x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f0000000000)={0x1, [0x0]}) 20:21:44 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:44 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000080)={0x733d, 0x6, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f00000001c0)={0x7, 0x4, 0x26, 0x7, 0x1, 0x3ff}) 20:21:44 executing program 5: pipe(0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:44 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x48c0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000040)={{0x7, 0x3}, 'port0\x00', 0x24, 0x1004, 0x461a5da1, 0x7, 0xc072, 0x5, 0x0, 0x0, 0x1, 0x40}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/seq\x00', 0x240) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000180)={0x30, @tick=0x401, 0x10, {0x80, 0x6d}, 0x7f, 0x2}) 20:21:44 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x101000, 0x0) flock(r2, 0x9) r3 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r3, 0x0) ioctl$sock_ifreq(r3, 0x8991, &(0x7f0000000100)={'team_slave_0\x00', @ifru_names}) ioctl$BLKRRPART(r2, 0x125f, 0x0) r4 = accept(r0, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000080)={0x4}, 0x4) openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x40, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f0000000040)='gtp\x00', r4) pipe(&(0x7f0000000140)) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000180)={0x7, 0x4}) 20:21:44 executing program 1: add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key$fscrypt_v1(&(0x7f00000000c0)='logon\x00', &(0x7f00000001c0)={'fscrypt:', @desc4='85baa174f0cb1142'}, &(0x7f0000000200)={0x0, "c1c2d54ffa7d324db9c9a21d5cb02923c6daf839d445a6caf243db3079e529c4673bb74a2f611947c3f3ecbc254866159a5809a9be79b0be91575762ae84d356"}, 0x48, 0x0) 20:21:44 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:44 executing program 2: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000000)={0x2, [0x0, 0x0]}) 20:21:44 executing program 5: pipe(0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:44 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, 0x0, 0x0, 0x1}}, 0xfffffedd) write$midi(r0, &(0x7f0000000080)="438590aa9d40a020b11cd0191bf30400ca1d57ea6820d6c62a5a5920f1ef4daf3c9fcc8370d1ebb0667cecbb308c5536b5afa4d32befc5d6d25d7a0845473b68eae21b373fa5d6d95c708283c2dbf0e2afb41559c817b4de80da0063532367d3bcdc9cfb9fe676376599a21e9dd102500fba195ad4088425fd4edb52f033dce1acfb0428c8a72649dd0ead57ef6317c4f0e6bd3442784fe5c7f04a119adc1f631b1e8708e56a160e915bce16d0c3bc08b0d67dc8d975775a3bf7f02c22c59a3e70bac8c49dc5e487ea1c024aa1c8e488498c80cfcb0d2b721e01a7bbec1643a3ab46747b89c2d788e017f3710f312d0dc3e1b13e71cd0484649d5811ad2a1c6ae8e558050da39f31f600e72c9b2f0815957860373699948b55cc415667bfd76e111a4afbf467f6a2fbfd9bce75cddec99cc3431b51587136367a1e323cf668fd06d935f2440c148d3f1fabdb5a8778624bbd55597ccdae1599f1f4c521b2eb9f8c762aee0ad7895354173870b1a0cd620cb74b95ac82257626baa69e80923a3f950806c7b72183c2829040658dc05ee3eae747b781abb83b7ad3d5ec7883a1e967f443f92b368ea3a3d71687237199f53a4af527d64ca06851f8df4f8207035372767608c6663439c3888fc24ea6f19ab002188b800319d82bb64eafc9ed52cdf304c742262777d7ff7dad0f14ba6604db2ea8b723440b36f0ac337f846493c8607c3ec2e71239e32449cd19c6fc10ddeef127fbe66aeda35dd7c25552aac5338a5e927f0dc921ffe6cdf955ba1586b93bcb3b8975b9beb886a7a92d1c5d41a0c7a26fc8c8a9a4e1e43d2ca03796b3b4d26e976a1ac7ac7e86eee1e307f899bbe7dc67f29a1cee5f32690a10b926b2b5bde461920fe19db4adad372960ff500a02d83abb6698338cf21375d72bd6c8f0ef3adb31b67df85620fd9886acc92848c5051e875d578514acfd5798c86965509e7c4d0c11e0140e7ea43b6aab8a4455d2d645940d4d840601f4177c208557120e8bd04b104a8b32889edb80f52a879e95b52be032a64df6e6d80e3d13e1b143b3b1390aba750c3ec84a8e48eb331e812363378d213a529c92bec20442406d449edd4518375f6d74db1575efdf603b8097b7b5c5c1caf1d8bf6021641e37320fc00a2e5e8c393b40018d88e66bfdb83200af46c44c4d419fd07918b95e496b048279e0e096cd2d087e3c4fdacb53019c992a73a40eb9f8a27f6e1a7c12100d2e3448149e8c2fa7432c73c071cf9094c4d007e055fa058498b1487cadf73ec8edce46f48c14d8ce6a071045b2cd93d4cfc9252c203ecb0b3775cbd8f30e252b74061a5f9b550b6c1e05a1c2794ab408f2c6c86a58e39a336825b614ed0b79ed510c1d6bf21733c3abc0a792970e5ac4ed1b1453876c940c0ec2c9046940530d7185dd6cac8cebe2c7cabcc586c0b4ca1838f6aa65404819af16dfd2b2b9852958cb198a0ddac1a2a394710d450b4594dfba15e60b7e6c9931fd6bd7c495d1fbeb83b04336c8daa31c8e0e10eb5271052613874c548503103bbdae9d9da1d2029460a9676a085784324b03f99c1ef111cb81c13cc8f3cfb052524c5615d6db30f08dc1255a0ffb5d567942c46d27d843988dc6c72267ad2e8e1026c97b87564ad08f0b91560eb9be0b3f5b75980a38df90903d0ebd35b9b9b3a834b17c498148a63d619047e7ea49922556aedfeba7e113506d0dfab7436b9e8810b17b9ffd69c5d7275b7a3a804ee0155de074ed5b83f02a47d9d28a4abfb6be357fbd6ed74bb428f6460a0565ea2d0b5b4fb032699cd377a464c90312ff8ec422548df0260469948502bb4554579753524a7d3cfddafc2f10ad975b5ec7a498abee2eca6358a26b8a60f6550a9f21d0d8ebccee1d6f90a0ae9076dc15d18af59c4c23cc03b4b9d74c9107ca9242d8864cf688d1bf5326f7983788a45bf417f00e083cdc8c35b0a9c6d9732861448c67c83b3576115bc8a84387e62501d31cb69aa7e2a459e703a2bc24545ba2ed2f1c990c347840884b7fd6cfdea350588e855814d4e2763d610a701ea58a63c238eff70e7ccf4a1ee2d0b1059e00df8cc90140d3c1eff9d6155c640c99295f8797124882810c34c139cdb87d5580bf190028920ad7b3b54951361fd3eeaa59b4c7c603e84d5142a614d9551784d5109c60f8e34e5dd65edda2eed63fbad570300530879b9f41f819cb31ffdee65678bd7d4d683f55f62a4ee7199b03c5cb1f09884b2a43fc898f5073b7bf12cc8b621861ead4422c20fc8ff46e0d5a1d61bfdd9c47ba230cd8971cecb081b1d250e34159b858feaf0efa181e3f81a5114a47ff8988fe541382706cefc58fd158e0c29242f73f8cd10671fdde78eb7950c1c81e622bc686f954a980fa8bef10aa586cdeabddb937ae077bd4e9f4e640d8352882a4927ef433c5f441bf22463912753bb61584450ce557003aaca3f60c15995e36050bc5adfa99339163dc2386734758ed98bddbc409d7570451455f0f8c0e3eca595b9d2a15109246d98f45dc09a7640c5cfb787f31ce99e8e475699cfe6f1fa2c2b7a7c33905b7722d10fcd1f7fd400eb916e1033b9cabbef1f38d7a1966a559d3da2ddd2cb17a1a792ff36d8d0f8bd5c7bdcbe8b1d4d443796afdc91732768f23bc3a857495bcd00699d3d75d2f614ea2bf9b481333dd00b172b23df727a77a95ab02d63bade9f6472fed19016f12eb9734772c1e76da13d87a258627637fe3631ae30b7bef75019d8d09615666935313ff77ea52fd086257471df6da3c9a4564f7d442086d5aa2cc812b6fe5342a3f73b39abad1bffba4ea86fcb96273b9c71eddc07b82f7b3c8e2f02bdd31166d7aeca0b3a851548137331f0078e21635870932ca103c4960a28328153db3dc67cd4fb170710c8b4ef4504aadea676d699dfb540af44f7bed7bb9957b079ddefbe9a4028b69b232dbccce921c96fa5685d7210298620f6f5ee58ca970e3fad97fa58265e50590e2facc509802e118e7c4529bcba51839f37ae81cce81829f28ced687070a975bd3725fbfddd98dacce60677e295a3a8a0c4da832b15199936fe424c7feeb57cd65fcd010e332b2e520789a37c27873b6aec74eca978cf211897be1ce375d0f2b787e6a70abe727c31543309ace2384c2e919f512d9f8ef46be7ef4fdbdf68350038678e14e273db92d33b3c87107ae3c422ceb697a58559a2406fbbe5d6a9282f3f49241ce6a7b9ffa35d0a6b326acfcfbd47bc22330abd04ef4e065c3697817b81e49976a68ed73db5f0b60cea5a43700cd0d179683bf5fa2237e224160ef4c4fb6991fb0a190a1fb1400f569af8603e6c43fa8f21990de52441d95fcc6a13a6673b02aebb8fcf139a3d9011f8ffa152328d35c95740c897df3214d144ad6e7d3dc5e5e856a80f1bfcb918e2fca449d1246a06fbbaed08aeddc197d5f2c95d735cb3e9cbf2b6aff38c9b7fff5db1809488075000450c0c270f5405802aa2a488af141b8c761a32487189f9e08bcd2a5e8488404438245562463e6ef361737b89feaca68c516ef16ee38149fff94323139facea8cf6828accc18cbe83f9e2625175504658e007fb819086916a268e682f8f5921f4b30c0e1334d48d01d9d78a9055d2cc2e0190be76b9459d8390571e6715beacbc3da4e219d1ad3bffa88776433a4b7941350e6331969415ce2bde3e6ff18998a4a8dd3a70e7601a1a81201db841df85fa96afba613da4e4f600c03eb9b09f7d83f286bd95906f38a72919c866418791d0980dc79f31aef7558089a52d44e95f4d98d085eeca86f9319987d7778df14338c51a9260fc5fd1b16c23c04361b57e70ca225437fde4b1ce5fb6cfa0314d10d03e569a787c2910bfd1be41ec3730e0f3a4a01ccf35ea0a7a99f18a518470762ddd02f13b68ce10f4971a14305481c7bb95eaa5ffa1300128a5761982d0a0ab1db814d492566508d60b355d4ed651f9cf280110934fbd6a074b1945e0062653d0772f3d62563e817f3a26062c3fb7005bbcf60c9665f9117cfbd55756cea3d38f300947b5550e244c6a9c5b9901f0e31ec69ea0b3915289fc7753fd6db925a67f4c52dcddcdf1cb5c7550ffcb0ffdf1b8f553b4a9bf44011b8d824bb09e5a162412d9b47386566c23016c99c53712f0fa1c9df7e9d713c31d64755ea086e6d46966a2e0373ed9ed943a09b633bb788074c1c2ffb6a2d5afae1b7fda278e64642a009945ee758df6bacdf109023d77066820f6fe69ba910a556d402b7fa22d2947aba3cc19784eccf71ed3c2aebb9b7c310ad5b1cf0d009413cdf48d70e43e4dba7245ee328b213f6eda260a918a20a0f029c43bd3e65be53378afbdfc62e1ee7fd95a59921d399de5d46577ca78567a9bf4dc9183a0b521e2e2a5aff4c8e63361cabe64f027afe90ab01ee8f6f3b930ca01bad6094203821e3eccedc0e95849c326c210413a32cca07adf738cc6db1a698b4a7601b25af3a5340fe145adcc2bf359b3ca6def4cd79162abf9516f3b0643c8f4f39610b24614ba77afd410b06435f88fdf9e8dece1feeb92e5503a2f8b8d469113d79758f46eb447b1f803317327248c343d6b87cbb07e4a398ac6fbf866b0ce2ed65dbe351fc486674a89cf57ae75e8962018a1f68aef027d7059016ac218219286907180668ef64b50a00ec4414b9d46be1eeeb200478e47ff2652bf17ecc68dec274cef8f1599d63bee9b00df46c43cb7fcf71bc6e1ba8be53d43e5931fe6298f8c27b427e75eb6fc4aee74479ef6080a41c1a9c8fcf6e5f47680a1c95c70be163038c89e70d991c997aec6e8dee64d2c6e4ad99d438c0bb422d31771d437555ffe944a07c9c0cf89a31aab8198b8bccc3033ca2dcb3a2c20fcbe27d8f9664a306700b9c376ca02b80542ca365d10ba58a4350ea0a10600a1c4f3df2ac4a93370e117d96952e9009e75d09ec7e0137ee1c962a569bfa402b1f604fa687ad925e3816ca35932ba0ac7d4dd100b407531b53cc9d1368c6e4b9e6d7ac9644c7dd26d43dbbf5b003db304673d6ad1650868c1608e05ba60352a06d9207386144b53e983ce8cdd7011b5c6639a8cbfa122b4f36a1df7ad802e9c13b2f50321d6352df749075c79070d2a3e02669b8146dbffa1de592ec2fbaa0d7297c71f8f1d40b5150ae5e567bd8a77ca22b44b141f3ab349376fa792c48b7b2bea489ef0ad1aba3378537e524d01887ea61142e0dc2dd972998c7a1e6d419b37d02db6a05e2a4c6d716226bcd36b2ef507301ff2975e6671d0500b79e26fb0f671360cdbf12319fc6c36534d7d9ed6e9fa1ec6f5fcd4ea6da3adc85448c665c779804a1a125625213ccd07d969a0f9b08e11f8441c4547152058fe16052c0b7a02eb20e900440b427772ee8bae2c326c5ec1a0b1f41c0c505a25ca9afdf58ded23e2caa16288dff02a64ecba02123d2d384c4798124888bf715f7efb17b9ac7cc25bf13d7dc00912b19f3dcc23e77915e30a93791a6c5536993f823b8b848d833f6d28a3a2d96290135ebfadc9470aad815c186b2c540ec3f3cce62ce60579ae2cd1cc27ea9d16da8626eebd3caac759b6eb27e5b4e9d2b73a841a501cd8e6c5b28ba462d6f5ad55aa4db4517d244dd626546545a666348e2f2b2b23b3b95fa575b9096c73457496ba98fe8c4384295895481eebb24e4f884735c3a6c98952f9cd11809b3d4234e8f1eda59215084018e22511d2d2df22556506fad30395d1f66ea5faf1a", 0xfe1) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') 20:21:44 executing program 1: add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key$fscrypt_v1(&(0x7f00000000c0)='logon\x00', &(0x7f00000001c0)={'fscrypt:', @desc4='85baa174f0cb1142'}, &(0x7f0000000200)={0x0, "c1c2d54ffa7d324db9c9a21d5cb02923c6daf839d445a6caf243db3079e529c4673bb74a2f611947c3f3ecbc254866159a5809a9be79b0be91575762ae84d356"}, 0x48, 0x0) [ 644.425199] nullb0: AHDI p1 p3 [ 644.431789] nullb0: p1 size 4294918194 extends beyond EOD, truncated 20:21:44 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/null\x00', 0x8002, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x4, 0x8, 0x0, 0x5, 0x0, 0x3, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000000), 0xb}, 0x218, 0xfffffffffffffff9, 0x22, 0x5, 0x3, 0x8, 0x8001}, 0x0, 0xf, r0, 0x2) r1 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000080)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0xa6, 0x3, 0x4, 0x2, 0xdb, 0x1, "9172b30bac153afd4da34f82c43c4cd9f0616e64135d6881ebf677fd6016ac017cd51cd038d9638e9839ab1c60e41063eea16429fb752dda04d37cb06d74214827e5eccde4630de9bc1c606c776e190c1148a2e9071a47bc809c2fef5f7deeefe00ec389af4406eb53822959a166f73140592d18e6080bc6677891866d8355438d55919131266682e7916a166360bd8637f715aada2ee5721b648039666a3d80ce7b534d7f7b"}}, 0x1be) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:44 executing program 5: pipe(0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:44 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) [ 644.474228] nullb0: p3 size 4294901811 extends beyond EOD, truncated 20:21:44 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0xfffffffffffffffa, 0x1000, 0x0, 0x1ff}) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000040)='blacklist\x00', &(0x7f0000000180)='%\xfcxN\xba-\xca\xbaTk\x8dT\xa8\xb1F\xeb\x10\xb2\xd8(\x80\xf4\xa3\fP\xf6\x93\xf56\xfct\xbdf:\n\x99\xf3\xaa\xc2X\x95\xca,\xfcf3\xdb$\x1e\x17$\t~\xc0\xd0\xf9\xf6\x1f>\x97\xe8\x89\x01\xb7\xe9i\x92\x12O\x88\xfe\xbe\xb3N\xed\xfd\x86AWI\xe7\x04\xda\x10\xa4\xc7\x1a\x89b\t\x00\x00\x00K(\x80=\x92\xfea\x94\xd1\x8d\\}%y\xb9\xdf\xb1S\x93\nf\xe71\x15i}e\xcd\xc2xP\xf2\xb7jAB\x99\x8cf\xff\xd2n\x13/\x03d>\n\x12W\xbdO[A\xa3\xb9jq|\xa3e@\x1e\xe6`\xe9\xd6\x8egc\x01b~\x92e4\xf7\t?\x86\xc7y\xb7Ev~\xc9j\xee\x83\xe9\xe0p\xe0\xc2 \x88\xaau\xa04i\xbdR_u\xc2\x01e\xfd\xf7\xf8I\xe2A\xac\x1bR\xd6\xefq\x83\x19\xd6\xc5\f\xb7X\n\x9c\xde\xd8;\xcc\xacq\xc5\n\xd0\x06X\xcf\x16\xfc\xa0\xbb\x03\x86)\xcd\x9a\x17\xf4~7\xaeg\x9c\xd9\x91x\x9d\xda\xc3\x9d\xf4\xb4\xf3\x85\x97\n\x18\x8bj\xbb\x90\xca\x8d\xcf\r\x89') 20:21:44 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$PPPIOCSMRU(r3, 0x40047452, &(0x7f0000000080)=0x7b726631) 20:21:44 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000540)='/proc/self/net/pfkey\x00', 0x20000, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000640)={&(0x7f0000000580), 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB="300000000b02cf01190b9a914219104430423e638f8a9a41e05491760076ede1e09809b2029d65ac901e2527f5c172f1964b8875f838e358601880e1f5a55d3c00fa2c5335e076858c", @ANYRES16=0x0, @ANYBLOB="02002bbd7000fcdbdf250100000006000200010000000c000f00040000000000000008001900ac1414bb"], 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x2400000d) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:44 executing program 2: setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x10000}, 0x4) r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000580)={{0xa, 0x7, 0x8000, 0xad, '\x00', 0x6}, 0x0, [0xffffffffffff920b, 0x6, 0x1000, 0x9, 0x7, 0x0, 0x0, 0x7, 0xd7, 0x7, 0x100000000, 0x200, 0x1000, 0x4, 0xfffffffffffffff7, 0x4, 0x0, 0x8, 0x9, 0x200, 0xffffffff, 0x7, 0x1f, 0x6, 0x9, 0x0, 0x1, 0x101, 0x9, 0x3f, 0x9, 0x1000, 0xfffffffffffffffe, 0x0, 0x4, 0x3, 0x40, 0x52d2, 0x100000000, 0xa5, 0x982a, 0x3, 0x3, 0x1, 0x3, 0x80, 0x8, 0x9, 0x1ff, 0x1, 0x9, 0x9, 0x1ff, 0x6, 0x6536, 0xfffffffffffffffa, 0xffff, 0xffffffff, 0x7, 0x59b1, 0x0, 0x974, 0x4, 0x2, 0x8, 0x3, 0x1, 0x1f, 0x200, 0x2, 0x6, 0x210, 0x2, 0x30e3, 0x5, 0x43, 0x5, 0x8, 0x7fff, 0x4, 0x0, 0xf36, 0x2000000000000000, 0xfff, 0x1, 0x3, 0x5, 0x1, 0x400, 0xff, 0x81, 0x2, 0x0, 0x1, 0x1, 0x4a13, 0x0, 0xfd, 0x10001, 0x9, 0x9, 0x8, 0x3, 0x1, 0x80000000, 0x7fffffff, 0x0, 0x4, 0xffff, 0x60000000000, 0xe135, 0x80000001, 0x18, 0x4, 0x9, 0x80, 0x2, 0x7fff, 0x40, 0xfffffffffffffff9, 0x22ea, 0x3f, 0x5, 0x5, 0x2, 0x8, 0xb6, 0x3]}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(0xffffffffffffffff, 0xc10c5541, &(0x7f0000000100)={0x400, 0x0, 0x1}) 20:21:44 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x3c21, 0x8) 20:21:44 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:44 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffc, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='Edev/nvme-fL\x81\x88\xb1cs\x02') 20:21:44 executing program 1: pipe(0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:44 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:44 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:44 executing program 3: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa\x00', 0x80, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00', 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x90, r1, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x38, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6e22dfcf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}]}, @TIPC_NLA_NET={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x732}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7fff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffffff8}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000) pipe(&(0x7f0000000080)={0xffffffffffffffff}) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0xf2, 0xff, 0x2a, 0x0, 0xffffffffffffffe0, 0x19000, 0xb, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7f12d87f, 0x1, @perf_bp={&(0x7f00000000c0), 0x1}, 0x0, 0x9, 0x9, 0x9, 0x0, 0x3, 0x8}, 0x0, 0xd, r2, 0x9) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') 20:21:44 executing program 1: r0 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key$fscrypt_v1(&(0x7f00000000c0)='logon\x00', &(0x7f00000001c0)={'fscrypt:', @desc4='85baa174f0cb1142'}, 0x0, 0x0, r0) 20:21:44 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000140)='syzkaller\x00', &(0x7f0000000040)='/dev/nvme-fabrics\x00\x8f\x8a\xbb\xbb\xd7P, \x14\x84\x8b\xb8\x80\xbf\xdc\xa7\x04G\xfd\x96\x06\xd3\xa0,\x98{5\xc6\xe6\x06\xd3x\x8e\'\xa0\xdf\x03$v\xa4\xf4T\xee\x944t\xfd_\x99\xd7\x93\x99\x83&\\\xb2}\x99fo\x89t\xfd\xe2K\xb8\x12yeUl\x84i\x14\x8f\xed\x86\xb6\xe6;k\x8aH\xda_\xd5\xa2\t\x85\x03\x13[A\xef\xabDf\xd15\x15\xafR\x98>2\xae8\xcf\xc5;\xd6\r\x1f\xcd\xa052\x94]Yj\x85Mg\x16\xe8\x9ea\x0fU\x89\x99\x9f\xb4\xd1\xe0\xe8\x96\xff\xa7~\x95\x81\xe0\xe2\x9a\xd0K\xf2Ex\xd8\n:\xa8\x11\xcb\xdfTB\x9f\xc6\x86\xb7\xf5iv\x7fj\x8bD/\xe96\xd0\xd0\x82') r0 = add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000180)={'fscrypt:', @desc2='e355a76a11a1be18'}, &(0x7f00000001c0)={0x0, "d0c7caa293eb977591ce769577e864cba72344ae7a3a1fd838c17f292abdb779bf67f39944789d7efdca9f83485722f39bc9bca7d8aba7b793d8de0cea5ecfd0", 0x32}, 0x48, 0xfffffffffffffffa) r1 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffa, r1, 0x1) 20:21:46 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @local}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r2}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x8000}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4c000}, 0x4000) flock(r0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) 20:21:46 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:46 executing program 2: read$fb(0xffffffffffffffff, &(0x7f0000000200)=""/3, 0x3) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x801, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x90000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x10, 0x0, 0x2b80}, 0x0, 0x0, r0, 0xf) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000580)={0x538, 0x0, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x100}]}, @TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffa}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x200}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffc01}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_NODE={0x11c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "177683937b70f6c309e4289c161392e42b9eded4def40c6b76ff6c9f8e2689720d2c"}}, @TIPC_NLA_NODE_ID={0x72, 0x3, "d52c9ce988224b635236b84daef93fd45b023aa13fb589e6a17794a928b93397fa5a7be8b1e7377a77ba75b6c27e836f00ff7a627636fe552179f12891ebed8b76f203924b67f1db6fcf8f3aa48f5c371051fc14f7451642ee1a70221391c182a616c16d53b97c2348e43a39769d"}, @TIPC_NLA_NODE_KEY={0x46, 0x4, {'gcm(aes)\x00', 0x1e, "c41218b316262b4a4eb39d6df25ec731c7b7f1e4cb4e27d294752b511e61"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x401}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x294}]}, @TIPC_NLA_LINK={0x5c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb085}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x70, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x147}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb75d}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_NODE={0x6c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xf3fb77d}, @TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "b024523dd30c0cc8f49d40c58047de7e8d253caec8edce374fbb59a660cfb51e289e"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0x74, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80000000}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10001}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x100}]}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x55}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x100}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x64776573}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x400}]}, @TIPC_NLA_NODE={0x1a8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xcb4}, @TIPC_NLA_NODE_ID={0xeb, 0x3, "8171a29c7cd56ccca09c14efe55506d43c9b9bc89cdc857c9ebf2f9a671b36c7dfc68742be7f7e98b508e873b0667825fc4b761e857eb93db8fac498c86c943c21e9d9c32ff6faefcc715575ecc69debc482f2a0f58b724c966bde08d7e3a457026ac813d17beadce7af8e20bb619433adab0696e3ff2fd51b543a5381b01e5cb2ef53fabd45fa13d3b4fd1cb0e27976f8dedfae515fd37baa373623f3f291fa65725a2eafa7503fe15f8803a911d59918b5b4f872c8efb93b87d5ffe71016416cfa1f31d6549084fdef9ff45180470a85a00a55c3f5f59fb81f806f6c3930a1d3bf82f0177821"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}, @TIPC_NLA_NODE_ID={0x91, 0x3, "3edfecaf038513368751bdfd9345fcd84c70f050bc6b33788e748792d5364a58837cc5ef51c3f162cfc9dadc6049e4bb030ac3fcde6255e96e179a202da38d359dc054adafc2252e3d97d0809d4740fac42ad67cca84be8f3dadf5aebd4b3147703127e17f2ba2a178741a5eb2f3518d49d17c4084d3d42101adba20b11a5037f04910959c8e8e97b8a058b413"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x538}, 0x1, 0x0, 0x0, 0x20048001}, 0x840) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) sendmsg$L2TP_CMD_SESSION_MODIFY(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x48, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x3}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0xc26}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x40}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x4040006}, 0xc0080c0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(0xffffffffffffffff, 0xc10c5541, &(0x7f0000000080)={0x9, 0x2}) 20:21:46 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r1) keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffe, r1, 0x0) 20:21:46 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x3c21, 0x8) 20:21:46 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x3c21, 0x8) 20:21:46 executing program 2: ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, &(0x7f0000000080)) r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:46 executing program 4: ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f0000000000)={0x7f, 0x8, 0x7fff}) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) 20:21:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:46 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) flock(r1, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000000)={0x7ff, 0xa313}) accept(r0, 0x0, 0x0) 20:21:46 executing program 3: add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) r0 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r0) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, r0) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1) 20:21:46 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000000)=0x7e72) 20:21:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:47 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nvme-fabrics\x00', 0x1000, 0x0) r4 = accept(r3, &(0x7f0000000140)=@un=@abs, &(0x7f00000001c0)=0x80) syz_genetlink_get_family_id$gtp(&(0x7f00000002c0)='gtp\x00', r4) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') ioctl$BLKPBSZGET(r2, 0x127b, &(0x7f0000000080)) 20:21:47 executing program 4: r0 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000000)=0x1, 0x4) connect$rxrpc(r0, &(0x7f0000000040)=@in4={0x21, 0x7f, 0x2, 0x10, {0x2, 0x4e23, @empty}}, 0x24) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) accept(r2, &(0x7f0000000080), &(0x7f0000000100)=0x80) 20:21:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:47 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x3c21, 0x8) 20:21:47 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x3c21, 0x8) 20:21:47 executing program 2: sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2018040}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x60, 0x0, 0x4, 0x70bd2a, 0x25dfdbfe, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'lo\x00'}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x20}, @L2TP_ATTR_DEBUG={0x8}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp6}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x8}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}]}, 0x60}, 0x1, 0x0, 0x0, 0x4020000}, 0x4004) r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:47 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) r0 = socket$l2tp6(0xa, 0x2, 0x73) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) write$UHID_SET_REPORT_REPLY(r1, &(0x7f0000000040)={0xe, {0x9, 0x5, 0x16, 0x30, "1813f34d0a838954b059be10d59c73b376e05c3bd87b2b73b3686b1380fe30977b7b5879809a6ca0e8e94aefc9ae454a"}}, 0x3c) accept(r0, 0x0, 0x0) 20:21:47 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 20:21:47 executing program 3: ioctl$PPPIOCGCHAN(0xffffffffffffffff, 0x80047437, &(0x7f0000000000)) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x2c00, 0x0) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') 20:21:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:47 executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000001100)={0x0, 0x8, 0x10000}) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = accept(r1, 0x0, 0x0) ioctl$SIOCPNDELRESOURCE(r2, 0x89ef, &(0x7f0000001080)=0x3) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(0xffffffffffffffff, 0x80dc5521, &(0x7f0000000000)=""/4095) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000001040)=0x5fd) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) bind$pptp(r3, &(0x7f00000010c0)={0x18, 0x2, {0x1, @loopback}}, 0x1e) syz_genetlink_get_family_id$gtp(&(0x7f0000001000)='gtp\x00', r4) 20:21:47 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000080)={0x7ff, 0x2, 'client1\x00', 0x7, "d26322d55ac420de", "0c0ad8ad6e37b8d575d64a964359550ca87b363b63a527074d82fea237ed29b9", 0x1, 0x1}) 20:21:47 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000080)={0x0, "1e858bd2845e38f181868bb90a2802838a35ee6924db45bb82067c5121f816d9be2bd34c1387873ad0eaa3a79f7a610e8455386e20a5e7273fdce348566ae109", 0x26}, 0x48, 0xfffffffffffffff8) 20:21:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:48 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) tee(r1, r0, 0x3c21, 0x8) 20:21:48 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x3c21, 0x8) 20:21:48 executing program 3: r0 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0x24, 0x0, &(0x7f00000000c0)=[@exit_looper, @decrefs={0x40046307, 0x2}, @exit_looper, @acquire_done={0x40106309, 0x2}], 0xcb, 0x0, &(0x7f0000000380)="b03bcec0ffb0c8107098551d8dd707e60365d545a7cc1064f353e089e6a874f168fb15af643da7bdff783de1c017b40b232e66106b3b8a5882039d97d765754b1bf32d90fb40425a0c6355aba261d9128d2ee6f49de427baffdde66309cbcc66be73ccd27744b276944bb5c7a0518a2099b81e725a08e2968fd4e9463a674909dae5e199b09d490b8bc7fe01b78ec2e03c8cbd160fa645703042bc699baac2d8043263cb08ea21874771a006818be6a29cbb50d8d31e6b8a0690337cb12d46a9b5e360b925b258fe9916e6"}) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r0) r1 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000040)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000300)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r1) keyctl$restrict_keyring(0x1d, r1, &(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') write$char_usb(0xffffffffffffffff, &(0x7f0000000200)="acd0a82bfa717c77f7b50522de2ba81537954dae1325c8ce12fc095f44c60e3a3d284957b8f335932b22567965af55315bfd572bcd0bd6bc6f62f32d72f714322f4ecfa7a22612166dd7bdb3006af0ee7dba73d45e46bba93c167c130c87185c32a93b31691fe503b349d1b0e70dc15f384e0e376bf01ad58617eb942db2022c611f2510d44f9c2073201d075b86eee943eeb5284ad2822ec8b254ed49dfd9648a81e9749d70c8d388987281bb035741ab7821fdc7beef9cc8239f1c71dc746c4a80f93cb9f342db4935f53709f6857328", 0xd1) 20:21:48 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvme-fabrics\x00', 0x98000, 0x0) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000080)={0x1ff, 0x7ffffffd}) 20:21:48 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f00000000c0)={0x8, 0x5, 0x1, 'queue1\x00', 0x7}) r1 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x10280, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x10001) 20:21:48 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:48 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000080)=0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:48 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:48 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f0000000000)={0x5, 0x7, 0x7fff, 0x56d5c25b}) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) accept(r1, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @empty}, &(0x7f00000000c0)=0x80) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvme-fabrics\x00', 0x402, 0x0) accept(r2, 0x0, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x10000, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r3, 0x110, 0x4, &(0x7f0000000180), 0x4) 20:21:48 executing program 3: ioctl$NBD_SET_SIZE(0xffffffffffffffff, 0xab02, 0xf6eb) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') 20:21:48 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:48 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x804) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x7) write$char_usb(r1, &(0x7f0000000080)="31ca9f8c1a8498e0b8ad0604f1cd4c72ff2db3cad406478344b72155ba348694fa29cc8df47e32e9355120a88a95f5f8d21b5851dcfb457a4b4a0b8590fd476ab21c42ce680eb59a6b0440727792278c38be034be9e77276f16ed61c5bdb93348b468c79cf613478f307a66dcd6c72f924", 0x71) 20:21:49 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) tee(r1, r0, 0x3c21, 0x8) 20:21:49 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) tee(r1, r0, 0x3c21, 0x8) 20:21:49 executing program 4: accept(0xffffffffffffffff, &(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, &(0x7f0000000080)=0x80) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvme-fabrics\x00', 0x48080, 0x0) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000200)={0x0, 0x1, &(0x7f0000000100)=[0x0], &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0]}) 20:21:49 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') r0 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r0) add_key$fscrypt_v1(&(0x7f00000000c0)='logon\x00', &(0x7f0000000080)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "172a771aeecb0bd7047bd81aaffa8ad42b27c6e74dc28df481fc1e3fe43fef77f5416fb683bb3296119e6560b10030ef45c26963db396c3fbd97616745e92612", 0x35}, 0x48, r0) socketpair(0xf, 0x800, 0x200, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000040)='ceph\x00') 20:21:49 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:49 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:49 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x240040, 0x0) accept(r0, 0x0, 0x0) 20:21:49 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:49 executing program 2: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) 20:21:49 executing program 3: add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'fscrypt:', @auto=[0x30, 0x36, 0x61, 0x62, 0x66, 0x52, 0x63, 0x34, 0x62, 0x30, 0x65, 0x31, 0x34, 0x62, 0x65, 0x31]}, &(0x7f0000000080)={0x0, "434ae8788a346fb3b75ef1c56c5c7bfb6810c6afafa2af74fe3b0c2d11f910fa22e1b5d83e9d83dd249403ca538852fb00a81fb3b998423389cf9de4d6b55272", 0x1d}, 0x48, 0xfffffffffffffffc) r0 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r0) keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000100)='blacklist\x00', &(0x7f0000000140)='\x00') 20:21:49 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x4) 20:21:49 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:50 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) tee(r1, r0, 0x3c21, 0x8) 20:21:50 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) tee(r1, r0, 0x3c21, 0x8) 20:21:50 executing program 2: pselect6(0x40, &(0x7f0000000140), 0x0, &(0x7f00000001c0)={0xffffffffaf4f96c5}, 0x0, &(0x7f0000000280)={0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000580)={{0x9, 0x4, 0x5, 0x101, '\x00', 0xfff}, 0x0, [0x3, 0xb7a7, 0x5, 0x7, 0xf2f7, 0x4, 0xffffffffffffffff, 0x1, 0x1ff, 0x9, 0x6, 0x352, 0x18, 0x7, 0x1f, 0xca, 0x200, 0x60000000, 0x1f, 0x6, 0x3, 0x7393, 0x6, 0x7ff, 0xfffffffffffeffff, 0x6, 0x9, 0x2, 0xffffffff, 0x3, 0x1, 0x3, 0x1, 0x20, 0x20, 0x1ff, 0x80000001, 0xff, 0x1, 0x1, 0x6, 0x8, 0x0, 0x3, 0x9, 0x8, 0xffff, 0x0, 0x9f, 0x1f, 0x2, 0x1a, 0x81, 0x3, 0x49f, 0x8, 0x7ff, 0x4, 0x81, 0x9, 0xf78, 0x1, 0xfffffffffffffffc, 0x0, 0x70d3, 0x7, 0x9, 0x7, 0xffff, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x100000, 0x8001, 0x80000000, 0x9, 0x55, 0x9, 0x3f, 0x6, 0x7, 0x10001, 0xffff, 0x6, 0x4, 0xb2bd, 0x7ff, 0x8, 0x0, 0x7f, 0x401, 0x401, 0x634, 0x0, 0xc2, 0xfffffffffffffffe, 0xc000000000000000, 0x81, 0x4, 0x80, 0x92fa, 0x0, 0x3ff, 0x3f, 0xfad, 0x8, 0x8, 0x7f, 0x5, 0x19, 0x100, 0x4, 0x8, 0x6, 0x7, 0x5a, 0x10000, 0x6, 0x6, 0x3ff, 0x6, 0xfffffffffffffff8, 0xc5f4, 0x101, 0x1f, 0x100, 0xffffffff, 0x2, 0x8]}) r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:50 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_rdma(0x10, 0x3, 0x14) accept(r0, 0x0, 0x0) 20:21:50 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:50 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') r0 = add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'fscrypt:', @desc1='0000111122223333'}, &(0x7f0000000080)={0x0, "af2b9c43099137712fb7fcd8282a4303988ee9d0e560378c427b21bf741c812e8253defdd788aaf46691dc1375e9b9407277dfa2b680ad0e6b27ab4248fbd41a", 0x1a}, 0x48, 0xfffffffffffffff8) keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000180)='cifs.spnego\x00', &(0x7f00000001c0)='+{+--:.#&\\)\x00') 20:21:50 executing program 4: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x1, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = accept(r1, 0x0, 0x0) sendto$l2tp6(r2, &(0x7f0000000000)="8701bf195a514b", 0x7, 0x20040000, 0x0, 0x0) 20:21:50 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0xba, 0x101000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000580)={{0x7, 0x6, 0x1, 0x1000, '\x00', 0x4}, 0x1, [0x2, 0x100000000, 0x2800000000, 0x314, 0x1, 0xfff, 0x6, 0x2, 0x10000, 0x1800000000000, 0x1, 0x5, 0xb0, 0x2041a42, 0x8, 0x3ff, 0x3ff, 0x8, 0x2, 0x3, 0x83a1, 0x4, 0x7fffffff, 0x6, 0x682d, 0x40, 0xffffffffffffff81, 0x9, 0x3, 0x1, 0x6, 0x8, 0x3, 0x6, 0x3, 0x3, 0x101, 0x449, 0x8001, 0x6, 0x3, 0x3, 0x1, 0x20cb, 0x9, 0x8001, 0x0, 0x2, 0x6, 0xfcd, 0xff, 0x100000001, 0x9, 0x0, 0x53, 0x3, 0xffffffffffff0338, 0x9, 0xa3dd, 0x4, 0x1f, 0x7, 0x4, 0x80000001, 0xe15, 0x10000, 0xcc35, 0x4, 0xf9, 0x68a4c11b, 0x0, 0x7f, 0x6, 0x0, 0x3, 0xffff, 0x8001, 0x3e, 0x6, 0x5, 0x7, 0x4, 0x101, 0x7, 0x2, 0x1000, 0x5, 0x1, 0x7f, 0x8, 0x8, 0x4, 0x5, 0x12bb, 0xc00000000000000, 0xffffffff00000000, 0x2, 0x0, 0x4, 0x4, 0x2, 0xffffffffffff8055, 0x3, 0x1, 0x2, 0x1, 0x1, 0x5, 0xd7, 0x31, 0x80000000, 0x7ff, 0xfffffffffffff801, 0x3ff, 0x1, 0x756, 0x9, 0x8000, 0x10, 0x2, 0x5, 0x0, 0x3, 0x5, 0x1, 0x8, 0x4, 0x3]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000080)={0x594907eb, 0x1}) 20:21:50 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:50 executing program 3: r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x8, 0x400800) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, &(0x7f0000000040)={0x1}) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00', 0xffffffffffffffff) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000280)='.dead\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') r1 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r1) add_key$fscrypt_v1(&(0x7f0000000180)='logon\x00', &(0x7f00000001c0)={'fscrypt:', @auto=[0x32, 0x31, 0x66, 0x61, 0x63, 0x30, 0x38, 0x36, 0x36, 0x70, 0x57, 0x38, 0x32, 0x63, 0x35, 0x31]}, &(0x7f0000000200)={0x0, "ff4b9f48b94b0f5cfea7650f8b6db23c3a9d264abb416e04be7a4a65cf2b821b10d536b3c5bc6f902965b87152b6e5bc4e07fa7f710801f79bbfc27fe19c7227", 0x28}, 0x48, r1) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r0, 0xc0245720, &(0x7f0000000080)) 20:21:50 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f00000000c0)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x9, 0x0}, 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=r1, 0x4) 20:21:50 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:51 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:51 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) tee(r1, r0, 0x3c21, 0x8) 20:21:51 executing program 3: r0 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r0) r2 = add_key$fscrypt_v1(&(0x7f00000002c0)='logon\x00', &(0x7f0000000300)={'fscrypt:', @desc2='e355a76a11a1be18'}, &(0x7f0000000340)={0x0, "120558f622e6466c29f09b69d9d14c1efdfe65cd15219638f94a632b718a4091b83e54bd9b886606e299c7d3ccca8055626fa25b83cd8a0c46515ddbbaa371dc", 0x16}, 0x48, 0x0) add_key$fscrypt_v1(&(0x7f0000000040)='logon\x00', &(0x7f0000000200)={'fscrypt:', @desc2='e355a76a11a1be18'}, &(0x7f0000000240)={0x0, "4d23d177b80be9462c4d44b0b663f287949b6530c7d23e36d32665bf69001b96cb0836bc86fec256bbc90f692a6c194be553cec11c793416d5231b9a2a838a8c", 0x25}, 0x48, r2) keyctl$restrict_keyring(0x1d, r1, &(0x7f0000000000)='syzkaller\x00', &(0x7f00000000c0)='/ds\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0eY\x95\xa6\x85\x94\xeb@E\x10\xad\x00\x00\x00\x00\x00){\xddz\xc9\xb6YPK\xdf.\xe5G\xac\xe7lP\x87') 20:21:51 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={0x0, @qipcrtr={0x2a, 0x2, 0x4001}, @vsock={0x28, 0x0, 0x2710, @local}, @ipx={0x4, 0xa22d, 0x7, "70e3b6c61eed", 0x40}, 0x7, 0x0, 0x0, 0x0, 0x800, &(0x7f0000000000)='team_slave_0\x00', 0xffff, 0x8001, 0x202}) 20:21:51 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000)='l2tp\x00', 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', r1) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f00000000c0)={0x10000}) 20:21:51 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:51 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:51 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:51 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:51 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0x158, 0x0, 0x20, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x144, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e24, @broadcast}}}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe04a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x740a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6607}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}]}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth0_to_bond\x00'}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x865}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x57e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x100, @private2, 0x40000}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x46, @mcast1}}}}]}]}, 0x158}, 0x1, 0x0, 0x0, 0x44080}, 0x8000) accept(r0, 0x0, 0x0) 20:21:51 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000200)='ceph\x00', &(0x7f0000000140)='/xKv\x00'/18) r0 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r0) r1 = add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, r0) add_key$fscrypt_v1(&(0x7f0000000040)='logon\x00', &(0x7f0000000240)={'fscrypt:', @auto=[0x61, 0x65, 0x64, 0x36, 0x33, 0x38, 0x36, 0x64, 0x35, 0x32, 0x35, 0x9972eb74d4ac3774, 0x33, 0x32, 0x65, 0x5e]}, &(0x7f0000000280)={0x0, "25206b4cd544b8757878faa82e59bbd40600eb5239254da66795faa57b2a20792138675240c79cd9f4de8ecaf6c6cd3ab142929a2e6a9e9fc43e5e604d96b800", 0x2c}, 0x48, r1) r2 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r2) r3 = add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000080)={'fscrypt:', @desc2='e355a76a11a1be18'}, &(0x7f00000000c0)={0x0, "8132db950356f1a17e218f4a668c10445d2a511f6a17ade085a83e6c128a7848c703147430d429bd8e9c121e6acf8f3368f7273cc71542702478583d11a0ff88", 0x36}, 0x48, 0xfffffffffffffffb) keyctl$KEYCTL_MOVE(0x1e, r0, r2, r3, 0x0) 20:21:51 executing program 0: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:51 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000080)={0x1f, 0x2, 0x1, 'queue0\x00', 0x800}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 651.572686] binder: 13188:13193 ioctl c0306201 0 returned -14 20:21:52 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000000)={0x7fffffff, 0x1, 'client1\x00', 0x3, "71af4d27ab8da4d3", "886abafd6d5466dc89108ce95f7b60f52c8c8b2b82d37046ff6a0101e7c30379", 0x8, 0xcaa}) 20:21:52 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$l2tp6(0xa, 0x2, 0x73) accept(r0, 0x0, 0x0) 20:21:52 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:52 executing program 0: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000080)={{0x3f, 0x3}, 'port0\x00', 0x8c, 0x40010, 0x5, 0x1, 0x20, 0xf7, 0x3, 0x0, 0x3, 0x5}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 0: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:52 executing program 3: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r2, 0x0) ioctl$sock_ifreq(r2, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) ioctl$FBIOBLANK(r1, 0x4611, 0x1) add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'fscrypt:', @desc4='85baa174f0cb1142'}, &(0x7f0000000080)={0x0, "8f81d78d69633c54567427e84edee51dee8770891199cefe2027b0a70d6c6f1afc61ded175714896ad7745510fc9b6d4f0dc74af5dffd424f3088cb22f867684", 0x13}, 0x48, 0xfffffffffffffffa) 20:21:52 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000040)) r1 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r1, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0xc02) socket$nl_route(0x10, 0x3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 3: pipe(&(0x7f0000000180)) add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'fscrypt:', @desc1='0000111122223333'}, &(0x7f0000000080)={0x0, "1fc02696980da2739ff714653a9a6cc4f21db52a32468634e0bce4853a0cb9922411de35757931045986743cec5753b6c40d54208e0f25c60a2e0e2666dc8ec1", 0x19}, 0x48, 0xfffffffffffffff9) r0 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x0, 0x0) accept(r0, &(0x7f0000000200)=@ipx, &(0x7f0000000280)=0x80) [ 652.424727] binder: 13215:13225 ioctl c0306201 0 returned -14 20:21:52 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x1) 20:21:52 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:52 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x0, 0x8) 20:21:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) 20:21:52 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)='}\xc0mt\x14\xe92s\xce\xa2^\xc5\xc7\xec\xb4=\xb2[\xec\xae\x19\xc8Hdevon\xd7\xe4m\x1cl\xd2M\x97\x15c\x84\x91\xbb\b`\x891\x03\x9f z\xb6\xdbQ\xbeHro\x9c\xe5\xf6\xc7K\xe8\xf9\xca\xf1v0\v\b0\xfa1#\xcbh\n\xa4)\x90&9\xd2,>\xff9;J\xe7w\xc0\xee\xdf\xcc\x05\a\xf3B\xe2\x91\xf1d\xcfH\x92\xe8{PeT\x15\xdc\\\x8bT\x14]\xfd]\x83\x01\xf8^\xd3G\xca\xb2\xc3\xf3\x84L?;W\xd7\v\x86!\xa4\x10\x9e\xdc\xa5e\x98>%\x88\x0es\x15\xbek\x973\xc7\x96\xc7b\xf7\xd7j\x04[\xb5\xcc\xbd\xf1\xf7\x12\x91\xf7J\x02H0\x17\xa5\xfe}\xae\xe7\xff\x8a\r\f\xdf\x16\xae8A\xd7\xc5\"P\xf9\xc1\xc0\xc8-\xd80\x17\xb5\x1a)\x06\xc5\x9f\x18\xaap5\x9a\xa7\x8c\xcbM\x90m\x85W\x0f\xae\xc9\xf3\xdc\x92W(\x1b\x11\x996\x80`\xa1jqZ\xe6\x1fq\x80V\x9e?\x03^\xe7On;\xc9\xb9V\xaa.\xf8<\x80\xa8\xf7\xdf\xbb\x9bd\xc0\xffS\xd7\x13\x11&\b\xd1\x90}\x0e\xdc\xd3A\x87\xfd^\x9c\x9e\xb4\xf0\xa2!\xa3\xb2\x8b\x17\xca\xca\r\xbbrx\xb1\xc2\xfd\xa0TH\xc4\xaa\x9bZ\x81Y\x97\xc3\x05\xa5WM\xba\b\'1Y7?\x12\xc3fw*\x887\xba\xaf\xfeJ!}\xb1\tI\xfd+\x1dQr\x98\x92\xa8e\xeb\xca#\xe0\xa7\xa1p6\xf1,u\xab\xdby\x80\xf9\xb5\x97Dn\x15\x82\xcf\xa7Y\x9d*\xa2\xe5S\x05\xfdF\x0f\xdbbj\xb4G\x8eQ\x83\xc6\xf9\x1d\xb1\x15\x997V\"\bW\xad=\v\x1f!\x87\xf6\x9erFz\x82r\xb8?