75/0x170 [ 2452.684043] ? vb2_vmalloc_alloc+0x123/0x380 [ 2452.684061] vb2_vmalloc_alloc+0x123/0x380 [ 2452.711528] Node 0 Normal free:19656kB min:37364kB low:46704kB high:56044kB active_anon:453108kB inactive_anon:864kB active_file:328kB inactive_file:396kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8256kB pagetables:6660kB bounce:0kB free_pcp:476kB local_pcp:228kB free_cma:0kB [ 2452.715997] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2452.716022] ? __vb2_queue_alloc+0xf7/0xfa0 [ 2452.720407] lowmem_reserve[]: 0 0 0 0 [ 2452.724723] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 2452.724743] __vb2_queue_alloc+0x5e1/0xfa0 [ 2452.724783] ? vimc_cap_get_format+0x120/0x120 [ 2452.728455] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2452.732864] vb2_core_create_bufs+0x401/0x8c0 [ 2452.732890] ? __vb2_queue_alloc+0xfa0/0xfa0 [ 2452.732913] ? debug_smp_processor_id+0x1c/0x20 [ 2452.737124] Node 0 DMA32: 8*4kB (M) 9*8kB (ME) 9*16kB (UME) 10*32kB (UME) 7*64kB (UME) 7*128kB (ME) 3*256kB (M) 3*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28792kB [ 2452.766180] ? perf_trace_lock+0x14d/0x7a0 [ 2452.766199] ? __save_stack_trace+0x8d/0xf0 [ 2452.766242] vb2_create_bufs+0x4b6/0x8f0 [ 2452.771303] Node 0 Normal: 696*4kB (UME) 978*8kB (UME) 518*16kB (UME) 2*32kB (U) 0*64kB 4*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19728kB [ 2452.775622] ? v4l2_ioctl+0x154/0x1b0 [ 2452.775662] ? vb2_request_queue+0x120/0x120 [ 2452.775685] ? find_held_lock+0x36/0x1c0 [ 2452.779477] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2452.784567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2452.784591] vb2_ioctl_create_bufs+0x327/0x4a0 [ 2452.784615] v4l_create_bufs+0x152/0x230 [ 2452.788842] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2452.793413] __video_do_ioctl+0x8b1/0x1050 [ 2452.793442] ? v4l_s_fmt+0x990/0x990 [ 2452.806972] 430 total pagecache pages [ 2452.811446] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2452.815864] 0 pages in swap cache [ 2452.820503] video_usercopy+0x5c1/0x1760 [ 2452.836461] Swap cache stats: add 0, delete 0, find 0/0 [ 2452.840668] ? v4l_s_fmt+0x990/0x990 [ 2452.844987] Free swap = 0kB [ 2452.849022] ? v4l_enumstd+0x70/0x70 [ 2452.863158] Total swap = 0kB [ 2452.866932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2452.871309] 1965979 pages RAM [ 2452.875380] ? find_held_lock+0x36/0x1c0 [ 2452.875421] ? __fget+0x4aa/0x740 [ 2452.884258] 0 pages HighMem/MovableOnly [ 2452.889773] ? lock_downgrade+0x900/0x900 [ 2452.894358] 342853 pages reserved [ 2452.898388] ? check_preemption_disabled+0x48/0x280 [ 2452.898410] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2452.906990] 0 pages cma reserved [ 2452.911197] ? kasan_check_read+0x11/0x20 [ 2452.911216] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2452.914934] Unreclaimable slab info: [ 2452.918703] ? rcu_softirq_qs+0x20/0x20 [ 2452.924246] Name Used Total [ 2452.927687] ? __fget+0x4d1/0x740 [ 2452.931752] pid_2 73KB 192KB [ 2452.937084] ? ksys_dup3+0x680/0x680 [ 2452.937105] ? __might_fault+0x12b/0x1e0 [ 2452.937127] ? video_usercopy+0x1760/0x1760 [ 2452.940873] TIPC 11KB 21KB [ 2452.943833] video_ioctl2+0x2c/0x33 [ 2452.943852] v4l2_ioctl+0x154/0x1b0 [ 2452.943869] ? video_devdata+0xa0/0xa0 [ 2452.947573] rds_connection 0KB 3KB [ 2452.950582] do_vfs_ioctl+0x1de/0x1790 [ 2452.956122] SCTPv6 16KB 24KB [ 2452.959229] ? ioctl_preallocate+0x300/0x300 [ 2452.963317] sctp_bind_bucket 0KB 3KB [ 2452.966742] ? __fget_light+0x2e9/0x430 [ 2452.970702] DCCPv6 19KB 29KB [ 2452.974840] ? fget_raw+0x20/0x20 [ 2452.974856] ? _copy_to_user+0xc8/0x110 [ 2452.974880] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2452.978315] DCCP 18KB 20KB [ 2452.983323] ? put_timespec64+0x10f/0x1b0 [ 2452.983342] ? nsecs_to_jiffies+0x30/0x30 [ 2452.983363] ? do_syscall_64+0x9a/0x820 [ 2452.988288] bridge_fdb_cache 11KB 27KB [ 2452.991644] ? do_syscall_64+0x9a/0x820 [ 2452.995806] fib6_nodes 90KB 132KB [ 2453.001048] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2453.004768] ip6_dst_cache 102KB 262KB [ 2453.008714] ? security_file_ioctl+0x94/0xc0 [ 2453.014258] ip6_mrt_cache 0KB 4KB [ 2453.017699] ksys_ioctl+0xa9/0xd0 [ 2453.023070] RAWv6 78KB 91KB [ 2453.026748] __x64_sys_ioctl+0x73/0xb0 [ 2453.030788] UDPv6 3KB 3KB [ 2453.035101] do_syscall_64+0x1b9/0x820 [ 2453.035119] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2453.035139] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2453.040487] TCPv6 26KB 29KB [ 2453.044102] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2453.044125] ? trace_hardirqs_on_caller+0x310/0x310 [ 2453.044165] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2453.047775] nf_conntrack 1KB 11KB [ 2453.051663] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2453.057029] ashmem_area_cache 35KB 47KB [ 2453.060879] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2453.066292] sd_ext_cdb 0KB 3KB [ 2453.070642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2453.076009] scsi_sense_cache 1056KB 1060KB [ 2453.079945] RIP: 0033:0x457669 [ 2453.085315] virtio_scsi_cmd 16KB 16KB [ 2453.088739] Code: Bad RIP value. [ 2453.092719] sgpool-128 8KB 8KB [ 2453.098201] RSP: 002b:00007f6c9b451c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2453.103593] sgpool-64 4KB 6KB [ 2453.107715] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 2453.107729] RDX: 0000000020000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 2453.111892] sgpool-32 2KB 7KB [ 2453.115822] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2453.115836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6c9b4526d4 [ 2453.121198] sgpool-16 1KB 3KB [ 2453.125155] R13: 00000000004c1af3 R14: 00000000004d3720 R15: 00000000ffffffff [ 2453.125615] Mem-Info: [ 2453.130604] sgpool-8 0KB 3KB [ 2453.135251] active_anon:113282 inactive_anon:216 isolated_anon:0 [ 2453.135251] active_file:16 inactive_file:15 isolated_file:0 [ 2453.135251] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2453.135251] slab_reclaimable:10074 slab_unreclaimable:117651 [ 2453.135251] mapped:49168 shmem:392 pagetables:1664 bounce:0 [ 2453.135251] free:16107 free_pcp:181 free_cma:0 [ 2453.135285] Node 0 active_anon:453128kB inactive_anon:864kB active_file:64kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:196672kB dirty:0kB writeback:0kB shmem:1568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 106496kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2453.135292] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2453.135332] lowmem_reserve[]: 0 2818 6321 6321 [ 2453.135351] Node 0 DMA32 free:28792kB min:30052kB low:37564kB high:45076kB active_anon:36kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2453.135396] lowmem_reserve[]: 0 0 3503 3503 [ 2453.142994] mqueue_inode_cache 11KB 21KB [ 2453.145322] Node 0 Normal free:19728kB min:37364kB low:46704kB high:56044kB active_anon:453092kB inactive_anon:864kB active_file:60kB inactive_file:56kB unevictable:0kB writepending:0kB present:4718592kB managed:3587816kB mlocked:0kB kernel_stack:8256kB pagetables:6656kB bounce:0kB free_pcp:476kB local_pcp:248kB free_cma:0kB [ 2453.150524] bio_post_read_ctx 14KB 15KB [ 2453.153998] lowmem_reserve[]: 0 0 0 0 [ 2453.154018] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 2453.154102] Node 0 DMA32: 8*4kB (M) 9*8kB (ME) 9*16kB (UME) 10*32kB (UME) 7*64kB (UME) 7*128kB (ME) 3*256kB (M) 3*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 3*4096kB (M) = 28792kB [ 2453.165568] bio-2 14KB 15KB [ 2453.168859] Node 0 Normal: 696*4kB (UME) 988*8kB (UME) 518*16kB (UME) 2*32kB (U) 0*64kB 4*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19808kB [ 2453.172896] jfs_mp 7KB 7KB [ 2453.178120] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2453.189218] nfs_commit_data 3KB 7KB [ 2453.193309] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2453.193317] 423 total pagecache pages [ 2453.193337] 0 pages in swap cache [ 2453.193347] Swap cache stats: add 0, delete 0, find 0/0 [ 2453.193354] Free swap = 0kB [ 2453.193366] Total swap = 0kB [ 2453.198445] nfs_write_data 32KB 32KB [ 2453.203432] 1965979 pages RAM [ 2453.203439] 0 pages HighMem/MovableOnly [ 2453.203445] 342853 pages reserved [ 2453.203456] 0 pages cma reserved [ 2453.211109] ext4_system_zone 0KB 3KB [ 2453.615366] kioctx 52KB 66KB [ 2453.620742] aio_kiocb 17KB 40KB [ 2453.626339] bio-1 1KB 3KB [ 2453.631718] fasync_cache 0KB 4KB [ 2453.637328] pid_namespace 2KB 11KB [ 2453.642944] rpc_buffers 17KB 19KB [ 2453.648324] rpc_tasks 2KB 3KB [ 2453.653867] UNIX 9KB 14KB [ 2453.659246] tcp_bind_bucket 1KB 8KB [ 2453.664820] inet_peer_cache 14KB 20KB [ 2453.670204] ip_fib_trie 13KB 23KB [ 2453.675955] ip_fib_alias 60KB 94KB [ 2453.681346] ip_dst_cache 6KB 48KB [ 2453.687058] RAW 46KB 57KB [ 2453.692875] UDP 17KB 26KB [ 2453.698268] TCP 8KB 16KB [ 2453.703980] hugetlbfs_inode_cache 2KB 7KB [ 2453.709731] fscache_cookie_jar 1KB 7KB [ 2453.715531] eventpoll_pwq 18KB 47KB [ 2453.720920] eventpoll_epi 32KB 82KB [ 2453.726637] inotify_inode_mark 39KB 78KB [ 2453.732446] request_queue 160KB 160KB [ 2453.737825] blkdev_ioc 11KB 23KB [ 2453.744604] bio-0 438KB 438KB [ 2453.749992] biovec-max 1905KB 1905KB [ 2453.755728] biovec-64 441KB 448KB [ 2453.761103] biovec-16 47KB 60KB [ 2453.766823] bio_integrity_payload 1KB 3KB [ 2453.772882] khugepaged_mm_slot 13KB 31KB [ 2453.778348] user_namespace 5KB 11KB [ 2453.784064] dmaengine-unmap-256 2KB 6KB [ 2453.789613] dmaengine-unmap-128 1KB 3KB [ 2453.795502] dmaengine-unmap-16 0KB 4KB [ 2453.800991] dmaengine-unmap-2 0KB 3KB [ 2453.806736] skbuff_fclone_cache 112KB 228KB [ 2453.812607] skbuff_head_cache 655KB 1785KB [ 2453.817999] configfs_dir_cache 0KB 4KB [ 2453.823868] file_lock_cache 0KB 7KB [ 2453.829252] file_lock_ctx 0KB 3KB [ 2453.835048] fsnotify_mark_connector 22KB 47KB [ 2453.840943] net_namespace 69KB 69KB [ 2453.846666] shmem_inode_cache 5221KB 5542KB [ 2453.852435] task_delay_info 72KB 246KB [ 2453.857810] taskstats 92KB 187KB [ 2453.863573] proc_dir_entry 729KB 817KB [ 2453.868975] pde_opener 0KB 3KB [ 2453.875849] seq_file 128KB 291KB [ 2453.881227] sigqueue 18KB 141KB [ 2453.887008] kernfs_node_cache 12849KB 12962KB [ 2453.892714] mnt_cache 169KB 184KB [ 2453.898102] filp 2102KB 4200KB [ 2453.903978] names_cache 50277KB 50277KB [ 2453.909351] iint_cache 22KB 59KB [ 2453.915144] key_jar 9KB 37KB [ 2453.920530] uts_namespace 3KB 7KB [ 2453.926256] nsproxy 2KB 27KB [ 2453.931638] vm_area_struct 3567KB 5866KB [ 2453.937362] mm_struct 520KB 910KB [ 2453.943144] fs_cache 45KB 180KB [ 2453.948526] files_cache 181KB 300KB [ 2453.954249] signal_cache 514KB 1027KB [ 2453.959633] sighand_cache 481KB 548KB [ 2453.965340] task_struct 2277KB 2301KB [ 2453.970716] cred_jar 325KB 1168KB [ 2453.976452] anon_vma_chain 2144KB 4917KB [ 2453.981828] anon_vma 143KB 350KB [ 2453.987545] pid 45KB 180KB [ 2453.993298] Acpi-Operand 106KB 166KB [ 2453.998678] Acpi-Namespace 19KB 23KB [ 2454.005660] numa_policy 0KB 3KB [ 2454.011035] debug_objects_cache 1247KB 1506KB [ 2454.016932] trace_event_file 260KB 262KB [ 