\x05$\xf3\x06Ob\xb9\xed\xfc;T5\xc0W\xc4*\x88\xa5\xab\x14\xd8\x90%\xd3\x05\xa9q\xaec') r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffffd, r0, 0x0) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x0, 0x0, 0x0, 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = accept(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4) [ 652.506866] binder: 13241:13244 ioctl c0306201 0 returned -14 20:21:52 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x0, 0x0, 0x0, 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f0000000000)={0x10001, 0x0, 0x2, 0x3}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f0000000040)={{0x9, 0x1, 0x11c, 0xd6, 'syz1\x00', 0x4}, 0x1, [0x2, 0x1000, 0x1ff, 0x3, 0x7, 0xffff, 0x6, 0x80000001, 0x5, 0x7fc, 0x2, 0x7fff, 0x4, 0xffffffffffffff01, 0x4, 0x7fff, 0x2, 0x100000000, 0x7fff, 0x4, 0xfffffffffffffff8, 0x8, 0x8000, 0x8, 0x8000, 0x7fffffff, 0x4, 0x6, 0x3, 0x0, 0x34, 0x6, 0x8, 0x3, 0x1, 0x100000001, 0x6, 0x200, 0x5, 0x80000000, 0x6f5, 0x20, 0x8001, 0x0, 0x4, 0x4, 0x0, 0xfffffffffffffffc, 0x5, 0xfffffffffffffffc, 0xffffffff, 0x9, 0x1f, 0x81, 0x80000001, 0x7, 0xd8b, 0x2, 0x7fff, 0x5, 0x5, 0x1f, 0xfffffffffffffc00, 0xff, 0x8, 0x9, 0xfffffffffffffff9, 0x100000000, 0x5f, 0x80, 0x5, 0x6, 0x0, 0x1ff, 0xa7c, 0xfffffffffffffffd, 0x836, 0x1, 0x0, 0xfff, 0x3f, 0x2, 0x80000001, 0xde, 0x800, 0x1, 0x7, 0x2, 0x20, 0xffffffffffffff80, 0x1658, 0xc26, 0x3, 0xffffffffffffec5c, 0x1000, 0x400, 0x1838, 0xfff, 0x1, 0x0, 0x2b4, 0x7, 0x7fff, 0x735, 0x2, 0x6, 0x20, 0x5032, 0x20, 0x0, 0x80, 0x3, 0x4, 0x2, 0x5, 0x6, 0xffff, 0x7, 0x52, 0x5, 0x7, 0x2, 0x1, 0x2, 0x1, 0x0, 0xe73f, 0x7]}) 20:21:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f0000000040)={0x1f, 0x8, [0x3ff, 0x100]}) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x1, {0xa, 0x4e21, 0x1, @private1, 0x2}}}, 0x38) 20:21:52 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x0, 0x8) 20:21:52 executing program 5: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:52 executing program 3: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffa, &(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x0, 0x0, 0x0, 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 2: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x1002) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x0, 0x1, 0x5}, @flat=@handle={0x73682a85, 0x1000, 0x3}, @flat=@weak_binder={0x77622a85, 0x10b, 0x3}}, &(0x7f0000000100)={0x0, 0x20, 0x38}}}], 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) write$UHID_INPUT2(r1, &(0x7f00000001c0)={0xc, {0x17, "60e9b530d35b9aec5c7c4867a85462764c87d6025182f7"}}, 0x1d) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) writev(r2, &(0x7f0000000200)=[{&(0x7f0000000d80)="ca96d95a4903ffba3f5e9c48163b88b81a31dc3cdb447a7af991d28c3aafec80ed5389c53e3eb835123af3b041f0b11fe18d555f2c6d060f3db421f9c55e29effe90f95bcb68a87914d2de165170bf64ee5b4cf4a5e50c3471d8bc820a20fe92af97fb1c4cdfe4886b425289321076e557e452fec0fab5329fd83d28734ee7a6d36d5bff5952c51fa449524d5b44fd5a60dfce3690d90f64c79c7da7e9eaed0745aac6ae1e12022a8e54855e94bb43a679272b2b6f05146a0364de0be0fbc260d92ee90087d66232b18e404768173f5b5ee6dc8baf9598babc2e4be014a5e901fad6f4249b3c99c6848ff2b93d46aeecc75b957034533ab883e65e146dda52ea7b8ac4652ed0773a112242a45d266557046a3f8032dc7cab08cb505af4c251f09b53fcf426bf5703b16edb10aa96a2328da391986e6cb95d54ea8ccb1efd09100fc41d9df40cd985fc3f41374900169baf53c959203f3d6a30c5dc1d07d1af306c34255d72794265adc1c232d6289eae946ee73a1fed846a9ad9c5f2d106d5cae09ec7ed399b4401dc01b8e40bfac4a4d41dd745906b904f02936ee06f92f0ea00def3a6827f8475c273509cee409fd0af2c1e81e4c15154dd3eb660360126b33a91a63559352ce29584c143622e2ece2d62456da1ad3b966e04b6ac60835c92ade7e09ece772d14f2c60d2754d525e3e2c5ec936bacf395e556e4f145d5d16472769f4ac46086b9bd77989ee762883d963c5c81ec5466a7586e9368f3136a4a1912bd8b87fb5ecb211db11a340fb66d7a276b5ddedbef2b5f4b5b378cf3fe4a86ef1ade20446f0bdf4bfb4a01ad7d7d2006f7ebe8f0ead005f56af434c6bfe03289ad135d20f97cc8cc0df2589089ca61487101a1ecf33cf67f4dfde2c2a88c021e332678d82297a58d8a07e28325b65736fef45a3faa81b5fdfb7e4235eac334ce78a2ad38e5a422e1aabf512ef7de454dd2988c8fb4f54d7ff55bbcecd34f67ab496a61c84abd962fc7e871ade67d978d9067300e67cbbad3ac349149d5013b89619ec067cde0dfc05211f15dddbd717b1e7078dedcf5b06f6df71241dc6b8ea8740aa66ed682ea6ab478ac897b4a8c9da20e50d8cb8a1d9b83789aaac2626b7f3de4574e86173698b5fb80326fc831f69d6c2120b61afa6cfdc6c01e11b0446e4b079978a174bb5204997e3be0c5a61c604e315afdf2f13d6069245398f907e46b26bc602bfcf24799c81b991dc34b7209dfefdacb0247192602b4a980251d5e3d97c0f9f0a4abd290f89384f4353094b7a292323577813159a905ec94357a74d3f20034c5a7c1f735447e58d09916fd2898e2eba21569fefeb291015e63136bab4511cff461b710b2cb835b9b67bd4fe56858e533e4975b2199ef4677c71c5f7aca02740f43cc73b7b82e56edaa1f12cef10a50b6cf744ea1c1a4e148de9b6421a1effc549e68010c5c38b1128c98ac2a58ccf7c2b3c1a0cbeb7ad23cb6dc32d2fc437cba600fdedfe6a7c878f0c4b1edde9293e4f41cec44157eddc51cb011946ce44f34a8e10894529be601f3753102b7b38c0d87ca9f434a6e4f9f523c456724aeb814ba6a8adc48cbad912f366466577a2307836a85b08ddc85e337d508fe91db4da5ec1ff9345b126a17fa4d89bb1b72b0254ff0060a1cec92cf7b254b72d7e6023e15c37d7b5a568369b43b7260bce3ea04ca9c2ceb690a3e390222c41186b8db686be177f056431acbc0ac846d4c31050cebe0040d948e2be89d86f1755e407b7cd8722163041d15fdcffd1a53d509adf6c541c7f1f9ed1819227998b57c29eff4d8b01f0df2f09bc08e2c6efdae30a4f2a21e5d5cc9480b017a37e1178b2016b558e388893d986050d4436c99020baa477433bc13702f7dcab4792550ad465f74c4b56efe35735c9b3697ce810d4bc044e5184effa6947751909cea3ba9258a0ff8f17e18f0d4e99a2cefdf53b7fc7a423156ee0376f38e0ffdae7348bda6003a3e1b208031bf4b4e142d73751fb19268a0591dc0f479231a5c69989054941424e0a2f49f8858cc5775978699a432e4f52f5224e6a0aeef7c7199a6981d1c0ee7f61236f50703270184752ca4006084deb084087aa500c340e91fe91b2d4622a9b7bd71fda119826119313d93089075f2fe0acbca68f1b14a7744d00d5409cf54b7bc770c7052beb23020a1319767cc045ed7aed19ff34effd3fad7b30f7e2505a9b3d029df24e473bec91c496f7153fb4cb30422798310276c34be369c771bee14e7eb7441c71d28e9c648175afefd2ee812562fa217bb3b369bb96f71099f5face624aa3858a604e93cc64207a1e73ed099bd6a92c311a0765ec2db9733b7da511035d4ab3e6c7ed4ae9b52da508af5562a6035ff0e8467fe25c2df596ee53a49a8ee6f5bda7b17908d6c5044e1a19bee80e63f0ed8f81e94baffaa485d469f60ba2f6db24d401eb3d5fffe12402491517cc3c3d18de75fd78d73bd804e0671fdaab9638c0f18be8d72db058edd6b729abdc78de933e8fe8764a414790acf8ab67b862621eb5a6685eaa48df03f0d9af0e4a8e116ae8bc1d4f53127ea73d037e6d6c70515b9bf0fab576724e5148a10e6aec164b70b0d81f9b03e7b8aeaee2c6d6e1709408e81df2587879340496de030dcd9e5615ae040a1827bc44149f2d6de0820491f3ed74a67a49868a015fb427d0a42edf34459213bca5352631e5640215923fa02f313e5e3e3f8c5e6427b2b0e0d24a604280820f8fafe499939c44eaac42896a95ca9bbffcca7cf2a1ab3ca5298a89503d32c0bb37bc91676cef19a8d6d98d613f872240d730eb6a7c29f78f54ebea560415d3dcd261ebda4137b62ad72fdf4831cdbfb8c4a02926e12b7a6cb1a6aaddcaf2a742826032f99a3024b148e5d4fe5b68b5d960dfe49475e00fedddb6226d41067cc002c83c2a9ff2604ac26d9afe43eb01036019932886f5180bcee506c06d8faa82f9573956a07be41cd57ab627e3a6d27b33743460cffddec3639397ffaf1d8f823f694dc9d109d259da8e84937200c116143b3132c0d4e51ad8dd9bf3d6e3daa443f58a7e6c51aa4f54e332212d7b718eb5814c3c3b719a3f4267c9c7e121b8019a21a943c01318f13fa82656d2251f2e6401159479668ad6101f4cbad6597e056b83c18d8ca795fb17743e1eeaad715477abdd0b75e0dc1334bd82b992498e982cf4ea6ea5e9df1882b2369e3ccbf32ec6979f90d2f08d18d0da8fc030784d9214e2a5c01544d014fba89c58857c7bb02957647113b3ef1cbface6b28ddd41f1895b846a68dfd60b90c481574152f1aa2002a9502cd91788170eaaa3dcc9d889da9be19818ee04e2a7551dd7c1e97881a0a9b0172d67958ff94e595966638f58b584cbd51db8a9468bc605a6a55585ee3c883851babaa8e09458afef8c3e1e106926a9d86fd4534277593ee79fc7ee801ab633dbc70d50053b6b2ea2e2059b1c82ad39eaeb1e387110b2fbc2afff24007a1355bddaae1626ceddfe4c04e63f274620552a33a6c47b5814a130984afff85ef20dc2ed40cf769f365372548cc12e09bcc21ee0e9e2e1b5746da1fad0a7bcd7a9535e8658aabffadd12892ebecb82cebb21233d27eb396b6a35159adc383a6c91e5476b41fa09af84f8d99b4637a36cbabed1603d6cc5f64d0e1639a02e293264c5f094505f3af78b2a856d252fc41c1bdcfa97e303eea7e646dc718c829d3a03c2d2c3835ac6995232e8da793bfae1d3a34a475228de75de4cb4b21c3ce028aa1931b51da686fcbe3356bd221588b668a2c8442b057b5e2f56f3ca9d417e2a0c5f30cd77d012377e299c773a4ad7e7540ce447ab1a258fe1931259b470de90c71df9e8b9e19c04a8a2aad03f815369c7ed36b7bcf7f0a55361604cc5fc43527753260f18b1ad48f418782472ff33edd9606a1497901459c16770fdd61b76bf45f90d908b1925497f3c4ed3a2d241ee70fd13619f59ea681123e4be3ded3f93e44faa89b80dfb48a8150b6f08d193ce3e2f61fef14d017ddd93e3870caaaf5f49c624b23c5091737906a05fb8484b2e2cc36bea6378e1fd2e1957516043f65babacbfeb24fbe4c927b67754bf2e978fdfc3d81793a8566f25bab865462955425654b70e366ee88b5c80ca92041db64bbd0472019b29375b7e0574a9aedc459b5fc8dfa16ba31c79f8d323bd93171c0a0ba4681ed26a87775545fb75ffbbeb81976b3a5bed3b1373d93af975d90d36535c9c2ba281f07d620a5f47f0662dcdeb921997e150ad9c494532fdae5ad6657a0c5fc2fa526b28f687eba840030319ea21b53777649ccb8f8874497688f2ae13e930d42bc8fc29d84531ec4df7a35c65442ec7b187b628b8566d38caed65236fe91e83415e33660ff9e8bd565ef12085cbf10cb2be77dc47c15ff860483ab46c1158b71e952e0605d12af17107751ff4717b59c4852363bf0fb748162cf312a18cded9e7c65e574efe4d41538cf99b3965272f2a01ad47db680f460e9ce9861ff127c4e46b0c55259962ca7ab02d502b01ada8d260d610b275f372a9d972e851685a50b2b54a5af2b0c554b03030412fccde67fb7998f3d9aa3e1064b1eaadcf24e1b28c74cba0e1b08dfd15b2c935d06c8e51494908ed2b95511c7a15eed4268e6a6db2f6cc0bcba0390d8aefc8f061d93d2d4ada74a2a7101462e28aeaea6df715fce2919a2cad129ace0df767836521d3198e0d64f0d27af0122bcf5b0d24427ae684b9786b7c19c6a9fec730b7aab31f1d9c02fb8c5a18720d304582df09f636159442d2c1adaf424dce7bbeea0a552ef93227ca7785422ffe9453495390e194ecf92e7f8b84e2f46585f35c8706f1275891e5b1a70f6409ac4a2520b7c958d7162067131b157f4b8652b94c38dfe625ea01350c8fce3c39c282b2fb5b7cfe7d980c4b52c34edbcd44e2fdcfde93fe284585be9a0382a9382a03ded7c020e3a4f60ba3c008298462a3668e073cf413dbeff8fb5d470d727b1ff1336904e2d4ee9fec6280546b311a0acb466b8a33ff6e0bc9660335f4aed3e6a0920bd30c06415bffa561ebf7fd0b9a529e766c71c92161ea1da50df5e80c00a71b2dbadff15d859b8e7ac70b21c2f078498d36af3dea6c372255c1b0bf076504d52caac3fa860970073be20445c0b210335f7d00bf3dbd8a310e524a11f8c8d6c119d2d33b294ab22e5192bcc72e6df637bfae97bfb94674bf4727e1e21bbf42fb26cc70157478b6c55bc190f821600b3b55a683ba6589d498435aec7567bbce8d6da85a389d348f2f4b1260e92dbaca07d2ffccf848322d3fbf01d2f623e361d600715b72d8000bd415d901cffa8ba70d6a01254802cf07a8ebab6028da71304014273e2be8c05af55082e0603cf5c02e839416907db100c27342da5ea3c3d43e3ebce28e4020b113b105f6c9f38416d0e32bafea7e3cd598a93b96361d704c4d4c3581638bbde6a5ce86ce83d521b37040fe276e4296cea47ba66c6c3e4d16672db3c509ab9d53033e2171e9bc9254ddd59e73f117c0e3e4b9d30218b8a34d0b1dbd6426bc104f145dbb64d4eff6b03e447ef4a644b758272f341dbcd94a3d4144d3f112964e0ffd1ac341a89c1a8683a2c18f8f33107ba241b5ea130551a58e1a5facc9c009dca759e10a3eb336278d77780d8921df6c4996c06480e7c21e136b63e151d541609ccb43f4c76bb9e6ce5d077282cb79f5cd8b154d1b6c34b0c7c5236a0c6e33361ac4011abbbf2d2a7c88e40d5405ea0567751ebf1a32cfa8cb7a008", 0x1000}], 0x1) 20:21:52 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x0, 0x8) 20:21:52 executing program 5: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:52 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000000c0), &(0x7f0000000100)=0x4) accept(r0, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) getpeername(r1, &(0x7f0000000000)=@in={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x80) 20:21:52 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000040)) r1 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r1, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x78, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 5: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r0, 0xffffffffffffffff, 0x3c21, 0x8) 20:21:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x4000000000004, 0x201) r1 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r1) add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc2='e355a76a11a1be18'}, &(0x7f0000000180)={0x0, "79f868588963de42253a370e59711ddf91470423be045d2fe3a65e0ad5193ca87f411db7edd7065becb72591d90ffa32e76bc0598a327a79455fbbac51585050", 0x1a}, 0x48, r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x408201, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f00000000c0)={0x8, 0x5, 0xf00, 0xa6a, 'syz1\x00', 0x8}) 20:21:52 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x3c21, 0x0) 20:21:52 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8890}, 0x800) accept(r0, 0x0, 0x0) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x64, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x0, 0x8) 20:21:52 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000040)) r1 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r1, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x60, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x0, 0x8) 20:21:52 executing program 2: ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000100)={0x5a, 0x0, {0x2, 0x3, 0xfffff800, 0x3, 0x9}, 0x9}) r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f0000000180)={0x83, 0xffe00000, 0x0, 'queue0\x00', 0xd886}) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000080)="6964db7ed79c5903a8fe0dcf8d7fc459bf2cbb7261dd8967db6b343a43ccd9c718ca9e5c5b48e2c2011bf9c0023a74ea05a2d2529a", 0x35}, {&(0x7f0000000240)="b1", 0x1}, {&(0x7f0000000280)="8979c87fb7a3a30b832b72d5ba3b4ee99ea3f8821f2e377b66c751ea8b35e6172b53587b", 0x24}, {&(0x7f00000002c0)="ae00f001d8390421eb2c9d94847eac0e2aa7dac0ba70e37281a082e7ca6ee170b6b18afd8ceb65d72a952eaf62f863cbffc3ea50f4cb9de43eafc01079bf2350cd60d69bc5f1169dd1df51108540542813a8dd9350b99c9874545b6844393539e81c8ec9d31a85a98c196b87afb5a0323d", 0x71}], 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xfffffffffffffe48, 0x0, &(0x7f00000000c0)=[@clear_death={0x400c630f, 0xa2}], 0x0, 0x0, 0x0}) 20:21:52 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x4000000000004, 0x201) r1 = add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc3='e8dab99234bb312e'}, &(0x7f0000000180)={0x0, "111b555b6168e1d60dcd7171f4f8c7c4b6556d65195c0dd1dfe7e0060f49d4225cb8b716afc837b2ac0acf5b84564bf0923b64d5b82ffff2c77a5a2e0bd18ed4"}, 0x48, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, r1) add_key$fscrypt_v1(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'fscrypt:', @desc2='e355a76a11a1be18'}, &(0x7f0000000180)={0x0, "79f868588963de42253a370e59711ddf91470423be045d2fe3a65e0ad5193ca87f411db7edd7065becb72591d90ffa32e76bc0598a327a79455fbbac51585050", 0x1a}, 0x48, r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x408201, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f00000000c0)={0x8, 0x5, 0xf00, 0xa6a, 'syz1\x00', 0x8}) 20:21:52 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000040)) r1 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r1, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:52 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000100)={0x2, 0x1f}) socket$phonet(0x23, 0x2, 0x1) r1 = accept(r0, 0x0, 0x0) sendmsg$L2TP_CMD_SESSION_GET(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x8, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x472b9039c3d155b5}, 0x10) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x54, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x0, 0x8) 20:21:52 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x0, 0x8) 20:21:52 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000040)) getpeername(0xffffffffffffffff, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x76a9, 0xa2100) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0xb4, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @increfs_done, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/13, 0xd, 0x0, 0x1a}, @flat=@binder={0x73622a85, 0x3e0bc0aee3d343eb, 0x1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000140)={0x0, 0x28, 0x40}}}, @enter_looper, @dead_binder_done], 0x0, 0x0, 0x0}) 20:21:52 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) writev(r0, &(0x7f0000001540)=[{&(0x7f0000000000)="2daee473ce57671bce16b3889db7178790f89c99568ed5599beaffd32fecdb925110654ece60707f5f74e7264314a58ee30a3ab57c9b2a4663e44e0966faa713c2491ede01b9c99f1ee937307195e8ba8c57f0d2346de1b6b6819a251ac21ff8af64e6d20ec22afb9b53d044b5f91d6cc3c8d7b6393d6b69c37e410b7ca415dfd241e37d9199b8db589769053c04e1a91b7f541c14f47f57ffa6836747392357cc7358ac8e669de7b127dd3717640e861e2c82283125cf9ad63be4357c29e5f2b2135f332945162ed4257607", 0xcc}, {&(0x7f0000000100)="91e1005ddbd2acf2d94ea534d874611b3e2cdd7764d74d7a3a8b8e22db89093f587ef87e8ace0d4c7f6c5314ce35531f886b3b9d37827b429e38b4eb79fbfb58d6a77c41f78805189c2461178120c5749bde70c452144a7ee79694765d107af7f2f03855809d99a2f0460922045f3f15817dcbbcb463f635204b27a26a2b2291a1c9039ad749e67a1ce0a6810fb8fe05be", 0x91}, {&(0x7f00000001c0)="b4bb6f44e0ade61d20c3c16ef79fa936beea9bcb06b4086a96a834a3ab8942b3439ce0b7ac8185bbe222f1ea626be7748bc6cec1fdd3721df0e72257e053403cfec276a3baea8ed6dc980f3bf3517bad0e64e3445464dc1dfb4e01d0816d41ef02e60b2bf00ac7603291813e9c5ee6107a90af2644e6521bf00372c116134565e0bcf5029d30fd6dca1610acaccbe735cf89838a57a338de709a8d95ccdcf8f4d4acbeea312b1fe2c8756d9b15d8a19f5cde126c78ef2b9e7177966655bbe17d769adf773d2e8b3d3b009cd9911831f9ef8c8631c1a7deaa71c412aac810f765e203c2bfa21a14bacb9def43c036ed562842dc9e99e07502185172eebe50ae77682fb1014933942e1ec6cf8696b6e4bc904290c8e0cbadb94c0d9e53bf0805f7041f5a1b2b7b9c2eadab4ec386b5c4f82fdec7271b91d08f22dcca05acab8ac575448f6edfe70ba28f86d0dce3384412706ca42c5a3b85b3f09fb807ea58374ebbd08fdfe0a73521d3f46c6d934a45f828405274ee6e4bd2ddd6a76110dd4263a213498a7fdb505758f5e41bdd95686179d43b4c0144b465b503396878202493c336276a3c7e816ff6d5a813b3f85f2126f97c59c06c10555ff15b5f4d2938d4c8a2f540409e6633493b0828475618bc50238db9c5e26263b19c1bdb066f8f96d13c07c0bc50c9ba337b046a28c08f8134ef50412cf62ee3f01fbd78aefbd424d9a3847ad64dcbeffe13a949963b91a6006e474d26aa4a154fe43b6a64077b37d0dbc0775f75410ac9c7059144f85d85959dc14b62349da08eecc0cf415171795b2614e77242343abb446e6ccfb045610f5cbfac4f86681a5a8d8c8e250572f8cddfb085d94059a676b20db0a7938ef638579c9593e811ccc9089717f7d6fd899509f8fff6732a2ef5cfc109cdf852cd2970d5465df1f9413f7a4dc56f1dd16724ef78f5378f1a90fdc43f2db9f4cd32f8a67b7bce199c7cbef7a52a81f5e7610731246c6388cd43e6e02ff7be343ab26477c9392793b95736bcfd1e3b8cbbf97945252be9c3502c79c249c8a6eda45f2054c75e63f52f3a54c011d04721b5632df2d9816c4bd8f7595dbad351509a3103eb0ffd6a02ec3d679479ff0478b80840e0e6857bb1e78515ebbecc8296006ac4560d821f3d1fb3cfdc71cda23b5d4089575c646676ee683e7e2f80062ea899bb37c4adc8e8454c8c2d322cbc7d27ae91c05d08dfe3b587e0291322440ac1033b5ea8915086faa5b31506cdb8ac8b92159272c7102f17be7717cc1dccbbce2c685c301390c6034d0ac0d46db457bec812b9dfb42e699388c70f5730fdb33041d3c91cd231bc430b2fb6cc2a85f142890387855b23043a6f712a653974c6ee10a25aa612dbaf5baa1a8e4140d50098dcc6ad01481578ea114d1bd7dab3a3ee35cdb592276f9d280530b22ac1e9cb81679547be03dce5652510fdd4c4c9a642db5caa4b9aee7da137e8b5bd08fc892463d4f82c509cd13636786fbcc1551d35082bcd99ab67dd14992231c6c43c122cd1a7cb17c9d2e9f7532fd4469a8e31bc912fd998895a955adf88fcf6de7cdb53813c40b29afb94d743603677c9674e24281dd80d84b229f8046b1c947829bf4192defcd607069291c36db9a74ac516312130d7ded4fbaed0a6ab38e60d6f3d3529527c44a256c401be91782ca41dfab9cd24d1652e3a9683ee16539d7c366facfe21834ef5138a62babe3d6673be13e87ae09f1d194435d0047809415c0f715083199a5a9d8605dd507adb970f3827cec24c9bf45f3a0eb9298c9ae047f8850a122546abc9b68a2e26ca6fe0e3b5b6fd7a0e11c38d1c7962231db52755bab1084a0d8116af22bbc0881818ac7c3c363c89db9e3253e355286df2768ef84e1116ae4e51f9836fb80a8d5b6bfa6db2e0724d256f2a7bbf01234c1440a58dbb4494ea84095a05d5338cb33d42cf472e170c566d4c3e1d9de7d13fd7da357b4120566408035d88359aaf0eef2ae9170e292a05e9ec7ef545264561a0de8649852356bb788d3c444bea170e24dbb9ed3c18d7f16116290c8a9b118decc4a5e92245a94a8d82da4411ef1d64182a76e186f873e85cc9159e7c0d3016d0c50a1e1f4aa5fe0d52662e485cf3471b44260d18dd9db8e049aeea638952e8104f494c66f7f0e07b2c5022c9cd968039e3caddfa28c7dddb4118dc86f9965edc979a65d5f83f0102936de69157e9d34d82ee9c1ca8c1aaa5b394f15e7d66da165a58827dd5120236dde747ccce677588ca50429b3c47e463e078682197be3a40852de33833480895e37207602426344ae8056e34fe1ff194d0a44882766a7468fb4bccd1537ae14f999cdaeed31e4aaf949b8b9976298232a2afc5664a34d140b6ef25293bfbd1d100b550df3d797535e679157b42b48694111696d9a5c99f0a1bba35c88f99143113b125a062de71c4638d0d38466ec6239b068d6e0af48981aca39fa1c78b52e433d11c310ed19dd0770fcf34516bd6d6eb2762dc18029f7f0251964b4d07f03524ec04af6547e4613df3664620c414b2e15a8bb94dbcadd4d65f014da726e8612a372c67e8b3549b420a5878bd721fa01facb21b615b61dc8fdffe0d6c2cda45ff501af73bcee0b5ad6991aa4b975f9e2b3d215585f8f40f681149c7a64f6d2a0eaa2ff34fbe88aa2069e39936ae561958718f80c24744e9713ec0203d492c73aa7fc70342fe838c157787030ddc567f82ed8030164010c03d8de99daf2477d32b251e7d70d88f3c3a23a1059c892040fb7b755102898db5da7434590f2c3990ee17ebc9665906e2da63e94cd4e607606f304e0d72a1b64bf9dece2e8fab76ca80243c281d18e4b36ac3b2c9cbcd743e63291642766f717c56c195f28b0ce4631230734cf427277b38ef8eae233e68075f31779fc0f233a8072615acef6a52968d266c7bd6b2d4d74ab8e6f9c08f83b276c9b43997ff8319a6612aa21ebc7f72074ef50e0fa876a5039df7dbab250c24f4eab4a44a23df2ffff9d0889a2c138bef4d06efec0631d7da460c718f832aaf43eb302889ae9a1f44863fdbd937b0ea863f02e6699595c7d80e5a68e1e8efe0079cdd456a1d14dde597f45d1510133367c9b94e978bc9da11802825e49488584c9446b63cab18156a1d5cd54da41e04b302dc997837d376bb49a9337801c0093436996134dac2012da7353cc7b635a0fd4a1e222bbc504be78578455711dd1879468a865cee589aa38fededc59d9f75f3b30854bceba558f56c3cd7a711a1f679a90a1916933143356eb71d4837707bb884d1d97e32b69636155e5b1ab68dee9c1a94766f6033817aea59ae851274b78392fac30b35cffb2975967c0ef4926b9a692b0e11af2879f69ae845e39b5a3111f99919ec2e851c226540f04daedff5e67b0753ab99da0837dc94b39877e455e7705319dcdd49dd2a9dfefd4df9d8cf97385a6341ca7224a6d61bc795bc2dee30229319134ad3c246764140f575af3e70881f3e478c9b32ec5a48ce7452bf97027b879574c456397f4db79283a4bd767543829ee1bd2045b47b69e67da5746b89fb3adc60b767d779b5aa43191d36b78d7d7a35623b7d8ed8d0222769cfe5093e97c4fb5eec2b93be45958977e5dd9af169050bdd49a17fcc2ac54c03e1a18f0d647370721d760ca71fbb8c034f98e0ac0791437b347eb0750443ee0791800e12d843b28e53149d452cb4247cfa50d7e09ad571327db126bcbe682189f258a59b0db61f35392a616985480c844ba2b96288985a0c20d78c4338122f5b9f446c1b52f6dd05807125c01dd655431c295b1e9baaea1860f7f03f543f1db9cd6cdf1e8c476a0cb86f76c19eb2c7eda1e122d9e5c6dd3df37ad2bb17ffdc6d08019f8c76780c4578637678f8ccd7529f01038233a411430fe49bbfbe2891c9338e44b57729ec347684f9530fe44bce6c857b076641a4f974954c6f6e12bf542d519d8147cc12c12c168e0e00f607bcf228329e844e00a7770295b01a1ae22e95e9919dcd027e42b1c05dc9765e3e4dc4ebd6c6a6c6a84a351fa3b3dd5b834339f0952aca29bc00cc7f6535ed4a9bffe5a9f9549d5f9fa1e7eeb72d321a79c21b6f448be8ee915dd7d5a693f99610322ae8d14fa526ccb3677d60d021a29144f4c75b3e3361178cc3b60da1a2932ce6e88de187b0c9663d3801ec1019cc5b67b7d3adee185eb520e85b2065d5d04d124c380649499a591a35326610aae3956347d2f21b72feb20bc2109c38fb074c8a4cfee71a93ca23a61f809b520dac644e37f5e873d54c80ef8ded0f38bebb768aa103257d10db6bb7a79b2bd06fd67907fc5bb69d9a8055efcd36dcc3b1af0735046bc126a085139e5c5e03e956cf6b597b892bad261ac2c5fdb081e368ac9e86ec0b5fd4206ce33b63f774d8335cdbe4c12f74d200832660b20d98585d2075a079f07d12a4ff8cf87d5a57365815b36ae5eee8911999bd8ccc7aacfcc2bc915f9fb561ad90f4ccdbfe57a2d159459af2d4b9f536c21599ea2973247f8bada6e0dcd47362cf77dd4b0a732c12e4909bbe66f7a0baca6358ba51d64619c43e4855b88fb448c3899132d10f18dfcef65a406af1d4130069cf9244979beb59b767e10601357ab4cc0ad2e24f54d54a2b63eccfb91a3a1171cfa4184541b82962ef81789213841dc065e1e67d2c6378dc7543f78122b1c57be824271d5cc98336c31be81e349b6477bd48699ff2f3c38d1c1036a3f8389eacca8c01d3d7fbb52e210b5a7e0c5e51375ed2aa9970400cf976d21530c1d7fe0ca05ac05c4b83bc7e2a476a3c36db13a57d9bf5fe7c076b1d74a2f21671c5dfb6c0b80f0c69582d5fd2a593178d6cdf1a40358e622bc617a5ea264831522fb00f367e9b5c21182f97925eddab7f9cfc6b60ce09cc2702db0ef0dfd171ff3e8b8c77a9cb70a91a5c7f908068604c3d196a043fa8090379343e0063c5fd1a9d3755e6690878a21275df2984293c40793acc1c3610a567bd8eeafb5ba8614068dccb58cd89eff0f76977124b7ab141ca0477af08a604555a8484c9a75526812ce3d3e04d3d06e30134c6eec17cfdcb6b4c1e951e578d2e07ac189a0bedda3aa69a1783805906d8eefb1018690e1ebe8c02c253ea0d9c26e4a71a7d580043f2e2aad226ecbfb9d12efc828418d63aaed2b26ac347f5eb2cbb5a368626a320dad15b68944ad2d1c22db67352790eb33c124bf2551d1612f5c02898b94e2ebec5b386a2df3ee610469373b52cd732a805729b944b9975103454740a7c538e517d801f23cb12dba125842251af6ad04f84a33e1885f50423a602300fea766e50f265d6d7f6d0ba5405c536c69da01926abab910331e5c1aa49fb570fd1fd3d1e72038fd4b745aa3525f36a35cbd7301bc410e0b9176341b602d587043579431b6b0b2d5c3201dfec1e1a99ccd982370a6e45b57405b25d55e5b2f88e0659b35011cbd51cb1dab5f37988be13faa00d2255ef73a5e966cfaddb221a5efce8222859cffed2666b304e554f46979cf5eb13c70fa20fb30c69ec1d4a0b71c67b9af8ec734d9b8fea6552b4aff21e516f45d7bc3f4919b1fdeac4c585bbd284891c07ecdabf167f57f1ed0eabee49a314cd3b1c16ebe5748ad75651528de9874107f47f047f3bee0bf6c194f1d39e52e690c42c90259dbec11158a891a297f3a1804114635affd094016e7bd36202b57d8dfbbcd27f170c8533e51b1c6a21ede6d16b555bbbc782cd41e2c27993e96eaea8bdbb6f6ef0a2c012d13700015b159d492f", 0x1000}, {&(0x7f00000011c0)="5863e2d3ebd15e5518849dda8f588476329cda0ae26652589a309f8051a7a69a9cde0d2b00675b9221132f96f4ca4c97f153c17f1cb00872b96fa2014d8b31bbcc737356c0a4449a2caa779963f35d47adda0c6f86a9dad3103ff11c6c3faae2835df0134dee5110fa32437965643891e3b9e678945961c88c2a3f4a7f7e5756cc990a03c2b2c095d33b93a8da93ee9d12018cf417d1b6c56ca2a457", 0x9c}, {&(0x7f0000001280)="e911d13443a9854dd512025e7bb5c6316e4383e3f7227cef2859c5f5076b9588f9bae79092d3865e04f5100155bd545f56b01ce7a6f72fa36c1b51e43b52af43745f55f29579798ed297f81f8ed7def0ef0661f8dd763736830f3dfc00263edb9239037e6138565951b1c5e5eccdd39868214d670679ed016e3f8ef2eeccf52f5c6d02562f10a89c18f63b49c52bfd39a9cc829fb775fbbf6a631f504e08f75a204e37fdf6a4101b3e3e91a0bec65d6cead22fb52a58952c48d0a5ed93046f21b979aeb9f98e", 0xc6}, {&(0x7f0000001380)="ad9276fb8bb1f51fe836bb46f900e6e01653e5938b30395542bd6ed9f21c1875c22c38629f6ff2fc403269b8dfe5cd1f92bb5ebc01aa91c0037d31db4a66184d62628db81fcec0d69c1e3b2060f390be9c8e9c56682914ccfd2de936abd26f0e79c80acdc4aadfa1abb7d15558594131897e2d0942981375d5070ed5b4a31eed0f2f1e1f57699a28e9e92d49e6cc07785ad800140ddb5e2cde1257b971680bd5d6f6cec02cb763", 0xa7}, {&(0x7f0000001440)="14d60ac9f8f14553462700312e9739b64fd6814d4f0423bd1ceeaa9f754768f2363c4b2d13bd06dc0db51b87b8002b99c4827aee8fa9d812c80e0a78664bc30f4acf2da5117753dbdacf1916fac44eb503a0fbb6ea45cc6d7f7deb89e6535554b99c5fe0f9ddd74c12c8a3314c92fdf661bbae549208f346ead95ed7c82ba8043d8b8afa8fd2e4652e85eed02abe70b389295d237ff9c90a55c2af5ef13f9b10ecb784243a288d547ef9f8c9b144338d32880fb2038af1df0701baa1baf786e4a67d900d9bfb38b8128a4c1b00ab3bb6bb940718ee156d1c26079c3035257662fb25a66a698a8fb487dd3d1e52acf91d2dd6ce33a1197ab854b5da", 0xfb}], 0x7) accept(r0, 0x0, 0x0) 20:21:52 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(r1, r0, 0x3c21, 0x0) 20:21:52 executing program 0: ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000100)={0x5a, 0x0, {0x2, 0x3, 0xfffff800, 0x3, 0x9}, 0x9}) r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f0000000180)={0x83, 0xffe00000, 0x0, 'queue0\x00', 0xd886}) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000080)="6964db7ed79c5903a8fe0dcf8d7fc459bf2cbb7261dd8967db6b343a43ccd9c718ca9e5c5b48e2c2011bf9c0023a74ea05a2d2529a", 0x35}, {&(0x7f0000000240)="b1", 0x1}, {&(0x7f0000000280)="8979c87fb7a3a30b832b72d5ba3b4ee99ea3f8821f2e377b66c751ea8b35e6172b53587b", 0x24}, {&(0x7f00000002c0)="ae00f001d8390421eb2c9d94847eac0e2aa7dac0ba70e37281a082e7ca6ee170b6b18afd8ceb65d72a952eaf62f863cbffc3ea50f4cb9de43eafc01079bf2350cd60d69bc5f1169dd1df51108540542813a8dd9350b99c9874545b6844393539e81c8ec9d31a85a98c196b87afb5a0323d", 0x71}], 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xfffffffffffffe48, 0x0, &(0x7f00000000c0)=[@clear_death={0x400c630f, 0xa2}], 0x0, 0x0, 0x0}) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000180)=[@release], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000040)) getpeername(0xffffffffffffffff, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:52 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) ioctl$BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000000)) 20:21:52 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000000c0), &(0x7f0000000100)=0x4) accept(r0, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) getpeername(r1, &(0x7f0000000000)=@in={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x80) 20:21:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) tee(r0, r0, 0x1000, 0x0) 20:21:52 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000180)=[@release], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:52 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000040)) getpeername(0xffffffffffffffff, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:52 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r2, 0x0) ioctl$sock_ifreq(r2, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) ioctl$FBIOBLANK(r1, 0x4611, 0x1) add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'fscrypt:', @desc4='85baa174f0cb1142'}, &(0x7f0000000080)={0x0, "8f81d78d69633c54567427e84edee51dee8770891199cefe2027b0a70d6c6f1afc61ded175714896ad7745510fc9b6d4f0dc74af5dffd424f3088cb22f867684", 0x13}, 0x48, 0xfffffffffffffffa) 20:21:52 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f00000000c0)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x9, 0x0}, 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=r1, 0x4) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) write$midi(0xffffffffffffffff, &(0x7f0000000000)="037b5f88deb4205c470525b96b5508f96f9eed14d59d5b87b0b6d900aab6266ae4940c76bf6223763bbab0729fe7d412ee4ce50ba04e4170832587f7c33c39c8a8a3b17f1b12b6bb7c8efd252ad4bf5b4c721be55356ac84ca44fcf9ef1821123ec5dcdb18149daed6b66ebef6284495f3d1b8f81763a6fae29ba539cd638524f4e35abbfdee25dde1be8a6b4f9eb79d5932d1186aee550a7b57c7cce8bb03500aabede9997aeed42b", 0xa9) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000180)=[@release], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r1, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) flock(r0, 0x1) r1 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r2, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f00000002c0), &(0x7f0000000300)=0x4) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a85320, &(0x7f0000000080)={{0xba, 0x81}, 'port0\x00', 0x22, 0x0, 0x101, 0x7f, 0x0, 0x81, 0x6, 0x0, 0x5, 0x6}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r4, 0x40bc5311, &(0x7f0000000200)={0x7fffffff, 0x2, 'client0\x00', 0xffffffff80000006, "150b94cbf59a98e8", "827181cb538f244145e18039631d00629629f15abb6954430928ed1408de954b", 0x7, 0x3ff}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f0000000400)) 20:21:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r2, 0x0) ioctl$sock_ifreq(r2, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) ioctl$FBIOBLANK(r1, 0x4611, 0x1) add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'fscrypt:', @desc4='85baa174f0cb1142'}, &(0x7f0000000080)={0x0, "8f81d78d69633c54567427e84edee51dee8770891199cefe2027b0a70d6c6f1afc61ded175714896ad7745510fc9b6d4f0dc74af5dffd424f3088cb22f867684", 0x13}, 0x48, 0xfffffffffffffffa) 20:21:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x111, 0x2, 0x2, 0x1) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000100)) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000080)={0x4dc, 0xf49, 0x4, 0x400, 0x6, 0x80000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0xc, 0x0, &(0x7f0000000380)=[@dead_binder_done], 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000140)={0x4, 0x1, 0x490, 0x49e, 0x0, 0x480000}) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x54, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r2, 0x0) ioctl$sock_ifreq(r2, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) ioctl$FBIOBLANK(r1, 0x4611, 0x1) add_key$fscrypt_v1(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'fscrypt:', @desc4='85baa174f0cb1142'}, &(0x7f0000000080)={0x0, "8f81d78d69633c54567427e84edee51dee8770891199cefe2027b0a70d6c6f1afc61ded175714896ad7745510fc9b6d4f0dc74af5dffd424f3088cb22f867684", 0x13}, 0x48, 0xfffffffffffffffa) 20:21:53 executing program 4: socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x9) r2 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r3, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea00ad0e521c0000000000000300000003000000e9126f45c7a06784eaa08d08de973e3a6caae11bc7045764291dbde03098c23dbf1572c4ee5a43fdf480dbbba1189d94c510a088b5e71282ac85d210a72b84772a2377804fa949c54c18ff9711a00ac4ee56f527d8d5d7f0a63ea2c87a04baf0da3b2687ff3620aa726255b818db2c0d06911f6b6aba2348e1757bc69382d516fb5c26b6b6a7d6d7f54f867ed8ffd9fcbbb09b2c9d53cf609ecfd30e77990995f988231925c5b04194ec82da477a31393c78b42508c1aec0b3e330311e13092c7b86c76dc341d43112ab5a4ab3c7bc7ccd0e186f60db1364d9ce6c80a80dd0581131c013f20e46066c9fe4c910197f019dec4114c351585c18c75c9ab65d6a0b1c2a424c8d93ad365e1d91eda31f5c7d7048ac2609c314fa"], 0x202) r4 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r4, 0x0) sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="11cfb81e2a134b93eeeb7ade4378efe0c170436cb071cae7f4e0e9da38ae73c37efd715dec20c72f72d36fbfdc18ce7add83a0c6bb2a8b050032684c00"/74, @ANYRES16=0x0, @ANYRESHEX=r2], 0x44}, 0x1, 0x0, 0x0, 0x40094}, 0x20000000) r5 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r5, 0x0) r6 = socket$inet6_icmp(0xa, 0x2, 0x3a) accept(r6, 0x0, 0x0) 20:21:53 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r0, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) flock(r0, 0x1) r1 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r2, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f00000002c0), &(0x7f0000000300)=0x4) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a85320, &(0x7f0000000080)={{0xba, 0x81}, 'port0\x00', 0x22, 0x0, 0x101, 0x7f, 0x0, 0x81, 0x6, 0x0, 0x5, 0x6}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r4, 0x40bc5311, &(0x7f0000000200)={0x7fffffff, 0x2, 'client0\x00', 0xffffffff80000006, "150b94cbf59a98e8", "827181cb538f244145e18039631d00629629f15abb6954430928ed1408de954b", 0x7, 0x3ff}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f0000000400)) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x54, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 653.322615] binder: 13399:13401 ioctl 8008f512 20000100 returned -22 [ 653.354041] binder: 13399:13407 ioctl 8008f512 20000100 returned -22 20:21:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 2: ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x54, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000140)}}], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000000)=0xffffffb0, 0x4) 20:21:53 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r0, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r2, 0x0) ioctl$sock_ifreq(r2, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) ioctl$FBIOBLANK(r1, 0x4611, 0x1) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x54, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x111, 0x2, 0x2, 0x1) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000100)) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000080)={0x4dc, 0xf49, 0x4, 0x400, 0x6, 0x80000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0xc, 0x0, &(0x7f0000000380)=[@dead_binder_done], 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000140)={0x4, 0x1, 0x490, 0x49e, 0x0, 0x480000}) 20:21:53 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x0) getpeername(r0, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = accept(r0, &(0x7f0000000000)=@in={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x80) openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x101000, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r2, 0x110, 0x4, &(0x7f0000000180)=0x1, 0x4) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4) socket$pptp(0x18, 0x1, 0x2) accept(r0, 0x0, 0x0) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r2, 0x0) ioctl$sock_ifreq(r2, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:53 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x0) getpeername(r0, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r2, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) [ 653.565479] binder: 13436:13441 ioctl 8008f512 20000100 returned -22 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x980, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x120c20, 0x0) ioctl$FBIOPUT_CON2FBMAP(r3, 0x4610, &(0x7f0000000100)={0x28, 0x2}) setsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000080)=0xffffffff, 0x4) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000040)={0x7f}, 0x1) socket$nl_generic(0x10, 0x3, 0x10) accept(r0, 0x0, 0x0) 20:21:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$sock_ifreq(0xffffffffffffffff, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:53 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x0) getpeername(r0, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$sock_ifreq(0xffffffffffffffff, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 3: socket$rxrpc(0x21, 0x2, 0x2) getpeername(0xffffffffffffffff, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = accept(r0, 0x0, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000)='l2tp\x00', r1) 20:21:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$sock_ifreq(0xffffffffffffffff, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:53 executing program 3: socket$rxrpc(0x21, 0x2, 0x2) getpeername(0xffffffffffffffff, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nvme-fabrics\x00', 0x1000, 0x0) r4 = accept(r3, &(0x7f0000000140)=@un=@abs, &(0x7f00000001c0)=0x80) syz_genetlink_get_family_id$gtp(&(0x7f00000002c0)='gtp\x00', r4) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') ioctl$BLKPBSZGET(r2, 0x127b, &(0x7f0000000080)) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') pipe(&(0x7f0000000000)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = accept(r0, 0x0, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) setsockopt$RXRPC_SECURITY_KEYRING(r1, 0x110, 0x2, &(0x7f0000000080)='*:\x00', 0x3) accept(r0, &(0x7f00000000c0)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000140)=0x80) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000580)={0x0, 0x77, 0xfa00, {0x0, 0x0, 0x111, 0x5}}, 0x20) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r4, 0x800455d1, &(0x7f0000000000)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r5, 0xc008551b, &(0x7f0000000300)=ANY=[@ANYBLOB="0600000800000600000065bd19b70ab62dffffff1f00005c00007f0000000000010865e923d5a6838f553da2ac949474ebc8132fa162438d00dd0b5335e6cd77b82b81fe344a02efa71f99f27c3c4000000000"]) ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f00000001c0)={0x0, @ax25={0x3, @default}, @xdp={0x2c, 0x8, 0x0, 0x2d}, @llc={0x1a, 0x6, 0xff, 0x3, 0x9, 0x2, @link_local}, 0x5, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)='dummy0\x00', 0x400, 0x6e, 0xc000}) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vcsa\x00', 0x40400, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r7, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0xfc, 0x0, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x100}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x80000000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK={0xa4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x40091}, 0x0) ioctl$sock_SIOCDELRT(r2, 0x890c, &(0x7f0000000280)={0x0, @nl=@proc={0x10, 0x0, 0x25dfdbfc, 0x4000}, @xdp={0x2c, 0x8, r3, 0x35}, @xdp={0x2c, 0xc, r6, 0x39}, 0x9, 0x0, 0x0, 0x0, 0x80, &(0x7f0000000240)='xfrm0\x00', 0x101, 0xa8b6, 0x7fff}) r8 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r8, 0x0) ioctl$sock_ifreq(r8, 0x8935, &(0x7f0000000040)={'batadv_slave_1\x00', @ifru_names}) 20:21:53 executing program 3: socket$rxrpc(0x21, 0x2, 0x2) getpeername(0xffffffffffffffff, &(0x7f00000000c0)=@l2tp, &(0x7f0000000000)=0x80) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000200)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r0, 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffb, &(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='/dev/nvme-fabrics\x00') r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000200)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nvme-fabrics\x00', 0x1000, 0x0) r4 = accept(r3, &(0x7f0000000140)=@un=@abs, &(0x7f00000001c0)=0x80) syz_genetlink_get_family_id$gtp(&(0x7f00000002c0)='gtp\x00', r4) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') ioctl$BLKPBSZGET(r2, 0x127b, &(0x7f0000000080)) 20:21:53 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r0, 0x0, &(0x7f0000000000)) 20:21:53 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000200)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) flock(r1, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000000)={0x7ff, 0xa313}) accept(r0, 0x0, 0x0) 20:21:53 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0x2) getpeername(r0, 0x0, 0x0) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)={0x1a0, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xeb0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x474b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffff64c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x77b8}]}, @TIPC_NLA_BEARER={0xd0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x12e, @empty, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}}}}, @TIPC_NLA_BEARER_PROP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000001) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x68, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) flock(r1, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000000)={0x7ff, 0xa313}) accept(r0, 0x0, 0x0) 20:21:53 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nvme-fabrics\x00', 0x1000, 0x0) r4 = accept(r3, &(0x7f0000000140)=@un=@abs, &(0x7f00000001c0)=0x80) syz_genetlink_get_family_id$gtp(&(0x7f00000002c0)='gtp\x00', r4) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') ioctl$BLKPBSZGET(r2, 0x127b, &(0x7f0000000080)) 20:21:53 executing program 5: socketpair(0x28, 0x5, 0x5, &(0x7f00000001c0)) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:53 executing program 0: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:53 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) flock(r1, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000000)={0x7ff, 0xa313}) accept(r0, 0x0, 0x0) 20:21:53 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) flock(r1, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000000)={0x7ff, 0xa313}) accept(r0, 0x0, 0x0) 20:21:53 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nvme-fabrics\x00', 0x1000, 0x0) r3 = accept(r2, &(0x7f0000000140)=@un=@abs, &(0x7f00000001c0)=0x80) syz_genetlink_get_family_id$gtp(&(0x7f00000002c0)='gtp\x00', r3) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:53 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:54 executing program 0: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:54 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) flock(r0, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000000)={0x7ff, 0xa313}) 20:21:54 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:54 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nvme-fabrics\x00', 0x1000, 0x0) accept(r2, &(0x7f0000000140)=@un=@abs, &(0x7f00000001c0)=0x80) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000200)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:54 executing program 5: socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:54 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) flock(r0, 0x0) 20:21:54 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:54 executing program 0: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:54 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nvme-fabrics\x00', 0x1000, 0x0) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:54 executing program 5: socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000200)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:54 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) tee(0xffffffffffffffff, r0, 0x3c21, 0x8) 20:21:54 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00', 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:54 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000200)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:54 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:54 executing program 5: socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8927, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:54 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:54 executing program 3: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:54 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:54 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:54 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) pipe(&(0x7f0000000200)={0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000280)={0x1, 0x8, 0x3bcb, 0x3f}) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nvme-fabrics\x00', 0x1000, 0x0) r3 = accept(r2, &(0x7f0000000140)=@un=@abs, &(0x7f00000001c0)=0x80) syz_genetlink_get_family_id$gtp(&(0x7f00000002c0)='gtp\x00', r3) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') [ 654.433149] binder: 13597:13601 ioctl c0306201 0 returned -14 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:54 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:54 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 20:21:54 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:54 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:54 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:54 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 20:21:54 executing program 2: openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:54 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 654.556848] binder: 13623:13628 ioctl c0306201 0 returned -14 20:21:54 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000180)={'batadv_slave_0\x00', @ifru_names}) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 20:21:54 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:54 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$PPPIOCSMRU(r3, 0x40047452, &(0x7f0000000080)=0x7b726631) 20:21:54 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x8927, 0x0) [ 654.640169] binder: 13637:13643 ioctl c0306201 0 returned -14 20:21:54 executing program 2: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f0000000100)='ceph\x00', &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:54 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x8927, 0x0) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 20:21:54 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 654.689535] binder: 13646:13650 ioctl c0306201 0 returned -14 [ 654.700177] binder: 13641:13648 ioctl c0306201 0 returned -14 20:21:54 executing program 2: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, 0x0, &(0x7f0000000000)='/Gvv/n\x16\xf9\xcd\x97w\xa4\xc0wicl\x00y\x12\x84P\xf9\x8e\xdcG\xef\a\t&I\xc5\x99a\xf3\xfc\xb17\x11*v`L\x13\xc2?*\x1a<\x10\x04\xb6|\xaf\x10\xdb\xb6\x00\xa6s\xfd\xed\xb3s\xac3\x8b\x88\xac\x996') 20:21:54 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:54 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20:21:54 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$PPPIOCSMRU(r3, 0x40047452, &(0x7f0000000080)=0x7b726631) 20:21:54 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x8927, 0x0) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 654.771856] binder: 13663:13666 ioctl c0306201 0 returned -14 20:21:54 executing program 4: socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:54 executing program 2: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, 0x0, 0x0) 20:21:54 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20:21:54 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000340)="846805a72f70f9419b317cf5cdfc47f381eb286a3887ea28bdfa5c4b98307781c5a1258f4720ff54d203a3e173", 0x2d, 0x40000, &(0x7f0000000400)={0xa, 0x0, 0x3, @empty, 0x1, 0x1}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x7c, 0x0, &(0x7f0000000180)=[@release, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper, @acquire_done={0x40106309, 0x2}, @enter_looper], 0xcf, 0x0, &(0x7f0000000200)="9709cceb3d7c071043177ccb002bf463d20196fd2930283eb2cf567c03aaf6a954eee75977d567143268ad20dd0e58f732261c6051c5201f97f34a7801321c45b710366f855203ccedffdcd1f842a1201aaea6ea07066c981f5cd0f86ddabb2f3fcff974ec46e419ae70dd1e794043125053be2e871e7244f1c22bb09fd90bc2325136555b3e61c6d04710a2b0845a4825a9c3d2ff70f7a71fff761cd7e92739db7a5b8712af9b7a108b869e8847c64b438f7d1cef3f078bcd54e3d308d46cb2e629a824ad240342c0f251d80ec428"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000380)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 20:21:54 executing program 4: socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) [ 654.864960] binder: 13675:13682 ioctl c0306201 0 returned -14 20:21:54 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$PPPIOCSMRU(r3, 0x40047452, &(0x7f0000000080)=0x7b726631) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20:21:54 executing program 2: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, 0x0, 0x0) 20:21:54 executing program 4: socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:54 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000040)={0x6, 0x6, 0x1, 0x7}) 20:21:54 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0}) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20:21:54 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, 0x0, 0x1000) 20:21:54 executing program 2: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, 0x0, 0x0) 20:21:54 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20:21:54 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0}) 20:21:54 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, 0x0, 0x1000) 20:21:56 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:21:56 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000040)={0x6, 0x6, 0x1, 0x7}) 20:21:56 executing program 2: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, 0x0, 0x0) 20:21:56 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0}) 20:21:56 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, 0x0, 0x1000) 20:21:56 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) 20:21:56 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000040)={0x6, 0x6, 0x1, 0x7}) 20:21:56 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:56 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000040)={0x6, 0x6, 0x1, 0x7}) 20:21:56 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000100)=[@decrefs], 0x0, 0x0, 0x0}) 20:21:56 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) 20:21:56 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:56 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)) 20:21:56 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000040)={0x6, 0x6, 0x1, 0x7}) 20:21:56 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000200)="97"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) 20:21:56 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:21:56 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:21:56 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:57 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)) 20:21:57 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x220, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:57 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:21:57 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:21:57 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000040)={0x6, 0x6, 0x1, 0x7}) 20:21:57 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) [ 658.108633] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 658.131951] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 658.137445] CPU: 0 PID: 13776 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 658.145332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 658.154689] Call Trace: [ 658.157285] dump_stack+0x1b2/0x281 [ 658.160917] warn_alloc.cold+0x96/0x1cc [ 658.164899] ? zone_watermark_ok_safe+0x220/0x220 [ 658.169765] __alloc_pages_nodemask+0x2127/0x2720 [ 658.174614] ? _raw_spin_unlock_irq+0x24/0x80 [ 658.179108] ? lock_acquire+0x170/0x3f0 [ 658.183086] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 658.187937] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 658.193393] ? __mutex_unlock_slowpath+0x75/0x770 [ 658.198245] alloc_pages_current+0x155/0x260 [ 658.202662] ion_page_pool_alloc+0x118/0x1b0 [ 658.207079] ion_system_heap_allocate+0x133/0x8c0 [ 658.211927] ? ion_alloc+0x187/0x810 [ 658.215638] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 658.221090] ? ion_system_contig_heap_create+0x130/0x130 [ 658.226545] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 658.231567] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 658.236403] ion_alloc+0x204/0x810 [ 658.239944] ? ion_dma_buf_release+0x40/0x40 [ 658.244353] ? __might_fault+0x177/0x1b0 [ 658.248411] ion_ioctl+0xea/0x1f0 [ 658.251866] ? ion_query_heaps+0x360/0x360 [ 658.256096] ? ion_query_heaps+0x360/0x360 [ 658.260332] do_vfs_ioctl+0x75a/0xff0 [ 658.264129] ? ioctl_preallocate+0x1a0/0x1a0 [ 658.268528] ? lock_downgrade+0x740/0x740 [ 658.272670] ? __fget+0x225/0x360 [ 658.276123] ? do_vfs_ioctl+0xff0/0xff0 [ 658.280100] ? security_file_ioctl+0x83/0xb0 [ 658.284503] SyS_ioctl+0x7f/0xb0 [ 658.287869] ? do_vfs_ioctl+0xff0/0xff0 [ 658.291852] do_syscall_64+0x1d5/0x640 [ 658.295750] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 658.300941] RIP: 0033:0x466459 [ 658.304129] RSP: 002b:00007ffa34b8d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 658.311844] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 658.319101] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 658.326363] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 658.333628] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 658.340898] R13: 00007ffe55d0e34f R14: 00007ffa34b8d300 R15: 0000000000022000 [ 658.350107] Mem-Info: [ 658.352617] active_anon:11899 inactive_anon:4703 isolated_anon:0 [ 658.352617] active_file:6098 inactive_file:30449 isolated_file:0 [ 658.352617] unevictable:0 dirty:141 writeback:0 unstable:0 [ 658.352617] slab_reclaimable:20328 slab_unreclaimable:119161 [ 658.352617] mapped:60954 shmem:4886 pagetables:751 bounce:0 [ 658.352617] free:80483 free_pcp:86 free_cma:0 [ 658.386736] Node 0 active_anon:47244kB inactive_anon:18792kB active_file:24388kB inactive_file:121792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:243816kB dirty:560kB writeback:0kB shmem:19524kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 81920kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 658.427233] Node 1 active_anon:352kB inactive_anon:20kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 658.469294] Node 0 DMA free:11104kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 658.496398] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 658.501499] Node 0 DMA32 free:46964kB min:36200kB low:45248kB high:54296kB active_anon:47244kB inactive_anon:18792kB active_file:24388kB inactive_file:122380kB unevictable:0kB writepending:560kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7296kB pagetables:2988kB bounce:0kB free_pcp:688kB local_pcp:292kB free_cma:0kB [ 658.536022] lowmem_reserve[]: 0 0 0 0 0 [ 658.540070] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 658.570087] lowmem_reserve[]: 0 0 0 0 0 [ 658.574391] Node 1 Normal free:1345904kB min:53696kB low:67120kB high:80544kB active_anon:352kB inactive_anon:20kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:16kB bounce:0kB free_pcp:164kB local_pcp:76kB free_cma:0kB [ 658.606730] lowmem_reserve[]: 0 0 0 0 0 [ 658.610800] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 12*64kB (U) 1*128kB (U) 3*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (M) = 12448kB [ 658.628787] Node 0 DMA32: 317*4kB (ME) 612*8kB (UME) 1007*16kB (UME) 749*32kB (UM) 46*64kB (UM) 3*128kB (UM) 2*256kB (UM) 1*512kB (U) 19*1024kB (U) 3*2048kB (U) 0*4096kB = 76196kB [ 658.649256] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 658.660243] Node 1 Normal: 104*4kB (UME) 410*8kB (UME) 296*16kB (UME) 70*32kB (UM) 457*64kB (UME) 34*128kB (U) 26*256kB (UME) 18*512kB (UE) 326*1024kB (UE) 146*2048kB (UM) 254*4096kB (UM) = 1733360kB [ 658.682263] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 658.691368] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 658.703889] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 658.712730] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 658.725210] 19443 total pagecache pages [ 658.729194] 0 pages in swap cache [ 658.732637] Swap cache stats: add 0, delete 0, find 0/0 [ 658.739959] Free swap = 0kB [ 658.742986] Total swap = 0kB [ 658.748215] 2097051 pages RAM [ 658.751322] 0 pages HighMem/MovableOnly [ 658.757827] 363848 pages reserved [ 658.761276] 0 pages cma reserved 20:21:59 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:21:59 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:59 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:21:59 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:21:59 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 20:21:59 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:21:59 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:59 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) pipe(&(0x7f0000000000)) 20:21:59 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) 20:21:59 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:21:59 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:21:59 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$BLKRRPART(r0, 0x125f, 0x0) [ 660.588768] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 660.604893] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 660.610113] CPU: 1 PID: 13820 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 660.617987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.627338] Call Trace: [ 660.629938] dump_stack+0x1b2/0x281 [ 660.632950] syz-executor.3: page allocation failure: order:4 [ 660.633568] warn_alloc.cold+0x96/0x1cc [ 660.633581] ? zone_watermark_ok_safe+0x220/0x220 [ 660.633603] __alloc_pages_nodemask+0x2127/0x2720 [ 660.633618] ? lock_acquire+0x170/0x3f0 [ 660.633632] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 660.653615] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 660.656965] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 660.661771] (null) [ 660.668850] ? __mutex_unlock_slowpath+0x75/0x770 [ 660.668866] alloc_pages_current+0x155/0x260 [ 660.668879] ion_page_pool_alloc+0x118/0x1b0 [ 660.668889] ion_system_heap_allocate+0x133/0x8c0 [ 660.683621] syz-executor.3 cpuset= [ 660.685649] ? ion_alloc+0x187/0x810 [ 660.690025] / [ 660.694850] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 660.694861] ? ion_system_contig_heap_create+0x130/0x130 [ 660.713612] mems_allowed=0-1 [ 660.714705] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 660.722772] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 660.727601] ion_alloc+0x204/0x810 [ 660.731135] ? ion_dma_buf_release+0x40/0x40 [ 660.735530] ? __might_fault+0x177/0x1b0 [ 660.739571] ion_ioctl+0xea/0x1f0 [ 660.743003] ? ion_query_heaps+0x360/0x360 [ 660.747244] ? ion_query_heaps+0x360/0x360 [ 660.751471] do_vfs_ioctl+0x75a/0xff0 [ 660.755259] ? ioctl_preallocate+0x1a0/0x1a0 [ 660.759646] ? lock_downgrade+0x740/0x740 [ 660.763782] ? __fget+0x225/0x360 [ 660.767224] ? do_vfs_ioctl+0xff0/0xff0 [ 660.771203] ? security_file_ioctl+0x83/0xb0 [ 660.775597] SyS_ioctl+0x7f/0xb0 [ 660.778941] ? do_vfs_ioctl+0xff0/0xff0 [ 660.782895] do_syscall_64+0x1d5/0x640 [ 660.786772] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 660.791951] RIP: 0033:0x466459 [ 660.795124] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 660.802810] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 660.810062] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 660.817318] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 660.824570] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 660.831828] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 660.839099] CPU: 0 PID: 13822 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 660.846977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.856332] Call Trace: [ 660.858916] dump_stack+0x1b2/0x281 [ 660.862540] warn_alloc.cold+0x96/0x1cc [ 660.866509] ? zone_watermark_ok_safe+0x220/0x220 [ 660.871359] __alloc_pages_nodemask+0x2127/0x2720 [ 660.876196] ? __schedule+0x893/0x1de0 [ 660.880086] ? lock_acquire+0x170/0x3f0 [ 660.880792] Mem-Info: [ 660.884062] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 660.884080] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 660.884091] ? __mutex_unlock_slowpath+0x75/0x770 [ 660.886528] active_anon:12922 inactive_anon:6728 isolated_anon:0 [ 660.886528] active_file:8400 inactive_file:3146 isolated_file:0 [ 660.886528] unevictable:0 dirty:169 writeback:0 unstable:0 [ 660.886528] slab_reclaimable:20265 slab_unreclaimable:113166 [ 660.886528] mapped:60962 shmem:6911 pagetables:751 bounce:0 [ 660.886528] free:83551 free_pcp:461 free_cma:0 [ 660.891308] alloc_pages_current+0x155/0x260 [ 660.891321] ion_page_pool_alloc+0x118/0x1b0 [ 660.891331] ion_system_heap_allocate+0x133/0x8c0 [ 660.899950] Node 0 active_anon:51396kB inactive_anon:26912kB active_file:33592kB inactive_file:12584kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:243848kB dirty:672kB writeback:0kB shmem:27644kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 28672kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 660.901578] ? ion_alloc+0x187/0x810 [ 660.901590] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 660.901610] ? ion_system_contig_heap_create+0x130/0x130 [ 660.936740] Node 1 active_anon:292kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 660.939548] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 660.939561] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 660.939572] ion_alloc+0x204/0x810 [ 660.947517] Node 0 [ 660.948787] ? ion_dma_buf_release+0x40/0x40 [ 660.948804] ? __might_fault+0x177/0x1b0 [ 660.978319] DMA free:12444kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 660.980756] ion_ioctl+0xea/0x1f0 [ 660.980766] ? ion_query_heaps+0x360/0x360 [ 660.980777] ? ion_query_heaps+0x360/0x360 [ 660.987691] lowmem_reserve[]: [ 660.991637] do_vfs_ioctl+0x75a/0xff0 [ 660.991649] ? ioctl_preallocate+0x1a0/0x1a0 [ 660.991662] ? lock_downgrade+0x740/0x740 [ 661.018985] 0 [ 661.022493] ? __fget+0x225/0x360 [ 661.022502] ? do_vfs_ioctl+0xff0/0xff0 [ 661.022515] ? security_file_ioctl+0x83/0xb0 [ 661.028842] 2717 [ 661.030858] SyS_ioctl+0x7f/0xb0 [ 661.030867] ? do_vfs_ioctl+0xff0/0xff0 [ 661.030878] do_syscall_64+0x1d5/0x640 [ 661.033118] 2718 [ 661.037498] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 661.037507] RIP: 0033:0x466459 [ 661.037511] RSP: 002b:00007ffa34b8d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 661.037522] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 661.037527] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 661.037532] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 661.037540] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 661.046235] 2718 [ 661.067055] R13: 00007ffe55d0e34f R14: 00007ffa34b8d300 R15: 0000000000022000 [ 661.178821] 2718 [ 661.180930] Node 0 DMA32 free:133140kB min:36200kB low:45248kB high:54296kB active_anon:51396kB inactive_anon:26976kB active_file:33484kB inactive_file:12664kB unevictable:0kB writepending:700kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7232kB pagetables:2984kB bounce:0kB free_pcp:1396kB local_pcp:696kB free_cma:0kB [ 661.218781] lowmem_reserve[]: 0 0 0 0 0 [ 661.222827] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 661.253184] lowmem_reserve[]: 0 0 0 0 0 [ 661.258849] Node 1 Normal free:510972kB min:53696kB low:67120kB high:80544kB active_anon:292kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:32kB bounce:0kB free_pcp:708kB local_pcp:0kB free_cma:0kB [ 661.292771] lowmem_reserve[]: 0 0 0 0 0 [ 661.297470] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 2*32kB (U) 5*64kB (U) 4*128kB (U) 5*256kB (U) 2*512kB (U) 1*1024kB (U) 2*2048kB (UM) 1*4096kB (M) = 12444kB [ 661.316758] Node 0 DMA32: 881*4kB (UE) 2773*8kB (UME) 1677*16kB (UME) 935*32kB (U) 7*64kB (U) 8*128kB (UM) 5*256kB (U) 5*512kB (UM) 33*1024kB (U) 6*2048kB (U) 5*4096kB (U) = 154332kB [ 661.337279] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 661.361033] Node 1 Normal: 94*4kB (UM) 425*8kB (UM) 296*16kB (UM) 78*32kB (UM) 1023*64kB (UM) 34*128kB (U) 43*256kB (UM) 29*512kB (U) 435*1024kB (U) 9*2048kB (U) 2*4096kB (U) = 578752kB [ 661.402701] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 661.411619] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 661.423964] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 661.432850] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 661.447828] 17098 total pagecache pages [ 661.451852] 0 pages in swap cache [ 661.457255] Swap cache stats: add 0, delete 0, find 0/0 [ 661.462667] Free swap = 0kB [ 661.469014] Total swap = 0kB [ 661.472082] 2097051 pages RAM [ 661.477185] 0 pages HighMem/MovableOnly [ 661.481199] 363848 pages reserved [ 661.487886] 0 pages cma reserved 20:22:01 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:01 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept(r1, 0x0, 0x0) 20:22:01 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x1000) 20:22:01 executing program 5: ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) 20:22:01 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:22:02 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:22:02 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={0x0}}, 0x1000) 20:22:02 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 20:22:02 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:02 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:22:02 executing program 5: ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) 20:22:02 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={0x0}}, 0x0) 20:22:02 executing program 5: ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) 20:22:02 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) ioctl$BLKRRPART(r0, 0x125f, 0x0) 20:22:02 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:22:02 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:02 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:02 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)) 20:22:02 executing program 5: r0 = syz_open_dev$ndb(0x0, 0x0, 0xa00) ioctl$BLKRRPART(r0, 0x125f, 0x0) 20:22:02 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) 20:22:02 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:02 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:22:02 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:22:02 executing program 2: ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x7e4) 20:22:02 executing program 5: r0 = syz_open_dev$ndb(0x0, 0x0, 0xa00) ioctl$BLKRRPART(r0, 0x125f, 0x0) 20:22:02 executing program 2: ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x7e4) 20:22:02 executing program 0: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:22:02 executing program 5: r0 = syz_open_dev$ndb(0x0, 0x0, 0xa00) ioctl$BLKRRPART(r0, 0x125f, 0x0) [ 663.809268] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 663.839165] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 663.852862] CPU: 1 PID: 13908 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 663.860749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.870093] Call Trace: [ 663.872685] dump_stack+0x1b2/0x281 [ 663.876310] warn_alloc.cold+0x96/0x1cc [ 663.880283] ? zone_watermark_ok_safe+0x220/0x220 [ 663.885134] __alloc_pages_nodemask+0x2127/0x2720 [ 663.889973] ? __schedule+0x893/0x1de0 [ 663.893862] ? lock_acquire+0x170/0x3f0 [ 663.897840] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 663.902693] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 663.908141] ? __mutex_unlock_slowpath+0x75/0x770 [ 663.912975] ? retint_kernel+0x2d/0x2d [ 663.916867] alloc_pages_current+0x155/0x260 [ 663.921273] ion_page_pool_alloc+0x118/0x1b0 [ 663.925675] ion_system_heap_allocate+0x133/0x8c0 [ 663.930511] ? ion_alloc+0x187/0x810 [ 663.934219] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 663.939664] ? ion_system_contig_heap_create+0x130/0x130 [ 663.945105] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 663.950115] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 663.954954] ion_alloc+0x204/0x810 [ 663.958489] ? ion_dma_buf_release+0x40/0x40 [ 663.962896] ? __might_fault+0x177/0x1b0 [ 663.966950] ion_ioctl+0xea/0x1f0 [ 663.970399] ? ion_query_heaps+0x360/0x360 [ 663.974984] ? ion_query_heaps+0x360/0x360 [ 663.979212] do_vfs_ioctl+0x75a/0xff0 [ 663.983111] ? ioctl_preallocate+0x1a0/0x1a0 [ 663.987514] ? lock_downgrade+0x740/0x740 [ 663.991660] ? __fget+0x225/0x360 [ 663.995108] ? do_vfs_ioctl+0xff0/0xff0 [ 663.999078] ? security_file_ioctl+0x83/0xb0 [ 664.003480] SyS_ioctl+0x7f/0xb0 [ 664.006858] ? do_vfs_ioctl+0xff0/0xff0 [ 664.010837] do_syscall_64+0x1d5/0x640 [ 664.014731] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 664.019911] RIP: 0033:0x466459 [ 664.023089] RSP: 002b:00007ffa34b8d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 664.030790] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 664.038055] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 664.045311] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 664.052559] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 664.059824] R13: 00007ffe55d0e34f R14: 00007ffa34b8d300 R15: 0000000000022000 [ 664.083077] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 664.096021] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 664.096137] syz-executor.4 cpuset= [ 664.117704] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 664.136918] / mems_allowed=0-1 [ 664.141254] CPU: 1 PID: 13905 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 664.149131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.158461] Call Trace: [ 664.161047] dump_stack+0x1b2/0x281 [ 664.164654] warn_alloc.cold+0x96/0x1cc [ 664.168637] ? zone_watermark_ok_safe+0x220/0x220 [ 664.173469] __alloc_pages_nodemask+0x2127/0x2720 [ 664.178468] ? _raw_spin_unlock_irq+0x24/0x80 [ 664.182943] ? lock_acquire+0x170/0x3f0 [ 664.186911] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 664.191749] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 664.197185] ? __mutex_unlock_slowpath+0x75/0x770 [ 664.202031] alloc_pages_current+0x155/0x260 [ 664.206425] ion_page_pool_alloc+0x118/0x1b0 [ 664.210811] ion_system_heap_allocate+0x133/0x8c0 [ 664.215632] ? ion_alloc+0x187/0x810 [ 664.219325] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 664.224753] ? ion_system_contig_heap_create+0x130/0x130 [ 664.230179] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 664.235175] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 664.239996] ion_alloc+0x204/0x810 [ 664.243516] ? ion_dma_buf_release+0x40/0x40 [ 664.247905] ? __might_fault+0x177/0x1b0 [ 664.251944] ion_ioctl+0xea/0x1f0 [ 664.255380] ? ion_query_heaps+0x360/0x360 [ 664.259595] ? ion_query_heaps+0x360/0x360 [ 664.263807] do_vfs_ioctl+0x75a/0xff0 [ 664.267586] ? ioctl_preallocate+0x1a0/0x1a0 [ 664.271969] ? lock_downgrade+0x740/0x740 [ 664.276098] ? __fget+0x225/0x360 [ 664.279529] ? do_vfs_ioctl+0xff0/0xff0 [ 664.283479] ? security_file_ioctl+0x83/0xb0 [ 664.287865] SyS_ioctl+0x7f/0xb0 [ 664.291208] ? do_vfs_ioctl+0xff0/0xff0 [ 664.295162] do_syscall_64+0x1d5/0x640 [ 664.299049] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 664.304215] RIP: 0033:0x466459 [ 664.307384] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 664.315071] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 664.322322] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 664.329569] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 664.336819] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 664.344065] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 664.352372] CPU: 0 PID: 13894 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 664.360256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.369597] Call Trace: [ 664.372181] dump_stack+0x1b2/0x281 [ 664.376423] warn_alloc.cold+0x96/0x1cc [ 664.380401] ? zone_watermark_ok_safe+0x220/0x220 [ 664.385255] __alloc_pages_nodemask+0x2127/0x2720 [ 664.390051] warn_alloc_show_mem: 1 callbacks suppressed [ 664.390054] Mem-Info: [ 664.390102] ? lock_acquire+0x170/0x3f0 [ 664.395522] active_anon:13238 inactive_anon:6751 isolated_anon:0 [ 664.395522] active_file:323 inactive_file:312 isolated_file:32 [ 664.395522] unevictable:0 dirty:4 writeback:0 unstable:0 [ 664.395522] slab_reclaimable:20210 slab_unreclaimable:109202 [ 664.395522] mapped:54669 shmem:6934 pagetables:780 bounce:0 [ 664.395522] free:25475 free_pcp:220 free_cma:0 [ 664.397860] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 664.397878] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 664.401852] Node 0 active_anon:52900kB inactive_anon:27000kB active_file:1288kB inactive_file:1244kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:218676kB dirty:16kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 16384kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 664.435147] ? __mutex_unlock_slowpath+0x75/0x770 [ 664.435161] alloc_pages_current+0x155/0x260 [ 664.435174] ion_page_pool_alloc+0x118/0x1b0 [ 664.435183] ion_system_heap_allocate+0x133/0x8c0 [ 664.435191] ? ion_alloc+0x187/0x810 [ 664.435200] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 664.435207] ? ion_system_contig_heap_create+0x130/0x130 [ 664.435216] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 664.435225] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 664.435234] ion_alloc+0x204/0x810 [ 664.435246] ? ion_dma_buf_release+0x40/0x40 [ 664.435258] ? __might_fault+0x177/0x1b0 [ 664.435268] ion_ioctl+0xea/0x1f0 [ 664.435283] ? ion_query_heaps+0x360/0x360 [ 664.435297] ? ion_query_heaps+0x360/0x360 [ 664.435308] do_vfs_ioctl+0x75a/0xff0 [ 664.435319] ? ioctl_preallocate+0x1a0/0x1a0 [ 664.435327] ? lock_downgrade+0x740/0x740 [ 664.435342] ? __fget+0x225/0x360 [ 664.555912] ? do_vfs_ioctl+0xff0/0xff0 [ 664.559864] ? security_file_ioctl+0x83/0xb0 [ 664.564248] SyS_ioctl+0x7f/0xb0 [ 664.567592] ? do_vfs_ioctl+0xff0/0xff0 [ 664.571562] do_syscall_64+0x1d5/0x640 [ 664.575440] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 664.580630] RIP: 0033:0x466459 [ 664.583800] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 664.591504] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 664.598755] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 664.606004] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 664.613255] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 664.620503] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 664.649550] Node 1 active_anon:52kB inactive_anon:4kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 664.681516] Node 0 DMA free:11052kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:0kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:8kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 664.752852] oom_reaper: reaped process 13894 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 664.773594] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 664.775627] systemd-journal invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask= [ 664.778650] Node 0 DMA32 free:17984kB min:36200kB low:45248kB high:54296kB active_anon:50784kB inactive_anon:27000kB active_file:236kB inactive_file:712kB unevictable:0kB writepending:8kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7296kB pagetables:3112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 664.778672] lowmem_reserve[]: 0 0 0 0 0 [ 664.836468] (null), order=0, oom_score_adj=0 [ 664.838988] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 664.840994] systemd-journal cpuset= [ 664.883075] lowmem_reserve[]: 0 0 0 0 0 [ 664.914670] / mems_allowed=0-1 [ 664.918036] CPU: 0 PID: 4616 Comm: systemd-journal Not tainted 4.14.230-syzkaller #0 [ 664.918365] Node 1 [ 664.925901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.925905] Call Trace: [ 664.925920] dump_stack+0x1b2/0x281 [ 664.925932] dump_header+0x178/0x82f [ 664.928159] Normal free:26324kB min:53696kB low:67120kB high:80544kB active_anon:52kB inactive_anon:4kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 664.937496] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 664.937505] ? ___ratelimit+0x2cd/0x530 [ 664.937516] oom_kill_process.cold+0x10/0xa40 [ 664.940072] lowmem_reserve[]: [ 664.943687] out_of_memory+0xe3e/0x1190 [ 664.943704] ? oom_killer_disable+0x1c0/0x1c0 [ 664.947383] 0 [ 664.974247] ? mutex_trylock+0x152/0x1a0 [ 664.974258] __alloc_pages_nodemask+0x23e1/0x2720 [ 664.974278] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 664.979347] 0 [ 664.983311] alloc_pages_current+0x155/0x260 [ 664.987792] 0 [ 664.990862] filemap_fault+0x11a1/0x1ad0 [ 664.994819] 0 [ 664.999287] ext4_filemap_fault+0x84/0xb0 [ 665.001052] 0 [ 665.005091] __do_fault+0xfa/0x380 [ 665.005104] __handle_mm_fault+0x2497/0x4620 [ 665.005115] ? vm_insert_page+0x7c0/0x7c0 [ 665.014756] ? mark_held_locks+0xa6/0xf0 [ 665.014767] handle_mm_fault+0x455/0x9c0 [ 665.016545] Node 0 [ 665.020932] __do_page_fault+0x549/0xad0 [ 665.022702] DMA: [ 665.026743] ? spurious_fault+0x640/0x640 [ 665.026752] ? do_page_fault+0x60/0x500 [ 665.026761] ? page_fault+0x2f/0x50 [ 665.028540] 21*4kB [ 665.032661] page_fault+0x45/0x50 [ 665.034451] (U) [ 665.037959] RIP: 0001:0xffffffffffffffff [ 665.042336] 1*8kB [ 665.046457] RSP: 39e701e0:00007ffd3a827420 EFLAGS: 7ffd3a827230 [ 665.093784] Mem-Info: [ 665.102271] active_anon:12717 inactive_anon:6751 isolated_anon:0 [ 665.102271] active_file:10 inactive_file:23 isolated_file:0 [ 665.102271] unevictable:0 dirty:7 writeback:0 unstable:0 [ 665.102271] slab_reclaimable:20211 slab_unreclaimable:109217 [ 665.102271] mapped:54058 shmem:6934 pagetables:779 bounce:0 [ 665.102271] free:13920 free_pcp:67 free_cma:0 [ 665.104762] (M) [ 665.139668] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 665.148566] 2*16kB (UM) 1*32kB (M) 3*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 10972kB [ 665.157323] Node 0 active_anon:50816kB inactive_anon:27000kB active_file:132kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:216232kB dirty:24kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 665.178746] Node 0 [ 665.200908] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 665.207259] DMA32: 1279*4kB (UME) 448*8kB (ME) 197*16kB (ME) 80*32kB (UM) 30*64kB (M) 16*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18380kB [ 665.208486] CPU: 0 PID: 13894 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 665.222108] Node 0 [ 665.229961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.229965] Call Trace: [ 665.229981] dump_stack+0x1b2/0x281 [ 665.229994] warn_alloc.cold+0x96/0x1cc [ 665.232201] Normal: [ 665.241538] ? zone_watermark_ok_safe+0x220/0x220 [ 665.241546] ? usleep_range+0x130/0x130 [ 665.241557] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 665.244128] 0*4kB [ 665.247722] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 665.251662] 0*8kB [ 665.253963] ? run_timer_softirq+0x5a0/0x5a0 [ 665.253981] __alloc_pages_nodemask+0x2127/0x2720 [ 665.258795] 0*16kB [ 665.262753] ? lock_acquire+0x170/0x3f0 [ 665.267841] 0*32kB [ 665.269962] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 665.274978] 0*64kB [ 665.277096] ? ion_page_pool_alloc+0x9e/0x1b0 [ 665.281472] 0*128kB [ 665.286298] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 665.286318] alloc_pages_current+0x155/0x260 [ 665.288518] 0*256kB [ 665.292472] ion_page_pool_alloc+0x118/0x1b0 [ 665.294696] 0*512kB [ 665.299503] ion_system_heap_allocate+0x133/0x8c0 [ 665.301712] 0*1024kB [ 665.306184] ? ion_alloc+0x187/0x810 [ 665.306194] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 665.306204] ? ion_system_contig_heap_create+0x130/0x130 [ 665.308500] 0*2048kB [ 665.313927] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 665.313937] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 665.313948] ion_alloc+0x204/0x810 [ 665.318341] 0*4096kB [ 665.320645] ? ion_dma_buf_release+0x40/0x40 [ 665.325034] = 0kB [ 665.327325] ? __might_fault+0x177/0x1b0 [ 665.332144] Node 1 [ 665.334546] ion_ioctl+0xea/0x1f0 [ 665.334556] ? ion_query_heaps+0x360/0x360 [ 665.334570] ? ion_query_heaps+0x360/0x360 [ 665.338258] Normal: [ 665.343690] do_vfs_ioctl+0x75a/0xff0 [ 665.343704] ? ioctl_preallocate+0x1a0/0x1a0 [ 665.349129] 14*4kB [ 665.351517] ? lock_downgrade+0x740/0x740 [ 665.356521] (M) [ 665.361336] ? __fget+0x225/0x360 [ 665.364862] 12*8kB [ 665.367253] ? do_vfs_ioctl+0xff0/0xff0 [ 665.371628] (M) [ 665.374124] ? security_file_ioctl+0x83/0xb0 [ 665.374138] SyS_ioctl+0x7f/0xb0 [ 665.374153] ? do_vfs_ioctl+0xff0/0xff0 [ 665.378203] 8*16kB [ 665.380420] do_syscall_64+0x1d5/0x640 [ 665.383860] (UM) [ 665.388060] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 665.392262] 8*32kB [ 665.394564] RIP: 0033:0x466459 [ 665.394568] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 665.394578] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 665.394585] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 665.398359] (M) [ 665.402742] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 665.404970] 3*64kB [ 665.409071] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 665.409078] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 665.411037] (M) [ 665.421112] Node 1 active_anon:52kB inactive_anon:4kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 665.422669] 2*128kB [ 665.427084] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 665.439175] warn_alloc_show_mem: 2 callbacks suppressed [ 665.439178] Mem-Info: [ 665.450255] (M) 3*256kB [ 665.486902] active_anon:12717 inactive_anon:6751 isolated_anon:0 [ 665.486902] active_file:29 inactive_file:20 isolated_file:0 [ 665.486902] unevictable:0 dirty:7 writeback:0 unstable:0 [ 665.486902] slab_reclaimable:20211 slab_unreclaimable:109217 [ 665.486902] mapped:54058 shmem:6934 pagetables:779 bounce:0 [ 665.486902] free:13920 free_pcp:67 free_cma:0 [ 665.492973] (UM) [ 665.498311] lowmem_reserve[]: [ 665.508987] 0*512kB [ 665.535458] Node 0 active_anon:50816kB inactive_anon:27000kB active_file:108kB inactive_file:84kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:216232kB dirty:24kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 665.571242] 0*1024kB [ 665.611319] 0 [ 665.641398] 8*2048kB (U) 2*4096kB (U) = 26328kB [ 665.647911] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 665.657724] 2717 2718 2718 2718 [ 665.660636] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 665.661100] Node 0 [ 665.669683] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 665.669690] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 665.669694] 6967 total pagecache pages [ 665.669704] 0 pages in swap cache [ 665.669710] Swap cache stats: add 0, delete 0, find 0/0 [ 665.669713] Free swap = 0kB [ 665.669717] Total swap = 0kB [ 665.669723] 2097051 pages RAM [ 665.686629] Node 1 active_anon:52kB inactive_anon:4kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 665.696026] 0 pages HighMem/MovableOnly [ 665.711221] DMA32 free:18380kB min:36200kB low:45248kB high:54296kB active_anon:50812kB inactive_anon:27000kB active_file:112kB inactive_file:0kB unevictable:0kB writepending:24kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7296kB pagetables:3108kB bounce:0kB free_pcp:148kB local_pcp:120kB free_cma:0kB [ 665.743963] 363848 pages reserved [ 665.771801] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 665.789206] 0 pages cma reserved [ 665.801062] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 665.807677] Node 0 DMA32 free:18380kB min:36200kB low:45248kB high:54296kB active_anon:50812kB inactive_anon:27000kB active_file:112kB inactive_file:0kB unevictable:0kB writepending:24kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7296kB pagetables:3108kB bounce:0kB free_pcp:148kB local_pcp:120kB free_cma:0kB [ 665.838770] lowmem_reserve[]: 0 0 0 0 0 [ 665.842769] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 665.870465] lowmem_reserve[]: 0 0 0 0 0 [ 665.874517] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 665.902603] lowmem_reserve[]: 0 0 0 0 0 [ 665.906637] Node 1 Normal free:26328kB min:53696kB low:67120kB high:80544kB active_anon:52kB inactive_anon:4kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 665.936442] lowmem_reserve[]: 0 0 0 0 0 [ 665.940453] Node 1 Normal free:26328kB min:53696kB low:67120kB high:80544kB active_anon:52kB inactive_anon:4kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 665.970357] lowmem_reserve[]: 0 0 0 0 0 [ 665.974398] Node 0 DMA: 21*4kB (U) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 3*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 10972kB [ 665.992001] lowmem_reserve[]: 0 0 0 0 0 [ 665.996045] Node 0 DMA: 21*4kB (U) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 3*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 10972kB [ 666.013695] Node 0 DMA32: 1279*4kB (UME) 448*8kB (ME) 197*16kB (ME) 80*32kB (UM) 30*64kB (M) 16*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18380kB [ 666.028788] Node 0 DMA32: 1279*4kB (UME) 448*8kB (ME) 197*16kB (ME) 80*32kB (UM) 30*64kB (M) 16*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18380kB [ 666.045538] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 666.056299] Node 1 Normal: 14*4kB (M) 12*8kB (M) 8*16kB (UM) 8*32kB (M) 3*64kB (M) 2*128kB (M) 3*256kB (UM) 0*512kB 0*1024kB 8*2048kB (U) 2*4096kB (U) = 26328kB [ 666.073111] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 666.085900] Node 1 Normal: 14*4kB (M) 12*8kB (M) 8*16kB (UM) 8*32kB (M) 3*64kB (M) 2*128kB (M) 3*256kB (UM) 0*512kB 0*1024kB 8*2048kB (U) 2*4096kB (U) = 26328kB [ 666.100533] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 666.111641] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 666.120263] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 666.131265] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 666.140143] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 666.150838] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 666.160048] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 666.171052] 6967 total pagecache pages [ 666.174987] 0 pages in swap cache [ 666.178427] Swap cache stats: add 0, delete 0, find 0/0 [ 666.185979] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 666.194629] Free swap = 0kB [ 666.197644] Total swap = 0kB [ 666.200746] 2097051 pages RAM [ 666.206007] 6967 total pagecache pages [ 666.209894] 0 pages in swap cache [ 666.213366] Swap cache stats: add 0, delete 0, find 0/0 [ 666.218717] Free swap = 0kB [ 666.221719] Total swap = 0kB [ 666.226722] 0 pages HighMem/MovableOnly [ 666.230721] 363848 pages reserved [ 666.234208] 0 pages cma reserved [ 666.237562] Out of memory (oom_kill_allocating_task): Kill process 4616 (systemd-journal) score 0 or sacrifice child [ 666.240708] 2097051 pages RAM [ 666.250415] Killed process 4616 (systemd-journal) total-vm:54288kB, anon-rss:508kB, file-rss:0kB, shmem-rss:8396kB [ 666.270241] kworker/u4:4 invoked oom-killer: gfp_mask=0x14040d0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), nodemask=(null), order=0, oom_score_adj=0 [ 666.287445] kworker/u4:4 cpuset=/ mems_allowed=0-1 [ 666.288523] 0 pages HighMem/MovableOnly [ 666.292538] CPU: 0 PID: 257 Comm: kworker/u4:4 Not tainted 4.14.230-syzkaller #0 [ 666.292546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.292559] Workqueue: writeback wb_workfn (flush-8:0) [ 666.292566] Call Trace: [ 666.292579] dump_stack+0x1b2/0x281 [ 666.292590] dump_header+0x178/0x82f [ 666.292599] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 666.292607] ? ___ratelimit+0x2cd/0x530 [ 666.292616] oom_kill_process.cold+0x10/0xa40 [ 666.292627] ? lock_downgrade+0x740/0x740 [ 666.303316] 363848 pages reserved [ 666.304103] out_of_memory+0x2dc/0x1190 [ 666.313444] 0 pages cma reserved [ 666.318687] ? oom_killer_disable+0x1c0/0x1c0 [ 666.361410] ? mutex_trylock+0x152/0x1a0 [ 666.365468] __alloc_pages_nodemask+0x23e1/0x2720 [ 666.370319] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 666.375170] ? mark_held_locks+0xa6/0xf0 [ 666.379225] ? cache_grow_begin+0x3f/0x700 [ 666.380900] syz-executor.4: [ 666.383447] cache_grow_begin+0x91/0x700 [ 666.383461] fallback_alloc+0x207/0x2c0 [ 666.383473] kmem_cache_alloc+0x1e5/0x3c0 [ 666.386472] page allocation failure: order:4 [ 666.390510] ext4_init_io_end+0x23/0x100 [ 666.394489] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 666.398594] ext4_writepages+0x1008/0x32a0 [ 666.398620] ? ext4_mark_inode_dirty+0x7a0/0x7a0 [ 666.402985] (null) [ 666.407025] ? __lock_acquire+0x5fc/0x3f20 [ 666.407037] ? __lock_acquire+0x5fc/0x3f20 [ 666.407057] ? __lock_acquire+0x5fc/0x3f20 [ 666.414276] syz-executor.4 cpuset= [ 666.418467] ? trace_hardirqs_on+0x10/0x10 [ 666.423190] / [ 666.425339] ? ext4_mark_inode_dirty+0x7a0/0x7a0 [ 666.429587] mems_allowed=0-1 [ 666.433775] do_writepages+0xc3/0x240 [ 666.433788] ? page_writeback_cpu_online+0x10/0x10 [ 666.433802] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 666.469369] __writeback_single_inode+0xda/0x1010 [ 666.474193] writeback_sb_inodes+0x48b/0xd30 [ 666.478585] ? wbc_detach_inode+0x780/0x780 [ 666.482890] ? down_read_trylock+0x4e/0x90 [ 666.487101] ? trylock_super+0x1b/0xe0 [ 666.490981] __writeback_inodes_wb+0xbf/0x230 [ 666.495458] wb_writeback+0x710/0xb80 [ 666.499254] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 666.504859] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 666.510289] wb_workfn+0x2bd/0xf50 [ 666.513808] ? process_one_work+0x6c4/0x14a0 [ 666.518195] ? inode_wait_for_writeback+0x30/0x30 [ 666.523017] ? lock_acquire+0x170/0x3f0 [ 666.526969] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 666.532408] process_one_work+0x793/0x14a0 [ 666.536625] ? work_busy+0x320/0x320 [ 666.540317] ? worker_thread+0x158/0xff0 [ 666.544358] ? _raw_spin_unlock_irq+0x24/0x80 [ 666.548843] worker_thread+0x5cc/0xff0 [ 666.552713] ? rescuer_thread+0xc80/0xc80 [ 666.556851] kthread+0x30d/0x420 [ 666.560201] ? kthread_create_on_node+0xd0/0xd0 [ 666.564850] ret_from_fork+0x24/0x30 [ 666.568580] CPU: 1 PID: 13894 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 666.576927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.586275] Call Trace: [ 666.588859] dump_stack+0x1b2/0x281 [ 666.592483] warn_alloc.cold+0x96/0x1cc [ 666.596451] ? zone_watermark_ok_safe+0x220/0x220 [ 666.601303] __alloc_pages_nodemask+0x2127/0x2720 [ 666.606146] ? lock_acquire+0x170/0x3f0 [ 666.610123] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 666.614967] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 666.620418] ? __mutex_unlock_slowpath+0x75/0x770 [ 666.625259] alloc_pages_current+0x155/0x260 [ 666.629662] ion_page_pool_alloc+0x118/0x1b0 [ 666.632896] Mem-Info: [ 666.634060] ion_system_heap_allocate+0x133/0x8c0 [ 666.634073] ? _raw_spin_unlock+0x29/0x40 [ 666.634082] ? _ion_heap_freelist_drain+0x6e/0x410 [ 666.634090] ? ion_system_contig_heap_create+0x130/0x130 [ 666.634101] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 666.634112] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 666.634123] ion_alloc+0x27a/0x810 [ 666.634136] ? ion_dma_buf_release+0x40/0x40 [ 666.634148] ? __might_fault+0x177/0x1b0 [ 666.634159] ion_ioctl+0xea/0x1f0 [ 666.651462] active_anon:12867 inactive_anon:6476 isolated_anon:0 [ 666.651462] active_file:42 inactive_file:0 isolated_file:0 [ 666.651462] unevictable:0 dirty:7 writeback:0 unstable:0 [ 666.651462] slab_reclaimable:20209 slab_unreclaimable:109206 [ 666.651462] mapped:52233 shmem:6934 pagetables:742 bounce:0 [ 666.651462] free:17408 free_pcp:312 free_cma:0 [ 666.655843] ? ion_query_heaps+0x360/0x360 [ 666.655855] ? ion_query_heaps+0x360/0x360 [ 666.655865] do_vfs_ioctl+0x75a/0xff0 [ 666.655877] ? ioctl_preallocate+0x1a0/0x1a0 [ 666.655887] ? lock_downgrade+0x740/0x740 [ 666.655901] ? __fget+0x225/0x360 [ 666.675082] Node 0 active_anon:51416kB inactive_anon:25900kB active_file:164kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208932kB dirty:24kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 666.677671] ? do_vfs_ioctl+0xff0/0xff0 [ 666.681115] Node 1 active_anon:52kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 666.714063] ? security_file_ioctl+0x83/0xb0 [ 666.714074] SyS_ioctl+0x7f/0xb0 [ 666.714082] ? do_vfs_ioctl+0xff0/0xff0 [ 666.714094] do_syscall_64+0x1d5/0x640 [ 666.714108] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 666.714115] RIP: 0033:0x466459 [ 666.714120] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 666.714131] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 666.714136] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 666.714141] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 666.714147] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 666.714152] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 666.732018] Mem-Info: [ 666.751568] Node 0 [ 666.775419] active_anon:12867 inactive_anon:6476 isolated_anon:0 [ 666.775419] active_file:42 inactive_file:0 isolated_file:0 [ 666.775419] unevictable:0 dirty:7 writeback:0 unstable:0 [ 666.775419] slab_reclaimable:20209 slab_unreclaimable:109206 [ 666.775419] mapped:52233 shmem:6934 pagetables:742 bounce:0 [ 666.775419] free:17684 free_pcp:0 free_cma:0 [ 666.803547] DMA free:11004kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 666.823329] Node 0 active_anon:51416kB inactive_anon:25900kB active_file:164kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208932kB dirty:24kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 666.831831] lowmem_reserve[]: [ 666.850225] Node 1 active_anon:52kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 666.864814] 0 [ 666.881893] Node 0 [ 666.909238] 2717 [ 666.947379] DMA free:11004kB min:204kB low:252kB high:300kB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 666.962752] 2718 [ 666.988735] lowmem_reserve[]: [ 667.011282] 2718 [ 667.021981] 0 2717 2718 2718 2718 [ 667.027604] Node 0 DMA32 free:32332kB min:36200kB low:45248kB high:54296kB active_anon:51412kB inactive_anon:25900kB active_file:132kB inactive_file:0kB unevictable:0kB writepending:24kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7264kB pagetables:2960kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB [ 667.037887] 2718 [ 667.062997] lowmem_reserve[]: 0 0 0 0 0 [ 667.069078] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 667.105777] lowmem_reserve[]: 0 0 0 0 0 [ 667.108903] Node 0 DMA32 free:32636kB min:36200kB low:45248kB high:54296kB active_anon:51496kB inactive_anon:25808kB active_file:100kB inactive_file:0kB unevictable:0kB writepending:24kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7264kB pagetables:2992kB bounce:0kB free_pcp:224kB local_pcp:192kB free_cma:0kB [ 667.109789] Node 1 Normal free:27564kB min:53696kB low:67120kB high:80544kB active_anon:52kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 667.148510] lowmem_reserve[]: 0 0 0 0 0 [ 667.181197] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 667.181375] lowmem_reserve[]: 0 0 0 0 0 [ 667.221849] Node 0 DMA: 45*4kB (U) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 2*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 11004kB [ 667.245374] lowmem_reserve[]: 0 0 0 0 0 [ 667.247910] Node 0 DMA32: 1731*4kB (UMEH) [ 667.249392] Node 1 Normal free:27564kB min:53696kB low:67120kB high:80544kB active_anon:52kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 667.257323] 1359*8kB (UMEH) 490*16kB (UMEH) 216*32kB (UMH) 1*64kB (H) 3*128kB (UH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32996kB [ 667.296008] lowmem_reserve[]: 0 0 0 0 0 [ 667.316989] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 667.320386] Node 0 DMA: 45*4kB (U) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 2*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 11004kB [ 667.340943] Node 1 [ 667.368350] Node 0 [ 667.368870] Normal: [ 667.370618] DMA32: [ 667.372829] 285*4kB [ 667.380838] 1731*4kB (UMEH) 1359*8kB (UMEH) 490*16kB (UMEH) 216*32kB (UMH) 1*64kB (H) 3*128kB (UH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32996kB [ 667.390303] (UM) [ 667.416417] Node 0 [ 667.416864] 519*8kB [ 667.418521] Normal: [ 667.420729] (UM) [ 667.423030] 0*4kB [ 667.438353] 368*16kB [ 667.440178] 0*8kB [ 667.440504] (UM) [ 667.442892] 0*16kB [ 667.451314] 292*32kB [ 667.452686] 0*32kB [ 667.459933] (UM) 4*64kB (UM) 3*128kB (UM) 3*256kB (UM) 1*512kB (U) 1*1024kB (U) 0*2048kB 1*4096kB (U) = 27564kB [ 667.462526] 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 667.485724] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 667.492091] Node 1 [ 667.514352] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 667.515578] Normal: [ 667.516593] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 667.535931] 285*4kB (UM) 519*8kB (UM) 368*16kB (UM) 292*32kB (UM) 4*64kB (UM) 3*128kB (UM) 3*256kB (UM) 1*512kB (U) 1*1024kB (U) 0*2048kB 1*4096kB (U) = 27564kB [ 667.547610] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 667.562477] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 667.571044] 6967 total pagecache pages [ 667.585906] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 667.588054] 0 pages in swap cache [ 667.600242] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 667.603781] Swap cache stats: add 0, delete 0, find 0/0 [ 667.621057] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 667.626469] Free swap = 0kB [ 667.632627] Total swap = 0kB [ 667.641370] 6967 total pagecache pages [ 667.647228] 0 pages in swap cache [ 667.648133] 2097051 pages RAM [ 667.650685] Swap cache stats: add 0, delete 0, find 0/0 [ 667.661369] 0 pages HighMem/MovableOnly [ 667.669952] 363848 pages reserved [ 667.670842] Free swap = 0kB [ 667.680739] Total swap = 0kB [ 667.681397] 0 pages cma reserved [ 667.691379] 2097051 pages RAM [ 667.698647] 0 pages HighMem/MovableOnly [ 667.702615] 363848 pages reserved [ 667.719180] 0 pages cma reserved [ 667.722548] Out of memory: Kill process 13900 (syz-executor.3) score 1004 or sacrifice child [ 667.740174] Killed process 13908 (syz-executor.3) total-vm:93252kB, anon-rss:152kB, file-rss:34820kB, shmem-rss:0kB [ 667.772509] oom_reaper: reaped process 13908 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 667.815750] kworker/u4:4 invoked oom-killer: gfp_mask=0x14040d0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), nodemask=(null), order=0, oom_score_adj=0 [ 667.848729] kworker/u4:4 cpuset=/ mems_allowed=0-1 [ 667.865706] CPU: 1 PID: 257 Comm: kworker/u4:4 Not tainted 4.14.230-syzkaller #0 [ 667.873239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.882590] Workqueue: writeback wb_workfn (flush-8:0) [ 667.887858] Call Trace: [ 667.890437] dump_stack+0x1b2/0x281 [ 667.894060] dump_header+0x178/0x82f [ 667.897765] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 667.902858] ? ___ratelimit+0x2cd/0x530 [ 667.906824] oom_kill_process.cold+0x10/0xa40 [ 667.911312] ? lock_downgrade+0x740/0x740 [ 667.915460] out_of_memory+0x2dc/0x1190 [ 667.919427] ? oom_killer_disable+0x1c0/0x1c0 [ 667.923301] syz-executor.4: page allocation failure: order:0 [ 667.923915] ? mutex_trylock+0x152/0x1a0 [ 667.923926] __alloc_pages_nodemask+0x23e1/0x2720 [ 667.929702] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 667.933750] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 667.933770] ? mark_held_locks+0xa6/0xf0 [ 667.933781] ? cache_grow_begin+0x3f/0x700 [ 667.933791] cache_grow_begin+0x91/0x700 [ 667.933804] fallback_alloc+0x207/0x2c0 [ 667.952778] (null) [ 667.954559] kmem_cache_alloc+0x1e5/0x3c0 [ 667.954571] ext4_init_io_end+0x23/0x100 [ 667.954582] ext4_writepages+0x1008/0x32a0 [ 667.954610] ? ext4_mark_inode_dirty+0x7a0/0x7a0 [ 667.962100] syz-executor.4 cpuset= [ 667.962860] ? __lock_acquire+0x5fc/0x3f20 [ 667.981553] / [ 667.986050] ? __lock_acquire+0x5fc/0x3f20 [ 667.999719] ? __lock_acquire+0x5fc/0x3f20 [ 668.003947] ? trace_hardirqs_on+0x10/0x10 [ 668.006562] mems_allowed=0-1 [ 668.008174] ? ext4_mark_inode_dirty+0x7a0/0x7a0 [ 668.015986] do_writepages+0xc3/0x240 [ 668.019778] ? page_writeback_cpu_online+0x10/0x10 [ 668.024704] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 668.030139] __writeback_single_inode+0xda/0x1010 [ 668.034973] writeback_sb_inodes+0x48b/0xd30 [ 668.039382] ? wbc_detach_inode+0x780/0x780 [ 668.043699] ? down_read_trylock+0x4e/0x90 [ 668.047917] ? trylock_super+0x1b/0xe0 [ 668.051791] __writeback_inodes_wb+0xbf/0x230 [ 668.056276] wb_writeback+0x710/0xb80 [ 668.060069] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 668.065688] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 668.071120] wb_workfn+0x2bd/0xf50 [ 668.074645] ? process_one_work+0x6c4/0x14a0 [ 668.079042] ? inode_wait_for_writeback+0x30/0x30 [ 668.083884] ? lock_acquire+0x170/0x3f0 [ 668.087848] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 668.093313] process_one_work+0x793/0x14a0 [ 668.097543] ? work_busy+0x320/0x320 [ 668.101242] ? worker_thread+0x158/0xff0 [ 668.105295] ? _raw_spin_unlock_irq+0x24/0x80 [ 668.109775] worker_thread+0x5cc/0xff0 [ 668.113656] ? rescuer_thread+0xc80/0xc80 [ 668.117793] kthread+0x30d/0x420 [ 668.121150] ? kthread_create_on_node+0xd0/0xd0 [ 668.125808] ret_from_fork+0x24/0x30 [ 668.129517] CPU: 0 PID: 13894 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 668.137393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.146735] Call Trace: [ 668.149329] dump_stack+0x1b2/0x281 [ 668.152951] warn_alloc.cold+0x96/0x1cc [ 668.156118] Mem-Info: [ 668.156916] ? zone_watermark_ok_safe+0x220/0x220 [ 668.159303] active_anon:12865 inactive_anon:6453 isolated_anon:0 [ 668.159303] active_file:17 inactive_file:16 isolated_file:0 [ 668.159303] unevictable:0 dirty:7 writeback:0 unstable:0 [ 668.159303] slab_reclaimable:20165 slab_unreclaimable:108822 [ 668.159303] mapped:52225 shmem:6934 pagetables:750 bounce:0 [ 668.159303] free:13961 free_pcp:79 free_cma:0 [ 668.164111] ? usleep_range+0x130/0x130 [ 668.164120] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 668.164131] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 668.164149] ? run_timer_softirq+0x5a0/0x5a0 [ 668.197114] Node 0 active_anon:51452kB inactive_anon:25808kB active_file:64kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208900kB dirty:24kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 668.201044] __alloc_pages_nodemask+0x2127/0x2720 [ 668.206138] Node 1 active_anon:8kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 668.211112] ? lock_acquire+0x170/0x3f0 [ 668.215502] Node 0 [ 668.243238] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 668.243248] ? ion_page_pool_alloc+0x9e/0x1b0 [ 668.243264] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 668.248084] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 668.273736] alloc_pages_current+0x155/0x260 [ 668.273747] ion_page_pool_alloc+0x118/0x1b0 [ 668.273757] ion_system_heap_allocate+0x133/0x8c0 [ 668.277701] lowmem_reserve[]: [ 668.279917] ? _raw_spin_unlock+0x29/0x40 [ 668.284746] 0 [ 668.289202] ? _ion_heap_freelist_drain+0x6e/0x410 [ 668.294638] 2717 [ 668.320185] ? ion_system_contig_heap_create+0x130/0x130 [ 668.320194] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 668.320203] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 668.320213] ion_alloc+0x27a/0x810 [ 668.324613] 2718 [ 668.328988] ? ion_dma_buf_release+0x40/0x40 [ 668.333859] 2718 [ 668.336884] ? __might_fault+0x177/0x1b0 [ 668.341000] 2718 [ 668.342804] ion_ioctl+0xea/0x1f0 [ 668.349760] ? ion_query_heaps+0x360/0x360 [ 668.355291] Node 0 [ 668.360271] ? ion_query_heaps+0x360/0x360 [ 668.365115] DMA32 free:18056kB min:36200kB low:45248kB high:54296kB active_anon:51452kB inactive_anon:25808kB active_file:64kB inactive_file:60kB unevictable:0kB writepending:24kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7264kB pagetables:2992kB bounce:0kB free_pcp:152kB local_pcp:152kB free_cma:0kB [ 668.368605] do_vfs_ioctl+0x75a/0xff0 [ 668.370636] lowmem_reserve[]: [ 668.375025] ? ioctl_preallocate+0x1a0/0x1a0 [ 668.375033] ? lock_downgrade+0x740/0x740 [ 668.375046] ? __fget+0x225/0x360 [ 668.377078] 0 [ 668.381118] ? do_vfs_ioctl+0xff0/0xff0 [ 668.383149] 0 [ 668.386580] ? security_file_ioctl+0x83/0xb0 [ 668.386591] SyS_ioctl+0x7f/0xb0 [ 668.386600] ? do_vfs_ioctl+0xff0/0xff0 [ 668.390802] 0 [ 668.393019] do_syscall_64+0x1d5/0x640 [ 668.397238] 0 [ 668.425582] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 