2454.022690] ftrace_event_field 376KB 378KB [ 2454.028156] pool_workqueue 103KB 124KB [ 2454.033902] task_group 5KB 7KB [ 2454.039277] page->ptl 1025KB 3103KB [ 2454.045059] kmalloc-2M 2050KB 2050KB [ 2454.050432] kmalloc-512k 2056KB 2056KB [ 2454.056185] kmalloc-256k 1290KB 1290KB [ 2454.061562] kmalloc-128k 2730KB 2730KB [ 2454.067311] kmalloc-64k 1914KB 2376KB [ 2454.073033] kmalloc-32k 1419KB 1419KB [ 2454.078537] kmalloc-16k 825KB 825KB [ 2454.084280] kmalloc-8k 102580KB 102638KB [ 2454.089707] kmalloc-4k 12962KB 12992KB [ 2454.095414] kmalloc-2k 16876KB 16963KB [ 2454.100786] kmalloc-1k 4350KB 6835KB [ 2454.106506] kmalloc-512 2669KB 5212KB [ 2454.112221] kmalloc-256 2917KB 3858KB [ 2454.117597] kmalloc-128 802KB 1193KB [ 2454.123329] kmalloc-96 1776KB 3804KB [ 2454.128707] kmalloc-64 1711KB 2184KB [ 2454.135512] kmalloc-32 1452KB 2019KB [ 2454.140886] kmalloc-192 816KB 1100KB [ 2454.146730] kmem_cache 288KB 292KB [ 2454.152435] Out of memory: Kill process 24071 (syz-executor4) score 1005 or sacrifice child [ 2454.161015] Killed process 24071 (syz-executor4) total-vm:70340kB, anon-rss:2204kB, file-rss:32768kB, shmem-rss:0kB 06:19:31 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff0d000000]}}}) 06:19:31 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\xdf\xdd\x94D\x8f\x15\xcf!\x00', 0xec38ed91f1c74952}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f0000000080)={'eql\x00\x00\xa1\xa9[\x03Z\t\x02\xe6\x03\xca\x00', @ifru_mtu=0x1}) 06:19:31 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xfdfe}]) 06:19:32 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x51, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffffffffffff], [0x700000000000000]}}}) 06:19:31 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:31 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000100)="f4", 0x1) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'], 0x1) setsockopt$sock_int(r1, 0x1, 0x200000010, &(0x7f0000000540)=0x1, 0x4) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0xffffffffffffff74, &(0x7f0000002b00), 0x0, &(0x7f0000000080)=""/62, 0x3e}}], 0x20a, 0x2, 0x0) [ 2456.992855] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:32 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000100)="f4", 0x1) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'], 0x1) setsockopt$sock_int(r1, 0x1, 0x200000010, &(0x7f0000000540)=0x1, 0x4) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0xffffffffffffff74, &(0x7f0000002b00), 0x0, &(0x7f0000000080)=""/62, 0x3e}}], 0x20a, 0x2, 0x0) 06:19:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xfcfd}]) [ 2457.133849] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) 06:19:32 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x200000000000000}]) [ 2457.294010] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 06:19:32 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0xfffffffffffffffc) r1 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x4006, 0x80) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) sendfile(r1, r0, 0x0, 0x7fffffff) lseek(r1, 0x0, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r1, 0x0, 0x8804200) fcntl$setlease(r1, 0x400, 0x0) 06:19:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'\nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x20000280, 0x200002b0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x2000d, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) [ 2457.493761] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 2461.405747] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 2461.414236] CPU: 1 PID: 9878 Comm: kworker/u4:5 Not tainted 4.20.0-rc7+ #379 [ 2461.421445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2461.430838] Workqueue: writeback wb_workfn (flush-8:0) [ 2461.436129] Call Trace: [ 2461.438742] dump_stack+0x244/0x39d [ 2461.442388] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2461.447587] panic+0x2ad/0x55c [ 2461.450767] ? add_taint.cold.5+0x16/0x16 [ 2461.454905] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2461.459477] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2461.465035] ? check_preemption_disabled+0x48/0x280 [ 2461.470080] ? check_preemption_disabled+0x3a/0x280 [ 2461.475086] __schedule+0x21c6/0x21d0 [ 2461.478875] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2461.483965] ? __sched_text_start+0x8/0x8 [ 2461.488113] ? __delayacct_freepages_end+0xe0/0x140 [ 2461.493189] ? add_timer_on+0xa20/0xa20 [ 2461.497172] ? zap_class+0x640/0x640 [ 2461.500868] ? print_usage_bug+0xc0/0xc0 [ 2461.504917] ? find_held_lock+0x36/0x1c0 [ 2461.508969] schedule+0xfe/0x460 [ 2461.512349] ? find_next_bit+0x104/0x130 [ 2461.516393] ? __schedule+0x21d0/0x21d0 [ 2461.520353] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2461.525878] ? zone_reclaimable_pages+0x45d/0x9d0 [ 2461.530741] ? __lockdep_init_map+0x105/0x590 [ 2461.535223] ? lockdep_init_map+0x9/0x10 [ 2461.539274] schedule_timeout+0x140/0x260 [ 2461.543423] ? usleep_range+0x1a0/0x1a0 [ 2461.547381] ? __next_timer_interrupt+0x1a0/0x1a0 [ 2461.552215] schedule_timeout_uninterruptible+0x75/0x90 [ 2461.557565] __alloc_pages_slowpath+0x14c8/0x2de0 [ 2461.562409] ? warn_alloc+0x120/0x120 [ 2461.566196] ? debug_smp_processor_id+0x1c/0x20 [ 2461.570864] ? perf_trace_lock+0x14d/0x7a0 [ 2461.575090] ? lock_is_held_type+0x210/0x210 [ 2461.579484] ? zap_class+0x640/0x640 [ 2461.583180] ? zap_class+0x640/0x640 [ 2461.586877] ? check_preemption_disabled+0x48/0x280 [ 2461.591894] ? check_preemption_disabled+0x48/0x280 [ 2461.596905] ? __lock_is_held+0xb5/0x140 [ 2461.600951] ? find_held_lock+0x36/0x1c0 [ 2461.604998] ? zap_class+0x640/0x640 [ 2461.608702] ? find_get_entry+0xa87/0x1120 [ 2461.612921] ? lock_downgrade+0x900/0x900 [ 2461.617063] ? check_preemption_disabled+0x48/0x280 [ 2461.622066] ? __lock_is_held+0xb5/0x140 [ 2461.626127] ? perf_trace_sched_process_exec+0x860/0x860 [ 2461.631567] ? __might_sleep+0x95/0x190 [ 2461.635528] __alloc_pages_nodemask+0xad8/0xea0 [ 2461.640184] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 2461.645196] ? lock_is_held_type+0x210/0x210 [ 2461.649596] ? zap_class+0x640/0x640 [ 2461.653295] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2461.658819] ? __radix_tree_lookup+0x3b6/0x510 [ 2461.663396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2461.668918] ? pagecache_get_page+0x2d8/0xf00 [ 2461.673401] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2461.678957] alloc_pages_current+0x173/0x350 [ 2461.683357] __page_cache_alloc+0x38c/0x5c0 [ 2461.687665] ? print_usage_bug+0xc0/0xc0 [ 2461.691708] ? __update_load_avg_se+0xae0/0xae0 [ 2461.696362] ? generic_perform_write+0x6a0/0x6a0 [ 2461.701098] ? attach_entity_load_avg+0x860/0x860 [ 2461.705930] pagecache_get_page+0x396/0xf00 [ 2461.710238] ? add_to_page_cache_lru+0xdb0/0xdb0 [ 2461.714981] ? __find_get_block+0x2f7/0xf20 [ 2461.719287] ? __find_get_block+0x2f7/0xf20 [ 2461.723592] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2461.728196] ? trace_hardirqs_on+0xbd/0x310 [ 2461.732500] ? __getblk_gfp+0x2b3/0xd50 [ 2461.736469] ? trace_hardirqs_off_caller+0x310/0x310 [ 2461.741568] ? detach_if_pending+0x6a0/0x6a0 [ 2461.745961] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2461.751484] ? check_preemption_disabled+0x48/0x280 [ 2461.756482] ? find_held_lock+0x36/0x1c0 [ 2461.760529] ? __find_get_block+0x3be/0xf20 [ 2461.764839] ? try_to_free_buffers+0xc80/0xc80 [ 2461.769410] ? perf_trace_sched_process_exec+0x860/0x860 [ 2461.774847] ? __lock_acquire+0x62f/0x4c20 [ 2461.779063] ? __lock_acquire+0x62f/0x4c20 [ 2461.783284] ? trace_hardirqs_on+0xbd/0x310 [ 2461.787594] ? __might_sleep+0x95/0x190 [ 2461.791563] __getblk_gfp+0x3aa/0xd50 [ 2461.795348] ? mark_held_locks+0x130/0x130 [ 2461.799564] ? mark_held_locks+0x130/0x130 [ 2461.803804] ? __find_get_block+0xf20/0xf20 [ 2461.808110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2461.813652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2461.819179] ? check_preemption_disabled+0x48/0x280 [ 2461.824181] ? debug_smp_processor_id+0x1c/0x20 [ 2461.828830] ? perf_trace_lock+0x14d/0x7a0 [ 2461.833054] ? lock_is_held_type+0x210/0x210 [ 2461.837447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2461.842968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2461.848492] ? check_preemption_disabled+0x48/0x280 [ 2461.853490] ? check_preemption_disabled+0x48/0x280 [ 2461.858488] ? zap_class+0x640/0x640 [ 2461.862202] ? zap_class+0x640/0x640 [ 2461.865902] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2461.870902] ? ext4_get_group_desc+0x1c6/0x2c0 [ 2461.875475] ext4_read_block_bitmap_nowait+0x314/0x1f50 [ 2461.880822] ? find_held_lock+0x36/0x1c0 [ 2461.884875] ? ext4_free_clusters_after_init+0xb20/0xb20 [ 2461.890306] ? lock_downgrade+0x900/0x900 [ 2461.894454] ? check_preemption_disabled+0x48/0x280 [ 2461.899469] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2461.904398] ? kasan_check_read+0x11/0x20 [ 2461.908530] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2461.913787] ? rcu_softirq_qs+0x20/0x20 [ 2461.917765] ? ext4_mb_use_inode_pa+0x37f/0x530 [ 2461.922423] ? ext4_mb_use_preallocated.constprop.32+0xf4/0x11c0 [ 2461.928553] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2461.933574] ext4_read_block_bitmap+0x1f/0x90 [ 2461.938058] ext4_mb_mark_diskspace_used+0x19e/0x10d0 [ 2461.943270] ? ext4_trim_extent+0x1300/0x1300 [ 2461.947764] ? kmem_cache_alloc+0x33a/0x730 [ 2461.952077] ext4_mb_new_blocks+0xea5/0x4840 [ 2461.956482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2461.962004] ? check_preemption_disabled+0x48/0x280 [ 2461.967002] ? find_held_lock+0x36/0x1c0 [ 2461.971048] ? debug_smp_processor_id+0x1c/0x20 [ 2461.975702] ? perf_trace_lock+0x14d/0x7a0 [ 2461.979927] ? lock_is_held_type+0x210/0x210 [ 2461.984323] ? ext4_discard_preallocations+0x1900/0x1900 [ 2461.989762] ? zap_class+0x640/0x640 [ 2461.993464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2461.998990] ? find_held_lock+0x36/0x1c0 [ 2462.003068] ? ext4_es_cache_extent+0x2a4/0x6a0 [ 2462.007721] ? lock_downgrade+0x900/0x900 [ 2462.011858] ? ext4_es_free_extent+0x790/0x790 [ 2462.016445] ? kasan_check_read+0x11/0x20 [ 2462.020575] ? do_raw_write_lock+0x14f/0x310 [ 2462.024970] ? do_raw_write_trylock+0x270/0x270 [ 2462.029630] ? _raw_write_unlock+0x2c/0x50 [ 2462.033861] ? ext4_es_cache_extent+0x2c4/0x6a0 [ 2462.038514] ? ext4_es_insert_extent+0xbd0/0xbd0 [ 2462.043289] ? __ext4_ext_check+0x56c/0x1330 [ 2462.047709] ? out_of_line_wait_on_bit+0x213/0x3c0 [ 2462.052630] ? ext4_ext_put_gap_in_cache+0x1f0/0x1f0 [ 2462.057744] ? __might_sleep+0x95/0x190 [ 2462.061718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.067239] ? __read_extent_tree_block+0x4f5/0xab0 [ 2462.072238] ? zap_class+0x640/0x640 [ 2462.075937] ? __ext4_ext_check+0x1330/0x1330 [ 2462.080416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.085938] ? check_preemption_disabled+0x48/0x280 [ 2462.090942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.096496] ? ext4_ext_search_right+0x2e1/0xb10 [ 2462.101238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.106760] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2462.111763] ext4_ext_map_blocks+0x2724/0x48f0 [ 2462.116341] ? ext4_ext_release+0x10/0x10 [ 2462.120476] ? zap_class+0x640/0x640 [ 2462.124178] ? zap_class+0x640/0x640 [ 2462.127876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.133400] ? check_preemption_disabled+0x48/0x280 [ 2462.138408] ? lock_acquire+0x1ed/0x520 [ 2462.142382] ? ext4_map_blocks+0x88f/0x1b50 [ 2462.146690] ? lock_release+0xa00/0xa00 [ 2462.150669] ? perf_trace_sched_process_exec+0x860/0x860 [ 2462.156109] ? ext4_es_cache_extent+0x6a0/0x6a0 [ 2462.160777] ? down_write+0x8a/0x130 [ 2462.164476] ? ext4_map_blocks+0x88f/0x1b50 [ 2462.168784] ? down_read+0x120/0x120 [ 2462.172493] ext4_map_blocks+0x8f7/0x1b50 [ 2462.176626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.182153] ? check_preemption_disabled+0x48/0x280 [ 2462.187184] ? ext4_issue_zeroout+0x190/0x190 [ 2462.191663] ? __lock_is_held+0xb5/0x140 [ 2462.195718] ext4_writepages+0x253a/0x41a0 [ 2462.199955] ? ext4_mark_inode_dirty+0xb20/0xb20 [ 2462.204697] ? print_usage_bug+0xc0/0xc0 [ 2462.208844] ? attach_entity_load_avg+0x860/0x860 [ 2462.213715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.219249] ? check_preemption_disabled+0x48/0x280 [ 2462.224259] ? __lock_acquire+0x62f/0x4c20 [ 2462.228479] ? zap_class+0x640/0x640 [ 2462.232188] ? print_usage_bug+0xc0/0xc0 [ 2462.236236] ? __lock_acquire+0x62f/0x4c20 [ 2462.240456] ? mark_held_locks+0x130/0x130 [ 2462.244689] ? mark_held_locks+0x130/0x130 [ 2462.248912] ? check_preemption_disabled+0x48/0x280 [ 2462.253928] ? zap_class+0x640/0x640 [ 2462.257627] ? debug_smp_processor_id+0x1c/0x20 [ 2462.262323] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.267845] ? check_preemption_disabled+0x48/0x280 [ 2462.272850] ? ext4_mark_inode_dirty+0xb20/0xb20 [ 2462.277592] do_writepages+0x9a/0x1a0 [ 2462.281371] ? ext4_mark_inode_dirty+0xb20/0xb20 [ 2462.286105] ? do_writepages+0x9a/0x1a0 [ 2462.290096] __writeback_single_inode+0x20a/0x1660 [ 2462.295026] ? __lock_acquire+0x62f/0x4c20 [ 2462.299271] ? __mark_inode_dirty+0x1510/0x1510 [ 2462.303927] ? lock_is_held_type+0x210/0x210 [ 2462.308353] ? find_held_lock+0x36/0x1c0 [ 2462.312418] ? wbc_attach_and_unlock_inode+0x5c0/0xa30 [ 2462.317703] ? lock_downgrade+0x900/0x900 [ 2462.321834] ? find_held_lock+0x13f/0x1c0 [ 2462.325976] ? kasan_check_read+0x11/0x20 [ 2462.330120] ? do_raw_spin_unlock+0xa7/0x330 [ 2462.334511] ? do_raw_spin_trylock+0x270/0x270 [ 2462.339090] ? __lock_is_held+0xb5/0x140 [ 2462.343143] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2462.348688] ? wbc_attach_and_unlock_inode+0x675/0xa30 [ 2462.353953] ? __writeback_single_inode+0x1660/0x1660 [ 2462.359147] writeback_sb_inodes+0x71f/0x1210 [ 2462.363647] ? wbc_detach_inode+0x940/0x940 [ 2462.367965] ? lock_release+0xa00/0xa00 [ 2462.371937] ? down_read_trylock+0xda/0x140 [ 2462.376241] ? trylock_super+0x22/0x110 [ 2462.380197] ? downgrade_write+0x270/0x270 [ 2462.384417] ? up_read_non_owner+0x100/0x100 [ 2462.388812] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2462.394338] __writeback_inodes_wb+0x1b9/0x340 [ 2462.398912] ? writeback_sb_inodes+0x1210/0x1210 [ 2462.403663] ? __lock_is_held+0xb5/0x140 [ 2462.407716] wb_writeback+0xa73/0xfc0 [ 2462.411507] ? writeback_inodes_wb.constprop.50+0x330/0x330 [ 2462.417204] ? lock_is_held_type+0x210/0x210 [ 2462.421599] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2462.426774] ? print_usage_bug+0xc0/0xc0 [ 2462.430819] ? string+0x225/0x2d0 [ 2462.434260] ? widen_string+0x2e0/0x2e0 [ 2462.438236] ? mark_held_locks+0x130/0x130 [ 2462.442458] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2462.447456] ? find_next_bit+0x104/0x130 [ 2462.451503] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2462.456503] ? find_next_bit+0x104/0x130 [ 2462.460554] ? cpumask_next+0x41/0x50 [ 2462.464354] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2462.469354] ? get_nr_dirty_inodes+0xd6/0x130 [ 2462.473832] ? __local_bh_enable_ip+0x160/0x260 [ 2462.478490] ? get_nr_dirty_pages+0x17c/0x1f0 [ 2462.482967] ? _raw_spin_unlock_bh+0x30/0x40 [ 2462.487377] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2462.492376] ? wb_split_bdi_pages.isra.29+0x134/0x1b0 [ 2462.497547] ? wb_wait_for_completion+0x2d0/0x2d0 [ 2462.502371] ? wb_workfn+0x521/0x1790 [ 2462.506158] ? __local_bh_enable_ip+0x160/0x260 [ 2462.510813] wb_workfn+0xee9/0x1790 [ 2462.514429] ? __lock_acquire+0x62f/0x4c20 [ 2462.518663] ? inode_wait_for_writeback+0x40/0x40 [ 2462.523494] ? mark_held_locks+0x130/0x130 [ 2462.527712] ? perf_trace_lock+0x14d/0x7a0 [ 2462.531932] ? mark_held_locks+0x130/0x130 [ 2462.536160] ? lock_is_held_type+0x210/0x210 [ 2462.540556] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.546080] ? check_preemption_disabled+0x48/0x280 [ 2462.551189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.556720] ? __perf_event_task_sched_out+0x33a/0x1bf0 [ 2462.562073] ? lock_is_held_type+0x210/0x210 [ 2462.566481] ? lock_is_held_type+0x210/0x210 [ 2462.570877] ? zap_class+0x640/0x640 [ 2462.574580] ? lock_downgrade+0x900/0x900 [ 2462.578718] ? find_held_lock+0x36/0x1c0 [ 2462.582766] ? zap_class+0x640/0x640 [ 2462.586466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2462.592023] ? check_preemption_disabled+0x48/0x280 [ 2462.597039] ? __lock_is_held+0xb5/0x140 [ 2462.601091] process_one_work+0xc90/0x1c40 [ 2462.605312] ? mark_held_locks+0x130/0x130 [ 2462.609554] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 2462.614223] ? __switch_to_asm+0x40/0x70 [ 2462.618274] ? __switch_to_asm+0x34/0x70 [ 2462.622319] ? __switch_to_asm+0x34/0x70 [ 2462.626362] ? __switch_to_asm+0x40/0x70 [ 2462.630402] ? __switch_to_asm+0x34/0x70 [ 2462.634443] ? __switch_to_asm+0x40/0x70 [ 2462.638502] ? __switch_to_asm+0x34/0x70 [ 2462.642559] ? __switch_to_asm+0x40/0x70 [ 2462.646611] ? __schedule+0x8d7/0x21d0 [ 2462.650499] ? zap_class+0x640/0x640 [ 2462.654196] ? lock_downgrade+0x900/0x900 [ 2462.658335] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2462.662913] ? lock_acquire+0x1ed/0x520 [ 2462.666869] ? worker_thread+0x3e0/0x1390 [ 2462.671040] ? kasan_check_read+0x11/0x20 [ 2462.675172] ? do_raw_spin_lock+0x14f/0x350 [ 2462.679474] ? kasan_check_read+0x11/0x20 [ 2462.683617] ? rwlock_bug.part.2+0x90/0x90 [ 2462.687845] ? trace_hardirqs_on+0x310/0x310 [ 2462.692246] worker_thread+0x17f/0x1390 [ 2462.696201] ? __switch_to_asm+0x34/0x70 [ 2462.700252] ? process_one_work+0x1c40/0x1c40 [ 2462.704740] ? __sched_text_start+0x8/0x8 [ 2462.708883] ? __kthread_parkme+0xce/0x1a0 [ 2462.713104] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2462.718189] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 2462.723279] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2462.727846] ? trace_hardirqs_on+0xbd/0x310 [ 2462.732151] ? kasan_check_read+0x11/0x20 [ 2462.736301] ? __kthread_parkme+0xce/0x1a0 [ 2462.740539] ? trace_hardirqs_off_caller+0x310/0x310 [ 2462.745643] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 2462.750738] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2462.756264] ? __kthread_parkme+0xfb/0x1a0 [ 2462.760483] ? process_one_work+0x1c40/0x1c40 [ 2462.764963] kthread+0x35a/0x440 [ 2462.768331] ? kthread_stop+0x900/0x900 [ 2462.772288] ret_from_fork+0x3a/0x50 [ 2462.777612] Kernel Offset: disabled [ 2462.781570] Rebooting in 86400 seconds..