668.425591] RIP: 0033:0x466459 [ 668.425596] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 668.425605] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 668.425610] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 668.425619] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 668.429408] 0 [ 668.432488] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 668.432495] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 668.445660] Mem-Info: [ 668.446417] syz-executor.3: [ 668.450372] active_anon:12865 inactive_anon:6453 isolated_anon:0 [ 668.450372] active_file:17 inactive_file:16 isolated_file:0 [ 668.450372] unevictable:0 dirty:7 writeback:0 unstable:0 [ 668.450372] slab_reclaimable:20165 slab_unreclaimable:108822 [ 668.450372] mapped:52225 shmem:6934 pagetables:750 bounce:0 [ 668.450372] free:13961 free_pcp:79 free_cma:0 [ 668.452145] page allocation failure: order:0 [ 668.456649] Node 0 active_anon:51452kB inactive_anon:25808kB active_file:64kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208900kB dirty:24kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 668.478381] Node 0 [ 668.481675] Node 1 active_anon:8kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 668.502190] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 668.514549] Node 0 [ 668.537112] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 668.573875] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 668.608228] (null) [ 668.637678] lowmem_reserve[]: [ 668.666546] lowmem_reserve[]: [ 668.698819] syz-executor.3 cpuset= [ 668.699159] 0 [ 668.701934] / mems_allowed=0-1 [ 668.712669] CPU: 1 PID: 13908 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 668.718894] 2717 [ 668.720532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.720538] 2718 [ 668.722575] Call Trace: [ 668.736528] dump_stack+0x1b2/0x281 [ 668.740149] warn_alloc.cold+0x96/0x1cc [ 668.744115] ? zone_watermark_ok_safe+0x220/0x220 [ 668.744659] 2718 [ 668.748944] ? usleep_range+0x130/0x130 [ 668.748946] 2718 [ 668.751002] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 668.762082] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 668.767090] ? run_timer_softirq+0x5a0/0x5a0 [ 668.767652] Node 0 DMA32 free:18056kB min:36200kB low:45248kB high:54296kB active_anon:51452kB inactive_anon:25808kB active_file:64kB inactive_file:60kB unevictable:0kB writepending:24kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7264kB pagetables:2992kB bounce:0kB free_pcp:152kB local_pcp:0kB free_cma:0kB [ 668.771501] __alloc_pages_nodemask+0x2127/0x2720 [ 668.771517] ? lock_acquire+0x170/0x3f0 [ 668.809074] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 668.813912] ? ion_page_pool_alloc+0x9e/0x1b0 [ 668.818410] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 668.823860] ? retint_kernel+0x2d/0x2d [ 668.827742] alloc_pages_current+0x155/0x260 [ 668.832144] ion_page_pool_alloc+0x118/0x1b0 [ 668.832925] lowmem_reserve[]: [ 668.836542] ion_system_heap_allocate+0x133/0x8c0 [ 668.836552] ? ion_alloc+0x187/0x810 [ 668.836562] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 668.836572] ? ion_system_contig_heap_create+0x130/0x130 [ 668.836582] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 668.836591] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 668.836601] ion_alloc+0x204/0x810 [ 668.839691] 0 [ 668.844507] ? ion_dma_buf_release+0x40/0x40 [ 668.844520] ? __might_fault+0x177/0x1b0 [ 668.844532] ion_ioctl+0xea/0x1f0 [ 668.844542] ? ion_query_heaps+0x360/0x360 [ 668.844555] ? ion_query_heaps+0x360/0x360 [ 668.844565] do_vfs_ioctl+0x75a/0xff0 [ 668.844576] ? ioctl_preallocate+0x1a0/0x1a0 [ 668.844587] ? lock_downgrade+0x740/0x740 [ 668.861230] 0 [ 668.864130] ? __fget+0x225/0x360 [ 668.864140] ? do_vfs_ioctl+0xff0/0xff0 [ 668.864151] ? security_file_ioctl+0x83/0xb0 [ 668.864160] SyS_ioctl+0x7f/0xb0 [ 668.864169] ? do_vfs_ioctl+0xff0/0xff0 [ 668.872362] 0 [ 668.872526] do_syscall_64+0x1d5/0x640 [ 668.885910] 0 [ 668.886160] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 668.890360] 0 [ 668.894569] RIP: 0033:0x466459 [ 668.894574] RSP: 002b:00007ffa34b8d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 668.894584] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 668.894589] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 668.894595] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 668.894600] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 668.894605] R13: 00007ffe55d0e34f R14: 00007ffa34b8d300 R15: 0000000000022000 [ 668.903958] 0 [ 668.929720] 0 [ 668.940460] Node 0 [ 668.941758] 0 [ 668.942390] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 668.953700] 0 [ 668.971413] lowmem_reserve[]: [ 668.984748] 0 [ 669.001293] 0 [ 669.035995] Node 1 Normal free:26820kB min:53696kB low:67120kB high:80544kB active_anon:8kB inactive_anon:4kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:164kB local_pcp:164kB free_cma:0kB [ 669.040723] 0 [ 669.074496] lowmem_reserve[]: 0 0 0 0 0 [ 669.076518] 0 [ 669.080263] Node 0 [ 669.080265] 0 0 [ 669.082046] DMA: [ 669.094661] 36*4kB (UM) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 2*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 10968kB [ 669.097999] Node 1 Normal free:26820kB min:53696kB low:67120kB high:80544kB active_anon:8kB inactive_anon:4kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:164kB local_pcp:0kB free_cma:0kB [ 669.120706] Node 0 [ 669.149652] lowmem_reserve[]: 0 0 0 0 0 [ 669.157542] Node 0 DMA: 36*4kB (UM) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 2*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 10968kB [ 669.181261] Node 0 DMA32: 998*4kB (UME) 317*8kB (UME) 266*16kB (UME) 216*32kB (UM) 1*64kB (U) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18144kB [ 669.185508] DMA32: 998*4kB (UME) 317*8kB (UME) 266*16kB (UME) 216*32kB (UM) 1*64kB (U) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18144kB [ 669.209071] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 669.222851] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 669.230266] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 669.247325] Node 1 Normal: 99*4kB (UM) 519*8kB (UM) 368*16kB (UM) 292*32kB (UM) 4*64kB (UM) 3*128kB (UM) 3*256kB (UM) 1*512kB (U) 1*1024kB (U) 0*2048kB 1*4096kB (U) = 26820kB [ 669.252099] syz-executor.3 cpuset= [ 669.271440] Node 1 Normal: 99*4kB (UM) 519*8kB (UM) 368*16kB (UM) 292*32kB (UM) 4*64kB (UM) 3*128kB (UM) 3*256kB (UM) 1*512kB (U) 1*1024kB (U) 0*2048kB 1*4096kB (U) = 26820kB [ 669.277318] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 669.295144] / mems_allowed=0-1 [ 669.303517] CPU: 0 PID: 13908 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 669.311384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.316432] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 669.320722] Call Trace: [ 669.329301] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 669.331851] dump_stack+0x1b2/0x281 [ 669.340689] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 669.344276] warn_alloc.cold+0x96/0x1cc [ 669.344289] ? zone_watermark_ok_safe+0x220/0x220 [ 669.352833] 6967 total pagecache pages [ 669.356796] __alloc_pages_nodemask+0x2127/0x2720 [ 669.356806] ? lock_acquire+0x170/0x3f0 [ 669.361623] 0 pages in swap cache [ 669.365486] ? lock_acquire+0x170/0x3f0 [ 669.365502] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 669.370315] Swap cache stats: add 0, delete 0, find 0/0 [ 669.374272] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 669.374286] ? __mutex_unlock_slowpath+0x75/0x770 [ 669.377708] Free swap = 0kB [ 669.381663] alloc_pages_current+0x155/0x260 [ 669.386486] Total swap = 0kB [ 669.391815] ion_page_pool_alloc+0x118/0x1b0 [ 669.397249] 2097051 pages RAM [ 669.402067] ion_system_heap_allocate+0x133/0x8c0 [ 669.405085] 0 pages HighMem/MovableOnly [ 669.409458] ? _raw_spin_unlock+0x29/0x40 [ 669.412446] 363848 pages reserved [ 669.416838] ? _ion_heap_freelist_drain+0x6e/0x410 [ 669.416848] ? ion_system_contig_heap_create+0x130/0x130 [ 669.416857] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 669.416870] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 669.419946] 0 pages cma reserved [ 669.424787] ion_alloc+0x27a/0x810 [ 669.424803] ? ion_dma_buf_release+0x40/0x40 [ 669.428753] Out of memory: Kill process 13902 (syz-executor.1) score 1004 or sacrifice child [ 669.432876] ? __might_fault+0x177/0x1b0 [ 669.436364] Killed process 13905 (syz-executor.1) total-vm:93384kB, anon-rss:152kB, file-rss:34820kB, shmem-rss:0kB [ 669.441262] ion_ioctl+0xea/0x1f0 [ 669.494372] ? ion_query_heaps+0x360/0x360 [ 669.498586] ? ion_query_heaps+0x360/0x360 [ 669.502801] do_vfs_ioctl+0x75a/0xff0 [ 669.506580] ? ioctl_preallocate+0x1a0/0x1a0 [ 669.510978] ? lock_downgrade+0x740/0x740 [ 669.515107] ? __fget+0x225/0x360 [ 669.518537] ? do_vfs_ioctl+0xff0/0xff0 [ 669.522490] ? security_file_ioctl+0x83/0xb0 [ 669.526878] SyS_ioctl+0x7f/0xb0 [ 669.530219] ? do_vfs_ioctl+0xff0/0xff0 [ 669.534170] do_syscall_64+0x1d5/0x640 [ 669.538041] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 669.543205] RIP: 0033:0x466459 [ 669.546372] RSP: 002b:00007ffa34b8d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 669.554069] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 669.561333] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 669.568588] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 669.575848] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 669.583117] R13: 00007ffe55d0e34f R14: 00007ffa34b8d300 R15: 0000000000022000 [ 669.595892] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 669.619559] oom_reaper: reaped process 13905 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 669.629596] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 669.642540] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 669.651433] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 669.655081] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 669.663693] 6967 total pagecache pages [ 669.678609] 0 pages in swap cache [ 669.682055] Swap cache stats: add 0, delete 0, find 0/0 [ 669.689654] Free swap = 0kB [ 669.692665] Total swap = 0kB [ 669.697877] 2097051 pages RAM [ 669.700974] 0 pages HighMem/MovableOnly [ 669.707112] 363848 pages reserved [ 669.710558] 0 pages cma reserved [ 669.728297] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 669.733094] CPU: 0 PID: 9473 Comm: syz-fuzzer Not tainted 4.14.230-syzkaller #0 [ 669.740532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.749877] Call Trace: [ 669.752458] dump_stack+0x1b2/0x281 [ 669.756102] dump_header+0x178/0x82f [ 669.759811] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 669.764915] ? ___ratelimit+0x2cd/0x530 [ 669.768883] oom_kill_process.cold+0x10/0xa40 [ 669.773392] out_of_memory+0xe3e/0x1190 [ 669.777363] ? oom_killer_disable+0x1c0/0x1c0 [ 669.781856] ? mutex_trylock+0x152/0x1a0 [ 669.785929] __alloc_pages_nodemask+0x23e1/0x2720 [ 669.790776] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 669.795625] alloc_pages_current+0x155/0x260 [ 669.800035] filemap_fault+0x11a1/0x1ad0 [ 669.804103] ext4_filemap_fault+0x84/0xb0 [ 669.808245] __do_fault+0xfa/0x380 [ 669.811778] __handle_mm_fault+0x2497/0x4620 [ 669.816179] ? vm_insert_page+0x7c0/0x7c0 [ 669.820331] ? mark_held_locks+0xa6/0xf0 [ 669.824406] handle_mm_fault+0x455/0x9c0 [ 669.828466] __do_page_fault+0x549/0xad0 [ 669.832537] ? spurious_fault+0x640/0x640 [ 669.836682] ? do_page_fault+0x60/0x500 [ 669.840645] ? page_fault+0x2f/0x50 [ 669.844272] page_fault+0x45/0x50 [ 669.847727] RIP: 55fc600:0x8c [ 669.850825] RSP: 5995000:000000c000335f28 EFLAGS: 00000003 [ 669.863179] Mem-Info: [ 669.871250] active_anon:12865 inactive_anon:6453 isolated_anon:0 [ 669.871250] active_file:37 inactive_file:752 isolated_file:0 [ 669.871250] unevictable:0 dirty:7 writeback:0 unstable:0 [ 669.871250] slab_reclaimable:20165 slab_unreclaimable:108458 [ 669.871250] mapped:52575 shmem:6934 pagetables:750 bounce:0 [ 669.871250] free:191048 free_pcp:313 free_cma:0 [ 669.908261] Node 0 active_anon:51452kB inactive_anon:25808kB active_file:136kB inactive_file:3916kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:211200kB dirty:24kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 669.938021] Node 1 active_anon:8kB inactive_anon:4kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 669.965453] Node 0 DMA free:11992kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 669.993039] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 670.002866] Node 0 DMA32 free:401212kB min:36200kB low:45248kB high:54296kB active_anon:51452kB inactive_anon:25808kB active_file:276kB inactive_file:6180kB unevictable:0kB writepending:24kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7296kB pagetables:2992kB bounce:0kB free_pcp:668kB local_pcp:420kB free_cma:0kB [ 670.033459] lowmem_reserve[]: 0 0 0 0 0 [ 670.038635] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 670.053139] warn_alloc_show_mem: 1 callbacks suppressed [ 670.053143] Mem-Info: [ 670.065186] lowmem_reserve[]: 0 0 0 0 0 [ 670.077725] Node 1 Normal free:966272kB min:53696kB low:67120kB high:80544kB active_anon:4kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:668kB local_pcp:4kB free_cma:0kB [ 670.083192] active_anon:12842 inactive_anon:6453 isolated_anon:0 [ 670.083192] active_file:155 inactive_file:1585 isolated_file:0 [ 670.083192] unevictable:0 dirty:0 writeback:0 unstable:0 [ 670.083192] slab_reclaimable:20175 slab_unreclaimable:108449 [ 670.083192] mapped:53404 shmem:6934 pagetables:751 bounce:0 [ 670.083192] free:356320 free_pcp:351 free_cma:0 [ 670.106058] lowmem_reserve[]: 0 0 0 0 0 [ 670.149443] Node 0 DMA: 46*4kB (UM) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 3*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 1*1024kB (M) 0*2048kB 2*4096kB (UM) = 12096kB [ 670.169470] Node 0 DMA32: 279*4kB (UME) 63*8kB (UME) 50*16kB (UME) 23*32kB (UM) 123*64kB (UM) 81*128kB (UM) 24*256kB (U) 14*512kB (UM) 202*1024kB (U) 55*2048kB (U) 16*4096kB (U) = 419732kB [ 670.196661] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 670.207738] Node 1 Normal: 108*4kB (UM) 510*8kB (UM) 364*16kB (UM) 287*32kB (UM) 1205*64kB (UM) 88*128kB (UM) 23*256kB (UM) 7*512kB (U) 677*1024kB (U) 68*2048kB (U) 4*4096kB (U) = 966272kB [ 670.213152] Node 0 active_anon:51464kB inactive_anon:25808kB active_file:716kB inactive_file:7840kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:214916kB dirty:200kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 670.226043] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 670.262569] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 670.272499] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 670.281994] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 670.291113] 9269 total pagecache pages [ 670.295249] 0 pages in swap cache [ 670.298742] Swap cache stats: add 0, delete 0, find 0/0 [ 670.303138] Node 1 active_anon:4kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 670.304327] Free swap = 0kB [ 670.339598] Total swap = 0kB [ 670.343866] 2097051 pages RAM [ 670.347019] 0 pages HighMem/MovableOnly [ 670.351584] 363848 pages reserved [ 670.355307] 0 pages cma reserved [ 670.358719] Out of memory (oom_kill_allocating_task): Kill process 9473 (syz-fuzzer) score 0 or sacrifice child [ 670.363710] Node 0 DMA free:12096kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 670.370616] Killed process 7978 (syz-executor.3) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 670.398809] lowmem_reserve[]: [ 670.405989] systemd[1]: systemd-journald.service: Failed with result 'signal'. [ 670.416645] oom_reaper: reaped process 7978 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 670.442655] 0 2717 2718 2718 2718 [ 670.459084] Node 0 DMA32 free:300948kB min:36200kB low:45248kB high:54296kB active_anon:51364kB inactive_anon:25808kB active_file:1112kB inactive_file:10240kB unevictable:0kB writepending:148kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7232kB pagetables:2848kB bounce:0kB free_pcp:404kB local_pcp:264kB free_cma:0kB 20:22:10 executing program 2: ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x7e4) [ 670.494691] lowmem_reserve[]: 0 0 0 0 0 [ 670.498706] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 670.526701] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 670.534022] lowmem_reserve[]: 0 0 0 0 0 [ 670.542061] Node 1 Normal free:966272kB min:53696kB low:67120kB high:80544kB active_anon:4kB inactive_anon:4kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:668kB local_pcp:664kB free_cma:0kB [ 670.577911] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 670.578160] lowmem_reserve[]: 0 0 0 0 0 [ 670.590605] Node 0 DMA: 46*4kB (UM) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 3*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 1*1024kB (M) 0*2048kB 2*4096kB (UM) = 12096kB [ 670.603342] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 670.611504] Node 0 DMA32: 248*4kB (UME) 62*8kB (UE) 7*16kB (UME) 0*32kB 1*64kB (M) 0*128kB 1*256kB (M) 2*512kB (UM) 29*1024kB (U) 56*2048kB (UM) 15*4096kB (U) = 208768kB [ 670.614563] systemd[1]: Stopped Journal Service. [ 670.631753] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 670.647678] Node 1 Normal: 108*4kB (UM) 510*8kB (UM) 364*16kB (UM) 287*32kB (UM) 1205*64kB (UM) 88*128kB (UM) 23*256kB (UM) 7*512kB (U) 677*1024kB (U) 68*2048kB (U) 4*4096kB (U) = 966272kB [ 670.672825] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 670.675289] systemd[1]: Starting Journal Service... [ 670.689138] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 670.702555] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 670.712198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 670.726648] 10564 total pagecache pages [ 670.731049] 0 pages in swap cache [ 670.735945] Swap cache stats: add 0, delete 0, find 0/0 [ 670.742774] Free swap = 0kB [ 670.749548] Total swap = 0kB [ 670.752572] 2097051 pages RAM [ 670.759808] 0 pages HighMem/MovableOnly [ 670.767880] 363848 pages reserved [ 670.780395] 0 pages cma reserved [ 670.856642] systemd-journald[13939]: File /run/log/journal/04d8c135ee6b410280ba31a58c89679d/system.journal corrupted or uncleanly shut down, renaming and replacing. 20:22:11 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) 20:22:11 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)) 20:22:11 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 672.229403] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 672.253459] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 672.268106] CPU: 0 PID: 13955 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 672.275997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.285346] Call Trace: [ 672.287932] dump_stack+0x1b2/0x281 [ 672.291553] warn_alloc.cold+0x96/0x1cc [ 672.295529] ? zone_watermark_ok_safe+0x220/0x220 [ 672.300412] __alloc_pages_nodemask+0x2127/0x2720 [ 672.305266] ? lock_acquire+0x170/0x3f0 [ 672.309250] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 672.314097] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 672.319545] ? __mutex_unlock_slowpath+0x75/0x770 [ 672.324388] ? alloc_pages_current+0x84/0x260 [ 672.328880] alloc_pages_current+0x155/0x260 [ 672.333289] ion_page_pool_alloc+0x118/0x1b0 [ 672.337696] ion_system_heap_allocate+0x133/0x8c0 [ 672.342532] ? ion_alloc+0x187/0x810 [ 672.346252] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 672.351707] ? ion_system_contig_heap_create+0x130/0x130 [ 672.357158] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 672.362173] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 672.367012] ion_alloc+0x204/0x810 [ 672.370554] ? ion_dma_buf_release+0x40/0x40 [ 672.374968] ? __might_fault+0x177/0x1b0 [ 672.379032] ion_ioctl+0xea/0x1f0 [ 672.382469] ? ion_query_heaps+0x360/0x360 [ 672.386686] ? ion_query_heaps+0x360/0x360 [ 672.390908] do_vfs_ioctl+0x75a/0xff0 [ 672.394689] ? ioctl_preallocate+0x1a0/0x1a0 [ 672.399091] ? lock_downgrade+0x740/0x740 [ 672.403229] ? __fget+0x225/0x360 [ 672.406670] ? do_vfs_ioctl+0xff0/0xff0 [ 672.410626] ? security_file_ioctl+0x83/0xb0 [ 672.415024] SyS_ioctl+0x7f/0xb0 [ 672.418388] ? do_vfs_ioctl+0xff0/0xff0 [ 672.422348] do_syscall_64+0x1d5/0x640 [ 672.426222] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 672.431390] RIP: 0033:0x466459 [ 672.434556] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 672.442245] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 672.449492] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 672.456740] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 672.463988] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 672.471233] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 672.547314] Mem-Info: [ 672.550807] active_anon:14017 inactive_anon:8482 isolated_anon:0 [ 672.550807] active_file:372 inactive_file:436 isolated_file:2 [ 672.550807] unevictable:0 dirty:0 writeback:0 unstable:0 [ 672.550807] slab_reclaimable:20131 slab_unreclaimable:109469 [ 672.550807] mapped:44488 shmem:8982 pagetables:731 bounce:0 [ 672.550807] free:31856 free_pcp:95 free_cma:0 [ 672.585680] Node 0 active_anon:55772kB inactive_anon:25724kB active_file:1484kB inactive_file:1940kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:176628kB dirty:0kB writeback:0kB shmem:27724kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 18432kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 672.621543] Node 1 active_anon:296kB inactive_anon:8204kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1524kB dirty:0kB writeback:0kB shmem:8204kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 672.648995] Node 0 DMA free:11052kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 672.679844] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 672.685094] systemd[1]: Started Journal Service. [ 672.694913] Node 0 DMA32 free:114416kB min:36200kB low:45248kB high:54296kB active_anon:55772kB inactive_anon:25724kB active_file:1936kB inactive_file:2908kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7520kB pagetables:2700kB bounce:0kB free_pcp:256kB local_pcp:216kB free_cma:0kB [ 672.724968] lowmem_reserve[]: 0 0 0 0 0 [ 672.729491] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 672.799523] lowmem_reserve[]: 0 0 0 0 0 [ 672.817416] Node 1 Normal free:53592kB min:53696kB low:67120kB high:80544kB active_anon:296kB inactive_anon:8204kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:220kB bounce:0kB free_pcp:108kB local_pcp:108kB free_cma:0kB [ 672.894635] lowmem_reserve[]: 0 0 0 0 0 [ 672.926316] Node 0 DMA: 108*4kB (UM) 2*8kB (UM) 2*16kB (UM) 1*32kB (M) 1*64kB (M) 2*128kB (UM) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 2*4096kB (UM) = 11072kB [ 672.968841] Node 0 DMA32: 669*4kB (UME) 560*8kB (UME) 170*16kB (UME) 62*32kB (UM) 28*64kB (UM) 15*128kB (UM) 5*256kB (UM) 0*512kB 1*1024kB (M) 5*2048kB (UM) 2*4096kB (U) = 36308kB [ 672.989405] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 673.004426] Node 1 Normal: 94*4kB (UM) 74*8kB (UM) 105*16kB (U) 398*32kB (UM) 199*64kB (UM) 28*128kB (UM) 6*256kB (UM) 12*512kB (UM) 9*1024kB (UM) 17*2048kB (UM) 1*4096kB (U) = 87512kB [ 673.025631] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 673.035896] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 673.048784] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 673.074515] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 673.084732] 10557 total pagecache pages [ 673.088798] 0 pages in swap cache [ 673.092310] Swap cache stats: add 0, delete 0, find 0/0 [ 673.105846] Free swap = 0kB [ 673.108928] Total swap = 0kB [ 673.111995] 2097051 pages RAM [ 673.117854] 0 pages HighMem/MovableOnly [ 673.135613] 363848 pages reserved [ 673.139153] 0 pages cma reserved 20:22:13 executing program 0: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:22:13 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:13 executing program 5: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) 20:22:13 executing program 2: r0 = syz_open_dev$ndb(0x0, 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) 20:22:13 executing program 2: r0 = syz_open_dev$ndb(0x0, 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) 20:22:13 executing program 0: syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000380)=[@exit_looper], 0x0, 0x0, 0x0}) 20:22:13 executing program 5: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) 20:22:13 executing program 2: r0 = syz_open_dev$ndb(0x0, 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) 20:22:13 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 20:22:13 executing program 5: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) [ 673.607348] binder: 13987:13990 ioctl c0306201 0 returned -14 [ 673.827403] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 673.843554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 673.860204] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 673.884204] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 673.918688] device bridge_slave_1 left promiscuous mode [ 673.924562] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.940099] device bridge_slave_0 left promiscuous mode [ 673.953685] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.983812] device veth1_macvtap left promiscuous mode [ 673.989489] device veth0_macvtap left promiscuous mode [ 673.995848] device veth1_vlan left promiscuous mode [ 674.001171] device veth0_vlan left promiscuous mode [ 674.138866] device hsr_slave_1 left promiscuous mode [ 674.146994] device hsr_slave_0 left promiscuous mode [ 674.164587] team0 (unregistering): Port device team_slave_1 removed [ 674.176305] team0 (unregistering): Port device team_slave_0 removed [ 674.188098] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 674.199532] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 674.242123] bond0 (unregistering): Released all slaves [ 676.038940] IPVS: ftp: loaded support on port[0] = 21 20:22:15 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)) 20:22:15 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 20:22:15 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) 20:22:15 executing program 5: r0 = syz_open_dev$ndb(0x0, 0x0, 0xa00) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x7e4) 20:22:15 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 676.196906] binder: 14053:14069 ioctl c0306201 0 returned -14 [ 676.314691] chnl_net:caif_netlink_parms(): no params data found [ 676.527717] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.545994] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.565209] device bridge_slave_0 entered promiscuous mode [ 676.583674] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.600516] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.619663] device bridge_slave_1 entered promiscuous mode [ 676.683005] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 676.705994] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 676.761769] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 676.773499] team0: Port device team_slave_0 added [ 676.794231] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 676.801533] team0: Port device team_slave_1 added [ 676.850980] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 676.863280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.915798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 676.936268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 676.950661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.987480] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 677.022667] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 677.023578] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 677.054725] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 677.070421] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 677.085543] CPU: 1 PID: 14064 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 677.093446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 677.102793] Call Trace: [ 677.105394] dump_stack+0x1b2/0x281 [ 677.109015] warn_alloc.cold+0x96/0x1cc [ 677.112986] ? zone_watermark_ok_safe+0x220/0x220 [ 677.117834] __alloc_pages_nodemask+0x2127/0x2720 [ 677.122669] ? io_schedule_timeout+0x140/0x140 [ 677.127247] ? lock_acquire+0x170/0x3f0 [ 677.131217] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 677.136061] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 677.139967] syz-executor.4: page allocation failure: order:4 [ 677.141500] ? __mutex_unlock_slowpath+0x75/0x770 [ 677.141515] alloc_pages_current+0x155/0x260 [ 677.147341] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 677.152111] ion_page_pool_alloc+0x118/0x1b0 [ 677.167966] ion_system_heap_allocate+0x133/0x8c0 [ 677.172801] ? ion_alloc+0x187/0x810 [ 677.172831] (null) [ 677.176503] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 677.178629] syz-executor.4 cpuset= [ 677.184067] ? ion_system_contig_heap_create+0x130/0x130 [ 677.184076] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 677.184086] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 677.184097] ion_alloc+0x204/0x810 [ 677.184109] ? ion_dma_buf_release+0x40/0x40 [ 677.184120] ? __might_fault+0x177/0x1b0 [ 677.202971] / [ 677.206403] ion_ioctl+0xea/0x1f0 [ 677.210785] mems_allowed=0-1 [ 677.214824] ? ion_query_heaps+0x360/0x360 [ 677.214837] ? ion_query_heaps+0x360/0x360 [ 677.214847] do_vfs_ioctl+0x75a/0xff0 [ 677.214858] ? ioctl_preallocate+0x1a0/0x1a0 [ 677.214867] ? lock_downgrade+0x740/0x740 [ 677.214878] ? __fget+0x225/0x360 [ 677.214888] ? do_vfs_ioctl+0xff0/0xff0 [ 677.251164] ? security_file_ioctl+0x83/0xb0 [ 677.255561] SyS_ioctl+0x7f/0xb0 [ 677.258918] ? do_vfs_ioctl+0xff0/0xff0 [ 677.262879] do_syscall_64+0x1d5/0x640 [ 677.266751] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 677.271918] RIP: 0033:0x466459 [ 677.275087] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 677.282788] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 677.290039] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 677.297292] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 677.304548] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 677.311796] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 677.323399] device hsr_slave_0 entered promiscuous mode [ 677.333007] CPU: 0 PID: 14073 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 677.340886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 677.350237] Call Trace: [ 677.351480] Mem-Info: [ 677.352829] dump_stack+0x1b2/0x281 [ 677.352844] warn_alloc.cold+0x96/0x1cc [ 677.352856] ? zone_watermark_ok_safe+0x220/0x220 [ 677.355291] active_anon:13543 inactive_anon:8484 isolated_anon:0 [ 677.355291] active_file:2728 inactive_file:2679 isolated_file:0 [ 677.355291] unevictable:0 dirty:79 writeback:0 unstable:0 [ 677.355291] slab_reclaimable:19933 slab_unreclaimable:106394 [ 677.355291] mapped:57261 shmem:8983 pagetables:772 bounce:0 [ 677.355291] free:83565 free_pcp:206 free_cma:0 [ 677.358867] __alloc_pages_nodemask+0x2127/0x2720 [ 677.358878] ? __schedule+0x893/0x1de0 [ 677.365385] Node 0 active_anon:54104kB inactive_anon:25740kB active_file:10856kB inactive_file:10700kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:227396kB dirty:308kB writeback:0kB shmem:27736kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 677.367660] ? lock_acquire+0x170/0x3f0 [ 677.367685] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 677.402181] Node 1 active_anon:68kB inactive_anon:8196kB active_file:56kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1648kB dirty:8kB writeback:0kB shmem:8196kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 677.405988] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 677.406002] ? __mutex_unlock_slowpath+0x75/0x770 [ 677.406017] alloc_pages_current+0x155/0x260 [ 677.406030] ion_page_pool_alloc+0x118/0x1b0 [ 677.406040] ion_system_heap_allocate+0x133/0x8c0 [ 677.412685] Node 0 [ 677.438185] ? ion_alloc+0x187/0x810 [ 677.438197] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 677.438206] ? ion_system_contig_heap_create+0x130/0x130 [ 677.438216] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 677.438227] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 677.438239] ion_alloc+0x204/0x810 [ 677.444470] DMA free:11048kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 677.447069] ? ion_dma_buf_release+0x40/0x40 [ 677.447081] ? __might_fault+0x177/0x1b0 [ 677.447092] ion_ioctl+0xea/0x1f0 [ 677.473854] lowmem_reserve[]: [ 677.479223] ? ion_query_heaps+0x360/0x360 [ 677.479237] ? ion_query_heaps+0x360/0x360 [ 677.479248] do_vfs_ioctl+0x75a/0xff0 [ 677.486575] 0 [ 677.488473] ? ioctl_preallocate+0x1a0/0x1a0 [ 677.488482] ? lock_downgrade+0x740/0x740 [ 677.488496] ? __fget+0x225/0x360 [ 677.494165] 2717 [ 677.497703] ? do_vfs_ioctl+0xff0/0xff0 [ 677.497716] ? security_file_ioctl+0x83/0xb0 [ 677.497725] SyS_ioctl+0x7f/0xb0 [ 677.499972] 2718 [ 677.503635] ? do_vfs_ioctl+0xff0/0xff0 [ 677.503648] do_syscall_64+0x1d5/0x640 [ 677.503667] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 677.503677] RIP: 0033:0x466459 [ 677.511872] 2718 [ 677.514527] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 677.514538] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 677.514543] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 677.514549] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 677.514555] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 677.514561] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 677.516890] device hsr_slave_1 entered promiscuous mode [ 677.528029] 2718 [ 677.554321] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 677.679506] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 677.682415] Node 0 DMA32 free:206728kB min:36200kB low:45248kB high:54296kB active_anon:54104kB inactive_anon:25740kB active_file:10896kB inactive_file:10768kB unevictable:0kB writepending:308kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7808kB pagetables:3080kB bounce:0kB free_pcp:1336kB local_pcp:620kB free_cma:0kB [ 677.733472] lowmem_reserve[]: 0 0 0 0 0 [ 677.738448] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 677.773732] lowmem_reserve[]: 0 0 0 0 0 [ 677.778128] Node 1 Normal free:107692kB min:53696kB low:67120kB high:80544kB active_anon:68kB inactive_anon:8196kB active_file:56kB inactive_file:16kB unevictable:0kB writepending:8kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:8kB bounce:0kB free_pcp:128kB local_pcp:0kB free_cma:0kB [ 677.813358] lowmem_reserve[]: 0 0 0 0 0 [ 677.817469] Node 0 DMA: 46*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (UM) = 11048kB [ 677.837720] Node 0 DMA32: 809*4kB (UME) 424*8kB (MEH) 145*16kB (UMEH) 51*32kB (UMH) 382*64kB (UM) 394*128kB (UM) 283*256kB (U) 86*512kB (UM) 21*1024kB (UM) 3*2048kB (UM) 6*4096kB (U) = 254164kB [ 677.860640] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 677.872297] Node 1 Normal: 317*4kB (UM) 707*8kB (UM) 588*16kB (UM) 495*32kB (UM) 348*64kB (UM) 44*128kB (UM) 28*256kB (UM) 11*512kB (U) 26*1024kB (U) 4*2048kB (U) 0*4096kB = 107692kB [ 677.894601] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 677.906466] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 677.918032] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 677.932690] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 677.950432] 14373 total pagecache pages [ 677.955360] 0 pages in swap cache [ 677.958908] Swap cache stats: add 0, delete 0, find 0/0 [ 677.963935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 677.968465] Free swap = 0kB [ 677.974916] Total swap = 0kB [ 677.977996] 2097051 pages RAM [ 677.981235] 0 pages HighMem/MovableOnly [ 677.989741] 363848 pages reserved [ 677.994680] 0 pages cma reserved [ 678.058746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 678.067538] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 678.087948] Bluetooth: hci3 command 0x0409 tx timeout [ 678.098541] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 678.115653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 678.130485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 678.147614] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 678.161099] 8021q: adding VLAN 0 to HW filter on device team0 [ 678.178640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 678.198195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 678.213380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 678.233674] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.240050] bridge0: port 1(bridge_slave_0) entered forwarding state [ 678.271944] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 678.282431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 678.295702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 678.315951] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 678.339263] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.345661] bridge0: port 2(bridge_slave_1) entered forwarding state [ 678.372491] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 678.387853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 678.410514] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 678.430988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 678.446374] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 678.465599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 678.479520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 678.502673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 678.513396] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 678.521553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 678.542195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 678.565289] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 678.578910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 678.594351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 678.616881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 678.633532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 678.641338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 678.656848] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 678.679752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 678.711731] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 678.735484] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 678.741726] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 678.753160] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 678.774449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 678.888215] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 678.898349] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 678.910081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 678.918876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 678.977510] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 678.993915] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 679.005753] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 679.016322] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 679.023110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 679.030790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 679.046804] device veth0_vlan entered promiscuous mode [ 679.053831] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 679.065584] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 679.077109] device veth1_vlan entered promiscuous mode [ 679.088935] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 679.098816] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 679.116927] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 679.132280] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 679.140482] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 679.152263] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 679.160499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 679.172838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 679.182292] device veth0_macvtap entered promiscuous mode [ 679.190280] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 679.200190] device veth1_macvtap entered promiscuous mode [ 679.207318] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 679.217277] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 679.228641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 679.239436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 679.250462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.270454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 679.291122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.322718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 679.332453] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.352711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 679.362429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.373199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 679.382943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.394371] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 679.401334] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.409698] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 679.418056] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 679.430079] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 679.438694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 679.459241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 679.469518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.483692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 679.496514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.507374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 679.521066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.532463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 679.546511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.555656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 679.570103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.581665] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 679.593033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 679.599834] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 679.613731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 20:22:19 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:19 executing program 2: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x7e4) 20:22:19 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 20:22:19 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)) 20:22:19 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:19 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:22:20 executing program 2: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x7e4) 20:22:20 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 680.163263] Bluetooth: hci3 command 0x041b tx timeout [ 680.165582] binder: 14270:14274 ioctl c0306201 0 returned -14 20:22:20 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20:22:20 executing program 2: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x7e4) 20:22:20 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:20 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 681.281390] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 681.296685] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 681.299733] syz-executor.5: [ 681.307482] CPU: 0 PID: 14272 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 681.307907] syz-executor.1: [ 681.310499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.310503] Call Trace: [ 681.310520] dump_stack+0x1b2/0x281 [ 681.310533] warn_alloc.cold+0x96/0x1cc [ 681.318753] page allocation failure: order:4 [ 681.321395] ? zone_watermark_ok_safe+0x220/0x220 [ 681.321418] __alloc_pages_nodemask+0x2127/0x2720 [ 681.333943] page allocation failure: order:4 [ 681.336923] ? lock_acquire+0x170/0x3f0 [ 681.336939] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 681.340944] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 681.345312] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 681.345326] ? __mutex_unlock_slowpath+0x75/0x770 [ 681.345340] alloc_pages_current+0x155/0x260 [ 681.345353] ion_page_pool_alloc+0x118/0x1b0 [ 681.352626] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 681.354996] ion_system_heap_allocate+0x133/0x8c0 [ 681.355005] ? ion_alloc+0x187/0x810 [ 681.355018] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 681.360847] (null) [ 681.363364] ? ion_system_contig_heap_create+0x130/0x130 [ 681.363375] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 681.363386] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 681.363397] ion_alloc+0x204/0x810 [ 681.363410] ? ion_dma_buf_release+0x40/0x40 [ 681.370855] (null) [ 681.375317] ? __might_fault+0x177/0x1b0 [ 681.375329] ion_ioctl+0xea/0x1f0 [ 681.375338] ? ion_query_heaps+0x360/0x360 [ 681.375352] ? ion_query_heaps+0x360/0x360 [ 681.382290] syz-executor.5 cpuset= [ 681.385607] do_vfs_ioctl+0x75a/0xff0 [ 681.385619] ? ioctl_preallocate+0x1a0/0x1a0 [ 681.385628] ? lock_downgrade+0x740/0x740 [ 681.385644] ? __fget+0x225/0x360 [ 681.390060] syz-executor.1 cpuset= [ 681.394417] ? do_vfs_ioctl+0xff0/0xff0 [ 681.394427] ? security_file_ioctl+0x83/0xb0 [ 681.394437] SyS_ioctl+0x7f/0xb0 [ 681.394444] ? do_vfs_ioctl+0xff0/0xff0 [ 681.394455] do_syscall_64+0x1d5/0x640 [ 681.404971] / [ 681.406358] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 681.410048] mems_allowed=0-1 [ 681.415479] RIP: 0033:0x466459 [ 681.415484] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 681.415493] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 681.415499] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 681.415504] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 681.415509] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 681.415516] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 681.417650] / [ 681.564269] CPU: 1 PID: 14277 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 681.573865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.574973] warn_alloc_show_mem: 1 callbacks suppressed [ 681.574976] Mem-Info: [ 681.583205] Call Trace: [ 681.583224] dump_stack+0x1b2/0x281 [ 681.583238] warn_alloc.cold+0x96/0x1cc [ 681.583251] ? zone_watermark_ok_safe+0x220/0x220 [ 681.583274] __alloc_pages_nodemask+0x2127/0x2720 [ 681.583290] ? lock_acquire+0x170/0x3f0 [ 681.590419] active_anon:12966 inactive_anon:8484 isolated_anon:0 [ 681.590419] active_file:2901 inactive_file:2758 isolated_file:0 [ 681.590419] unevictable:0 dirty:3 writeback:0 unstable:0 [ 681.590419] slab_reclaimable:19657 slab_unreclaimable:106093 [ 681.590419] mapped:57034 shmem:8983 pagetables:799 bounce:0 [ 681.590419] free:68894 free_pcp:36 free_cma:0 [ 681.591028] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 681.595827] Node 0 active_anon:51836kB inactive_anon:25744kB active_file:11548kB inactive_file:11016kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:226368kB dirty:4kB writeback:0kB shmem:27740kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 681.597204] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 681.597220] ? __mutex_unlock_slowpath+0x75/0x770 [ 681.691289] alloc_pages_current+0x155/0x260 [ 681.695681] ion_page_pool_alloc+0x118/0x1b0 [ 681.700067] ion_system_heap_allocate+0x133/0x8c0 [ 681.704886] ? ion_alloc+0x187/0x810 [ 681.708577] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 681.714005] ? ion_system_contig_heap_create+0x130/0x130 [ 681.719430] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 681.724426] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 681.729249] ion_alloc+0x204/0x810 [ 681.732768] ? ion_dma_buf_release+0x40/0x40 [ 681.737155] ? __might_fault+0x177/0x1b0 [ 681.741195] ion_ioctl+0xea/0x1f0 [ 681.744626] ? ion_query_heaps+0x360/0x360 [ 681.748839] ? ion_query_heaps+0x360/0x360 [ 681.753055] do_vfs_ioctl+0x75a/0xff0 [ 681.756838] ? ioctl_preallocate+0x1a0/0x1a0 [ 681.761222] ? lock_downgrade+0x740/0x740 [ 681.765363] ? __fget+0x225/0x360 [ 681.768795] ? do_vfs_ioctl+0xff0/0xff0 [ 681.772751] ? security_file_ioctl+0x83/0xb0 [ 681.777148] SyS_ioctl+0x7f/0xb0 [ 681.780490] ? do_vfs_ioctl+0xff0/0xff0 [ 681.784443] do_syscall_64+0x1d5/0x640 [ 681.788319] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 681.793486] RIP: 0033:0x466459 [ 681.796653] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 681.804343] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 681.811593] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 681.818838] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 681.826093] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 681.833365] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 681.841479] Node 1 active_anon:28kB inactive_anon:8192kB active_file:56kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1768kB dirty:8kB writeback:0kB shmem:8192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 681.861116] mems_allowed=0-1 [ 681.871543] Node 0 DMA free:11132kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 681.877708] CPU: 1 PID: 14276 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 681.897985] lowmem_reserve[]: [ 681.905526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.905530] Call Trace: [ 681.905546] dump_stack+0x1b2/0x281 [ 681.905560] warn_alloc.cold+0x96/0x1cc [ 681.905570] ? zone_watermark_ok_safe+0x220/0x220 [ 681.905592] __alloc_pages_nodemask+0x2127/0x2720 [ 681.909424] 0 [ 681.917999] ? __schedule+0x893/0x1de0 [ 681.918017] ? lock_acquire+0x170/0x3f0 [ 681.918034] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 681.918049] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 681.918062] ? __mutex_unlock_slowpath+0x75/0x770 [ 681.921222] 2717 [ 681.924234] alloc_pages_current+0x155/0x260 [ 681.924247] ion_page_pool_alloc+0x118/0x1b0 [ 681.924256] ion_system_heap_allocate+0x133/0x8c0 [ 681.924265] ? ion_alloc+0x187/0x810 [ 681.924273] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 681.924281] ? ion_system_contig_heap_create+0x130/0x130 [ 681.924291] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 681.924301] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 681.924316] ion_alloc+0x204/0x810 [ 681.924328] ? ion_dma_buf_release+0x40/0x40 [ 681.924345] ? __might_fault+0x177/0x1b0 [ 681.924355] ion_ioctl+0xea/0x1f0 [ 681.924363] ? ion_query_heaps+0x360/0x360 [ 681.924375] ? ion_query_heaps+0x360/0x360 [ 681.924384] do_vfs_ioctl+0x75a/0xff0 [ 681.924394] ? ioctl_preallocate+0x1a0/0x1a0 [ 681.924401] ? lock_downgrade+0x740/0x740 [ 681.924414] ? __fget+0x225/0x360 [ 681.924423] ? do_vfs_ioctl+0xff0/0xff0 [ 681.924434] ? security_file_ioctl+0x83/0xb0 [ 681.924444] SyS_ioctl+0x7f/0xb0 [ 681.924450] ? do_vfs_ioctl+0xff0/0xff0 [ 681.924461] do_syscall_64+0x1d5/0x640 [ 681.930551] 2718 [ 681.933240] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 681.933248] RIP: 0033:0x466459 [ 681.933253] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 681.933262] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 681.933267] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 681.933272] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 681.933277] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 681.933282] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 682.118532] 2718 2718 [ 682.121047] Node 0 DMA32 free:67576kB min:36200kB low:45248kB high:54296kB active_anon:51796kB inactive_anon:25736kB active_file:11516kB inactive_file:11036kB unevictable:0kB writepending:56kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3096kB bounce:0kB free_pcp:184kB local_pcp:32kB free_cma:0kB [ 682.154614] lowmem_reserve[]: 0 0 0 0 0 [ 682.158615] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 682.206379] lowmem_reserve[]: 0 0 0 0 0 [ 682.210423] Node 1 Normal free:53692kB min:53696kB low:67120kB high:80544kB active_anon:28kB inactive_anon:8192kB active_file:56kB inactive_file:16kB unevictable:0kB writepending:12kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:8kB bounce:0kB free_pcp:48kB local_pcp:0kB free_cma:0kB [ 682.242708] Bluetooth: hci3 command 0x040f tx timeout [ 682.288911] lowmem_reserve[]: 0 0 0 0 0 [ 682.296052] Node 0 DMA: 0*4kB 4*8kB (U) 5*16kB (U) 2*32kB (U) 0*64kB 1*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (UM) = 11056kB [ 682.311159] Node 0 DMA32: 1571*4kB (ME) 550*8kB (MEH) 211*16kB (UMEH) 510*32kB (UMH) 41*64kB (UMH) 16*128kB (M) 3*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35820kB [ 682.356300] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 682.369050] Node 1 Normal: 350*4kB (UM) 399*8kB (UM) 391*16kB (UM) 275*32kB (UM) 5*64kB (UM) 2*128kB (M) 1*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 8*4096kB (U) = 53760kB [ 682.412730] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 682.421822] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 682.431653] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 682.441197] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 682.453824] 9396 total pagecache pages [ 682.457856] 0 pages in swap cache [ 682.461383] Swap cache stats: add 0, delete 0, find 0/0 [ 682.466844] Free swap = 0kB [ 682.469922] Total swap = 0kB [ 682.473068] 2097051 pages RAM [ 682.476216] 0 pages HighMem/MovableOnly [ 682.480353] 363848 pages reserved [ 682.486422] 0 pages cma reserved [ 682.582297] oom_reaper: reaped process 14277 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 682.597013] ion_system_heap invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=0 [ 682.610523] ion_system_heap cpuset=/ mems_allowed=0-1 [ 682.621099] CPU: 0 PID: 4247 Comm: ion_system_heap Not tainted 4.14.230-syzkaller #0 [ 682.628978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.638320] Call Trace: [ 682.640904] dump_stack+0x1b2/0x281 [ 682.644527] dump_header+0x178/0x82f [ 682.648235] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 682.653328] ? ___ratelimit+0x2cd/0x530 [ 682.657297] oom_kill_process.cold+0x10/0xa40 [ 682.661783] ? lock_downgrade+0x740/0x740 [ 682.665925] out_of_memory+0x2dc/0x1190 [ 682.669892] ? oom_killer_disable+0x1c0/0x1c0 [ 682.674378] ? mutex_trylock+0x152/0x1a0 [ 682.678430] __alloc_pages_nodemask+0x23e1/0x2720 [ 682.683264] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 682.688083] ? kasan_kmalloc+0xeb/0x160 [ 682.692035] ? ion_heap_deferred_free+0x22a/0x470 [ 682.696907] ? cache_grow_begin+0x3f/0x700 [ 682.701134] cache_grow_begin+0x91/0x700 [ 682.705176] fallback_alloc+0x207/0x2c0 [ 682.709129] kmem_cache_alloc_node_trace+0xed/0x400 [ 682.714155] alloc_vmap_area+0xf0/0x7c0 [ 682.718110] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 682.723533] ? purge_vmap_area_lazy+0xb0/0xb0 [ 682.728000] ? __get_vm_area_node+0xed/0x340 [ 682.732421] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 682.737680] __get_vm_area_node+0x126/0x340 [ 682.742010] vmap+0xd5/0x290 [ 682.745002] ? ion_heap_clear_pages+0x23/0x70 [ 682.749471] ? vunmap+0x50/0x50 [ 682.752721] ? __vunmap+0x21c/0x300 [ 682.756328] ion_heap_clear_pages+0x23/0x70 [ 682.760643] ion_heap_sglist_zero+0x165/0x220 [ 682.765117] ? ion_heap_clear_pages+0x70/0x70 [ 682.769627] ? debug_check_no_obj_freed+0x2c0/0x680 [ 682.774629] ? pagerange_is_ram_callback+0x100/0x100 [ 682.779704] ? ion_heap_deferred_free+0x222/0x470 [ 682.784523] ion_system_heap_free+0x1d0/0x240 [ 682.788993] ion_buffer_destroy+0x132/0x190 [ 682.793287] ion_heap_deferred_free+0x22a/0x470 [ 682.797930] ? __schedule+0x7a7/0x1de0 [ 682.801793] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 682.806438] ? wait_woken+0x230/0x230 [ 682.810212] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 682.815287] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 682.819930] kthread+0x30d/0x420 [ 682.823270] ? kthread_create_on_node+0xd0/0xd0 [ 682.827911] ret_from_fork+0x24/0x30 [ 682.842355] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 682.845261] Mem-Info: [ 682.855448] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 682.859960] active_anon:13018 inactive_anon:8482 isolated_anon:2 [ 682.859960] active_file:15 inactive_file:12 isolated_file:1 [ 682.859960] unevictable:0 dirty:14 writeback:0 unstable:0 [ 682.859960] slab_reclaimable:19607 slab_unreclaimable:105796 [ 682.859960] mapped:52686 shmem:8982 pagetables:776 bounce:0 [ 682.859960] free:13928 free_pcp:60 free_cma:0 [ 682.861817] CPU: 1 PID: 14277 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 682.898190] Node 0 active_anon:52044kB inactive_anon:25736kB active_file:72kB inactive_file:12kB unevictable:0kB isolated(anon):8kB isolated(file):4kB mapped:208904kB dirty:44kB writeback:0kB shmem:27736kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 682.902696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.902700] Call Trace: [ 682.902716] dump_stack+0x1b2/0x281 [ 682.902730] warn_alloc.cold+0x96/0x1cc [ 682.933846] Node 1 active_anon:28kB inactive_anon:8192kB active_file:0kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1840kB dirty:12kB writeback:0kB shmem:8192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 682.939797] ? zone_watermark_ok_safe+0x220/0x220 [ 682.942362] Node 0 [ 682.945986] ? usleep_range+0x130/0x130 [ 682.945996] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 682.946007] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 682.946018] ? run_timer_softirq+0x5a0/0x5a0 [ 682.946034] __alloc_pages_nodemask+0x2127/0x2720 [ 682.946049] ? lock_acquire+0x170/0x3f0 [ 682.951630] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 682.976713] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 682.976723] ? ion_page_pool_alloc+0x9e/0x1b0 [ 682.976739] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 682.976757] alloc_pages_current+0x155/0x260 [ 682.976769] ion_page_pool_alloc+0x118/0x1b0 [ 682.976778] ion_system_heap_allocate+0x133/0x8c0 [ 682.976788] ? ion_alloc+0x187/0x810 [ 682.976797] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 682.976805] ? ion_system_contig_heap_create+0x130/0x130 [ 682.976813] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 682.976824] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 682.985408] lowmem_reserve[]: [ 682.987809] ion_alloc+0x204/0x810 [ 682.993465] 0 [ 682.997886] ? ion_dma_buf_release+0x40/0x40 [ 683.002270] 2717 [ 683.007103] ? __might_fault+0x177/0x1b0 [ 683.007115] ion_ioctl+0xea/0x1f0 [ 683.007124] ? ion_query_heaps+0x360/0x360 [ 683.007141] ? ion_query_heaps+0x360/0x360 [ 683.007151] do_vfs_ioctl+0x75a/0xff0 [ 683.007162] ? ioctl_preallocate+0x1a0/0x1a0 [ 683.014464] 2718 [ 683.036603] ? lock_downgrade+0x740/0x740 [ 683.036617] ? __fget+0x225/0x360 [ 683.036627] ? do_vfs_ioctl+0xff0/0xff0 [ 683.036639] ? security_file_ioctl+0x83/0xb0 [ 683.036649] SyS_ioctl+0x7f/0xb0 [ 683.036657] ? do_vfs_ioctl+0xff0/0xff0 [ 683.036669] do_syscall_64+0x1d5/0x640 [ 683.036683] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 683.036692] RIP: 0033:0x466459 [ 683.045562] 2718 [ 683.045986] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 [ 683.051408] 2718 [ 683.055787] ORIG_RAX: 0000000000000010 [ 683.055793] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 683.055798] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 683.055803] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 683.055808] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 683.055813] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 683.061055] warn_alloc_show_mem: 2 callbacks suppressed [ 683.061058] Mem-Info: [ 683.100066] active_anon:12996 inactive_anon:8483 isolated_anon:0 [ 683.100066] active_file:12 inactive_file:14 isolated_file:0 [ 683.100066] unevictable:0 dirty:0 writeback:0 unstable:0 [ 683.100066] slab_reclaimable:19597 slab_unreclaimable:105797 [ 683.100066] mapped:52686 shmem:8982 pagetables:776 bounce:0 [ 683.100066] free:14007 free_pcp:0 free_cma:0 [ 683.105672] Node 0 [ 683.127593] Node 0 active_anon:51956kB inactive_anon:25740kB active_file:48kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:0kB writeback:0kB shmem:27736kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 683.129206] DMA32 free:18124kB min:36200kB low:45248kB high:54296kB active_anon:51956kB inactive_anon:25740kB active_file:48kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3096kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 683.130778] Node 1 active_anon:28kB inactive_anon:8192kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1840kB dirty:0kB writeback:0kB shmem:8192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 683.134917] lowmem_reserve[]: 0 0 0 0 0 [ 683.134932] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 683.134947] lowmem_reserve[]: 0 0 0 0 0 [ 683.134964] Node 1 Normal free:26964kB min:53696kB low:67120kB high:80544kB active_anon:28kB inactive_anon:8192kB active_file:4kB inactive_file:8kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 683.134980] lowmem_reserve[]: 0 0 0 0 0 [ 683.134997] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 2*32kB (U) 0*64kB 1*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (UM) = 10972kB [ 683.135054] Node 0 DMA32: 1741*4kB (UME) 535*8kB (UME) 175*16kB (ME) 60*32kB (M) 25*64kB (UM) 5*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18204kB [ 683.135106] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 683.135146] Node 1 Normal: 3*4kB (M) 5*8kB (UM) 4*16kB (UM) 5*32kB (UM) 5*64kB (UM) 2*128kB (M) 2*256kB (UM) 2*512kB (UM) 0*1024kB 0*2048kB 6*4096kB (U) = 26964kB [ 683.135216] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 683.135221] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 683.135228] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 683.157699] Node 0 [ 683.158271] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 683.177911] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 683.180052] 9008 total pagecache pages [ 683.197688] lowmem_reserve[]: [ 683.206079] 0 pages in swap cache [ 683.221526] 0 [ 683.221831] Swap cache stats: add 0, delete 0, find 0/0 [ 683.234490] 2717 [ 683.268337] Free swap = 0kB [ 683.295961] 2718 [ 683.328731] Total swap = 0kB [ 683.348705] 2718 [ 683.384184] 2097051 pages RAM [ 683.406513] 2718 [ 683.426857] 0 pages HighMem/MovableOnly [ 683.461675] 363848 pages reserved [ 683.473088] Node 0 [ 683.497941] 0 pages cma reserved [ 683.501393] DMA32 free:18124kB min:36200kB low:45248kB high:54296kB active_anon:51956kB inactive_anon:25740kB active_file:48kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3096kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB [ 683.539681] Out of memory: Kill process 14268 (syz-executor.3) score 1005 or sacrifice child [ 683.543902] lowmem_reserve[]: [ 683.569705] Killed process 14272 (syz-executor.3) total-vm:93252kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB [ 683.571491] 0 0 0 0 0 [ 683.571510] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 683.571533] lowmem_reserve[]: 0 0 0 0 0 [ 683.658510] Node 1 Normal free:26840kB min:53696kB low:67120kB high:80544kB active_anon:28kB inactive_anon:8192kB active_file:4kB inactive_file:8kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:8kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 683.691119] lowmem_reserve[]: 0 0 0 0 0 [ 683.697292] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 2*32kB (U) 0*64kB 1*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (UM) = 10972kB [ 683.717225] Node 0 DMA32: 1737*4kB (UME) 530*8kB (ME) 176*16kB (UME) 61*32kB (UM) 21*64kB (UM) 5*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17940kB [ 683.731871] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 683.732531] syz-executor.3: [ 683.748682] Node 1 Normal: 4*4kB (UM) 5*8kB (UM) 4*16kB (UM) 5*32kB (UM) 5*64kB (UM) 3*128kB (UM) 1*256kB (M) 2*512kB (UM) 0*1024kB 0*2048kB 6*4096kB (U) = 26840kB [ 683.767771] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 683.774294] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 683.790103] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 683.797213] oom_reaper: reaped process 14272 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 683.800036] CPU: 0 PID: 14272 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 683.807206] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 683.815033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 683.815037] Call Trace: [ 683.815055] dump_stack+0x1b2/0x281 [ 683.815071] warn_alloc.cold+0x96/0x1cc [ 683.823649] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 683.832958] ? zone_watermark_ok_safe+0x220/0x220 [ 683.832968] ? usleep_range+0x130/0x130 [ 683.832979] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 683.835582] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 683.839189] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 683.843150] 9008 total pagecache pages [ 683.851947] ? run_timer_softirq+0x5a0/0x5a0 [ 683.856779] 0 pages in swap cache [ 683.860717] __alloc_pages_nodemask+0x2127/0x2720 [ 683.865803] Swap cache stats: add 0, delete 0, find 0/0 [ 683.874353] ? lock_acquire+0x170/0x3f0 [ 683.874369] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 683.879351] Free swap = 0kB [ 683.883214] ? ion_page_pool_alloc+0x9e/0x1b0 [ 683.883233] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 683.887609] Total swap = 0kB [ 683.891047] alloc_pages_current+0x155/0x260 [ 683.895875] 2097051 pages RAM [ 683.901207] ion_page_pool_alloc+0x118/0x1b0 [ 683.905178] 0 pages HighMem/MovableOnly [ 683.909985] ion_system_heap_allocate+0x133/0x8c0 [ 683.912987] 363848 pages reserved [ 683.917447] ? ion_alloc+0x187/0x810 [ 683.922881] 0 pages cma reserved [ 683.925878] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 683.962424] ? ion_system_contig_heap_create+0x130/0x130 [ 683.967875] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 683.972884] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 683.977718] ion_alloc+0x204/0x810 [ 683.981253] ? ion_dma_buf_release+0x40/0x40 [ 683.985656] ? __might_fault+0x177/0x1b0 [ 683.989712] ion_ioctl+0xea/0x1f0 [ 683.993152] ? ion_query_heaps+0x360/0x360 [ 683.997388] ? ion_query_heaps+0x360/0x360 [ 684.001613] do_vfs_ioctl+0x75a/0xff0 [ 684.005408] ? ioctl_preallocate+0x1a0/0x1a0 [ 684.009804] ? lock_downgrade+0x740/0x740 [ 684.013954] ? __fget+0x225/0x360 [ 684.017396] ? do_vfs_ioctl+0xff0/0xff0 [ 684.021367] ? security_file_ioctl+0x83/0xb0 [ 684.025782] SyS_ioctl+0x7f/0xb0 [ 684.029154] ? do_vfs_ioctl+0xff0/0xff0 [ 684.033136] do_syscall_64+0x1d5/0x640 [ 684.037027] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 684.042193] RIP: 0033:0x466459 [ 684.045370] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 684.053054] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 684.060301] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 684.067549] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 684.074795] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 684.082042] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 684.090741] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 684.111333] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 684.117001] CPU: 1 PID: 14277 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 684.124883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.134228] Call Trace: [ 684.136821] dump_stack+0x1b2/0x281 [ 684.140447] warn_alloc.cold+0x96/0x1cc [ 684.144420] ? zone_watermark_ok_safe+0x220/0x220 [ 684.149269] __alloc_pages_nodemask+0x2127/0x2720 [ 684.154114] ? lock_acquire+0x170/0x3f0 [ 684.154925] Mem-Info: [ 684.158085] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 684.160481] active_anon:12462 inactive_anon:8483 isolated_anon:0 [ 684.160481] active_file:63 inactive_file:155 isolated_file:0 [ 684.160481] unevictable:0 dirty:0 writeback:0 unstable:0 [ 684.160481] slab_reclaimable:19592 slab_unreclaimable:105815 [ 684.160481] mapped:52778 shmem:8982 pagetables:775 bounce:0 [ 684.160481] free:18582 free_pcp:79 free_cma:0 [ 684.165298] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 684.165310] ? __mutex_unlock_slowpath+0x75/0x770 [ 684.165325] alloc_pages_current+0x155/0x260 [ 684.165338] ion_page_pool_alloc+0x118/0x1b0 [ 684.165347] ion_system_heap_allocate+0x133/0x8c0 [ 684.165358] ? _raw_spin_unlock+0x29/0x40 [ 684.165367] ? _ion_heap_freelist_drain+0x6e/0x410 [ 684.165375] ? ion_system_contig_heap_create+0x130/0x130 [ 684.165384] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 684.165405] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 684.201913] Node 0 active_anon:49820kB inactive_anon:25740kB active_file:248kB inactive_file:612kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209272kB dirty:0kB writeback:0kB shmem:27736kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 684.203972] ion_alloc+0x27a/0x810 [ 684.203987] ? ion_dma_buf_release+0x40/0x40 [ 684.203998] ? __might_fault+0x177/0x1b0 [ 684.208837] Node 1 active_anon:28kB inactive_anon:8192kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1840kB dirty:0kB writeback:0kB shmem:8192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 684.213218] ion_ioctl+0xea/0x1f0 [ 684.213227] ? ion_query_heaps+0x360/0x360 [ 684.213238] ? ion_query_heaps+0x360/0x360 [ 684.213250] do_vfs_ioctl+0x75a/0xff0 [ 684.213262] ? ioctl_preallocate+0x1a0/0x1a0 [ 684.213271] ? lock_downgrade+0x740/0x740 [ 684.213284] ? __fget+0x225/0x360 [ 684.213293] ? do_vfs_ioctl+0xff0/0xff0 [ 684.213304] ? security_file_ioctl+0x83/0xb0 [ 684.213312] SyS_ioctl+0x7f/0xb0 [ 684.213321] ? do_vfs_ioctl+0xff0/0xff0 [ 684.221460] Node 0 [ 684.222529] do_syscall_64+0x1d5/0x640 [ 684.222544] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 684.222555] RIP: 0033:0x466459 [ 684.226685] DMA free:10984kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 684.231596] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 [ 684.240474] lowmem_reserve[]: [ 684.242029] ORIG_RAX: 0000000000000010 [ 684.247744] 0 [ 684.274589] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 684.274595] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 684.274600] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 684.274605] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 684.274611] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 684.332469] Bluetooth: hci3 command 0x0419 tx timeout [ 684.345892] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask= [ 684.418952] 2717 [ 684.426556] (null) [ 684.438431] syz-executor.5: [ 684.440616] , order=0, oom_score_adj=0 [ 684.465539] page allocation failure: order:0 [ 684.468930] syz-fuzzer cpuset= [ 684.470028] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 684.474026] / mems_allowed=0-1 [ 684.474089] CPU: 0 PID: 9473 Comm: syz-fuzzer Not tainted 4.14.230-syzkaller #0 [ 684.474094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.474097] Call Trace: [ 684.474116] dump_stack+0x1b2/0x281 [ 684.491483] 2718 [ 684.492447] dump_header+0x178/0x82f [ 684.492462] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 684.499878] 2718 [ 684.509211] ? ___ratelimit+0x2cd/0x530 [ 684.509222] oom_kill_process.cold+0x10/0xa40 [ 684.509240] out_of_memory+0xe3e/0x1190 [ 684.511800] syz-executor.5 cpuset= [ 684.515402] ? oom_killer_disable+0x1c0/0x1c0 [ 684.515410] ? mutex_trylock+0x152/0x1a0 [ 684.515420] __alloc_pages_nodemask+0x23e1/0x2720 [ 684.517453] / [ 684.521156] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 684.526241] mems_allowed=0-1 [ 684.528278] alloc_pages_current+0x155/0x260 [ 684.532419] 2718 [ 684.536677] filemap_fault+0x11a1/0x1ad0 [ 684.544147] ext4_filemap_fault+0x84/0xb0 [ 684.544158] __do_fault+0xfa/0x380 [ 684.562418] Node 0 [ 684.564009] __handle_mm_fault+0x2497/0x4620 [ 684.567097] DMA32 free:18136kB min:36200kB low:45248kB high:54296kB active_anon:49820kB inactive_anon:25740kB active_file:248kB inactive_file:260kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3092kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 684.571500] ? vm_insert_page+0x7c0/0x7c0 [ 684.582438] lowmem_reserve[]: [ 684.585207] ? __fsnotify_inode_delete+0x20/0x20 [ 684.587412] 0 [ 684.591823] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 684.640594] ? mark_held_locks+0xa6/0xf0 [ 684.644636] handle_mm_fault+0x455/0x9c0 [ 684.648679] __do_page_fault+0x549/0xad0 [ 684.652719] ? spurious_fault+0x640/0x640 [ 684.656844] ? do_page_fault+0x60/0x500 [ 684.660794] ? page_fault+0x2f/0x50 [ 684.662417] 0 [ 684.664402] page_fault+0x45/0x50 [ 684.664403] 0 0 [ 684.666188] RIP: 55fc600:0x7f [ 684.669616] 0 [ 684.671567] RSP: 5995000:000000c000335de0 EFLAGS: 00000003 [ 684.676436] CPU: 1 PID: 14277 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 684.679277] Mem-Info: [ 684.682046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.692294] Call Trace: [ 684.703564] active_anon:12462 inactive_anon:8483 isolated_anon:0 [ 684.703564] active_file:19 inactive_file:16 isolated_file:0 [ 684.703564] unevictable:0 dirty:0 writeback:0 unstable:0 [ 684.703564] slab_reclaimable:19592 slab_unreclaimable:105815 [ 684.703564] mapped:52728 shmem:8982 pagetables:775 bounce:0 [ 684.703564] free:13965 free_pcp:60 free_cma:0 [ 684.704201] dump_stack+0x1b2/0x281 [ 684.739047] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 684.740754] warn_alloc.cold+0x96/0x1cc [ 684.740768] ? zone_watermark_ok_safe+0x220/0x220 [ 684.768185] Node 0 active_anon:49820kB inactive_anon:25740kB active_file:72kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209072kB dirty:0kB writeback:0kB shmem:27736kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 684.770195] ? usleep_range+0x130/0x130 [ 684.775076] lowmem_reserve[]: [ 684.802687] ? try_to_free_pages+0x23f/0x6e0 [ 684.802697] ? _find_next_bit+0xdb/0x100 [ 684.802708] ? run_timer_softirq+0x5a0/0x5a0 [ 684.802725] __alloc_pages_nodemask+0x2127/0x2720 [ 684.802742] ? lock_acquire+0x170/0x3f0 [ 684.802756] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 684.802769] ? ion_page_pool_alloc+0x9e/0x1b0 [ 684.809030] Node 1 active_anon:28kB inactive_anon:8192kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1840kB dirty:0kB writeback:0kB shmem:8192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 684.809806] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 684.814228] Node 0 [ 684.818263] alloc_pages_current+0x155/0x260 [ 684.824587] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 684.827468] ion_page_pool_alloc+0x118/0x1b0 [ 684.831408] lowmem_reserve[]: [ 684.836246] ion_system_heap_allocate+0x133/0x8c0 [ 684.836258] ? _raw_spin_unlock+0x29/0x40 [ 684.836267] ? _ion_heap_freelist_drain+0x6e/0x410 [ 684.836279] ? ion_system_contig_heap_create+0x130/0x130 [ 684.840754] 0 [ 684.867269] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 684.867281] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 684.867291] ion_alloc+0x27a/0x810 [ 684.867303] ? ion_dma_buf_release+0x40/0x40 [ 684.867315] ? __might_fault+0x177/0x1b0 [ 684.867326] ion_ioctl+0xea/0x1f0 [ 684.867333] ? ion_query_heaps+0x360/0x360 [ 684.867344] ? ion_query_heaps+0x360/0x360 [ 684.874608] 0 [ 684.875002] do_vfs_ioctl+0x75a/0xff0 [ 684.879395] 2717 [ 684.904876] ? ioctl_preallocate+0x1a0/0x1a0 [ 684.904885] ? lock_downgrade+0x740/0x740 [ 684.904898] ? __fget+0x225/0x360 [ 684.904905] ? do_vfs_ioctl+0xff0/0xff0 [ 684.904916] ? security_file_ioctl+0x83/0xb0 [ 684.904925] SyS_ioctl+0x7f/0xb0 [ 684.904931] ? do_vfs_ioctl+0xff0/0xff0 [ 684.904951] do_syscall_64+0x1d5/0x640 [ 684.904965] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 684.904972] RIP: 0033:0x466459 [ 684.904977] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 684.904985] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 684.904990] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 684.904995] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 684.905000] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 684.905005] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 685.056803] 0 [ 685.060683] 2718 2718 2718 [ 685.065567] Node 0 DMA32 free:24408kB min:36200kB low:45248kB high:54296kB active_anon:49820kB inactive_anon:25740kB active_file:48kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3092kB bounce:0kB free_pcp:672kB local_pcp:292kB free_cma:0kB [ 685.082400] 0 [ 685.094733] lowmem_reserve[]: 0 0 0 0 0 [ 685.100501] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 685.126277] lowmem_reserve[]: 0 0 0 0 0 [ 685.130272] Node 1 Normal free:267112kB min:53696kB low:67120kB high:80544kB active_anon:132kB inactive_anon:8192kB active_file:32kB inactive_file:4324kB unevictable:0kB writepending:148kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:8kB bounce:0kB free_pcp:160kB local_pcp:0kB free_cma:0kB [ 685.152069] 0 [ 685.158973] lowmem_reserve[]: 0 0 0 0 0 [ 685.164906] Node 0 DMA: 1*4kB (U) 7*8kB (U) 5*16kB (U) 2*32kB (U) 0*64kB 0*128kB 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (UM) = 10956kB [ 685.172253] 0 [ 685.192432] Node 0 DMA32: 1524*4kB (ME) 1335*8kB (UME) 178*16kB (UME) 208*32kB (UM) 0*64kB 1*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (U) 0*4096kB = 29480kB [ 685.219224] Node 1 Normal free:345864kB min:53696kB low:67120kB high:80544kB active_anon:132kB inactive_anon:8192kB active_file:32kB inactive_file:4324kB unevictable:0kB writepending:148kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:32kB pagetables:8kB bounce:0kB free_pcp:268kB local_pcp:164kB free_cma:0kB [ 685.232434] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 685.292438] Node 1 Normal: 2*4kB (UE) 1*8kB (U) 1*16kB (M) 1*32kB (M) 2*64kB (UM) 3*128kB (UME) 3*256kB (UME) 2*512kB (ME) 302*1024kB (UE) 45*2048kB (UE) 0*4096kB = 403776kB [ 685.322406] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 685.331266] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 685.338974] lowmem_reserve[]: 0 0 0 0 0 [ 685.348172] Node 0 DMA: 1*4kB (U) 7*8kB (U) 5*16kB (U) 2*32kB (U) 0*64kB 0*128kB 0*256kB 1*512kB (U) 0*1024kB 1*2048kB (M) 2*4096kB (UM) = 10956kB [ 685.361650] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 685.370615] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 685.392407] 10115 total pagecache pages [ 685.396396] 0 pages in swap cache [ 685.399863] Swap cache stats: add 0, delete 0, find 0/0 [ 685.401999] Node 0 DMA32: 1762*4kB (UME) 434*8kB (UME) 123*16kB (ME) 27*32kB (M) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 27*1024kB (U) 1*2048kB (U) 0*4096kB = 44008kB [ 685.415209] Free swap = 0kB [ 685.427983] Total swap = 0kB [ 685.430993] 2097051 pages RAM [ 685.443091] 0 pages HighMem/MovableOnly [ 685.447079] 363848 pages reserved [ 685.450604] 0 pages cma reserved [ 685.455261] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 685.466521] Out of memory (oom_kill_allocating_task): Kill process 9473 (syz-fuzzer) score 0 or sacrifice child [ 685.477295] Node 1 Normal: 2*4kB (UE) 0*8kB 1*16kB (M) 1*32kB (M) 1*64kB (M) 2*128kB (ME) 3*256kB (UME) 3*512kB (UME) 437*1024kB (UE) 89*2048kB (UE) 4*4096kB (U) = 648824kB [ 685.496564] Killed process 7975 (syz-executor.0) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 685.507963] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 685.513849] oom_reaper: reaped process 7975 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 685.518006] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 685.536412] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 685.546031] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 685.555238] 10189 total pagecache pages [ 685.559229] 0 pages in swap cache [ 685.564665] Swap cache stats: add 0, delete 0, find 0/0 [ 685.570309] Free swap = 0kB [ 685.575117] Total swap = 0kB [ 685.579068] 2097051 pages RAM [ 685.583035] 0 pages HighMem/MovableOnly [ 685.587352] 363848 pages reserved [ 685.591178] 0 pages cma reserved 20:22:25 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x0) 20:22:25 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20:22:25 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:25 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)) [ 686.268853] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 686.316946] syz-executor.4 cpuset=/ [ 686.316977] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 686.335072] mems_allowed=0-1 [ 686.338310] CPU: 1 PID: 14321 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 686.346179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.355534] Call Trace: [ 686.358117] dump_stack+0x1b2/0x281 [ 686.361757] warn_alloc.cold+0x96/0x1cc [ 686.365734] ? zone_watermark_ok_safe+0x220/0x220 [ 686.370565] __alloc_pages_nodemask+0x2127/0x2720 [ 686.375390] ? io_schedule_timeout+0x140/0x140 [ 686.379956] ? lock_acquire+0x170/0x3f0 [ 686.383917] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 686.388744] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 686.394178] ? __mutex_unlock_slowpath+0x75/0x770 [ 686.399005] alloc_pages_current+0x155/0x260 [ 686.403406] ion_page_pool_alloc+0x118/0x1b0 [ 686.407794] ion_system_heap_allocate+0x133/0x8c0 [ 686.412726] ? ion_alloc+0x187/0x810 [ 686.416422] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 686.421850] ? ion_system_contig_heap_create+0x130/0x130 [ 686.427278] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 686.432286] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 686.437113] ion_alloc+0x204/0x810 [ 686.440640] ? ion_dma_buf_release+0x40/0x40 [ 686.445032] ? __might_fault+0x177/0x1b0 [ 686.449087] ion_ioctl+0xea/0x1f0 [ 686.452519] ? ion_query_heaps+0x360/0x360 [ 686.456736] ? ion_query_heaps+0x360/0x360 [ 686.460950] do_vfs_ioctl+0x75a/0xff0 [ 686.464741] ? ioctl_preallocate+0x1a0/0x1a0 [ 686.469126] ? lock_downgrade+0x740/0x740 [ 686.473267] ? __fget+0x225/0x360 [ 686.476698] ? do_vfs_ioctl+0xff0/0xff0 [ 686.480653] ? security_file_ioctl+0x83/0xb0 [ 686.485041] SyS_ioctl+0x7f/0xb0 [ 686.488386] ? do_vfs_ioctl+0xff0/0xff0 [ 686.492344] do_syscall_64+0x1d5/0x640 [ 686.496216] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 686.501382] RIP: 0033:0x466459 [ 686.504550] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 686.512235] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 686.519493] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 686.526740] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 686.533988] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 686.541233] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 686.566683] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 686.600158] CPU: 1 PID: 14318 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 686.608051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.617382] Call Trace: [ 686.619951] dump_stack+0x1b2/0x281 [ 686.623564] warn_alloc.cold+0x96/0x1cc [ 686.627522] ? zone_watermark_ok_safe+0x220/0x220 [ 686.632354] __alloc_pages_nodemask+0x2127/0x2720 [ 686.637176] ? _raw_spin_unlock_irq+0x24/0x80 [ 686.641667] ? lock_acquire+0x170/0x3f0 [ 686.645631] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 686.650473] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 686.655907] ? __mutex_unlock_slowpath+0x75/0x770 [ 686.660737] alloc_pages_current+0x155/0x260 [ 686.665128] ion_page_pool_alloc+0x118/0x1b0 [ 686.669514] ion_system_heap_allocate+0x133/0x8c0 [ 686.674343] ? ion_alloc+0x187/0x810 [ 686.678038] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 686.683468] ? ion_system_contig_heap_create+0x130/0x130 [ 686.688894] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 686.693902] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 686.698724] ion_alloc+0x204/0x810 [ 686.702247] ? ion_dma_buf_release+0x40/0x40 [ 686.706648] ? __might_fault+0x177/0x1b0 [ 686.710687] ion_ioctl+0xea/0x1f0 [ 686.714116] ? ion_query_heaps+0x360/0x360 [ 686.718330] ? ion_query_heaps+0x360/0x360 [ 686.722542] do_vfs_ioctl+0x75a/0xff0 [ 686.726323] ? ioctl_preallocate+0x1a0/0x1a0 [ 686.730709] ? lock_downgrade+0x740/0x740 [ 686.734838] ? __fget+0x225/0x360 [ 686.738274] ? do_vfs_ioctl+0xff0/0xff0 [ 686.742237] ? security_file_ioctl+0x83/0xb0 [ 686.746624] SyS_ioctl+0x7f/0xb0 [ 686.749967] ? do_vfs_ioctl+0xff0/0xff0 [ 686.753932] do_syscall_64+0x1d5/0x640 [ 686.757805] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 686.762970] RIP: 0033:0x466459 [ 686.766136] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 686.773822] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 686.781066] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 686.788312] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 686.795558] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 686.802809] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 686.863012] warn_alloc_show_mem: 2 callbacks suppressed [ 686.863016] Mem-Info: [ 686.871267] active_anon:12565 inactive_anon:8483 isolated_anon:0 [ 686.871267] active_file:61 inactive_file:63 isolated_file:0 [ 686.871267] unevictable:0 dirty:20 writeback:0 unstable:0 [ 686.871267] slab_reclaimable:19536 slab_unreclaimable:106569 [ 686.871267] mapped:44102 shmem:8982 pagetables:751 bounce:0 [ 686.871267] free:25207 free_pcp:366 free_cma:0 [ 686.904572] Node 0 active_anon:50016kB inactive_anon:25736kB active_file:52kB inactive_file:100kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:174068kB dirty:24kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 686.933888] Node 1 active_anon:244kB inactive_anon:8196kB active_file:56kB inactive_file:92kB unevictable:0kB isolated(anon):0kB isolated(file):112kB mapped:2040kB dirty:56kB writeback:0kB shmem:8196kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 686.974424] Node 0 DMA free:11052kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:40kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 687.000779] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 687.005848] Node 0 DMA32 free:36144kB min:36200kB low:45248kB high:54296kB active_anon:49968kB inactive_anon:25732kB active_file:228kB inactive_file:120kB unevictable:0kB writepending:32kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:2912kB bounce:0kB free_pcp:676kB local_pcp:492kB free_cma:0kB [ 687.035057] lowmem_reserve[]: 0 0 0 0 0 [ 687.039045] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 687.065484] lowmem_reserve[]: 0 0 0 0 0 [ 687.069473] Node 1 Normal free:85772kB min:53696kB low:67120kB high:80544kB active_anon:396kB inactive_anon:8196kB active_file:44kB inactive_file:240kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:76kB bounce:0kB free_pcp:748kB local_pcp:152kB free_cma:0kB [ 687.098298] lowmem_reserve[]: 0 0 0 0 0 [ 687.106092] Node 0 DMA: 2*4kB (UE) 1*8kB (E) 3*16kB (UE) 2*32kB (UE) 1*64kB (E) 1*128kB (E) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 11072kB [ 687.121338] Node 0 DMA32: 1415*4kB (ME) 388*8kB (ME) 130*16kB (UME) 30*32kB (UM) 21*64kB (UM) 2*128kB (M) 1*256kB (M) 43*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 36700kB [ 687.140554] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 687.156370] Node 1 Normal: 4*4kB (ME) 53*8kB (ME) 50*16kB (UME) 36*32kB (ME) 29*64kB (M) 16*128kB (UM) 5*256kB (M) 4*512kB (UME) 235*1024kB (U) 48*2048kB (U) 1*4096kB (U) = 352664kB [ 687.176493] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 687.185368] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 687.198315] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 687.218404] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 687.227014] 9115 total pagecache pages [ 687.230895] 0 pages in swap cache [ 687.237965] Swap cache stats: add 0, delete 0, find 0/0 [ 687.243361] Free swap = 0kB [ 687.246384] Total swap = 0kB [ 687.249395] 2097051 pages RAM [ 687.256055] 0 pages HighMem/MovableOnly [ 687.260027] 363848 pages reserved [ 687.263509] 0 pages cma reserved 20:22:27 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x0) 20:22:27 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:27 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:22:27 executing program 2: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x0) 20:22:27 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) [ 687.753739] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 687.754760] syz-executor.3: [ 687.805877] syz-executor.2 cpuset= [ 687.811158] page allocation failure: order:4 [ 687.819040] / [ 687.821449] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 687.832770] mems_allowed=0-1 [ 687.853739] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 687.854501] CPU: 1 PID: 14341 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 687.866723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 687.876075] Call Trace: [ 687.878654] dump_stack+0x1b2/0x281 [ 687.882269] warn_alloc.cold+0x96/0x1cc [ 687.886231] ? zone_watermark_ok_safe+0x220/0x220 [ 687.891072] __alloc_pages_nodemask+0x2127/0x2720 [ 687.895906] ? lock_acquire+0x170/0x3f0 [ 687.899888] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 687.904717] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 687.910146] ? __mutex_unlock_slowpath+0x75/0x770 [ 687.914969] alloc_pages_current+0x155/0x260 [ 687.919369] ion_page_pool_alloc+0x118/0x1b0 [ 687.923755] ion_system_heap_allocate+0x133/0x8c0 [ 687.928575] ? ion_alloc+0x187/0x810 [ 687.932270] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 687.937712] ? ion_system_contig_heap_create+0x130/0x130 [ 687.943147] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 687.948144] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 687.952965] ion_alloc+0x204/0x810 [ 687.956487] ? ion_dma_buf_release+0x40/0x40 [ 687.960876] ? __might_fault+0x177/0x1b0 [ 687.964928] ion_ioctl+0xea/0x1f0 [ 687.968372] ? ion_query_heaps+0x360/0x360 [ 687.972587] ? ion_query_heaps+0x360/0x360 [ 687.976815] do_vfs_ioctl+0x75a/0xff0 [ 687.980593] ? ioctl_preallocate+0x1a0/0x1a0 [ 687.984977] ? lock_downgrade+0x740/0x740 [ 687.989103] ? __fget+0x225/0x360 [ 687.992533] ? do_vfs_ioctl+0xff0/0xff0 [ 687.996486] ? security_file_ioctl+0x83/0xb0 [ 688.000873] SyS_ioctl+0x7f/0xb0 [ 688.004217] ? do_vfs_ioctl+0xff0/0xff0 [ 688.008180] do_syscall_64+0x1d5/0x640 [ 688.012051] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 688.017218] RIP: 0033:0x466459 [ 688.020384] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 688.028079] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 688.035327] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 688.042573] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 688.049819] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 688.057065] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 688.065862] CPU: 0 PID: 14332 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 688.073835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.083176] Call Trace: [ 688.085752] dump_stack+0x1b2/0x281 [ 688.089364] warn_alloc.cold+0x96/0x1cc [ 688.093320] ? zone_watermark_ok_safe+0x220/0x220 [ 688.098150] __alloc_pages_nodemask+0x2127/0x2720 [ 688.102977] ? lock_acquire+0x170/0x3f0 [ 688.106930] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 688.111756] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 688.117189] ? __mutex_unlock_slowpath+0x75/0x770 [ 688.122012] alloc_pages_current+0x155/0x260 [ 688.126400] ion_page_pool_alloc+0x118/0x1b0 [ 688.130785] ion_system_heap_allocate+0x133/0x8c0 [ 688.135604] ? ion_alloc+0x187/0x810 [ 688.139295] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 688.144723] ? ion_system_contig_heap_create+0x130/0x130 [ 688.150149] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 688.155144] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 688.159965] ion_alloc+0x204/0x810 [ 688.163487] ? ion_dma_buf_release+0x40/0x40 [ 688.167875] ? __might_fault+0x177/0x1b0 [ 688.171928] ion_ioctl+0xea/0x1f0 [ 688.175359] ? ion_query_heaps+0x360/0x360 [ 688.179572] ? ion_query_heaps+0x360/0x360 [ 688.183788] do_vfs_ioctl+0x75a/0xff0 [ 688.187567] ? ioctl_preallocate+0x1a0/0x1a0 [ 688.191962] ? lock_downgrade+0x740/0x740 [ 688.196103] ? __fget+0x225/0x360 [ 688.199535] ? do_vfs_ioctl+0xff0/0xff0 [ 688.203488] ? security_file_ioctl+0x83/0xb0 [ 688.207872] SyS_ioctl+0x7f/0xb0 [ 688.211216] ? do_vfs_ioctl+0xff0/0xff0 [ 688.215174] do_syscall_64+0x1d5/0x640 [ 688.219044] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 688.224212] RIP: 0033:0x466459 [ 688.227378] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 688.235064] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 688.242322] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 688.249568] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 688.256817] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 688.264063] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 688.273283] warn_alloc_show_mem: 1 callbacks suppressed [ 688.273286] Mem-Info: [ 688.281105] active_anon:12578 inactive_anon:8482 isolated_anon:0 [ 688.281105] active_file:166 inactive_file:128 isolated_file:34 [ 688.281105] unevictable:0 dirty:5 writeback:0 unstable:0 [ 688.281105] slab_reclaimable:19576 slab_unreclaimable:106347 [ 688.281105] mapped:44322 shmem:8979 pagetables:805 bounce:0 [ 688.281105] free:25099 free_pcp:200 free_cma:0 [ 688.314898] Node 0 active_anon:49280kB inactive_anon:25724kB active_file:28kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:174108kB dirty:4kB writeback:0kB shmem:27712kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 688.348864] Node 1 active_anon:1032kB inactive_anon:8204kB active_file:100kB inactive_file:200kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:2180kB dirty:16kB writeback:0kB shmem:8204kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 688.377004] Node 0 DMA free:11068kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 688.407105] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 688.416271] Node 0 DMA32 free:44756kB min:36200kB low:45248kB high:54296kB active_anon:49280kB inactive_anon:25724kB active_file:28kB inactive_file:24kB unevictable:0kB writepending:4kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:2828kB bounce:0kB free_pcp:356kB local_pcp:236kB free_cma:0kB [ 688.450080] lowmem_reserve[]: 0 0 0 0 0 [ 688.454761] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 688.485288] lowmem_reserve[]: 0 0 0 0 0 [ 688.490720] Node 1 Normal free:275784kB min:53696kB low:67120kB high:80544kB active_anon:1032kB inactive_anon:8204kB active_file:328kB inactive_file:2348kB unevictable:0kB writepending:16kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:288kB pagetables:392kB bounce:0kB free_pcp:336kB local_pcp:108kB free_cma:0kB [ 688.540073] lowmem_reserve[]: 0 0 0 0 0 [ 688.555033] Node 0 DMA: 5*4kB (UE) 5*8kB (UE) 2*16kB (UE) 1*32kB (E) 1*64kB (E) 1*128kB (E) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 11068kB [ 688.597624] Node 0 DMA32: 1428*4kB (UME) 451*8kB (UME) 137*16kB (UME) 29*32kB (M) 22*64kB (UM) 3*128kB (M) 2*256kB (UM) 0*512kB 24*1024kB (U) 2*2048kB (U) 0*4096kB = 43416kB [ 688.655847] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 688.706354] Node 1 Normal: 178*4kB (UME) 113*8kB (UME) 68*16kB (UME) 39*32kB (UME) 30*64kB (UM) 28*128kB (M) 15*256kB (UM) 5*512kB (UME) 3*1024kB (UM) 15*2048kB (UM) 1*4096kB (U) = 53744kB [ 688.707519] syz-executor.1: [ 688.732791] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 688.750335] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 688.752236] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 688.762181] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 688.773104] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 688.775508] CPU: 1 PID: 14331 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 688.786270] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 688.791718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.791723] Call Trace: [ 688.791741] dump_stack+0x1b2/0x281 [ 688.791755] warn_alloc.cold+0x96/0x1cc [ 688.802035] 9210 total pagecache pages [ 688.809771] ? zone_watermark_ok_safe+0x220/0x220 [ 688.809802] __alloc_pages_nodemask+0x2127/0x2720 [ 688.815774] 0 pages in swap cache [ 688.815960] ? lock_acquire+0x170/0x3f0 [ 688.819972] Swap cache stats: add 0, delete 0, find 0/0 [ 688.823773] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 688.823791] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 688.823804] ? __mutex_unlock_slowpath+0x75/0x770 [ 688.823818] alloc_pages_current+0x155/0x260 [ 688.823831] ion_page_pool_alloc+0x118/0x1b0 [ 688.823839] ion_system_heap_allocate+0x133/0x8c0 [ 688.823849] ? ion_alloc+0x187/0x810 [ 688.829820] Free swap = 0kB [ 688.833490] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 688.833503] ? ion_system_contig_heap_create+0x130/0x130 [ 688.833512] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 688.833523] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 688.833533] ion_alloc+0x204/0x810 [ 688.833547] ? ion_dma_buf_release+0x40/0x40 [ 688.833559] ? __might_fault+0x177/0x1b0 [ 688.833570] ion_ioctl+0xea/0x1f0 [ 688.833577] ? ion_query_heaps+0x360/0x360 [ 688.833589] ? ion_query_heaps+0x360/0x360 [ 688.840432] Total swap = 0kB [ 688.840974] do_vfs_ioctl+0x75a/0xff0 [ 688.846407] 2097051 pages RAM [ 688.851156] ? ioctl_preallocate+0x1a0/0x1a0 [ 688.851167] ? lock_downgrade+0x740/0x740 [ 688.851181] ? __fget+0x225/0x360 [ 688.865978] 0 pages HighMem/MovableOnly [ 688.870209] ? do_vfs_ioctl+0xff0/0xff0 [ 688.870222] ? security_file_ioctl+0x83/0xb0 [ 688.870233] SyS_ioctl+0x7f/0xb0 [ 688.878528] 363848 pages reserved [ 688.878750] ? do_vfs_ioctl+0xff0/0xff0 [ 688.881804] 0 pages cma reserved [ 688.887178] do_syscall_64+0x1d5/0x640 [ 688.887194] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 688.887210] RIP: 0033:0x466459 [ 688.887215] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 688.887228] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 688.887237] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 688.887248] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 689.016320] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 689.023581] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 690.934722] oom_reaper: reaped process 14331 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 690.952718] in:imklog invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 690.992167] in:imklog cpuset=/ mems_allowed=0-1 [ 690.996900] CPU: 1 PID: 7687 Comm: in:imklog Not tainted 4.14.230-syzkaller #0 [ 691.004252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.013595] Call Trace: [ 691.016180] dump_stack+0x1b2/0x281 [ 691.019806] dump_header+0x178/0x82f [ 691.023511] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 691.028602] ? ___ratelimit+0x2cd/0x530 [ 691.032571] oom_kill_process.cold+0x10/0xa40 [ 691.037068] out_of_memory+0xe3e/0x1190 [ 691.041036] ? oom_killer_disable+0x1c0/0x1c0 [ 691.045550] ? mutex_trylock+0x152/0x1a0 [ 691.049603] __alloc_pages_nodemask+0x23e1/0x2720 [ 691.054450] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 691.059296] alloc_pages_current+0x155/0x260 [ 691.063694] filemap_fault+0x11a1/0x1ad0 [ 691.067753] ext4_filemap_fault+0x84/0xb0 [ 691.071889] __do_fault+0xfa/0x380 [ 691.075421] __handle_mm_fault+0x2497/0x4620 [ 691.079824] ? vm_insert_page+0x7c0/0x7c0 [ 691.083960] ? lock_downgrade+0x740/0x740 [ 691.088102] ? mark_held_locks+0xa6/0xf0 [ 691.092153] handle_mm_fault+0x455/0x9c0 [ 691.096208] __do_page_fault+0x549/0xad0 [ 691.100262] ? spurious_fault+0x640/0x640 [ 691.104403] ? do_page_fault+0x60/0x500 [ 691.108366] ? page_fault+0x2f/0x50 [ 691.111981] page_fault+0x45/0x50 [ 691.115422] RIP: 1fa0:0x1f9f [ 691.118423] RSP: 0000:000055e77f2f79d0 EFLAGS: 7f18f9eafda0 [ 691.122325] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 691.140055] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 691.154671] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 691.180647] CPU: 0 PID: 14331 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 691.188639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.197984] Call Trace: [ 691.200570] dump_stack+0x1b2/0x281 [ 691.204194] warn_alloc.cold+0x96/0x1cc [ 691.208160] ? zone_watermark_ok_safe+0x220/0x220 [ 691.212998] ? usleep_range+0x130/0x130 [ 691.216963] ? try_to_free_pages+0x23f/0x6e0 [ 691.221363] ? _find_next_bit+0xdb/0x100 [ 691.225421] ? run_timer_softirq+0x5a0/0x5a0 [ 691.229830] __alloc_pages_nodemask+0x2127/0x2720 [ 691.234671] ? lock_acquire+0x170/0x3f0 [ 691.238641] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 691.243478] ? ion_page_pool_alloc+0x9e/0x1b0 [ 691.247974] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 691.253434] alloc_pages_current+0x155/0x260 [ 691.257845] ion_page_pool_alloc+0x118/0x1b0 [ 691.262245] ion_system_heap_allocate+0x133/0x8c0 [ 691.267078] ? ion_alloc+0x187/0x810 [ 691.270785] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 691.276224] ? ion_system_contig_heap_create+0x130/0x130 [ 691.281684] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 691.286699] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 691.291540] ion_alloc+0x204/0x810 [ 691.295083] ? ion_dma_buf_release+0x40/0x40 [ 691.299490] ? __might_fault+0x177/0x1b0 [ 691.303557] ion_ioctl+0xea/0x1f0 [ 691.307001] ? ion_query_heaps+0x360/0x360 [ 691.311232] ? ion_query_heaps+0x360/0x360 [ 691.315465] do_vfs_ioctl+0x75a/0xff0 [ 691.319262] ? ioctl_preallocate+0x1a0/0x1a0 [ 691.323662] ? lock_downgrade+0x740/0x740 [ 691.327807] ? __fget+0x225/0x360 [ 691.331252] ? do_vfs_ioctl+0xff0/0xff0 [ 691.335220] ? security_file_ioctl+0x83/0xb0 [ 691.339621] SyS_ioctl+0x7f/0xb0 [ 691.342978] ? do_vfs_ioctl+0xff0/0xff0 [ 691.346948] do_syscall_64+0x1d5/0x640 [ 691.350835] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 691.356018] RIP: 0033:0x466459 [ 691.359200] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 691.366899] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 691.374162] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 691.381543] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 691.388806] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 691.396071] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 691.404379] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 691.409504] CPU: 0 PID: 14321 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 691.417376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.426731] Call Trace: [ 691.429322] dump_stack+0x1b2/0x281 [ 691.432945] warn_alloc.cold+0x96/0x1cc [ 691.436919] ? zone_watermark_ok_safe+0x220/0x220 [ 691.441751] ? usleep_range+0x130/0x130 [ 691.445720] ? try_to_free_pages+0x23f/0x6e0 [ 691.450122] ? _find_next_bit+0xdb/0x100 [ 691.454176] ? run_timer_softirq+0x5a0/0x5a0 [ 691.454818] Mem-Info: [ 691.458580] __alloc_pages_nodemask+0x2127/0x2720 [ 691.460976] active_anon:12607 inactive_anon:8482 isolated_anon:0 [ 691.460976] active_file:26 inactive_file:20 isolated_file:0 [ 691.460976] unevictable:0 dirty:0 writeback:0 unstable:0 [ 691.460976] slab_reclaimable:19574 slab_unreclaimable:107070 [ 691.460976] mapped:52766 shmem:8979 pagetables:849 bounce:0 [ 691.460976] free:13971 free_pcp:59 free_cma:0 [ 691.465800] ? lock_acquire+0x170/0x3f0 [ 691.465815] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 691.465825] ? ion_page_pool_alloc+0x9e/0x1b0 [ 691.465841] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 691.465861] alloc_pages_current+0x155/0x260 [ 691.465872] ion_page_pool_alloc+0x118/0x1b0 [ 691.465883] ion_system_heap_allocate+0x133/0x8c0 [ 691.465892] ? ion_alloc+0x187/0x810 [ 691.465902] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 691.465920] ? ion_system_contig_heap_create+0x130/0x130 [ 691.503036] syz-executor.5: [ 691.507646] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 691.512209] syz-executor.2: [ 691.517543] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 691.521917] page allocation failure: order:0 [ 691.526305] ion_alloc+0x204/0x810 [ 691.526319] ? ion_dma_buf_release+0x40/0x40 [ 691.526331] ? __might_fault+0x177/0x1b0 [ 691.526343] ion_ioctl+0xea/0x1f0 [ 691.526351] ? ion_query_heaps+0x360/0x360 [ 691.526363] ? ion_query_heaps+0x360/0x360 [ 691.526374] do_vfs_ioctl+0x75a/0xff0 [ 691.536448] page allocation failure: order:0 [ 691.540349] ? ioctl_preallocate+0x1a0/0x1a0 [ 691.546625] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 691.548773] ? lock_downgrade+0x740/0x740 [ 691.557638] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 691.561645] ? __fget+0x225/0x360 [ 691.566870] (null) [ 691.569549] ? do_vfs_ioctl+0xff0/0xff0 [ 691.577380] (null) [ 691.577986] ? security_file_ioctl+0x83/0xb0 [ 691.581408] syz-executor.5 cpuset= [ 691.585623] SyS_ioctl+0x7f/0xb0 [ 691.585632] ? do_vfs_ioctl+0xff0/0xff0 [ 691.585644] do_syscall_64+0x1d5/0x640 [ 691.585658] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 691.585666] RIP: 0033:0x466459 [ 691.585671] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 691.585681] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 691.585686] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 691.585692] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 691.585696] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 691.585701] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 691.591482] warn_alloc_show_mem: 2 callbacks suppressed [ 691.591484] Mem-Info: [ 691.598755] syz-executor.2 cpuset= [ 691.616270] active_anon:12607 inactive_anon:8482 isolated_anon:0 [ 691.616270] active_file:26 inactive_file:20 isolated_file:0 [ 691.616270] unevictable:0 dirty:0 writeback:0 unstable:0 [ 691.616270] slab_reclaimable:19574 slab_unreclaimable:107070 [ 691.616270] mapped:52766 shmem:8979 pagetables:849 bounce:0 [ 691.616270] free:14054 free_pcp:31 free_cma:0 [ 691.626110] Node 0 active_anon:49260kB inactive_anon:25724kB active_file:60kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:0kB writeback:0kB shmem:27712kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 691.634563] Node 0 active_anon:49260kB inactive_anon:25724kB active_file:60kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:0kB writeback:0kB shmem:27712kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 691.641438] / [ 691.647786] Node 1 active_anon:1168kB inactive_anon:8204kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:35456kB dirty:0kB writeback:0kB shmem:8204kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 691.650209] Node 1 active_anon:1168kB inactive_anon:8204kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:35456kB dirty:0kB writeback:0kB shmem:8204kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 691.666945] Node 0 [ 691.671097] / [ 691.676632] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 691.685680] mems_allowed=0-1 [ 691.756577] lowmem_reserve[]: [ 691.779053] mems_allowed=0-1 [ 691.901774] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 691.928162] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 691.933235] Node 0 DMA32 free:21156kB min:36200kB low:45248kB high:54296kB active_anon:49260kB inactive_anon:25724kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:2828kB bounce:0kB free_pcp:356kB local_pcp:240kB free_cma:0kB [ 691.962020] lowmem_reserve[]: 0 0 0 0 0 [ 691.966040] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 691.991620] CPU: 1 PID: 14318 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 691.999504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.002066] 0 [ 692.008844] Call Trace: [ 692.008846] 2717 2718 [ 692.010641] dump_stack+0x1b2/0x281 [ 692.019303] warn_alloc.cold+0x96/0x1cc [ 692.023289] ? zone_watermark_ok_safe+0x220/0x220 [ 692.028145] ? usleep_range+0x130/0x130 [ 692.032123] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 692.037218] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 692.042064] 2718 2718 [ 692.042222] ? run_timer_softirq+0x5a0/0x5a0 [ 692.042239] __alloc_pages_nodemask+0x2127/0x2720 [ 692.049099] ? lock_acquire+0x170/0x3f0 [ 692.057877] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 692.062718] ? ion_page_pool_alloc+0x9e/0x1b0 [ 692.067228] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 692.072694] alloc_pages_current+0x155/0x260 [ 692.077098] ion_page_pool_alloc+0x118/0x1b0 [ 692.081498] ion_system_heap_allocate+0x133/0x8c0 [ 692.086224] Node 0 DMA32 free:25380kB min:36200kB low:45248kB high:54296kB active_anon:49260kB inactive_anon:25724kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:2828kB bounce:0kB free_pcp:356kB local_pcp:116kB free_cma:0kB [ 692.086349] ? ion_alloc+0x187/0x810 [ 692.118744] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 692.124206] ? ion_system_contig_heap_create+0x130/0x130 [ 692.129659] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 692.134679] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 692.139534] ion_alloc+0x204/0x810 [ 692.143080] ? ion_dma_buf_release+0x40/0x40 [ 692.147481] ? __might_fault+0x177/0x1b0 [ 692.151537] ion_ioctl+0xea/0x1f0 [ 692.154996] ? ion_query_heaps+0x360/0x360 [ 692.159248] ? ion_query_heaps+0x360/0x360 [ 692.163489] do_vfs_ioctl+0x75a/0xff0 [ 692.167286] ? ioctl_preallocate+0x1a0/0x1a0 [ 692.171689] ? lock_downgrade+0x740/0x740 [ 692.175837] ? __fget+0x225/0x360 [ 692.179297] ? do_vfs_ioctl+0xff0/0xff0 [ 692.182078] lowmem_reserve[]: 0 [ 692.183392] ? security_file_ioctl+0x83/0xb0 [ 692.183404] SyS_ioctl+0x7f/0xb0 [ 692.186659] 0 [ 692.191048] ? do_vfs_ioctl+0xff0/0xff0 [ 692.200136] do_syscall_64+0x1d5/0x640 [ 692.204034] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 692.209236] RIP: 0033:0x466459 [ 692.212070] 0 [ 692.212420] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 [ 692.212427] 0 [ 692.214202] ORIG_RAX: 0000000000000010 [ 692.219545] 0 [ 692.221326] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 692.234322] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 692.241612] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 692.248888] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 692.256151] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 692.258344] lowmem_reserve[]: 0 0 0 0 0 [ 692.267535] Node 1 Normal free:44224kB min:53696kB low:67120kB high:80544kB active_anon:1168kB inactive_anon:8204kB active_file:564kB inactive_file:700kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:568kB bounce:0kB free_pcp:560kB local_pcp:0kB free_cma:0kB [ 692.296865] CPU: 1 PID: 14341 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 692.304744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.312787] syz-executor.1: [ 692.314083] Call Trace: [ 692.314091] page allocation failure: order:4 [ 692.317092] dump_stack+0x1b2/0x281 [ 692.319652] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 692.324038] warn_alloc.cold+0x96/0x1cc [ 692.324049] ? zone_watermark_ok_safe+0x220/0x220 [ 692.324061] ? usleep_range+0x130/0x130 [ 692.327666] Node 0 [ 692.334747] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 692.334760] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 692.334769] ? run_timer_softirq+0x5a0/0x5a0 [ 692.334786] __alloc_pages_nodemask+0x2127/0x2720 [ 692.341297] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 692.343569] ? lock_acquire+0x170/0x3f0 [ 692.343585] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 692.347526] lowmem_reserve[]: [ 692.349746] ? ion_page_pool_alloc+0x9e/0x1b0 [ 692.354841] (null) [ 692.359821] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 692.364215] syz-executor.1 cpuset= [ 692.369029] alloc_pages_current+0x155/0x260 [ 692.393922] 0 [ 692.397850] ion_page_pool_alloc+0x118/0x1b0 [ 692.402677] 0 [ 692.405747] ion_system_heap_allocate+0x133/0x8c0 [ 692.410217] 0 0 [ 692.412362] ? ion_alloc+0x187/0x810 [ 692.412375] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 692.412383] ? ion_system_contig_heap_create+0x130/0x130 [ 692.412394] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 692.417814] 0 [ 692.421331] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 692.425751] / [ 692.427506] ion_alloc+0x204/0x810 [ 692.431885] mems_allowed=0-1 [ 692.433669] ? ion_dma_buf_release+0x40/0x40 [ 692.433684] ? __might_fault+0x177/0x1b0 [ 692.440467] ion_ioctl+0xea/0x1f0 [ 692.440478] ? ion_query_heaps+0x360/0x360 [ 692.444198] Node 1 [ 692.449606] ? ion_query_heaps+0x360/0x360 [ 692.462047] Normal free:26560kB min:53696kB low:67120kB high:80544kB active_anon:1204kB inactive_anon:8204kB active_file:40kB inactive_file:196kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:568kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 692.466629] do_vfs_ioctl+0x75a/0xff0 [ 692.468313] lowmem_reserve[]: [ 692.471838] ? ioctl_preallocate+0x1a0/0x1a0 [ 692.492031] 0 [ 692.493172] ? lock_downgrade+0x740/0x740 [ 692.497375] 0 [ 692.525130] ? __fget+0x225/0x360 [ 692.525142] ? do_vfs_ioctl+0xff0/0xff0 [ 692.525155] ? security_file_ioctl+0x83/0xb0 [ 692.555829] SyS_ioctl+0x7f/0xb0 [ 692.559175] ? do_vfs_ioctl+0xff0/0xff0 [ 692.562034] 0 0 [ 692.563131] do_syscall_64+0x1d5/0x640 [ 692.563146] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 692.565090] 0 [ 692.568974] RIP: 0033:0x466459 [ 692.579085] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 692.586801] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 692.594058] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 692.594066] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 692.601316] Node 0 [ 692.608562] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 692.608567] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 692.613327] lowmem_reserve[]: 0 0 0 0 0 [ 692.629353] Node 0 DMA: 1*4kB (E) 2*8kB (UE) 2*16kB (UE) 1*32kB (E) 2*64kB (UE) 2*128kB (UE) 1*256kB (E) 2*512kB (UE) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 10964kB [ 692.645461] CPU: 0 PID: 14331 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 692.650474] Node 0 [ 692.653339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.653344] Call Trace: [ 692.653360] dump_stack+0x1b2/0x281 [ 692.653371] warn_alloc.cold+0x96/0x1cc [ 692.653382] ? zone_watermark_ok_safe+0x220/0x220 [ 692.653404] __alloc_pages_nodemask+0x2127/0x2720 [ 692.653413] ? lock_acquire+0x170/0x3f0 [ 692.653425] ? lock_acquire+0x170/0x3f0 [ 692.653439] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 692.653456] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 692.653470] ? __mutex_unlock_slowpath+0x75/0x770 [ 692.653485] alloc_pages_current+0x155/0x260 [ 692.653498] ion_page_pool_alloc+0x118/0x1b0 [ 692.653508] ion_system_heap_allocate+0x133/0x8c0 [ 692.653519] ? _raw_spin_unlock+0x29/0x40 [ 692.653528] ? _ion_heap_freelist_drain+0x6e/0x410 [ 692.653537] ? ion_system_contig_heap_create+0x130/0x130 [ 692.653547] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 692.653558] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 692.653568] ion_alloc+0x27a/0x810 [ 692.653582] ? ion_dma_buf_release+0x40/0x40 [ 692.653594] ? __might_fault+0x177/0x1b0 [ 692.653606] ion_ioctl+0xea/0x1f0 [ 692.653616] ? ion_query_heaps+0x360/0x360 [ 692.653628] ? ion_query_heaps+0x360/0x360 [ 692.653639] do_vfs_ioctl+0x75a/0xff0 [ 692.653650] ? ioctl_preallocate+0x1a0/0x1a0 [ 692.653660] ? lock_downgrade+0x740/0x740 [ 692.655964] DMA32: [ 692.665219] ? __fget+0x225/0x360 [ 692.665228] ? do_vfs_ioctl+0xff0/0xff0 [ 692.665240] ? security_file_ioctl+0x83/0xb0 [ 692.665250] SyS_ioctl+0x7f/0xb0 [ 692.665258] ? do_vfs_ioctl+0xff0/0xff0 [ 692.665268] do_syscall_64+0x1d5/0x640 [ 692.665288] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 692.671493] 1721*4kB [ 692.675394] RIP: 0033:0x466459 [ 692.675399] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 692.675409] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 692.675414] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 692.675418] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 692.675424] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 692.675432] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 692.680246] (ME) [ 692.705558] DMA: [ 692.710161] 500*8kB [ 692.716289] 1*4kB [ 692.727134] (UME) [ 692.731206] (E) [ 692.739823] 178*16kB [ 692.742574] warn_alloc_show_mem: 1 callbacks suppressed [ 692.742576] Mem-Info: [ 692.757448] (ME) [ 692.759404] 2*8kB [ 692.761643] 47*32kB [ 692.765901] (UE) 2*16kB (UE) 1*32kB (E) 2*64kB [ 692.780677] (M) [ 692.784405] active_anon:12616 inactive_anon:8482 isolated_anon:0 [ 692.784405] active_file:14 inactive_file:18 isolated_file:0 [ 692.784405] unevictable:0 dirty:1 writeback:0 unstable:0 [ 692.784405] slab_reclaimable:19561 slab_unreclaimable:106765 [ 692.784405] mapped:52784 shmem:8979 pagetables:849 bounce:0 [ 692.784405] free:14259 free_pcp:0 free_cma:0 [ 692.786460] 21*64kB [ 692.788234] Node 0 active_anon:49260kB inactive_anon:25724kB active_file:16kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:4kB writeback:0kB shmem:27712kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 692.800875] (M) [ 692.805791] (UE) [ 692.815996] 5*128kB [ 692.824358] Node 1 active_anon:1204kB inactive_anon:8204kB active_file:40kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:35528kB dirty:0kB writeback:0kB shmem:8204kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 692.827509] (UM) [ 692.842760] 2*128kB [ 692.853469] 1*256kB [ 692.864150] Node 0 [ 692.868127] (M) [ 692.869211] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 692.871333] 1*512kB [ 692.878699] (UE) [ 692.891884] (U) [ 692.901936] lowmem_reserve[]: [ 692.938796] 0*1024kB [ 692.965544] 1*256kB [ 693.060578] 0 2717 2718 2718 2718 [ 693.065526] 0*2048kB 0*4096kB = 17988kB [ 693.071481] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 693.085008] Node 0 DMA32 free:35544kB min:36200kB low:45248kB high:54296kB active_anon:49260kB inactive_anon:25724kB active_file:16kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:2828kB bounce:0kB free_pcp:492kB local_pcp:248kB free_cma:0kB [ 693.127516] Node 1 Normal: 74*4kB (UME) 7*8kB (UE) 13*16kB (UME) 6*32kB (UME) 540*64kB (UM) 134*128kB (UM) 30*256kB (UM) 12*512kB (UME) 23*1024kB (UM) 1*2048kB (M) 1*4096kB (U) = 95984kB [ 693.142013] (E) 2*512kB (UE) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 10964kB [ 693.158798] Node 0 DMA32: 1660*4kB (UME) 648*8kB (UME) 181*16kB (UME) 48*32kB (UM) 71*64kB (UM) 37*128kB (UM) 17*256kB (UM) 11*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 35520kB [ 693.192692] lowmem_reserve[]: 0 0 0 0 0 [ 693.206259] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 693.214804] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 693.228644] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 693.263456] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 693.271565] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 693.302543] Node 1 Normal: 143*4kB (UME) 4*8kB (ME) 4*16kB (M) 5*32kB (ME) 340*64kB (UM) 110*128kB (UME) 32*256kB (UME) 11*512kB (UM) 23*1024kB (UM) 1*2048kB (M) 1*4096kB (U) = 80188kB [ 693.336069] lowmem_reserve[]: 0 0 0 0 0 [ 693.340079] Node 1 Normal free:73944kB min:53696kB low:67120kB high:80544kB active_anon:1004kB inactive_anon:8204kB active_file:3040kB inactive_file:7860kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:256kB pagetables:568kB bounce:0kB free_pcp:660kB local_pcp:504kB free_cma:0kB [ 693.358588] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 693.397571] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 693.399070] 11960 total pagecache pages [ 693.420869] 0 pages in swap cache [ 693.424482] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 693.433627] Swap cache stats: add 0, delete 0, find 0/0 [ 693.462436] Free swap = 0kB [ 693.465472] Total swap = 0kB [ 693.468480] 2097051 pages RAM [ 693.471571] 0 pages HighMem/MovableOnly [ 693.472616] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 693.480263] 363848 pages reserved [ 693.488375] 0 pages cma reserved [ 693.493959] lowmem_reserve[]: 0 [ 693.503885] Out of memory (oom_kill_allocating_task): Kill process 7687 (in:imklog) score 0 or sacrifice child [ 693.507551] Killed process 7681 (rsyslogd) total-vm:254332kB, anon-rss:1104kB, file-rss:0kB, shmem-rss:0kB [ 693.521994] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 693.537473] oom_reaper: reaped process 14318 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 693.554236] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 693.560936] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 693.585792] 0 0 0 0 [ 693.588151] Node 0 DMA: 2*4kB (UE) 2*8kB (UE) 2*16kB (UE) 1*32kB (E) 2*64kB (UE) 2*128kB (UE) 1*256kB (E) 2*512kB (UE) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 10968kB [ 693.612303] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 693.619019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 693.626188] oom_reaper: reaped process 14341 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 693.631997] 11997 total pagecache pages [ 693.652054] 0 pages in swap cache [ 693.655519] Swap cache stats: add 0, delete 0, find 0/0 [ 693.660870] Free swap = 0kB [ 693.681352] oom_reaper: reaped process 14321 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 693.681991] Node 0 DMA32: 2168*4kB (UME) 582*8kB (UME) 386*16kB (UME) 207*32kB (UME) 194*64kB (UME) 37*128kB (UM) 17*256kB (UM) 11*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 53264kB [ 693.709805] device bridge_slave_1 left promiscuous mode [ 693.715532] Total swap = 0kB [ 693.718544] 2097051 pages RAM [ 693.721635] 0 pages HighMem/MovableOnly [ 693.732154] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.739375] device bridge_slave_0 left promiscuous mode [ 693.752235] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.761396] device veth1_macvtap left promiscuous mode [ 693.762162] 363848 pages reserved [ 693.770100] device veth0_macvtap left promiscuous mode [ 693.770146] device veth1_vlan left promiscuous mode [ 693.795864] device veth0_vlan left promiscuous mode [ 693.802342] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 693.813119] 0 pages cma reserved [ 693.832588] Node 1 Normal: 319*4kB (UME) 276*8kB (UME) 264*16kB (UME) 251*32kB (UME) 408*64kB (UM) 114*128kB (UME) 28*256kB (UME) 11*512kB (UM) 26*1024kB (UM) 1*2048kB (M) 1*4096kB (U) = 102012kB [ 693.875057] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 693.892056] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 693.900656] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 693.952005] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 693.960604] 12071 total pagecache pages [ 694.003065] 0 pages in swap cache [ 694.012020] Swap cache stats: add 0, delete 0, find 0/0 [ 694.017391] Free swap = 0kB [ 694.035862] Total swap = 0kB [ 694.038901] 2097051 pages RAM [ 694.055858] 0 pages HighMem/MovableOnly [ 694.059843] 363848 pages reserved [ 694.101976] 0 pages cma reserved 20:22:33 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 694.137283] device hsr_slave_1 left promiscuous mode [ 694.218580] device hsr_slave_0 left promiscuous mode [ 694.288576] team0 (unregistering): Port device team_slave_1 removed [ 694.343980] team0 (unregistering): Port device team_slave_0 removed [ 694.410776] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 694.470126] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 694.626370] bond0 (unregistering): Released all slaves [ 695.121962] Bluetooth: hci4 command 0x0409 tx timeout [ 695.178092] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 695.193616] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 695.206439] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 695.213823] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 695.228464] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 695.239719] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 695.249293] CPU: 0 PID: 14321 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 695.257174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.262509] syz-executor.5 cpuset= [ 695.266513] Call Trace: [ 695.266519] / [ 695.270045] dump_stack+0x1b2/0x281 [ 695.277925] warn_alloc.cold+0x96/0x1cc [ 695.281894] ? zone_watermark_ok_safe+0x220/0x220 [ 695.282495] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 695.286762] __alloc_pages_nodemask+0x2127/0x2720 [ 695.296679] ? lock_acquire+0x170/0x3f0 [ 695.300653] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 695.305498] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 695.310945] ? __mutex_unlock_slowpath+0x75/0x770 [ 695.314114] mems_allowed=0-1 [ 695.315787] ? retint_kernel+0x2d/0x2d [ 695.322943] alloc_pages_current+0x155/0x260 [ 695.327363] ion_page_pool_alloc+0x118/0x1b0 [ 695.331763] ion_system_heap_allocate+0x133/0x8c0 [ 695.336596] ? _raw_spin_unlock+0x29/0x40 [ 695.340722] ? _ion_heap_freelist_drain+0x6e/0x410 [ 695.345650] ? ion_system_contig_heap_create+0x130/0x130 [ 695.351095] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 695.356102] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 695.360925] ion_alloc+0x27a/0x810 [ 695.364455] ? ion_dma_buf_release+0x40/0x40 [ 695.368845] ? __might_fault+0x177/0x1b0 [ 695.372894] ion_ioctl+0xea/0x1f0 [ 695.376338] ? ion_query_heaps+0x360/0x360 [ 695.380570] ? ion_query_heaps+0x360/0x360 [ 695.384793] do_vfs_ioctl+0x75a/0xff0 [ 695.388596] ? ioctl_preallocate+0x1a0/0x1a0 [ 695.392988] ? lock_downgrade+0x740/0x740 [ 695.397132] ? __fget+0x225/0x360 [ 695.400591] ? do_vfs_ioctl+0xff0/0xff0 [ 695.404566] ? security_file_ioctl+0x83/0xb0 [ 695.408973] SyS_ioctl+0x7f/0xb0 [ 695.412337] ? do_vfs_ioctl+0xff0/0xff0 [ 695.416316] do_syscall_64+0x1d5/0x640 [ 695.420188] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 695.425389] RIP: 0033:0x466459 [ 695.428571] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.436270] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 695.443523] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 695.450772] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 695.458030] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 695.465551] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 695.486348] CPU: 0 PID: 14341 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 695.494239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.503609] Call Trace: [ 695.506196] dump_stack+0x1b2/0x281 [ 695.509821] warn_alloc.cold+0x96/0x1cc [ 695.513793] ? zone_watermark_ok_safe+0x220/0x220 [ 695.518638] __alloc_pages_nodemask+0x2127/0x2720 [ 695.523473] ? lock_acquire+0x170/0x3f0 [ 695.527465] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 695.532316] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 695.537759] ? __mutex_unlock_slowpath+0x75/0x770 [ 695.542585] alloc_pages_current+0x155/0x260 [ 695.546979] ion_page_pool_alloc+0x118/0x1b0 [ 695.551387] ion_system_heap_allocate+0x133/0x8c0 [ 695.556222] ? _raw_spin_unlock+0x29/0x40 [ 695.560475] ? _ion_heap_freelist_drain+0x6e/0x410 [ 695.565401] ? ion_system_contig_heap_create+0x130/0x130 [ 695.571091] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 695.576103] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 695.580933] ion_alloc+0x27a/0x810 [ 695.584467] ? ion_dma_buf_release+0x40/0x40 [ 695.588872] ? __might_fault+0x177/0x1b0 [ 695.592932] ion_ioctl+0xea/0x1f0 [ 695.596376] ? ion_query_heaps+0x360/0x360 [ 695.600591] ? ion_query_heaps+0x360/0x360 [ 695.604812] do_vfs_ioctl+0x75a/0xff0 [ 695.608608] ? ioctl_preallocate+0x1a0/0x1a0 [ 695.613010] ? lock_downgrade+0x740/0x740 [ 695.617149] ? __fget+0x225/0x360 [ 695.620605] ? do_vfs_ioctl+0xff0/0xff0 [ 695.624583] ? security_file_ioctl+0x83/0xb0 [ 695.628991] SyS_ioctl+0x7f/0xb0 [ 695.632366] ? do_vfs_ioctl+0xff0/0xff0 [ 695.636333] do_syscall_64+0x1d5/0x640 [ 695.640210] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 695.645385] RIP: 0033:0x466459 [ 695.648563] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.656268] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 695.663533] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 695.670797] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 695.678055] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 695.685304] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 695.696521] CPU: 1 PID: 14360 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 695.704412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.713845] Call Trace: [ 695.716430] dump_stack+0x1b2/0x281 [ 695.720059] warn_alloc.cold+0x96/0x1cc [ 695.724037] ? zone_watermark_ok_safe+0x220/0x220 [ 695.728893] __alloc_pages_nodemask+0x2127/0x2720 [ 695.733734] ? io_schedule_timeout+0x140/0x140 [ 695.738316] ? lock_acquire+0x170/0x3f0 [ 695.742296] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 695.747140] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 695.752586] ? __mutex_unlock_slowpath+0x75/0x770 [ 695.757670] alloc_pages_current+0x155/0x260 [ 695.762076] ion_page_pool_alloc+0x118/0x1b0 [ 695.766685] ion_system_heap_allocate+0x133/0x8c0 [ 695.771520] ? ion_alloc+0x187/0x810 [ 695.775225] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 695.780667] ? ion_system_contig_heap_create+0x130/0x130 [ 695.786109] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 695.791118] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 695.795954] ion_alloc+0x204/0x810 [ 695.799491] ? ion_dma_buf_release+0x40/0x40 [ 695.804006] ? __might_fault+0x177/0x1b0 [ 695.808067] ion_ioctl+0xea/0x1f0 [ 695.811513] ? ion_query_heaps+0x360/0x360 [ 695.815740] ? ion_query_heaps+0x360/0x360 [ 695.819965] do_vfs_ioctl+0x75a/0xff0 [ 695.823761] ? ioctl_preallocate+0x1a0/0x1a0 [ 695.828160] ? lock_downgrade+0x740/0x740 [ 695.832306] ? __fget+0x225/0x360 [ 695.835752] ? do_vfs_ioctl+0xff0/0xff0 [ 695.839718] ? security_file_ioctl+0x83/0xb0 [ 695.844128] SyS_ioctl+0x7f/0xb0 [ 695.847488] ? do_vfs_ioctl+0xff0/0xff0 [ 695.851560] do_syscall_64+0x1d5/0x640 [ 695.855452] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 695.860633] RIP: 0033:0x466459 [ 695.863815] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.871520] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 695.878781] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000004 [ 695.886045] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 695.893305] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 695.900664] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 695.946016] warn_alloc_show_mem: 2 callbacks suppressed [ 695.946019] Mem-Info: [ 695.955285] CPU: 1 PID: 14318 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 695.961486] active_anon:12315 inactive_anon:8484 isolated_anon:12 [ 695.961486] active_file:1896 inactive_file:1993 isolated_file:0 [ 695.961486] unevictable:0 dirty:17 writeback:0 unstable:0 [ 695.961486] slab_reclaimable:18053 slab_unreclaimable:111807 [ 695.961486] mapped:55661 shmem:8983 pagetables:828 bounce:0 [ 695.961486] free:132709 free_pcp:264 free_cma:0 [ 695.963164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.963168] Call Trace: [ 695.963184] dump_stack+0x1b2/0x281 [ 695.963199] warn_alloc.cold+0x96/0x1cc [ 695.963210] ? zone_watermark_ok_safe+0x220/0x220 [ 695.963234] __alloc_pages_nodemask+0x2127/0x2720 [ 695.963252] ? lock_acquire+0x170/0x3f0 [ 695.963268] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 695.963286] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 695.963299] ? __mutex_unlock_slowpath+0x75/0x770 [ 695.963306] ? retint_kernel+0x2d/0x2d [ 695.963328] alloc_pages_current+0x155/0x260 [ 696.053397] ion_page_pool_alloc+0x118/0x1b0 [ 696.057804] ion_system_heap_allocate+0x133/0x8c0 [ 696.062645] ? _raw_spin_unlock+0x29/0x40 [ 696.066786] ? _ion_heap_freelist_drain+0x6e/0x410 [ 696.067808] Node 0 active_anon:48140kB inactive_anon:25720kB active_file:428kB inactive_file:876kB unevictable:0kB isolated(anon):48kB isolated(file):0kB mapped:176660kB dirty:16kB writeback:0kB shmem:27708kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 696.071704] ? ion_system_contig_heap_create+0x130/0x130 [ 696.071714] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 696.071725] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 696.115132] ion_alloc+0x27a/0x810 [ 696.118672] ? ion_dma_buf_release+0x40/0x40 [ 696.123165] ? __might_fault+0x177/0x1b0 [ 696.127226] ion_ioctl+0xea/0x1f0 [ 696.130673] ? ion_query_heaps+0x360/0x360 [ 696.134905] ? ion_query_heaps+0x360/0x360 [ 696.139135] do_vfs_ioctl+0x75a/0xff0 [ 696.142933] ? ioctl_preallocate+0x1a0/0x1a0 [ 696.147333] ? lock_downgrade+0x740/0x740 [ 696.151478] ? __fget+0x225/0x360 [ 696.154925] ? do_vfs_ioctl+0xff0/0xff0 [ 696.158894] ? security_file_ioctl+0x83/0xb0 [ 696.163297] SyS_ioctl+0x7f/0xb0 [ 696.166654] ? do_vfs_ioctl+0xff0/0xff0 [ 696.168093] Node 1 active_anon:1120kB inactive_anon:8216kB active_file:7156kB inactive_file:7096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:45984kB dirty:52kB writeback:0kB shmem:8224kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 696.170620] do_syscall_64+0x1d5/0x640 [ 696.170636] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 696.207086] RIP: 0033:0x466459 [ 696.210266] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 696.217982] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 696.225241] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 696.232507] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 696.239774] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 696.247036] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 696.269276] Node 0 DMA free:11312kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 696.350198] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 696.372861] Node 0 DMA32 free:44936kB min:36200kB low:45248kB high:54296kB active_anon:48268kB inactive_anon:25720kB active_file:712kB inactive_file:980kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2788kB bounce:0kB free_pcp:1444kB local_pcp:776kB free_cma:0kB [ 696.465193] lowmem_reserve[]: 0 0 0 0 0 [ 696.479918] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 696.568721] lowmem_reserve[]: 0 0 0 0 0 [ 696.585770] Node 1 Normal free:387772kB min:53696kB low:67120kB high:80544kB active_anon:1128kB inactive_anon:8216kB active_file:7180kB inactive_file:7040kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:224kB pagetables:588kB bounce:0kB free_pcp:132kB local_pcp:104kB free_cma:0kB [ 696.685232] lowmem_reserve[]: 0 0 0 0 0 [ 696.695813] Node 0 DMA: 27*4kB (UE) 12*8kB (UE) 10*16kB (UE) 6*32kB (UE) 3*64kB (UE) 1*128kB (E) 2*256kB (UE) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 11116kB [ 696.751355] Node 0 DMA32: 1613*4kB (UMEH) 542*8kB (UMEH) 90*16kB (UMEH) 31*32kB (UME) 53*64kB (UM) 136*128kB (U) 42*256kB (U) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 45796kB [ 696.808984] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 696.853826] Node 1 Normal: 3*4kB (UE) 5*8kB (UME) 5*16kB (UME) 488*32kB (UME) 2883*64kB (UM) 718*128kB (UM) 54*256kB (U) 9*512kB (UM) 17*1024kB (U) 0*2048kB 0*4096kB = 328004kB [ 696.891589] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 696.910311] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 696.919281] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 696.941767] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 696.960209] 13029 total pagecache pages [ 696.968656] 0 pages in swap cache [ 696.986205] Swap cache stats: add 0, delete 0, find 0/0 [ 696.998131] Free swap = 0kB [ 697.004644] Total swap = 0kB [ 697.010956] 2097051 pages RAM [ 697.026983] 0 pages HighMem/MovableOnly [ 697.040056] 363848 pages reserved [ 697.056834] 0 pages cma reserved [ 697.091840] warn_alloc_show_mem: 2 callbacks suppressed [ 697.091843] Mem-Info: [ 697.099635] active_anon:12499 inactive_anon:8459 isolated_anon:12 [ 697.099635] active_file:1973 inactive_file:2055 isolated_file:0 [ 697.099635] unevictable:0 dirty:50 writeback:0 unstable:0 [ 697.099635] slab_reclaimable:17764 slab_unreclaimable:112638 [ 697.099635] mapped:55686 shmem:8983 pagetables:844 bounce:0 [ 697.099635] free:90159 free_pcp:280 free_cma:0 [ 697.138879] IPVS: ftp: loaded support on port[0] = 21 [ 697.211907] Bluetooth: hci4 command 0x041b tx timeout [ 697.261859] Node 0 active_anon:48368kB inactive_anon:25620kB active_file:712kB inactive_file:980kB unevictable:0kB isolated(anon):48kB isolated(file):0kB mapped:176672kB dirty:0kB writeback:0kB shmem:27708kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 697.361853] Node 1 active_anon:1628kB inactive_anon:8216kB active_file:7180kB inactive_file:7240kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:46072kB dirty:200kB writeback:0kB shmem:8224kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 697.492651] Node 0 DMA free:11112kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 697.628927] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 697.651017] Node 0 DMA32 free:30016kB min:36200kB low:45248kB high:54296kB active_anon:48368kB inactive_anon:25620kB active_file:208kB inactive_file:428kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2788kB bounce:0kB free_pcp:72kB local_pcp:0kB free_cma:0kB [ 697.774202] lowmem_reserve[]: 0 0 0 0 0 [ 697.821912] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 697.826315] oom_reaper: reaped process 14360 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 697.871792] lowmem_reserve[]: 0 0 0 0 0 [ 697.875809] Node 1 Normal free:67168kB min:53696kB low:67120kB high:80544kB active_anon:1128kB inactive_anon:8216kB active_file:1916kB inactive_file:1716kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:352kB pagetables:588kB bounce:0kB free_pcp:848kB local_pcp:692kB free_cma:0kB [ 697.934957] chnl_net:caif_netlink_parms(): no params data found [ 697.942537] lowmem_reserve[]: 0 0 0 0 0 [ 697.946541] Node 0 DMA: 34*4kB (UE) 5*8kB (UE) 10*16kB (UE) 6*32kB (UE) 3*64kB (UE) 1*128kB (E) 2*256kB (UE) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 11088kB [ 697.991808] Node 0 DMA32: 2087*4kB (ME) 608*8kB (ME) 115*16kB (MEH) 588*32kB (UMEH) 84*64kB (UMEH) 3*128kB (UE) 6*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 42700kB [ 698.041786] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 698.072421] Node 1 Normal: 123*4kB (UM) 196*8kB (ME) 120*16kB (UME) 73*32kB (ME) 23*64kB (M) 21*128kB (UM) 25*256kB (UM) 2*512kB (UM) 39*1024kB (UE) 0*2048kB 0*4096kB = 57836kB [ 698.111999] modprobe invoked oom-killer: gfp_mask=0x14200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 698.151847] modprobe cpuset=/ mems_allowed=0-1 [ 698.156861] CPU: 1 PID: 14470 Comm: modprobe Not tainted 4.14.230-syzkaller #0 [ 698.164211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.173557] Call Trace: [ 698.176142] dump_stack+0x1b2/0x281 [ 698.179766] dump_header+0x178/0x82f [ 698.183475] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 698.188570] ? ___ratelimit+0x2cd/0x530 [ 698.192546] oom_kill_process.cold+0x10/0xa40 [ 698.197047] out_of_memory+0xe3e/0x1190 [ 698.201020] ? oom_killer_disable+0x1c0/0x1c0 [ 698.205517] ? mutex_trylock+0x152/0x1a0 [ 698.209575] __alloc_pages_nodemask+0x23e1/0x2720 [ 698.214425] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 698.219259] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 698.224358] ? debug_check_no_obj_freed+0x2c0/0x680 [ 698.229376] ? __lock_acquire+0x5fc/0x3f20 [ 698.234131] alloc_pages_vma+0xd2/0x6d0 [ 698.238099] __handle_mm_fault+0xe4f/0x4620 [ 698.242413] ? vm_insert_page+0x7c0/0x7c0 [ 698.246563] ? SyS_mmap_pgoff+0x510/0x510 [ 698.250708] ? mark_held_locks+0xa6/0xf0 [ 698.254763] handle_mm_fault+0x455/0x9c0 [ 698.258832] __do_page_fault+0x549/0xad0 [ 698.262887] ? spurious_fault+0x640/0x640 [ 698.267026] ? do_page_fault+0x60/0x500 [ 698.270996] page_fault+0x25/0x50 [ 698.274443] RIP: 0010:__clear_user+0x3d/0x60 [ 698.278835] RSP: 0018:ffff888227c37c00 EFLAGS: 00010202 [ 698.284190] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008 [ 698.284855] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 698.291444] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00007fd6942ddfc0 [ 698.307531] RBP: 00007fd6942ddfc0 R08: ffffffff8b994ac0 R09: 0000000000000000 [ 698.314798] R10: 0000000000000000 R11: ffff8881b5c7e100 R12: 00007fd6942ddfc0 [ 698.317381] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 698.322053] R13: 00007fd6942de000 R14: ffff88808f867208 R15: 1ffff11044f86fa4 [ 698.322082] clear_user+0x74/0xb0 [ 698.330633] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 698.337885] load_elf_binary+0x3343/0x4750 [ 698.337907] ? elf_core_dump+0x4410/0x4410 [ 698.345943] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 698.350189] search_binary_handler.part.0+0xd5/0x640 [ 698.354417] 9053 total pagecache pages [ 698.358813] do_execveat_common+0x1099/0x1f30 [ 698.367387] 0 pages in swap cache [ 698.372453] ? copy_strings_kernel+0x110/0x110 [ 698.372468] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 698.376354] Swap cache stats: add 0, delete 0, find 0/0 [ 698.380827] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 698.384271] Free swap = 0kB [ 698.388819] do_execve+0x33/0x50 [ 698.394255] Total swap = 0kB [ 698.399586] call_usermodehelper_exec_async+0x2ed/0x510 [ 698.411757] 2097051 pages RAM [ 698.414017] ? call_usermodehelper_exec_work+0x2a0/0x2a0 [ 698.419353] 0 pages HighMem/MovableOnly [ 698.422438] ret_from_fork+0x24/0x30 [ 698.441790] syz-executor.3: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 698.453775] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 698.465625] syz-executor.4: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 698.511770] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 698.516906] CPU: 0 PID: 14331 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 698.524779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.534124] Call Trace: [ 698.536710] dump_stack+0x1b2/0x281 [ 698.540373] warn_alloc.cold+0x96/0x1cc [ 698.544353] ? zone_watermark_ok_safe+0x220/0x220 [ 698.549200] ? usleep_range+0x130/0x130 [ 698.553167] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 698.558271] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 698.563292] ? run_timer_softirq+0x5a0/0x5a0 [ 698.564796] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 698.567703] __alloc_pages_nodemask+0x2127/0x2720 [ 698.567718] ? lock_acquire+0x170/0x3f0 [ 698.581601] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 698.586439] ? ion_page_pool_alloc+0x9e/0x1b0 [ 698.590936] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 698.596376] ? __sanitizer_cov_trace_pc+0x3d/0x50 [ 698.601203] alloc_pages_current+0x155/0x260 [ 698.605603] ion_page_pool_alloc+0x118/0x1b0 [ 698.610009] ion_system_heap_allocate+0x133/0x8c0 [ 698.614850] ? _raw_spin_unlock+0x29/0x40 [ 698.618996] ? _ion_heap_freelist_drain+0x6e/0x410 [ 698.623927] ? ion_system_contig_heap_create+0x130/0x130 [ 698.629364] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 698.634396] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 698.639234] ion_alloc+0x27a/0x810 [ 698.642834] ? ion_dma_buf_release+0x40/0x40 [ 698.647228] ? __might_fault+0x177/0x1b0 [ 698.651278] ion_ioctl+0xea/0x1f0 [ 698.654719] ? ion_query_heaps+0x360/0x360 [ 698.658997] ? ion_query_heaps+0x360/0x360 [ 698.663226] do_vfs_ioctl+0x75a/0xff0 [ 698.667025] ? ioctl_preallocate+0x1a0/0x1a0 [ 698.671421] ? lock_downgrade+0x740/0x740 [ 698.675553] ? __fget+0x225/0x360 [ 698.680463] ? do_vfs_ioctl+0xff0/0xff0 [ 698.684427] ? security_file_ioctl+0x83/0xb0 [ 698.688829] SyS_ioctl+0x7f/0xb0 [ 698.692191] ? do_vfs_ioctl+0xff0/0xff0 [ 698.696163] do_syscall_64+0x1d5/0x640 [ 698.700052] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 698.705234] RIP: 0033:0x466459 [ 698.708420] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 698.716127] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 698.723392] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 698.730656] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 698.737916] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 698.745173] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 698.770668] CPU: 1 PID: 14321 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 698.775752] syz-executor.3 cpuset= [ 698.778620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.778627] / [ 698.782144] Call Trace: [ 698.795772] dump_stack+0x1b2/0x281 [ 698.799395] warn_alloc.cold+0x96/0x1cc [ 698.803366] ? zone_watermark_ok_safe+0x220/0x220 [ 698.807230] 363848 pages reserved [ 698.808200] ? usleep_range+0x130/0x130 [ 698.815966] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 698.821069] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 698.824298] 0 pages cma reserved [ 698.826086] ? run_timer_softirq+0x5a0/0x5a0 [ 698.833829] __alloc_pages_nodemask+0x2127/0x2720 [ 698.838674] ? lock_acquire+0x170/0x3f0 [ 698.842647] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 698.847485] ? ion_page_pool_alloc+0x9e/0x1b0 [ 698.850529] mems_allowed=0-1 [ 698.851974] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 698.851992] alloc_pages_current+0x155/0x260 [ 698.865094] ion_page_pool_alloc+0x118/0x1b0 [ 698.869508] ion_system_heap_allocate+0x133/0x8c0 [ 698.874353] ? _raw_spin_unlock+0x29/0x40 [ 698.878489] ? _ion_heap_freelist_drain+0x6e/0x410 [ 698.883407] ? ion_system_contig_heap_create+0x130/0x130 [ 698.888848] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 698.893861] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 698.898685] ion_alloc+0x27a/0x810 [ 698.902224] ? ion_dma_buf_release+0x40/0x40 [ 698.906630] ? __might_fault+0x177/0x1b0 [ 698.910685] ion_ioctl+0xea/0x1f0 [ 698.914143] ? ion_query_heaps+0x360/0x360 [ 698.918381] ? ion_query_heaps+0x360/0x360 [ 698.922602] do_vfs_ioctl+0x75a/0xff0 [ 698.926646] ? ioctl_preallocate+0x1a0/0x1a0 [ 698.931035] ? lock_downgrade+0x740/0x740 [ 698.935178] ? __fget+0x225/0x360 [ 698.938626] ? do_vfs_ioctl+0xff0/0xff0 [ 698.942597] ? security_file_ioctl+0x83/0xb0 [ 698.947039] SyS_ioctl+0x7f/0xb0 [ 698.950393] ? do_vfs_ioctl+0xff0/0xff0 [ 698.954357] do_syscall_64+0x1d5/0x640 [ 698.958230] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 698.963415] RIP: 0033:0x466459 [ 698.966584] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 698.974272] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 698.981521] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 698.988773] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 698.996021] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 699.003270] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 699.010533] CPU: 0 PID: 14360 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 699.014922] Mem-Info: [ 699.018411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.020821] active_anon:12489 inactive_anon:8484 isolated_anon:0 [ 699.020821] active_file:47 inactive_file:19 isolated_file:0 [ 699.020821] unevictable:0 dirty:4 writeback:0 unstable:0 [ 699.020821] slab_reclaimable:16325 slab_unreclaimable:114106 [ 699.020821] mapped:52848 shmem:8983 pagetables:851 bounce:0 [ 699.020821] free:14130 free_pcp:427 free_cma:0 [ 699.030140] Call Trace: [ 699.030155] dump_stack+0x1b2/0x281 [ 699.030168] warn_alloc.cold+0x96/0x1cc [ 699.030179] ? zone_watermark_ok_safe+0x220/0x220 [ 699.030193] ? usleep_range+0x130/0x130 [ 699.030212] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 699.066873] Mem-Info: [ 699.069422] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 699.073415] active_anon:12489 inactive_anon:8484 isolated_anon:0 [ 699.073415] active_file:47 inactive_file:19 isolated_file:0 [ 699.073415] unevictable:0 dirty:4 writeback:0 unstable:0 [ 699.073415] slab_reclaimable:16325 slab_unreclaimable:114106 [ 699.073415] mapped:52848 shmem:8983 pagetables:851 bounce:0 [ 699.073415] free:14130 free_pcp:427 free_cma:0 [ 699.078195] ? run_timer_softirq+0x5a0/0x5a0 [ 699.085719] Node 0 active_anon:48376kB inactive_anon:25716kB active_file:84kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:4kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 699.087229] __alloc_pages_nodemask+0x2127/0x2720 [ 699.089618] Node 1 active_anon:1580kB inactive_anon:8220kB active_file:104kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:35784kB dirty:12kB writeback:0kB shmem:8228kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 699.094617] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 699.094629] ? migrate_swap_stop+0x880/0x880 [ 699.094648] ? lock_acquire+0x170/0x3f0 [ 699.131363] Node 0 active_anon:48376kB inactive_anon:25716kB active_file:84kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:4kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 699.132210] alloc_pages_current+0x155/0x260 [ 699.132223] ion_page_pool_alloc+0x118/0x1b0 [ 699.132236] ion_system_heap_allocate+0x133/0x8c0 [ 699.163671] Node 1 active_anon:1580kB inactive_anon:8220kB active_file:104kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:35784kB dirty:12kB writeback:0kB shmem:8228kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 699.164716] ? ion_alloc+0x187/0x810 [ 699.195560] Node 0 [ 699.196667] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 699.201060] DMA free:10996kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 699.205005] ? ion_system_contig_heap_create+0x130/0x130 [ 699.205014] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 699.205026] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 699.205036] ion_alloc+0x204/0x810 [ 699.205049] ? ion_dma_buf_release+0x40/0x40 [ 699.205061] ? __might_fault+0x177/0x1b0 [ 699.236284] Node 0 [ 699.237115] ion_ioctl+0xea/0x1f0 [ 699.241500] DMA free:10996kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 699.246316] ? ion_query_heaps+0x360/0x360 [ 699.246329] ? ion_query_heaps+0x360/0x360 [ 699.246340] do_vfs_ioctl+0x75a/0xff0 [ 699.246350] ? ioctl_preallocate+0x1a0/0x1a0 [ 699.246359] ? lock_downgrade+0x740/0x740 [ 699.246373] ? __fget+0x225/0x360 [ 699.277040] lowmem_reserve[]: [ 699.277295] ? do_vfs_ioctl+0xff0/0xff0 [ 699.279504] 0 [ 699.284935] ? security_file_ioctl+0x83/0xb0 [ 699.284945] SyS_ioctl+0x7f/0xb0 [ 699.284953] ? do_vfs_ioctl+0xff0/0xff0 [ 699.284963] do_syscall_64+0x1d5/0x640 [ 699.284979] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 699.314027] lowmem_reserve[]: [ 699.315885] RIP: 0033:0x466459 [ 699.320874] 0 [ 699.325776] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 699.325787] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 699.325792] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000004 [ 699.325797] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 699.325801] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 699.325807] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 699.326391] syz-executor.5: [ 699.329347] 2717 [ 699.333763] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 699.341350] 2717 [ 699.351714] Bluetooth: hci4 command 0x040f tx timeout [ 699.372505] 2718 [ 699.385592] page allocation failure: order:0 [ 699.387458] 2718 [ 699.389778] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 699.394969] 2718 [ 699.401663] syz-executor.2 cpuset= [ 699.403962] 2718 [ 699.406540] / [ 699.409886] 2718 2718 [ 699.419995] mems_allowed=0-1 [ 699.431009] CPU: 0 PID: 14341 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 699.438757] (null) [ 699.445946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.445950] Call Trace: [ 699.445968] dump_stack+0x1b2/0x281 [ 699.445981] warn_alloc.cold+0x96/0x1cc [ 699.445994] ? zone_watermark_ok_safe+0x220/0x220 [ 699.446004] ? usleep_range+0x130/0x130 [ 699.446013] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 699.446025] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 699.446035] ? run_timer_softirq+0x5a0/0x5a0 [ 699.446051] __alloc_pages_nodemask+0x2127/0x2720 [ 699.460098] Node 0 [ 699.460571] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 699.467864] DMA32 free:18660kB min:36200kB low:45248kB high:54296kB active_anon:48376kB inactive_anon:25716kB active_file:32kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2800kB bounce:0kB free_pcp:908kB local_pcp:740kB free_cma:0kB [ 699.475062] ? ___preempt_schedule+0x16/0x18 [ 699.475074] ? migrate_swap_stop+0x880/0x880 [ 699.475097] alloc_pages_current+0x155/0x260 [ 699.475112] ion_page_pool_alloc+0x118/0x1b0 [ 699.475122] ion_system_heap_allocate+0x133/0x8c0 [ 699.475134] ? _raw_spin_unlock+0x29/0x40 [ 699.475142] ? _ion_heap_freelist_drain+0x6e/0x410 [ 699.475150] ? ion_system_contig_heap_create+0x130/0x130 [ 699.475161] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 699.485070] syz-executor.5 cpuset= [ 699.492157] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 699.492169] ion_alloc+0x27a/0x810 [ 699.492188] ? ion_dma_buf_release+0x40/0x40 [ 699.492202] ? __might_fault+0x177/0x1b0 [ 699.499423] ion_ioctl+0xea/0x1f0 [ 699.501457] Node 0 [ 699.505842] ? ion_query_heaps+0x360/0x360 [ 699.505855] ? ion_query_heaps+0x360/0x360 [ 699.505864] do_vfs_ioctl+0x75a/0xff0 [ 699.505875] ? ioctl_preallocate+0x1a0/0x1a0 [ 699.505884] ? lock_downgrade+0x740/0x740 [ 699.505897] ? __fget+0x225/0x360 [ 699.505907] ? do_vfs_ioctl+0xff0/0xff0 [ 699.505918] ? security_file_ioctl+0x83/0xb0 [ 699.505928] SyS_ioctl+0x7f/0xb0 [ 699.514848] lowmem_reserve[]: [ 699.515052] ? do_vfs_ioctl+0xff0/0xff0 [ 699.517085] 0 [ 699.520608] do_syscall_64+0x1d5/0x640 [ 699.524942] / [ 699.526831] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 699.529907] mems_allowed=0-1 [ 699.537877] RIP: 0033:0x466459 [ 699.537883] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 699.537892] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 699.537897] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 699.537902] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 699.537907] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 699.537912] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 699.803899] DMA32 free:21360kB min:36200kB low:45248kB high:54296kB active_anon:48376kB inactive_anon:25716kB active_file:32kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2800kB bounce:0kB free_pcp:908kB local_pcp:736kB free_cma:0kB [ 699.834496] 0 0 0 0 [ 699.839968] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 699.867093] lowmem_reserve[]: 0 0 0 0 0 [ 699.871919] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 699.898188] lowmem_reserve[]: 0 0 0 0 0 [ 699.903207] Node 1 Normal free:447648kB min:53696kB low:67120kB high:80544kB active_anon:1180kB inactive_anon:8220kB active_file:140kB inactive_file:6240kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:320kB pagetables:604kB bounce:0kB free_pcp:1244kB local_pcp:592kB free_cma:0kB [ 699.971702] lowmem_reserve[]: 0 0 0 0 0 [ 699.975785] Node 1 Normal free:472648kB min:53696kB low:67120kB high:80544kB active_anon:1180kB inactive_anon:8220kB active_file:140kB inactive_file:6240kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:320kB pagetables:604kB bounce:0kB free_pcp:1220kB local_pcp:592kB free_cma:0kB [ 700.005478] lowmem_reserve[]: 0 0 0 0 0 [ 700.009552] Node 0 DMA: 1*4kB (E) 2*8kB (UE) 2*16kB (UE) 2*32kB (UE) 1*64kB (E) 5*128kB (UE) 2*256kB (UE) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 11060kB [ 700.025099] Node 0 DMA32: 1997*4kB (UME) 811*8kB (UME) 201*16kB (UME) 67*32kB (UME) 201*64kB (UMEH) 114*128kB (UE) 13*256kB (UH) 7*512kB (U) 26*1024kB (U) 0*2048kB 0*4096kB = 80828kB [ 700.041939] lowmem_reserve[]: 0 0 0 0 0 [ 700.046028] Node 0 DMA: 1*4kB (E) 2*8kB (UE) 2*16kB (UE) 2*32kB (UE) 1*64kB (E) 5*128kB (UE) 2*256kB (UE) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 11060kB [ 700.061540] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 700.072594] Node 0 DMA32: 2476*4kB (UE) 1038*8kB (UME) 252*16kB (UME) 84*32kB (UME) 215*64kB (UMEH) 117*128kB (UE) 14*256kB (UH) 7*512kB (U) 26*1024kB (U) 0*2048kB 0*4096kB = 87456kB [ 700.089400] Node 1 Normal: 1242*4kB (UM) 751*8kB (UME) 280*16kB (UME) 251*32kB (UME) 619*64kB (UM) 160*128kB (UM) 51*256kB (UM) 26*512kB (UM) 329*1024kB (UE) 24*2048kB (U) 0*4096kB = 496000kB [ 700.107539] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 700.126034] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 700.134928] Node 1 Normal: 1406*4kB (UM) 860*8kB (UME) 368*16kB (UME) 318*32kB (UME) 907*64kB (UM) 170*128kB (UM) 54*256kB (UM) 27*512kB (UM) 329*1024kB (UE) 24*2048kB (U) 0*4096kB = 522072kB [ 700.152565] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 700.161140] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 700.170244] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 700.179417] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 700.184993] warn_alloc_show_mem: 2 callbacks suppressed [ 700.184996] Mem-Info: [ 700.188221] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 700.204560] 11175 total pagecache pages [ 700.208530] 0 pages in swap cache [ 700.212200] Swap cache stats: add 0, delete 0, find 0/0 [ 700.217556] Free swap = 0kB [ 700.220562] Total swap = 0kB [ 700.223808] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 700.226119] active_anon:12393 inactive_anon:8484 isolated_anon:0 [ 700.226119] active_file:523 inactive_file:1656 isolated_file:0 [ 700.226119] unevictable:0 dirty:26 writeback:0 unstable:0 [ 700.226119] slab_reclaimable:15124 slab_unreclaimable:116273 [ 700.226119] mapped:54007 shmem:8983 pagetables:851 bounce:0 [ 700.226119] free:167416 free_pcp:660 free_cma:0 [ 700.232973] 2097051 pages RAM [ 700.269659] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 700.278449] 11175 total pagecache pages [ 700.282665] 0 pages in swap cache [ 700.286130] Swap cache stats: add 0, delete 0, find 0/0 [ 700.291478] Free swap = 0kB [ 700.294703] Total swap = 0kB [ 700.297720] 2097051 pages RAM [ 700.300812] 0 pages HighMem/MovableOnly [ 700.305025] 0 pages HighMem/MovableOnly [ 700.308993] 363848 pages reserved [ 700.312660] 363848 pages reserved [ 700.316108] 0 pages cma reserved [ 700.321846] 0 pages cma reserved [ 700.325217] Out of memory (oom_kill_allocating_task): Kill process 14470 (modprobe) score 0 or sacrifice child [ 700.331672] Node 0 active_anon:48384kB inactive_anon:25716kB active_file:324kB inactive_file:1924kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:176288kB dirty:8kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 700.341923] Killed process 14470 (modprobe) total-vm:432kB, anon-rss:4kB, file-rss:0kB, shmem-rss:0kB [ 700.410279] Node 1 active_anon:1188kB inactive_anon:8220kB active_file:1768kB inactive_file:4700kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:39740kB dirty:96kB writeback:0kB shmem:8228kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 700.450215] CPU: 1 PID: 14318 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 700.458211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 700.467563] Call Trace: [ 700.470154] dump_stack+0x1b2/0x281 [ 700.473784] warn_alloc.cold+0x96/0x1cc [ 700.477848] ? zone_watermark_ok_safe+0x220/0x220 [ 700.481655] Node 0 [ 700.482715] ? usleep_range+0x130/0x130 [ 700.482727] DMA free:11260kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 700.482732] lowmem_reserve[]: [ 700.484953] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 700.488903] 0 [ 700.514401] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 700.514411] ? run_timer_softirq+0x5a0/0x5a0 [ 700.514432] __alloc_pages_nodemask+0x2127/0x2720 [ 700.526852] 2717 [ 700.529400] ? lock_acquire+0x170/0x3f0 [ 700.533799] 2718 [ 700.538616] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 700.540649] 2718 [ 700.544605] ? ion_page_pool_alloc+0x9e/0x1b0 [ 700.544625] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 700.546659] 2718 [ 700.551484] ? retint_kernel+0x2d/0x2d [ 700.558039] alloc_pages_current+0x155/0x260 [ 700.563524] Node 0 [ 700.565560] ion_page_pool_alloc+0x118/0x1b0 [ 700.569442] DMA32 free:201884kB min:36200kB low:45248kB high:54296kB active_anon:48384kB inactive_anon:25716kB active_file:524kB inactive_file:2624kB unevictable:0kB writepending:8kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:2800kB bounce:0kB free_pcp:952kB local_pcp:620kB free_cma:0kB [ 700.573825] ion_system_heap_allocate+0x133/0x8c0 [ 700.573839] ? _raw_spin_unlock+0x29/0x40 [ 700.573849] ? _ion_heap_freelist_drain+0x6e/0x410 [ 700.576060] lowmem_reserve[]: [ 700.580455] ? ion_system_contig_heap_create+0x130/0x130 [ 700.612038] 0 [ 700.613994] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 700.618111] 0 [ 700.623023] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 700.623035] ion_alloc+0x27a/0x810 [ 700.623049] ? ion_dma_buf_release+0x40/0x40 [ 700.626120] 0 [ 700.631555] ? __might_fault+0x177/0x1b0 [ 700.635900] 0 [ 700.638332] ion_ioctl+0xea/0x1f0 [ 700.638342] ? ion_query_heaps+0x360/0x360 [ 700.640138] 0 [ 700.644947] ? ion_query_heaps+0x360/0x360 [ 700.644957] do_vfs_ioctl+0x75a/0xff0 [ 700.644969] ? ioctl_preallocate+0x1a0/0x1a0 [ 700.644980] ? lock_downgrade+0x740/0x740 [ 700.652890] ? __fget+0x225/0x360 [ 700.652900] ? do_vfs_ioctl+0xff0/0xff0 [ 700.652910] ? security_file_ioctl+0x83/0xb0 [ 700.652920] SyS_ioctl+0x7f/0xb0 [ 700.654696] Node 0 [ 700.658736] ? do_vfs_ioctl+0xff0/0xff0 [ 700.660523] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 700.663947] do_syscall_64+0x1d5/0x640 [ 700.663961] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 700.663970] RIP: 0033:0x466459 [ 700.672057] lowmem_reserve[]: [ 700.674198] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 [ 700.677971] 0 [ 700.682350] ORIG_RAX: 0000000000000010 [ 700.682357] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 700.682362] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 700.682367] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 700.682371] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 700.682379] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 700.686500] 0 0 0 0 [ 700.806695] Node 1 Normal free:958276kB min:53696kB low:67120kB high:80544kB active_anon:1188kB inactive_anon:8220kB active_file:1768kB inactive_file:4700kB unevictable:0kB writepending:96kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:308kB bounce:0kB free_pcp:1292kB local_pcp:648kB free_cma:0kB [ 700.849090] lowmem_reserve[]: 0 0 0 0 0 [ 700.854455] Node 0 DMA: 7*4kB (UE) 6*8kB (UE) 3*16kB (UE) 2*32kB (UE) 3*64kB (UE) 5*128kB (UE) 2*256kB (UE) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (M) = 11260kB [ 700.871297] Node 0 DMA32: 3280*4kB (UME) 1497*8kB (UME) 386*16kB (UME) 167*32kB (UME) 1161*64kB (UMEH) 430*128kB (UME) 104*256kB (UMH) 54*512kB (U) 30*1024kB (U) 0*2048kB 0*4096kB = 250952kB [ 700.947948] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 700.973493] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.977482] Node 1 Normal: 2285*4kB (UM) 1547*8kB (UME) 943*16kB (UME) 793*32kB (UME) 5670*64kB (UM) 1162*128kB (UM) 282*256kB (UM) 135*512kB (UM) 448*1024kB (UE) 80*2048kB (U) 2*4096kB (U) = 1345692kB [ 700.980219] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.022169] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 701.031105] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 701.040986] device bridge_slave_0 entered promiscuous mode [ 701.041388] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 701.057002] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 701.066038] 11803 total pagecache pages [ 701.066395] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.070014] 0 pages in swap cache [ 701.080807] Swap cache stats: add 0, delete 0, find 0/0 [ 701.086251] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.087032] device bridge_slave_1 entered promiscuous mode [ 701.109671] Free swap = 0kB [ 701.113115] Total swap = 0kB [ 701.116130] 2097051 pages RAM [ 701.119226] 0 pages HighMem/MovableOnly [ 701.124876] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 701.137358] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 701.141657] 363848 pages reserved [ 701.148351] 0 pages cma reserved [ 701.167091] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 701.177970] team0: Port device team_slave_0 added [ 701.184784] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 701.195939] team0: Port device team_slave_1 added [ 701.224041] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 701.230330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 701.260628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 701.276936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 701.283694] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 701.335019] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 701.356577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 701.376351] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 701.439952] device hsr_slave_0 entered promiscuous mode [ 701.451921] Bluetooth: hci4 command 0x0419 tx timeout [ 701.459963] device hsr_slave_1 entered promiscuous mode [ 701.482606] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 701.495009] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 701.724876] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 701.804430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 701.816242] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 701.826382] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 701.836326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 701.845174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 701.857856] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 701.865645] 8021q: adding VLAN 0 to HW filter on device team0 [ 701.878218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 701.885992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 701.897733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 701.914451] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.920828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 701.956716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 701.964806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 701.975905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 701.996175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 702.012143] bridge0: port 2(bridge_slave_1) entered blocking state [ 702.018600] bridge0: port 2(bridge_slave_1) entered forwarding state [ 702.045603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 702.062042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 702.073556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 702.080410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 702.104283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 702.111134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 702.134006] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 702.153763] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 702.163341] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 702.170326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 702.179113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 702.189431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 702.197198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 702.205551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 702.216407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 702.227671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 702.236322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 702.250009] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 702.257343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 702.276302] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 702.286577] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 702.295869] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 702.320207] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 702.343376] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 702.563058] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 702.577607] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 702.587641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 702.600702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 702.722995] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 702.730228] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 702.745423] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 702.758217] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 702.765906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 702.777412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 702.787946] device veth0_vlan entered promiscuous mode [ 702.798768] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 702.807307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 702.825911] device veth1_vlan entered promiscuous mode [ 702.836045] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 702.846146] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 702.863241] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 702.877527] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 702.884683] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 702.897174] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 702.904773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 702.918321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 702.928154] device veth0_macvtap entered promiscuous mode [ 702.939217] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 702.948743] device veth1_macvtap entered promiscuous mode [ 702.959640] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 702.970145] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 702.985272] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 702.997334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 703.008976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.022053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 703.034907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.047150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 703.060607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.071031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 703.085722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.095630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 703.110073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.120908] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 703.133339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 703.140585] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 703.152056] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 703.159184] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 703.172050] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 703.183463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 703.198487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.208523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 703.223357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.235191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 703.247051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.259199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 703.271141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.284977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 703.295377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.309776] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 703.317975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 703.329153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 703.338573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 20:22:43 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)) 20:22:43 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:43 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:22:43 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:22:43 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:22:43 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) 20:22:43 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) 20:22:43 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) 20:22:43 executing program 0: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) [ 704.472683] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 704.475237] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 704.522275] syz-executor.5: [ 704.534956] syz-executor.2: [ 704.535199] syz-executor.3: [ 704.538418] syz-executor.4 cpuset= [ 704.546136] page allocation failure: order:4 [ 704.546903] syz-executor.0: [ 704.549780] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 704.558751] / [ 704.560888] page allocation failure: order:4 [ 704.568074] page allocation failure: order:4 [ 704.573351] (null) [ 704.578693] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 704.580005] mems_allowed=0-1 [ 704.581099] page allocation failure: order:4 [ 704.588802] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 704.591550] (null) [ 704.596069] syz-executor.2 cpuset= [ 704.604350] (null) [ 704.606535] syz-executor.1 cpuset= [ 704.607977] / [ 704.613569] / [ 704.615124] CPU: 0 PID: 14608 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 704.617572] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 704.624839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.624843] Call Trace: [ 704.624860] dump_stack+0x1b2/0x281 [ 704.624874] warn_alloc.cold+0x96/0x1cc [ 704.624886] ? zone_watermark_ok_safe+0x220/0x220 [ 704.624908] __alloc_pages_nodemask+0x2127/0x2720 [ 704.624923] ? lock_acquire+0x170/0x3f0 [ 704.624939] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 704.624955] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 704.624967] ? __mutex_unlock_slowpath+0x75/0x770 [ 704.634351] mems_allowed=0-1 [ 704.641396] alloc_pages_current+0x155/0x260 [ 704.641409] ion_page_pool_alloc+0x118/0x1b0 [ 704.641422] ion_system_heap_allocate+0x133/0x8c0 [ 704.650636] syz-executor.3 cpuset= [ 704.651554] ? ion_alloc+0x187/0x810 [ 704.651566] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 704.651576] ? ion_system_contig_heap_create+0x130/0x130 [ 704.651585] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 704.651596] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 704.651606] ion_alloc+0x204/0x810 [ 704.651618] ? ion_dma_buf_release+0x40/0x40 [ 704.668095] / [ 704.670048] ? __might_fault+0x177/0x1b0 [ 704.686158] (null) [ 704.687764] ion_ioctl+0xea/0x1f0 [ 704.687774] ? ion_query_heaps+0x360/0x360 [ 704.687784] ? ion_query_heaps+0x360/0x360 [ 704.687793] do_vfs_ioctl+0x75a/0xff0 [ 704.687804] ? ioctl_preallocate+0x1a0/0x1a0 [ 704.687812] ? lock_downgrade+0x740/0x740 [ 704.687825] ? __fget+0x225/0x360 [ 704.687834] ? do_vfs_ioctl+0xff0/0xff0 [ 704.687845] ? security_file_ioctl+0x83/0xb0 [ 704.687854] SyS_ioctl+0x7f/0xb0 [ 704.687863] ? do_vfs_ioctl+0xff0/0xff0 [ 704.704839] mems_allowed=0-1 [ 704.709713] do_syscall_64+0x1d5/0x640 [ 704.709731] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 704.709740] RIP: 0033:0x466459 [ 704.720740] syz-executor.0 cpuset= [ 704.724982] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 704.724992] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 704.724997] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 704.725002] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 704.725007] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 704.725013] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 704.735247] syz-executor.5 cpuset= [ 704.744776] CPU: 1 PID: 14612 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 704.744783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.744786] Call Trace: [ 704.744802] dump_stack+0x1b2/0x281 [ 704.744814] warn_alloc.cold+0x96/0x1cc [ 704.744826] ? zone_watermark_ok_safe+0x220/0x220 [ 704.744850] __alloc_pages_nodemask+0x2127/0x2720 [ 704.744874] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 704.744886] ? migrate_swap_stop+0x880/0x880 [ 704.744894] ? lock_acquire+0x170/0x3f0 [ 704.744906] ? wake_up_q+0x82/0xd0 [ 704.744918] ? __mutex_unlock_slowpath+0x261/0x770 [ 704.744930] alloc_pages_current+0x155/0x260 [ 704.744942] ion_page_pool_alloc+0x118/0x1b0 [ 704.744952] ion_system_heap_allocate+0x133/0x8c0 [ 704.744961] ? ion_alloc+0x187/0x810 [ 704.744969] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 704.744978] ? ion_system_contig_heap_create+0x130/0x130 [ 704.744986] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 704.744996] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 704.745006] ion_alloc+0x204/0x810 [ 704.745019] ? ion_dma_buf_release+0x40/0x40 [ 704.745031] ? __might_fault+0x177/0x1b0 [ 704.745043] ion_ioctl+0xea/0x1f0 [ 704.745051] ? ion_query_heaps+0x360/0x360 [ 704.745063] ? ion_query_heaps+0x360/0x360 [ 704.745074] do_vfs_ioctl+0x75a/0xff0 [ 704.745086] ? ioctl_preallocate+0x1a0/0x1a0 [ 704.745094] ? lock_downgrade+0x740/0x740 [ 704.745107] ? __fget+0x225/0x360 [ 704.745116] ? do_vfs_ioctl+0xff0/0xff0 [ 704.745125] ? security_file_ioctl+0x83/0xb0 [ 704.745134] SyS_ioctl+0x7f/0xb0 [ 704.745141] ? do_vfs_ioctl+0xff0/0xff0 [ 704.745152] do_syscall_64+0x1d5/0x640 [ 704.751388] mems_allowed=0-1 [ 704.753596] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 704.753605] RIP: 0033:0x466459 [ 704.753610] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 704.753621] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 704.753627] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 704.753632] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 704.753637] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 704.753645] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 704.764163] / [ 704.778734] CPU: 1 PID: 14623 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 704.814391] mems_allowed=0-1 [ 704.818820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.818824] Call Trace: [ 704.818841] dump_stack+0x1b2/0x281 [ 704.818854] warn_alloc.cold+0x96/0x1cc [ 704.983185] warn_alloc_show_mem: 1 callbacks suppressed [ 704.983189] Mem-Info: [ 704.984049] ? zone_watermark_ok_safe+0x220/0x220 [ 704.996297] active_anon:13094 inactive_anon:8483 isolated_anon:48 [ 704.996297] active_file:991 inactive_file:1762 isolated_file:0 [ 704.996297] unevictable:0 dirty:58 writeback:25 unstable:0 [ 704.996297] slab_reclaimable:14125 slab_unreclaimable:117257 [ 704.996297] mapped:54542 shmem:8982 pagetables:857 bounce:0 [ 704.996297] free:102197 free_pcp:225 free_cma:0 [ 704.999172] __alloc_pages_nodemask+0x2127/0x2720 [ 704.999189] ? ___preempt_schedule+0x16/0x18 [ 705.017392] Node 0 active_anon:51500kB inactive_anon:25728kB active_file:3660kB inactive_file:6764kB unevictable:0kB isolated(anon):192kB isolated(file):0kB mapped:181644kB dirty:132kB writeback:100kB shmem:27716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 705.018412] ? lock_acquire+0x170/0x3f0 [ 705.018428] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 705.018445] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 705.044728] Node 1 active_anon:876kB inactive_anon:8204kB active_file:304kB inactive_file:284kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36524kB dirty:100kB writeback:0kB shmem:8212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 705.047868] ? __mutex_unlock_slowpath+0x75/0x770 [ 705.047883] alloc_pages_current+0x155/0x260 [ 705.047896] ion_page_pool_alloc+0x118/0x1b0 [ 705.076998] Node 0 [ 705.084366] ion_system_heap_allocate+0x133/0x8c0 [ 705.084377] ? ion_alloc+0x187/0x810 [ 705.084387] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 705.084395] ? ion_system_contig_heap_create+0x130/0x130 [ 705.084406] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 705.102291] DMA free:11124kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 705.107077] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 705.107089] ion_alloc+0x204/0x810 [ 705.107111] ? ion_dma_buf_release+0x40/0x40 [ 705.220391] lowmem_reserve[]: [ 705.224689] ? __might_fault+0x177/0x1b0 [ 705.224703] ion_ioctl+0xea/0x1f0 [ 705.224713] ? ion_query_heaps+0x360/0x360 [ 705.238959] 0 [ 705.240531] ? ion_query_heaps+0x360/0x360 [ 705.240543] do_vfs_ioctl+0x75a/0xff0 [ 705.240555] ? ioctl_preallocate+0x1a0/0x1a0 [ 705.255218] 2717 [ 705.260220] ? lock_downgrade+0x740/0x740 [ 705.260235] ? __fget+0x225/0x360 [ 705.260248] ? do_vfs_ioctl+0xff0/0xff0 [ 705.341218] ? security_file_ioctl+0x83/0xb0 [ 705.345610] SyS_ioctl+0x7f/0xb0 [ 705.348957] ? do_vfs_ioctl+0xff0/0xff0 [ 705.350512] 2718 [ 705.352917] do_syscall_64+0x1d5/0x640 [ 705.352933] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 705.352941] RIP: 0033:0x466459 [ 705.352948] RSP: 002b:00007faef7867188 EFLAGS: 00000246 [ 705.359399] 2718 [ 705.364023] ORIG_RAX: 0000000000000010 [ 705.364029] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 705.364035] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000003 [ 705.364040] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 705.364045] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 705.364050] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 705.384845] / [ 705.390435] CPU: 0 PID: 14610 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 705.411461] mems_allowed=0-1 [ 705.416299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.416303] Call Trace: [ 705.416323] dump_stack+0x1b2/0x281 [ 705.416336] warn_alloc.cold+0x96/0x1cc [ 705.448467] ? zone_watermark_ok_safe+0x220/0x220 [ 705.453312] __alloc_pages_nodemask+0x2127/0x2720 [ 705.458157] ? lock_acquire+0x170/0x3f0 [ 705.462135] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 705.466981] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 705.472432] ? __mutex_unlock_slowpath+0x75/0x770 [ 705.477268] ? retint_kernel+0x2d/0x2d [ 705.481156] alloc_pages_current+0x155/0x260 [ 705.485562] ion_page_pool_alloc+0x118/0x1b0 [ 705.490084] ion_system_heap_allocate+0x133/0x8c0 [ 705.495018] ? ion_alloc+0x187/0x810 [ 705.498737] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 705.504187] ? ion_system_contig_heap_create+0x130/0x130 [ 705.509636] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 705.514658] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 705.519511] ion_alloc+0x204/0x810 [ 705.523043] ? ion_dma_buf_release+0x40/0x40 [ 705.527451] ? __might_fault+0x177/0x1b0 [ 705.531597] ion_ioctl+0xea/0x1f0 [ 705.535069] ? ion_query_heaps+0x360/0x360 [ 705.539290] ? ion_query_heaps+0x360/0x360 [ 705.543515] do_vfs_ioctl+0x75a/0xff0 [ 705.547315] ? ioctl_preallocate+0x1a0/0x1a0 [ 705.551719] ? lock_downgrade+0x740/0x740 [ 705.555871] ? __fget+0x225/0x360 [ 705.559324] ? do_vfs_ioctl+0xff0/0xff0 [ 705.563294] ? security_file_ioctl+0x83/0xb0 [ 705.567811] SyS_ioctl+0x7f/0xb0 [ 705.571169] ? do_vfs_ioctl+0xff0/0xff0 [ 705.575240] do_syscall_64+0x1d5/0x640 [ 705.579137] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 705.584320] RIP: 0033:0x466459 [ 705.587506] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 705.595207] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 705.602465] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 705.609735] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 705.616996] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 705.624259] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 705.631723] CPU: 1 PID: 14634 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 705.639605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.648947] Call Trace: [ 705.651520] dump_stack+0x1b2/0x281 [ 705.655134] warn_alloc.cold+0x96/0x1cc [ 705.659093] ? zone_watermark_ok_safe+0x220/0x220 [ 705.663115] 2718 [ 705.663935] __alloc_pages_nodemask+0x2127/0x2720 [ 705.663946] ? __schedule+0x893/0x1de0 [ 705.670819] ? lock_acquire+0x170/0x3f0 [ 705.670836] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 705.670852] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 705.680261] Node 0 [ 705.683585] ? __mutex_unlock_slowpath+0x75/0x770 [ 705.683600] alloc_pages_current+0x155/0x260 [ 705.683613] ion_page_pool_alloc+0x118/0x1b0 [ 705.683627] ion_system_heap_allocate+0x133/0x8c0 [ 705.698928] DMA32 free:263336kB min:36200kB low:45248kB high:54296kB active_anon:49488kB inactive_anon:25728kB active_file:3736kB inactive_file:9656kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7680kB pagetables:3236kB bounce:0kB free_pcp:264kB local_pcp:120kB free_cma:0kB [ 705.700472] ? ion_alloc+0x187/0x810 [ 705.700484] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 705.700494] ? ion_system_contig_heap_create+0x130/0x130 [ 705.700505] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 705.710408] lowmem_reserve[]: [ 705.738399] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 705.738411] ion_alloc+0x204/0x810 [ 705.738426] ? ion_dma_buf_release+0x40/0x40 [ 705.738438] ? __might_fault+0x177/0x1b0 [ 705.738453] ion_ioctl+0xea/0x1f0 [ 705.776008] 0 [ 705.778048] ? ion_query_heaps+0x360/0x360 [ 705.778061] ? ion_query_heaps+0x360/0x360 [ 705.778072] do_vfs_ioctl+0x75a/0xff0 [ 705.787002] 0 [ 705.787492] ? ioctl_preallocate+0x1a0/0x1a0 [ 705.796139] 0 [ 705.797343] ? lock_downgrade+0x740/0x740 [ 705.797358] ? __fget+0x225/0x360 [ 705.797370] ? do_vfs_ioctl+0xff0/0xff0 [ 705.808436] 0 [ 705.811197] ? security_file_ioctl+0x83/0xb0 [ 705.811208] SyS_ioctl+0x7f/0xb0 [ 705.811215] ? do_vfs_ioctl+0xff0/0xff0 [ 705.811230] do_syscall_64+0x1d5/0x640 [ 705.821779] 0 [ 705.824688] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 705.824698] RIP: 0033:0x466459 [ 705.824705] RSP: 002b:00007fcbd0bd8188 EFLAGS: 00000246 [ 705.839458] ORIG_RAX: 0000000000000010 [ 705.839465] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 705.839470] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 705.839476] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 705.839482] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 705.839487] R13: 00007ffdcf99cddf R14: 00007fcbd0bd8300 R15: 0000000000022000 [ 705.890253] CPU: 0 PID: 14611 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 705.898139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.907484] Call Trace: [ 705.910074] dump_stack+0x1b2/0x281 [ 705.913724] warn_alloc.cold+0x96/0x1cc [ 705.917699] ? zone_watermark_ok_safe+0x220/0x220 [ 705.922775] __alloc_pages_nodemask+0x2127/0x2720 [ 705.927745] ? lock_acquire+0x170/0x3f0 [ 705.931727] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 705.936573] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 705.942023] ? __mutex_unlock_slowpath+0x75/0x770 [ 705.946868] alloc_pages_current+0x155/0x260 [ 705.951278] ion_page_pool_alloc+0x118/0x1b0 [ 705.955684] ion_system_heap_allocate+0x133/0x8c0 [ 705.960521] ? ion_alloc+0x187/0x810 [ 705.964229] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 705.969681] ? ion_system_contig_heap_create+0x130/0x130 [ 705.975131] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 705.980147] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 705.984990] ion_alloc+0x204/0x810 [ 705.988531] ? ion_dma_buf_release+0x40/0x40 [ 705.992935] ? __might_fault+0x177/0x1b0 [ 705.996995] ion_ioctl+0xea/0x1f0 [ 706.000446] ? ion_query_heaps+0x360/0x360 [ 706.004682] ? ion_query_heaps+0x360/0x360 [ 706.008913] do_vfs_ioctl+0x75a/0xff0 [ 706.012825] ? ioctl_preallocate+0x1a0/0x1a0 [ 706.017234] ? lock_downgrade+0x740/0x740 [ 706.021398] ? __fget+0x225/0x360 [ 706.024847] ? do_vfs_ioctl+0xff0/0xff0 [ 706.028930] ? security_file_ioctl+0x83/0xb0 [ 706.033338] SyS_ioctl+0x7f/0xb0 [ 706.036703] ? do_vfs_ioctl+0xff0/0xff0 [ 706.040678] do_syscall_64+0x1d5/0x640 [ 706.044565] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 706.049750] RIP: 0033:0x466459 [ 706.052933] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 706.060634] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 706.067903] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 706.075171] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 706.082435] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 706.089698] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 706.099571] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 706.125698] lowmem_reserve[]: 0 0 0 0 0 [ 706.130089] Node 1 Normal free:63412kB min:53696kB low:67120kB high:80544kB active_anon:876kB inactive_anon:8204kB active_file:280kB inactive_file:256kB unevictable:0kB writepending:32kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:160kB pagetables:192kB bounce:0kB free_pcp:624kB local_pcp:0kB free_cma:0kB [ 706.160623] lowmem_reserve[]: 0 0 0 0 0 [ 706.166371] Node 0 DMA: 15*4kB (UE) 11*8kB (UE) 16*16kB (UE) 13*32kB (UE) 3*64kB (UE) 5*128kB (UE) 3*256kB (UE) 3*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (U) = 11124kB [ 706.183020] Node 0 DMA32: 957*4kB (UMEH) 504*8kB (EH) 101*16kB (MEH) 1210*32kB (UMEH) 8*64kB (UMH) 3*128kB (UH) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 49348kB [ 706.194447] warn_alloc_show_mem: 1 callbacks suppressed [ 706.194449] Mem-Info: [ 706.219907] active_anon:13103 inactive_anon:8483 isolated_anon:0 [ 706.219907] active_file:1520 inactive_file:1287 isolated_file:49 [ 706.219907] unevictable:0 dirty:20 writeback:0 unstable:0 [ 706.219907] slab_reclaimable:14117 slab_unreclaimable:117267 [ 706.219907] mapped:55291 shmem:8982 pagetables:857 bounce:0 [ 706.219907] free:26248 free_pcp:231 free_cma:0 [ 706.224560] Node 0 [ 706.282615] Node 0 active_anon:51536kB inactive_anon:25728kB active_file:3972kB inactive_file:4196kB unevictable:0kB isolated(anon):0kB isolated(file):136kB mapped:183408kB dirty:48kB writeback:0kB shmem:27716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 706.352833] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 706.355222] Node 1 active_anon:876kB inactive_anon:8204kB active_file:60kB inactive_file:84kB unevictable:0kB isolated(anon):0kB isolated(file):84kB mapped:36056kB dirty:32kB writeback:0kB shmem:8212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 706.390834] Node 1 Normal: 19*4kB (UM) 17*8kB (ME) 1081*16kB (UME) 1037*32kB (UME) 30*64kB (UM) 8*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53636kB [ 706.409914] Node 0 DMA free:11068kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 706.436498] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 706.439847] lowmem_reserve[]: [ 706.445450] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 706.445457] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 706.445463] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 706.445468] 9500 total pagecache pages [ 706.445477] 0 pages in swap cache [ 706.445486] Swap cache stats: add 0, delete 0, find 0/0 [ 706.448750] 0 [ 706.487470] Free swap = 0kB [ 706.487521] 2717 2718 2718 2718 [ 706.496052] Node 0 DMA32 free:36092kB min:36200kB low:45248kB high:54296kB active_anon:49488kB inactive_anon:25728kB active_file:1840kB inactive_file:1044kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7680kB pagetables:3236kB bounce:0kB free_pcp:256kB local_pcp:0kB free_cma:0kB [ 706.525561] lowmem_reserve[]: 0 0 0 0 0 [ 706.529623] Total swap = 0kB [ 706.544261] 2097051 pages RAM [ 706.547493] oom_reaper: reaped process 14612 (syz-executor.1), now anon-rss:0kB, file-rss:4kB, shmem-rss:0kB [ 706.550733] 0 pages HighMem/MovableOnly [ 706.559834] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 706.589574] 363848 pages reserved [ 706.599239] 0 pages cma reserved [ 706.620040] lowmem_reserve[]: 0 0 0 0 0 [ 706.628590] Node 1 Normal free:41484kB min:53696kB low:67120kB high:80544kB active_anon:876kB inactive_anon:8204kB active_file:280kB inactive_file:8kB unevictable:0kB writepending:32kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:160kB pagetables:192kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 706.682183] lowmem_reserve[]: 0 0 0 0 0 [ 706.686199] Node 0 DMA: 1*4kB (E) 1*8kB (E) 14*16kB (UE) 13*32kB (UE) 3*64kB (UE) 5*128kB (UE) 3*256kB (UE) 3*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (U) = 10956kB [ 706.701644] Node 0 DMA32: 1890*4kB (MEH) 727*8kB (UMEH) 165*16kB (MEH) 44*32kB (UMEH) 6*64kB (MH) 2*128kB (H) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18320kB [ 706.717531] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 706.729105] Node 1 Normal: 19*4kB (UM) 18*8kB (UME) 14*16kB (UME) 730*32kB (UME) 30*64kB (UM) 8*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26748kB [ 706.743750] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 706.772313] oom_reaper: reaped process 14611 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 706.787336] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 706.807841] oom_reaper: reaped process 14610 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 706.817865] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 706.828669] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 706.837567] 9025 total pagecache pages [ 706.841811] 0 pages in swap cache [ 706.845268] Swap cache stats: add 0, delete 0, find 0/0 [ 706.850617] Free swap = 0kB [ 706.853689] Total swap = 0kB [ 706.856708] 2097051 pages RAM [ 706.859806] 0 pages HighMem/MovableOnly [ 706.863836] 363848 pages reserved [ 706.867290] 0 pages cma reserved [ 706.895467] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 706.923393] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 706.928175] CPU: 1 PID: 7967 Comm: syz-fuzzer Not tainted 4.14.230-syzkaller #0 [ 706.935611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.944959] Call Trace: [ 706.947531] dump_stack+0x1b2/0x281 [ 706.951139] dump_header+0x178/0x82f [ 706.954833] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 706.959914] ? ___ratelimit+0x2cd/0x530 [ 706.963866] oom_kill_process.cold+0x10/0xa40 [ 706.968345] out_of_memory+0xe3e/0x1190 [ 706.972302] ? oom_killer_disable+0x1c0/0x1c0 [ 706.976774] ? mutex_trylock+0x152/0x1a0 [ 706.980814] __alloc_pages_nodemask+0x23e1/0x2720 [ 706.985643] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 706.990476] alloc_pages_current+0x155/0x260 [ 706.994864] filemap_fault+0x11a1/0x1ad0 [ 706.998913] ext4_filemap_fault+0x84/0xb0 [ 707.003041] __do_fault+0xfa/0x380 [ 707.006560] __handle_mm_fault+0x2497/0x4620 [ 707.010950] ? vm_insert_page+0x7c0/0x7c0 [ 707.015082] ? mark_held_locks+0xa6/0xf0 [ 707.019123] handle_mm_fault+0x455/0x9c0 [ 707.023163] __do_page_fault+0x549/0xad0 [ 707.027205] ? spurious_fault+0x640/0x640 [ 707.031331] ? do_page_fault+0x60/0x500 [ 707.035283] ? page_fault+0x2f/0x50 [ 707.038889] page_fault+0x45/0x50 [ 707.042319] RIP: aad80:0x4 [ 707.045139] RSP: 0317:000000c000337e40 EFLAGS: 00000003 [ 707.045830] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 707.063215] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 707.068336] CPU: 1 PID: 14612 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 707.076208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.085550] Call Trace: [ 707.088139] dump_stack+0x1b2/0x281 [ 707.091764] warn_alloc.cold+0x96/0x1cc [ 707.095735] ? zone_watermark_ok_safe+0x220/0x220 [ 707.100575] ? usleep_range+0x130/0x130 [ 707.104543] ? try_to_free_pages+0x23f/0x6e0 [ 707.108946] ? _find_next_bit+0xdb/0x100 [ 707.113003] ? run_timer_softirq+0x5a0/0x5a0 [ 707.117410] __alloc_pages_nodemask+0x2127/0x2720 [ 707.122255] ? lock_acquire+0x170/0x3f0 [ 707.126228] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 707.131060] ? ion_page_pool_alloc+0x9e/0x1b0 [ 707.135558] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 707.141014] alloc_pages_current+0x155/0x260 [ 707.145415] ion_page_pool_alloc+0x118/0x1b0 [ 707.149816] ion_system_heap_allocate+0x133/0x8c0 [ 707.154650] ? ion_alloc+0x187/0x810 [ 707.158356] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 707.163803] ? ion_system_contig_heap_create+0x130/0x130 [ 707.169259] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 707.174275] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 707.179125] ion_alloc+0x204/0x810 [ 707.182672] ? ion_dma_buf_release+0x40/0x40 [ 707.187108] ? __might_fault+0x177/0x1b0 [ 707.191170] ion_ioctl+0xea/0x1f0 [ 707.194621] ? ion_query_heaps+0x360/0x360 [ 707.198838] ? ion_query_heaps+0x360/0x360 [ 707.203055] do_vfs_ioctl+0x75a/0xff0 [ 707.206847] ? ioctl_preallocate+0x1a0/0x1a0 [ 707.211234] ? lock_downgrade+0x740/0x740 [ 707.215366] ? __fget+0x225/0x360 [ 707.218798] ? do_vfs_ioctl+0xff0/0xff0 [ 707.222751] ? security_file_ioctl+0x83/0xb0 [ 707.227166] SyS_ioctl+0x7f/0xb0 [ 707.230510] ? do_vfs_ioctl+0xff0/0xff0 [ 707.234465] do_syscall_64+0x1d5/0x640 [ 707.238356] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 707.243524] RIP: 0033:0x466459 [ 707.246706] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 707.254394] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 707.261645] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 707.268906] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 707.276154] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 707.283401] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 707.291605] Mem-Info: [ 707.291828] syz-executor.2: page allocation failure: order:0 [ 707.294022] active_anon:13037 inactive_anon:8483 isolated_anon:0 [ 707.294022] active_file:11 inactive_file:12 isolated_file:0 [ 707.294022] unevictable:0 dirty:0 writeback:0 unstable:0 [ 707.294022] slab_reclaimable:14108 slab_unreclaimable:116905 [ 707.294022] mapped:52929 shmem:8982 pagetables:857 bounce:0 [ 707.294022] free:13843 free_pcp:0 free_cma:0 [ 707.294037] Node 0 active_anon:51308kB inactive_anon:25728kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:0kB writeback:0kB shmem:27716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 707.299823] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 707.332731] Node 1 active_anon:840kB inactive_anon:8204kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36108kB dirty:0kB writeback:0kB shmem:8212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 707.360415] syz-executor.5: [ 707.367696] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 707.424007] warn_alloc_show_mem: 3 callbacks suppressed [ 707.424010] Mem-Info: [ 707.424806] page allocation failure: order:0 [ 707.429374] active_anon:13037 inactive_anon:8483 isolated_anon:0 [ 707.429374] active_file:11 inactive_file:12 isolated_file:0 [ 707.429374] unevictable:0 dirty:0 writeback:0 unstable:0 [ 707.429374] slab_reclaimable:14108 slab_unreclaimable:116905 [ 707.429374] mapped:52929 shmem:8982 pagetables:857 bounce:0 [ 707.429374] free:13843 free_pcp:0 free_cma:0 [ 707.460915] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 707.470118] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 707.482340] Node 0 DMA32 free:17900kB min:36200kB low:45248kB high:54296kB active_anon:49260kB inactive_anon:25728kB active_file:44kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7680kB pagetables:3236kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 707.501894] (null) [ 707.511402] Node 0 active_anon:51308kB inactive_anon:25728kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:0kB writeback:0kB shmem:27716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 707.538729] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 707.541160] lowmem_reserve[]: 0 0 0 0 0 [ 707.550159] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 707.573152] (null) [ 707.575744] Node 1 active_anon:840kB inactive_anon:8204kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36108kB dirty:0kB writeback:0kB shmem:8212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 707.577806] syz-executor.2 cpuset= [ 707.605516] lowmem_reserve[]: 0 0 0 0 0 [ 707.613100] Node 1 Normal free:26392kB min:53696kB low:67120kB high:80544kB active_anon:840kB inactive_anon:8204kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:160kB pagetables:192kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 707.631673] CPU: 0 PID: 14610 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 707.641186] Node 0 [ 707.648991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.648995] Call Trace: [ 707.649013] dump_stack+0x1b2/0x281 [ 707.649025] warn_alloc.cold+0x96/0x1cc [ 707.649037] ? zone_watermark_ok_safe+0x220/0x220 [ 707.651391] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 707.660705] ? usleep_range+0x130/0x130 [ 707.663310] lowmem_reserve[]: [ 707.666962] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 707.670901] 0 [ 707.675726] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 707.675736] ? run_timer_softirq+0x5a0/0x5a0 [ 707.675753] __alloc_pages_nodemask+0x2127/0x2720 [ 707.675767] ? lock_acquire+0x170/0x3f0 [ 707.675782] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 707.701859] lowmem_reserve[]: [ 707.705478] ? ion_page_pool_alloc+0x9e/0x1b0 [ 707.708551] 0 [ 707.713737] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 707.713756] alloc_pages_current+0x155/0x260 [ 707.713767] ion_page_pool_alloc+0x118/0x1b0 [ 707.715554] 2717 [ 707.720552] ion_system_heap_allocate+0x133/0x8c0 [ 707.724961] 2718 [ 707.729766] ? ion_alloc+0x187/0x810 [ 707.733730] 2718 [ 707.738537] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 707.751316] 0 [ 707.753346] ? ion_system_contig_heap_create+0x130/0x130 [ 707.757724] 0 [ 707.762113] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 707.762125] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 707.762135] ion_alloc+0x204/0x810 [ 707.762147] ? ion_dma_buf_release+0x40/0x40 [ 707.762157] ? __might_fault+0x177/0x1b0 [ 707.762168] ion_ioctl+0xea/0x1f0 [ 707.762176] ? ion_query_heaps+0x360/0x360 [ 707.762189] ? ion_query_heaps+0x360/0x360 [ 707.762200] do_vfs_ioctl+0x75a/0xff0 [ 707.762210] ? ioctl_preallocate+0x1a0/0x1a0 [ 707.762219] ? lock_downgrade+0x740/0x740 [ 707.762230] ? __fget+0x225/0x360 [ 707.762239] ? do_vfs_ioctl+0xff0/0xff0 [ 707.762249] ? security_file_ioctl+0x83/0xb0 [ 707.762257] SyS_ioctl+0x7f/0xb0 [ 707.762264] ? do_vfs_ioctl+0xff0/0xff0 [ 707.762274] do_syscall_64+0x1d5/0x640 [ 707.762286] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 707.762292] RIP: 0033:0x466459 [ 707.762297] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 707.762305] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 707.762310] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 707.762315] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 707.762320] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 707.762325] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 707.778722] / [ 707.798153] 2718 [ 707.811569] mems_allowed=0-1 [ 707.839643] CPU: 0 PID: 14611 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 707.856820] Node 0 [ 707.856913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.860789] DMA32 free:17796kB min:36200kB low:45248kB high:54296kB active_anon:49260kB inactive_anon:25728kB active_file:44kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7680kB pagetables:3236kB bounce:0kB free_pcp:232kB local_pcp:116kB free_cma:0kB [ 707.865943] Call Trace: [ 707.865962] dump_stack+0x1b2/0x281 [ 707.865975] warn_alloc.cold+0x96/0x1cc [ 707.865988] ? zone_watermark_ok_safe+0x220/0x220 [ 707.865998] ? usleep_range+0x130/0x130 [ 707.866006] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 707.866017] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 707.866027] ? run_timer_softirq+0x5a0/0x5a0 [ 707.884769] 0 [ 707.891405] __alloc_pages_nodemask+0x2127/0x2720 [ 707.891423] ? lock_acquire+0x170/0x3f0 [ 707.891439] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 707.891449] ? ion_page_pool_alloc+0x9e/0x1b0 [ 707.891466] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 707.891484] alloc_pages_current+0x155/0x260 [ 707.913674] 0 [ 707.915368] ion_page_pool_alloc+0x118/0x1b0 [ 707.920486] ion_system_heap_allocate+0x133/0x8c0 [ 707.944218] lowmem_reserve[]: [ 707.968157] ? ion_alloc+0x187/0x810 [ 707.968168] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 707.968178] ? ion_system_contig_heap_create+0x130/0x130 [ 707.968188] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 707.968200] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 707.968212] ion_alloc+0x204/0x810 [ 707.968225] ? ion_dma_buf_release+0x40/0x40 [ 707.968237] ? __might_fault+0x177/0x1b0 [ 707.968247] ion_ioctl+0xea/0x1f0 [ 707.968259] ? ion_query_heaps+0x360/0x360 [ 707.985591] Node 0 [ 707.987236] ? ion_query_heaps+0x360/0x360 [ 708.000968] DMA: [ 708.001698] do_vfs_ioctl+0x75a/0xff0 [ 708.001711] ? ioctl_preallocate+0x1a0/0x1a0 [ 708.001720] ? lock_downgrade+0x740/0x740 [ 708.001733] ? __fget+0x225/0x360 [ 708.001740] ? do_vfs_ioctl+0xff0/0xff0 [ 708.001750] ? security_file_ioctl+0x83/0xb0 [ 708.001760] SyS_ioctl+0x7f/0xb0 [ 708.001767] ? do_vfs_ioctl+0xff0/0xff0 [ 708.001779] do_syscall_64+0x1d5/0x640 [ 708.001794] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 708.001801] RIP: 0033:0x466459 [ 708.001806] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 708.001815] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 708.001820] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 708.001825] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 708.001830] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 708.001836] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 708.026537] syz-executor.2: [ 708.038368] 0 [ 708.058477] page allocation failure: order:4 [ 708.072866] 1*4kB [ 708.089606] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 708.099946] 0 [ 708.139612] (null) [ 708.154169] (E) [ 708.197455] syz-executor.2 cpuset= [ 708.207877] 0 0 0 [ 708.217988] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 708.234602] / [ 708.255310] 1*8kB (E) 14*16kB (UE) 13*32kB (UE) 3*64kB (UE) 5*128kB (UE) 3*256kB (UE) 3*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (U) = 10956kB [ 708.281020] Node 0 DMA32: 1956*4kB (UME) 740*8kB (ME) 147*16kB (ME) 35*32kB (UME) 5*64kB (UM) 2*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18048kB [ 708.291330] mems_allowed=0-1 [ 708.305807] lowmem_reserve[]: 0 0 0 0 0 [ 708.309808] Node 1 Normal free:26764kB min:53696kB low:67120kB high:80544kB active_anon:840kB inactive_anon:8204kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:160kB pagetables:192kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 708.324739] CPU: 0 PID: 14611 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 708.345965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.346986] Node 0 [ 708.355320] Call Trace: [ 708.355337] dump_stack+0x1b2/0x281 [ 708.355351] warn_alloc.cold+0x96/0x1cc [ 708.355362] ? zone_watermark_ok_safe+0x220/0x220 [ 708.355384] __alloc_pages_nodemask+0x2127/0x2720 [ 708.359454] Normal: [ 708.360173] ? lock_acquire+0x170/0x3f0 [ 708.370645] 0*4kB [ 708.372562] ? lock_acquire+0x170/0x3f0 [ 708.372577] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 708.372594] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 708.372608] ? __mutex_unlock_slowpath+0x75/0x770 [ 708.378742] 0*8kB [ 708.379751] alloc_pages_current+0x155/0x260 [ 708.391210] 0*16kB [ 708.394615] ion_page_pool_alloc+0x118/0x1b0 [ 708.394625] ion_system_heap_allocate+0x133/0x8c0 [ 708.394636] ? _raw_spin_unlock+0x29/0x40 [ 708.394646] ? _ion_heap_freelist_drain+0x6e/0x410 [ 708.400076] 0*32kB [ 708.404914] ? ion_system_contig_heap_create+0x130/0x130 [ 708.404924] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 708.404935] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 708.404946] ion_alloc+0x27a/0x810 [ 708.404960] ? ion_dma_buf_release+0x40/0x40 [ 708.404972] ? __might_fault+0x177/0x1b0 [ 708.404984] ion_ioctl+0xea/0x1f0 [ 708.404992] ? ion_query_heaps+0x360/0x360 [ 708.405005] ? ion_query_heaps+0x360/0x360 [ 708.415923] lowmem_reserve[]: [ 708.418132] do_vfs_ioctl+0x75a/0xff0 [ 708.424805] 0 [ 708.427089] ? ioctl_preallocate+0x1a0/0x1a0 [ 708.438869] 0*64kB [ 708.439643] ? lock_downgrade+0x740/0x740 [ 708.446438] 0*128kB [ 708.449478] ? __fget+0x225/0x360 [ 708.459853] 0 [ 708.461423] ? do_vfs_ioctl+0xff0/0xff0 [ 708.461434] ? security_file_ioctl+0x83/0xb0 [ 708.461445] SyS_ioctl+0x7f/0xb0 [ 708.461452] ? do_vfs_ioctl+0xff0/0xff0 [ 708.461466] do_syscall_64+0x1d5/0x640 [ 708.466765] 0 [ 708.469115] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 708.480144] 0*256kB [ 708.480185] RIP: 0033:0x466459 [ 708.483869] 0*512kB [ 708.486369] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 [ 708.488623] 0*1024kB [ 708.492743] ORIG_RAX: 0000000000000010 [ 708.492750] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 708.492755] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 708.492760] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 708.492765] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 708.492770] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 708.528818] warn_alloc_show_mem: 2 callbacks suppressed [ 708.528822] Mem-Info: [ 708.537343] 0 [ 708.561408] active_anon:13037 inactive_anon:8483 isolated_anon:0 [ 708.561408] active_file:11 inactive_file:12 isolated_file:0 [ 708.561408] unevictable:0 dirty:0 writeback:0 unstable:0 [ 708.561408] slab_reclaimable:14058 slab_unreclaimable:116884 [ 708.561408] mapped:52929 shmem:8982 pagetables:857 bounce:0 [ 708.561408] free:13940 free_pcp:116 free_cma:0 [ 708.644969] 0 [ 708.653479] Node 0 DMA: 1*4kB (E) 1*8kB (E) 14*16kB (UE) 13*32kB (UE) 3*64kB (UE) 5*128kB (UE) 3*256kB (UE) 3*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (U) = 10956kB [ 708.700958] Node 0 active_anon:51308kB inactive_anon:25728kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:0kB writeback:0kB shmem:27716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 708.703020] 0*2048kB [ 708.761291] Node 0 DMA32: 1677*4kB (UME) 741*8kB (UME) 147*16kB (ME) 30*32kB (ME) 1043*64kB (UM) 98*128kB (U) 21*256kB (U) 19*512kB (U) 12*1024kB (U) 0*2048kB 0*4096kB = 122636kB [ 708.770082] Node 1 active_anon:840kB inactive_anon:8204kB active_file:100kB inactive_file:3604kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:39008kB dirty:0kB writeback:0kB shmem:8212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 708.819988] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 708.841291] 0*4096kB = 0kB [ 708.844152] Node 1 Normal: 1*4kB (U) 53*8kB (UE) 30*16kB (UE) 10*32kB (UE) 1299*64kB (UM) 116*128kB (U) 29*256kB (U) 31*512kB (U) 331*1024kB (U) 36*2048kB (U) 1*4096kB (U) = 539276kB [ 708.879360] Node 1 Normal: 1*4kB (U) 57*8kB (UE) 34*16kB (UE) 12*32kB (UE) 1299*64kB (UM) 117*128kB (U) 29*256kB (U) 31*512kB (U) 331*1024kB (U) 36*2048kB (U) 1*4096kB (U) = 539564kB [ 708.896733] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 708.908329] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 708.941356] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 708.945906] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 708.949946] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 708.949953] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 708.949957] 10126 total pagecache pages [ 708.949966] 0 pages in swap cache [ 708.978954] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 709.014807] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 709.023183] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 709.038146] Node 0 DMA32 free:44824kB min:36200kB low:45248kB high:54296kB active_anon:49264kB inactive_anon:25728kB active_file:408kB inactive_file:632kB unevictable:0kB writepending:148kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7680kB pagetables:3236kB bounce:0kB free_pcp:424kB local_pcp:208kB free_cma:0kB [ 709.078579] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 709.100286] 10111 total pagecache pages [ 709.101255] Swap cache stats: add 0, delete 0, find 0/0 [ 709.109619] Free swap = 0kB [ 709.112915] 0 pages in swap cache [ 709.116367] Swap cache stats: add 0, delete 0, find 0/0 [ 709.144763] Free swap = 0kB [ 709.147792] Total swap = 0kB [ 709.150804] 2097051 pages RAM [ 709.154027] Total swap = 0kB [ 709.154034] 2097051 pages RAM [ 709.157362] lowmem_reserve[]: [ 709.160113] 0 pages HighMem/MovableOnly [ 709.160119] 0 [ 709.171286] 363848 pages reserved [ 709.171905] 0 [ 709.173087] 0 pages cma reserved [ 709.176515] 0 0 [ 709.178301] Out of memory (oom_kill_allocating_task): Kill process 7967 (syz-fuzzer) score 0 or sacrifice child [ 709.191250] 0 pages HighMem/MovableOnly [ 709.212011] 363848 pages reserved [ 709.215603] 0 pages cma reserved [ 709.221408] Killed process 14344 (syz-executor.0) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 709.231243] 0 [ 709.234886] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 709.247455] oom_reaper: reaped process 14344 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 709.266796] lowmem_reserve[]: 0 0 0 0 0 [ 709.279184] Node 1 Normal free:324456kB min:53696kB low:67120kB high:80544kB active_anon:836kB inactive_anon:8204kB active_file:1272kB inactive_file:2116kB unevictable:0kB writepending:24kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:160kB pagetables:192kB bounce:0kB free_pcp:700kB local_pcp:128kB free_cma:0kB [ 709.355057] lowmem_reserve[]: 0 0 0 0 0 20:22:49 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 709.381263] Node 0 DMA: 2*4kB (UE) 2*8kB (UE) 1*16kB (E) 2*32kB (ME) 2*64kB (ME) 5*128kB (UE) 4*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 2*2048kB (ME) 0*4096kB = 11112kB [ 709.444610] Node 0 DMA32: 1529*4kB (UME) 483*8kB (E) 142*16kB (ME) 31*32kB (UME) 269*64kB (UM) 0*128kB 0*256kB 1*512kB (U) 14*1024kB (U) 0*2048kB 0*4096kB = 45308kB [ 709.486637] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 709.535370] Node 1 Normal: 2*4kB (UM) 2*8kB (ME) 3*16kB (ME) 4*32kB (UE) 1138*64kB (U) 9*128kB (U) 10*256kB (UM) 0*512kB 216*1024kB (UM) 36*2048kB (U) 0*4096kB = 371656kB [ 709.584240] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 709.601070] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 709.646325] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 709.673972] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 709.694628] 10974 total pagecache pages [ 709.698648] 0 pages in swap cache [ 709.703136] Swap cache stats: add 0, delete 0, find 0/0 [ 709.708505] Free swap = 0kB [ 709.733749] Total swap = 0kB [ 709.757360] 2097051 pages RAM [ 709.769060] 0 pages HighMem/MovableOnly [ 709.782148] 363848 pages reserved [ 709.787510] 0 pages cma reserved [ 709.855601] syz-executor.5 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=1000 [ 709.869082] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 709.874261] CPU: 1 PID: 14637 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 709.882136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 709.891480] Call Trace: [ 709.894067] dump_stack+0x1b2/0x281 [ 709.897690] dump_header+0x178/0x82f [ 709.901396] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 709.906491] ? ___ratelimit+0x2cd/0x530 [ 709.910498] oom_kill_process.cold+0x10/0xa40 [ 709.914982] out_of_memory+0xe3e/0x1190 [ 709.918937] ? oom_killer_disable+0x1c0/0x1c0 [ 709.923410] ? mutex_trylock+0x152/0x1a0 [ 709.927452] __alloc_pages_nodemask+0x23e1/0x2720 [ 709.932280] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 709.937133] alloc_pages_current+0x155/0x260 [ 709.941520] filemap_fault+0x11a1/0x1ad0 [ 709.945565] ext4_filemap_fault+0x84/0xb0 [ 709.949692] __do_fault+0xfa/0x380 [ 709.953213] __handle_mm_fault+0x2497/0x4620 [ 709.957601] ? vm_insert_page+0x7c0/0x7c0 [ 709.961726] ? hrtimer_nanosleep+0x1ff/0x4b0 [ 709.966113] ? nanosleep_copyout+0x100/0x100 [ 709.970503] ? mark_held_locks+0xa6/0xf0 [ 709.974542] handle_mm_fault+0x455/0x9c0 [ 709.978585] __do_page_fault+0x549/0xad0 [ 709.982625] ? spurious_fault+0x640/0x640 [ 709.986753] ? do_page_fault+0x60/0x500 [ 709.990719] ? page_fault+0x2f/0x50 [ 709.994327] page_fault+0x45/0x50 [ 709.997761] RIP: 56c9e0:0x56bf60 [ 710.001102] RSP: ad6a0:0000000000000001 EFLAGS: 0056bf60 [ 710.003248] Mem-Info: [ 710.005012] warn_alloc: 2 callbacks suppressed [ 710.005015] syz-executor.2: [ 710.008706] active_anon:13017 inactive_anon:8484 isolated_anon:0 [ 710.008706] active_file:26 inactive_file:36 isolated_file:0 [ 710.008706] unevictable:0 dirty:11 writeback:0 unstable:0 [ 710.008706] slab_reclaimable:14041 slab_unreclaimable:116166 [ 710.008706] mapped:52991 shmem:8982 pagetables:815 bounce:0 [ 710.008706] free:13917 free_pcp:36 free_cma:0 [ 710.011092] page allocation failure: order:0 [ 710.015694] Node 0 active_anon:51128kB inactive_anon:25732kB active_file:24kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175668kB dirty:16kB writeback:0kB shmem:27716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 710.035432] syz-executor.1: [ 710.051982] syz-executor.5: [ 710.075389] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 710.084171] Node 1 active_anon:964kB inactive_anon:8204kB active_file:40kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36268kB dirty:0kB writeback:0kB shmem:8212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 710.107964] (null) [ 710.124105] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 710.124120] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 710.124143] CPU: 1 PID: 14638 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 710.124149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 710.124153] Call Trace: [ 710.124171] dump_stack+0x1b2/0x281 [ 710.124185] warn_alloc.cold+0x96/0x1cc [ 710.124197] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 710.140402] page allocation failure: order:4 [ 710.141919] ? zone_watermark_ok_safe+0x220/0x220 [ 710.141942] __alloc_pages_nodemask+0x2127/0x2720 [ 710.149801] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 710.159136] ? __schedule+0x893/0x1de0 [ 710.159152] ? lock_acquire+0x170/0x3f0 [ 710.159167] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 710.161749] syz-executor.2 cpuset= [ 710.165337] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 710.169276] / [ 710.174273] ? __mutex_unlock_slowpath+0x75/0x770 [ 710.178675] (null) [ 710.183483] alloc_pages_current+0x155/0x260 [ 710.183498] ion_page_pool_alloc+0x118/0x1b0 [ 710.188309] syz-executor.1 cpuset= [ 710.195388] ion_system_heap_allocate+0x133/0x8c0 [ 710.195398] ? ion_alloc+0x187/0x810 [ 710.195410] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 710.199278] mems_allowed=0-1 [ 710.203231] ? ion_system_contig_heap_create+0x130/0x130 [ 710.203241] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 710.203252] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 710.211166] / [ 710.211600] ion_alloc+0x204/0x810 [ 710.217021] mems_allowed=0-1 [ 710.218737] ? ion_dma_buf_release+0x40/0x40 [ 710.283030] ? __might_fault+0x177/0x1b0 [ 710.287075] ion_ioctl+0xea/0x1f0 [ 710.290510] ? ion_query_heaps+0x360/0x360 [ 710.294730] ? ion_query_heaps+0x360/0x360 [ 710.298944] do_vfs_ioctl+0x75a/0xff0 [ 710.302726] ? ioctl_preallocate+0x1a0/0x1a0 [ 710.307131] ? lock_downgrade+0x740/0x740 [ 710.311349] ? __fget+0x225/0x360 [ 710.314870] ? do_vfs_ioctl+0xff0/0xff0 [ 710.318827] ? security_file_ioctl+0x83/0xb0 [ 710.323227] SyS_ioctl+0x7f/0xb0 [ 710.326573] ? do_vfs_ioctl+0xff0/0xff0 [ 710.330531] do_syscall_64+0x1d5/0x640 [ 710.334405] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 710.339590] RIP: 0033:0x466459 [ 710.342760] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 710.350448] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 710.357716] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 710.364964] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 710.372217] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 710.379471] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 710.386736] CPU: 0 PID: 14611 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 710.387796] Node 0 [ 710.394612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 710.394616] Call Trace: [ 710.394632] dump_stack+0x1b2/0x281 [ 710.394644] warn_alloc.cold+0x96/0x1cc [ 710.394656] ? zone_watermark_ok_safe+0x220/0x220 [ 710.394665] ? usleep_range+0x130/0x130 [ 710.394675] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 710.396899] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 710.406360] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 710.406370] ? run_timer_softirq+0x5a0/0x5a0 [ 710.406387] __alloc_pages_nodemask+0x2127/0x2720 [ 710.406402] ? lock_acquire+0x170/0x3f0 [ 710.406416] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 710.406426] ? ion_page_pool_alloc+0x9e/0x1b0 [ 710.406442] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 710.406463] alloc_pages_current+0x155/0x260 [ 710.406473] ion_page_pool_alloc+0x118/0x1b0 [ 710.406482] ion_system_heap_allocate+0x133/0x8c0 [ 710.406491] ? _raw_spin_unlock+0x29/0x40 [ 710.406500] ? _ion_heap_freelist_drain+0x6e/0x410 [ 710.406508] ? ion_system_contig_heap_create+0x130/0x130 [ 710.406517] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 710.406527] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 710.406537] ion_alloc+0x27a/0x810 [ 710.406549] ? ion_dma_buf_release+0x40/0x40 [ 710.406560] ? __might_fault+0x177/0x1b0 [ 710.406571] ion_ioctl+0xea/0x1f0 [ 710.406578] ? ion_query_heaps+0x360/0x360 [ 710.406589] ? ion_query_heaps+0x360/0x360 [ 710.409194] lowmem_reserve[]: [ 710.412764] do_vfs_ioctl+0x75a/0xff0 [ 710.412776] ? ioctl_preallocate+0x1a0/0x1a0 [ 710.412784] ? lock_downgrade+0x740/0x740 [ 710.412797] ? __fget+0x225/0x360 [ 710.416742] 0 [ 710.421563] ? do_vfs_ioctl+0xff0/0xff0 [ 710.421574] ? security_file_ioctl+0x83/0xb0 [ 710.421585] SyS_ioctl+0x7f/0xb0 [ 710.421594] ? do_vfs_ioctl+0xff0/0xff0 [ 710.425546] 2717 [ 710.430631] do_syscall_64+0x1d5/0x640 [ 710.456405] 2718 [ 710.461390] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 710.461398] RIP: 0033:0x466459 [ 710.461405] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 [ 710.465790] 2718 [ 710.470605] ORIG_RAX: 0000000000000010 [ 710.470613] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 710.474618] 2718 [ 710.479403] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 710.489297] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 710.489303] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 710.493730] Node 0 [ 710.498091] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 710.502946] DMA32 free:18040kB min:36200kB low:45248kB high:54296kB active_anon:49144kB inactive_anon:25728kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:3124kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 710.514644] CPU: 0 PID: 14612 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 710.526403] lowmem_reserve[]: [ 710.527534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 710.531053] 0 [ 710.535437] Call Trace: [ 710.535456] dump_stack+0x1b2/0x281 [ 710.535469] warn_alloc.cold+0x96/0x1cc [ 710.535480] ? zone_watermark_ok_safe+0x220/0x220 [ 710.535502] __alloc_pages_nodemask+0x2127/0x2720 [ 710.535511] ? lock_acquire+0x170/0x3f0 [ 710.535523] ? lock_acquire+0x170/0x3f0 [ 710.547372] 0 [ 710.551434] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 710.551451] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 710.551463] ? __mutex_unlock_slowpath+0x75/0x770 [ 710.554542] 0 [ 710.558327] alloc_pages_current+0x155/0x260 [ 710.571851] 0 [ 710.572077] ion_page_pool_alloc+0x118/0x1b0 [ 710.576019] 0 [ 710.580418] ion_system_heap_allocate+0x133/0x8c0 [ 710.592670] Node 0 [ 710.593642] ? _raw_spin_unlock+0x29/0x40 [ 710.595687] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 710.600849] ? _ion_heap_freelist_drain+0x6e/0x410 [ 710.609847] lowmem_reserve[]: [ 710.611405] ? ion_system_contig_heap_create+0x130/0x130 [ 710.611416] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 710.611427] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 710.611438] ion_alloc+0x27a/0x810 [ 710.611453] ? ion_dma_buf_release+0x40/0x40 [ 710.611464] ? __might_fault+0x177/0x1b0 [ 710.611475] ion_ioctl+0xea/0x1f0 [ 710.618381] 0 [ 710.622679] ? ion_query_heaps+0x360/0x360 [ 710.622691] ? ion_query_heaps+0x360/0x360 [ 710.622701] do_vfs_ioctl+0x75a/0xff0 [ 710.622713] ? ioctl_preallocate+0x1a0/0x1a0 [ 710.622722] ? lock_downgrade+0x740/0x740 [ 710.622736] ? __fget+0x225/0x360 [ 710.622744] ? do_vfs_ioctl+0xff0/0xff0 [ 710.622756] ? security_file_ioctl+0x83/0xb0 [ 710.630539] 0 [ 710.632059] SyS_ioctl+0x7f/0xb0 [ 710.632067] ? do_vfs_ioctl+0xff0/0xff0 [ 710.632078] do_syscall_64+0x1d5/0x640 [ 710.632093] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 710.632101] RIP: 0033:0x466459 [ 710.632107] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 710.632116] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 710.632124] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 710.649249] 0 [ 710.656092] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 710.656098] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 710.656103] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 710.668430] Mem-Info: [ 710.695851] 0 [ 710.746806] active_anon:13039 inactive_anon:8483 isolated_anon:0 [ 710.746806] active_file:15 inactive_file:15 isolated_file:0 [ 710.746806] unevictable:0 dirty:0 writeback:0 unstable:0 [ 710.746806] slab_reclaimable:14042 slab_unreclaimable:116176 [ 710.746806] mapped:52969 shmem:8982 pagetables:811 bounce:0 [ 710.746806] free:13916 free_pcp:30 free_cma:0 [ 710.763822] 0 [ 710.786180] Node 0 active_anon:51192kB inactive_anon:25728kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:0kB writeback:0kB shmem:27716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 710.822402] syz-executor.1: [ 710.834026] Node 1 [ 710.843178] page allocation failure: order:0 [ 710.861162] Normal free:26660kB min:53696kB low:67120kB high:80544kB active_anon:964kB inactive_anon:8204kB active_file:40kB inactive_file:40kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:120kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 710.868742] Node 1 active_anon:964kB inactive_anon:8204kB active_file:40kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36268kB dirty:0kB writeback:0kB shmem:8212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 710.870837] lowmem_reserve[]: [ 710.875282] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 710.875303] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 710.875324] Node 0 DMA32 free:18040kB min:36200kB low:45248kB high:54296kB active_anon:49144kB inactive_anon:25728kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:3124kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 710.875342] lowmem_reserve[]: 0 0 0 0 0 [ 710.875358] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 710.875376] lowmem_reserve[]: 0 0 0 0 0 [ 710.875396] Node 1 Normal free:26660kB min:53696kB low:67120kB high:80544kB active_anon:964kB inactive_anon:8204kB active_file:40kB inactive_file:40kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:120kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 710.897895] 0 [ 710.909905] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 710.925870] 0 [ 710.933079] (null) [ 710.949866] 0 [ 710.985076] lowmem_reserve[]: [ 711.015131] 0 [ 711.029161] 0 [ 711.057612] 0 [ 711.083014] syz-executor.1 cpuset= [ 711.146812] 0 [ 711.188321] Node 0 [ 711.202961] / [ 711.225362] DMA: [ 711.229832] mems_allowed=0-1 [ 711.230216] 1*4kB [ 711.231949] CPU: 0 PID: 14612 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 711.231956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 711.231960] Call Trace: [ 711.231979] dump_stack+0x1b2/0x281 [ 711.231993] warn_alloc.cold+0x96/0x1cc [ 711.232004] ? zone_watermark_ok_safe+0x220/0x220 [ 711.232016] ? usleep_range+0x130/0x130 [ 711.250387] (E) [ 711.256471] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 711.256485] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 711.256496] ? run_timer_softirq+0x5a0/0x5a0 [ 711.256514] __alloc_pages_nodemask+0x2127/0x2720 [ 711.256528] ? lock_acquire+0x170/0x3f0 [ 711.256543] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 711.277059] 2*8kB [ 711.277413] ? ion_page_pool_alloc+0x9e/0x1b0 [ 711.299976] (UE) [ 711.300741] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 711.319737] alloc_pages_current+0x155/0x260 [ 711.324142] ion_page_pool_alloc+0x118/0x1b0 [ 711.328544] ion_system_heap_allocate+0x133/0x8c0 [ 711.328590] 2*16kB [ 711.333465] ? _raw_spin_unlock+0x29/0x40 [ 711.333475] ? _ion_heap_freelist_drain+0x6e/0x410 [ 711.333485] ? ion_system_contig_heap_create+0x130/0x130 [ 711.333496] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 711.333507] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 711.333518] ion_alloc+0x27a/0x810 [ 711.333532] ? ion_dma_buf_release+0x40/0x40 [ 711.333546] ? __might_fault+0x177/0x1b0 [ 711.357337] (UE) [ 711.360086] ion_ioctl+0xea/0x1f0 [ 711.377601] ? ion_query_heaps+0x360/0x360 [ 711.381832] ? ion_query_heaps+0x360/0x360 [ 711.386160] do_vfs_ioctl+0x75a/0xff0 [ 711.388704] 1*32kB (E) [ 711.389951] ? ioctl_preallocate+0x1a0/0x1a0 [ 711.389958] 2*64kB [ 711.392523] ? lock_downgrade+0x740/0x740 [ 711.392537] ? __fget+0x225/0x360 [ 711.392546] ? do_vfs_ioctl+0xff0/0xff0 [ 711.392558] ? security_file_ioctl+0x83/0xb0 [ 711.392568] SyS_ioctl+0x7f/0xb0 [ 711.392576] ? do_vfs_ioctl+0xff0/0xff0 [ 711.392589] do_syscall_64+0x1d5/0x640 [ 711.392608] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 711.392617] RIP: 0033:0x466459 [ 711.414697] (UE) [ 711.415282] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 [ 711.418635] 2*128kB [ 711.422613] ORIG_RAX: 0000000000000010 [ 711.422619] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 711.422625] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 711.422630] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 711.422635] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 711.422640] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 711.430499] 0 [ 711.446264] (UE) [ 711.455231] 0 [ 711.469825] 3*256kB [ 711.476850] 0 [ 711.493581] (UE) 3*512kB (UE) 2*1024kB (UE) 1*2048kB (E) 1*4096kB (M) = 10964kB [ 711.502898] Node 0 DMA: 1*4kB (E) 2*8kB (UE) 2*16kB (UE) 1*32kB (E) 2*64kB (UE) 2*128kB (UE) 3*256kB (UE) 3*512kB (UE) 2*1024kB (UE) 1*2048kB (E) 1*4096kB (M) = 10964kB [ 711.516743] Node 0 DMA32: 1963*4kB (UME) 736*8kB (UME) 144*16kB (ME) 61*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17996kB [ 711.525432] Node 0 DMA32: 1963*4kB (UME) 736*8kB (UME) 144*16kB (ME) 61*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17996kB [ 711.547173] Node 0 [ 711.563800] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 711.569773] Normal: [ 711.585400] Node 1 Normal: 24*4kB (M) 21*8kB (UME) 18*16kB (UME) 21*32kB (UME) 222*64kB (UM) 21*128kB (UM) 20*256kB (UM) 3*512kB (UM) 2*1024kB (M) 0*2048kB 0*4096kB = 26824kB [ 711.595656] 0*4kB [ 711.612231] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 711.619144] 0*8kB [ 711.629692] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 711.630155] 0*16kB [ 711.633717] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 711.651673] 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 711.658783] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 711.659411] Node 1 [ 711.668020] 9012 total pagecache pages [ 711.668031] 0 pages in swap cache [ 711.668037] Swap cache stats: add 0, delete 0, find 0/0 [ 711.668041] Free swap = 0kB [ 711.668044] Total swap = 0kB [ 711.668050] 2097051 pages RAM [ 711.684586] Normal: [ 711.693751] 0 pages HighMem/MovableOnly [ 711.700021] 363848 pages reserved [ 711.706778] 24*4kB (M) 21*8kB (UME) 18*16kB (UME) 21*32kB (UME) 222*64kB (UM) 21*128kB (UM) 20*256kB (UM) 3*512kB (UM) 2*1024kB (M) 0*2048kB 0*4096kB = 26824kB [ 711.709909] 0 pages cma reserved [ 711.733643] warn_alloc_show_mem: 2 callbacks suppressed [ 711.733646] Mem-Info: [ 711.736418] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 711.739021] active_anon:13039 inactive_anon:8483 isolated_anon:0 [ 711.739021] active_file:15 inactive_file:15 isolated_file:0 [ 711.739021] unevictable:0 dirty:0 writeback:0 unstable:0 [ 711.739021] slab_reclaimable:14042 slab_unreclaimable:116166 [ 711.739021] mapped:52969 shmem:8982 pagetables:811 bounce:0 [ 711.739021] free:13946 free_pcp:29 free_cma:0 [ 711.750232] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 711.771127] Node 0 active_anon:51192kB inactive_anon:25728kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:0kB writeback:0kB shmem:27716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 711.809010] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 711.908752] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 711.947694] 10381 total pagecache pages [ 711.954545] Node 1 active_anon:964kB inactive_anon:8204kB active_file:40kB inactive_file:5440kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:40468kB dirty:100kB writeback:0kB shmem:8212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 711.965577] 0 pages in swap cache [ 712.022306] Swap cache stats: add 0, delete 0, find 0/0 [ 712.038630] Free swap = 0kB [ 712.049473] Total swap = 0kB [ 712.059240] 2097051 pages RAM [ 712.061108] Node 0 DMA free:11092kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 712.070160] 0 pages HighMem/MovableOnly [ 712.110719] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 712.125908] 363848 pages reserved [ 712.132673] 0 pages cma reserved [ 712.143463] Node 0 DMA32 free:45212kB min:36200kB low:45248kB high:54296kB active_anon:49144kB inactive_anon:25728kB active_file:24kB inactive_file:16kB unevictable:0kB writepending:4kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:3124kB bounce:0kB free_pcp:560kB local_pcp:224kB free_cma:0kB [ 712.149956] Out of memory (oom_kill_allocating_task): Kill process 14637 (syz-executor.5) score 0 or sacrifice child [ 712.172419] lowmem_reserve[]: 0 0 0 0 0 [ 712.172439] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 712.172457] lowmem_reserve[]: 0 0 0 0 0 [ 712.172476] Node 1 Normal free:492652kB min:53696kB low:67120kB high:80544kB active_anon:976kB inactive_anon:8204kB active_file:440kB inactive_file:5040kB unevictable:0kB writepending:112kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:120kB bounce:0kB free_pcp:276kB local_pcp:180kB free_cma:0kB [ 712.172496] lowmem_reserve[]: [ 712.214676] Killed process 14637 (syz-executor.5) total-vm:93252kB, anon-rss:104kB, file-rss:33796kB, shmem-rss:0kB [ 712.278820] 0 0 [ 712.287415] oom_reaper: reaped process 14637 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 712.314873] 0 0 0 [ 712.317052] Node 0 DMA: 1*4kB (E) 3*8kB (UE) 2*16kB (UE) 1*32kB (E) 4*64kB (UE) 2*128kB (UE) 3*256kB (UE) 3*512kB (UE) 2*1024kB (UE) 1*2048kB (E) 1*4096kB (M) = 11100kB 20:22:52 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) [ 712.357401] Node 0 DMA32: 1922*4kB (ME) 854*8kB (UME) 145*16kB (ME) 28*32kB (UME) 145*64kB (UE) 78*128kB (U) 28*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 44168kB [ 712.451102] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 712.472120] Node 1 Normal: 1*4kB (U) 2*8kB (UE) 3*16kB (UE) 4*32kB (UME) 0*64kB 1*128kB (U) 0*256kB 1*512kB (M) 92*1024kB (U) 45*2048kB (U) 0*4096kB = 187204kB [ 712.531605] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 712.540475] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 712.571131] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 712.581971] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 712.601358] 10264 total pagecache pages [ 712.605436] 0 pages in swap cache [ 712.608880] Swap cache stats: add 0, delete 0, find 0/0 [ 712.625645] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 712.658179] Free swap = 0kB [ 712.661935] Total swap = 0kB [ 712.664950] 2097051 pages RAM [ 712.668049] 0 pages HighMem/MovableOnly [ 712.676786] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 712.701145] 363848 pages reserved [ 712.704728] 0 pages cma reserved [ 712.706245] CPU: 1 PID: 14642 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 712.715955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 712.725304] Call Trace: [ 712.727896] dump_stack+0x1b2/0x281 [ 712.731521] warn_alloc.cold+0x96/0x1cc [ 712.735496] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 712.740513] ? zone_watermark_ok_safe+0x220/0x220 [ 712.745370] __alloc_pages_nodemask+0x2127/0x2720 [ 712.750216] ? lock_acquire+0x170/0x3f0 [ 712.754192] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 712.759054] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 712.764504] ? __mutex_unlock_slowpath+0x75/0x770 [ 712.769346] alloc_pages_current+0x155/0x260 [ 712.773752] ion_page_pool_alloc+0x118/0x1b0 [ 712.778157] ion_system_heap_allocate+0x133/0x8c0 [ 712.782994] ? ion_alloc+0x187/0x810 [ 712.786703] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 712.792145] ? ion_system_contig_heap_create+0x130/0x130 [ 712.797575] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 712.802571] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 712.807394] ion_alloc+0x204/0x810 [ 712.810933] ? ion_dma_buf_release+0x40/0x40 [ 712.815324] ? __might_fault+0x177/0x1b0 [ 712.819364] ion_ioctl+0xea/0x1f0 [ 712.822821] ? ion_query_heaps+0x360/0x360 [ 712.827124] ? ion_query_heaps+0x360/0x360 [ 712.831345] do_vfs_ioctl+0x75a/0xff0 [ 712.835127] ? ioctl_preallocate+0x1a0/0x1a0 [ 712.839514] ? lock_downgrade+0x740/0x740 [ 712.843646] ? __fget+0x225/0x360 [ 712.847078] ? do_vfs_ioctl+0xff0/0xff0 [ 712.851036] ? security_file_ioctl+0x83/0xb0 [ 712.855426] SyS_ioctl+0x7f/0xb0 [ 712.858772] ? do_vfs_ioctl+0xff0/0xff0 [ 712.862728] do_syscall_64+0x1d5/0x640 [ 712.866600] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 712.871768] RIP: 0033:0x466459 [ 712.874937] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 712.882626] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 712.889876] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 712.897125] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 712.904373] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 712.911624] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 712.953907] oom_reaper: reaped process 14623 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 712.956952] Mem-Info: [ 712.966443] active_anon:13020 inactive_anon:8483 isolated_anon:0 [ 712.966443] active_file:9 inactive_file:8 isolated_file:0 [ 712.966443] unevictable:0 dirty:10 writeback:0 unstable:0 [ 712.966443] slab_reclaimable:13929 slab_unreclaimable:117349 [ 712.966443] mapped:53025 shmem:8982 pagetables:811 bounce:0 [ 712.966443] free:14086 free_pcp:10 free_cma:0 [ 712.999488] Node 0 active_anon:51100kB inactive_anon:25724kB active_file:24kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:175608kB dirty:28kB writeback:0kB shmem:27712kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 713.004853] syz-executor.0: [ 713.027189] syz-executor.5: [ 713.027272] Node 1 active_anon:980kB inactive_anon:8208kB active_file:12kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36492kB dirty:12kB writeback:0kB shmem:8216kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 713.030200] page allocation failure: order:0 [ 713.033217] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 713.033238] lowmem_reserve[]: [ 713.063792] syz-executor.3: [ 713.064681] 0 [ 713.094707] syz-executor.4: [ 713.097187] 2717 [ 713.098971] page allocation failure: order:0 [ 713.102005] 2718 2718 2718 [ 713.111490] Node 0 DMA32 free:17616kB min:36200kB low:45248kB high:54296kB active_anon:49048kB inactive_anon:25724kB active_file:12kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7616kB pagetables:3016kB bounce:0kB free_pcp:204kB local_pcp:0kB free_cma:0kB [ 713.115892] oom_reaper: reaped process 14608 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 713.145110] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 713.163676] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 713.173031] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 713.174967] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 713.180792] page allocation failure: order:0 [ 713.188272] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 713.199045] CPU: 1 PID: 14608 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 713.210766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.211648] syz-executor.5 cpuset= [ 713.220104] Call Trace: [ 713.220110] / [ 713.223637] dump_stack+0x1b2/0x281 [ 713.231519] warn_alloc.cold+0x96/0x1cc [ 713.235477] ? zone_watermark_ok_safe+0x220/0x220 [ 713.240306] ? wait_for_completion_io+0x10/0x10 [ 713.241090] oom_reaper: reaped process 14634 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 713.244963] __alloc_pages_nodemask+0x2127/0x2720 [ 713.254934] mems_allowed=0-1 [ 713.259740] ? lock_acquire+0x170/0x3f0 [ 713.266773] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 713.271599] ? ion_page_pool_alloc+0x9e/0x1b0 [ 713.276082] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 713.281520] alloc_pages_current+0x155/0x260 [ 713.285912] ion_page_pool_alloc+0x118/0x1b0 [ 713.290300] ion_system_heap_allocate+0x133/0x8c0 [ 713.295123] ? ion_alloc+0x187/0x810 [ 713.298818] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 713.304246] ? ion_system_contig_heap_create+0x130/0x130 [ 713.309679] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 713.314678] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 713.319502] ion_alloc+0x204/0x810 [ 713.323028] ? ion_dma_buf_release+0x40/0x40 [ 713.327418] ? __might_fault+0x177/0x1b0 [ 713.331554] ion_ioctl+0xea/0x1f0 [ 713.335097] ? ion_query_heaps+0x360/0x360 [ 713.339315] ? ion_query_heaps+0x360/0x360 [ 713.343533] do_vfs_ioctl+0x75a/0xff0 [ 713.347317] ? ioctl_preallocate+0x1a0/0x1a0 [ 713.351722] ? lock_downgrade+0x740/0x740 [ 713.355852] ? __fget+0x225/0x360 [ 713.359285] ? do_vfs_ioctl+0xff0/0xff0 [ 713.363241] ? security_file_ioctl+0x83/0xb0 [ 713.367629] SyS_ioctl+0x7f/0xb0 [ 713.370974] ? do_vfs_ioctl+0xff0/0xff0 [ 713.374958] do_syscall_64+0x1d5/0x640 [ 713.378830] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 713.384007] RIP: 0033:0x466459 [ 713.387178] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 713.394865] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 713.402127] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 713.409379] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 713.416629] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 713.423882] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 713.431148] CPU: 0 PID: 14638 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 713.439036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.448391] Call Trace: [ 713.450980] dump_stack+0x1b2/0x281 [ 713.454613] warn_alloc.cold+0x96/0x1cc [ 713.458596] ? zone_watermark_ok_safe+0x220/0x220 [ 713.463443] ? usleep_range+0x130/0x130 [ 713.467418] ? try_to_free_pages+0x23f/0x6e0 [ 713.471943] ? _find_next_bit+0xdb/0x100 [ 713.476004] ? run_timer_softirq+0x5a0/0x5a0 [ 713.479914] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 713.480415] __alloc_pages_nodemask+0x2127/0x2720 [ 713.492851] ? lock_acquire+0x170/0x3f0 [ 713.494697] lowmem_reserve[]: [ 713.496825] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 713.496836] ? ion_page_pool_alloc+0x9e/0x1b0 [ 713.496852] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 713.496864] ? retint_kernel+0x2d/0x2d [ 713.496878] alloc_pages_current+0x155/0x260 [ 713.496889] ion_page_pool_alloc+0x118/0x1b0 [ 713.499991] 0 [ 713.504801] ion_system_heap_allocate+0x133/0x8c0 [ 713.504809] ? ion_alloc+0x187/0x810 [ 713.504819] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 713.504829] ? ion_system_contig_heap_create+0x130/0x130 [ 713.504837] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 713.504846] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 713.504856] ion_alloc+0x204/0x810 [ 713.504868] ? ion_dma_buf_release+0x40/0x40 [ 713.504880] ? __might_fault+0x177/0x1b0 [ 713.535028] syz-executor.3 cpuset= [ 713.537750] ion_ioctl+0xea/0x1f0 [ 713.537760] ? ion_query_heaps+0x360/0x360 [ 713.543726] 0 [ 713.548624] ? ion_query_heaps+0x360/0x360 [ 713.548638] do_vfs_ioctl+0x75a/0xff0 [ 713.557245] / [ 713.558476] ? ioctl_preallocate+0x1a0/0x1a0 [ 713.567251] 0 [ 713.570431] ? lock_downgrade+0x740/0x740 [ 713.570447] ? __fget+0x225/0x360 [ 713.580683] mems_allowed=0-1 [ 713.581636] ? do_vfs_ioctl+0xff0/0xff0 [ 713.581648] ? security_file_ioctl+0x83/0xb0 [ 713.581658] SyS_ioctl+0x7f/0xb0 [ 713.581669] ? do_vfs_ioctl+0xff0/0xff0 [ 713.589960] 0 [ 713.591447] do_syscall_64+0x1d5/0x640 [ 713.591464] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 713.591472] RIP: 0033:0x466459 [ 713.591477] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 713.591486] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 713.591492] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 713.591497] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 713.591503] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 713.591509] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 713.604351] CPU: 0 PID: 14634 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 713.691690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.701039] Call Trace: [ 713.703626] dump_stack+0x1b2/0x281 [ 713.707258] warn_alloc.cold+0x96/0x1cc [ 713.711236] ? zone_watermark_ok_safe+0x220/0x220 [ 713.716084] ? wait_for_completion_io+0x10/0x10 [ 713.720756] __alloc_pages_nodemask+0x2127/0x2720 [ 713.722130] 0 [ 713.725597] ? lock_acquire+0x170/0x3f0 [ 713.725614] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 713.725623] ? ion_page_pool_alloc+0x9e/0x1b0 [ 713.725639] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 713.725659] alloc_pages_current+0x155/0x260 [ 713.740702] ion_page_pool_alloc+0x118/0x1b0 [ 713.740711] ion_system_heap_allocate+0x133/0x8c0 [ 713.740722] ? ion_alloc+0x187/0x810 [ 713.740733] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 713.740742] ? ion_system_contig_heap_create+0x130/0x130 [ 713.740751] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 713.740762] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 713.740773] ion_alloc+0x204/0x810 [ 713.740786] ? ion_dma_buf_release+0x40/0x40 [ 713.740799] ? __might_fault+0x177/0x1b0 [ 713.740811] ion_ioctl+0xea/0x1f0 [ 713.740820] ? ion_query_heaps+0x360/0x360 [ 713.740832] ? ion_query_heaps+0x360/0x360 [ 713.740842] do_vfs_ioctl+0x75a/0xff0 [ 713.740854] ? ioctl_preallocate+0x1a0/0x1a0 [ 713.740863] ? lock_downgrade+0x740/0x740 [ 713.740876] ? __fget+0x225/0x360 [ 713.740886] ? do_vfs_ioctl+0xff0/0xff0 [ 713.740895] ? security_file_ioctl+0x83/0xb0 [ 713.740902] SyS_ioctl+0x7f/0xb0 [ 713.740907] ? do_vfs_ioctl+0xff0/0xff0 [ 713.740915] do_syscall_64+0x1d5/0x640 [ 713.740926] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 713.740933] RIP: 0033:0x466459 [ 713.740937] RSP: 002b:00007fcbd0bd8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 713.772916] Node 0 [ 713.774546] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 713.774552] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 713.774556] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 713.774561] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 713.774567] R13: 00007ffdcf99cddf R14: 00007fcbd0bd8300 R15: 0000000000022000 [ 713.911018] CPU: 1 PID: 14623 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 713.919050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.928397] Call Trace: [ 713.930985] dump_stack+0x1b2/0x281 [ 713.934619] warn_alloc.cold+0x96/0x1cc [ 713.938602] ? zone_watermark_ok_safe+0x220/0x220 [ 713.943448] ? usleep_range+0x130/0x130 [ 713.947417] ? try_to_free_pages+0x23f/0x6e0 [ 713.951822] ? _find_next_bit+0xdb/0x100 [ 713.955880] ? run_timer_softirq+0x5a0/0x5a0 [ 713.960292] __alloc_pages_nodemask+0x2127/0x2720 [ 713.965138] ? lock_acquire+0x170/0x3f0 [ 713.969118] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 713.973973] ? ion_page_pool_alloc+0x9e/0x1b0 [ 713.978469] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 713.983917] ? alloc_pages_current+0x21c/0x260 [ 713.988496] alloc_pages_current+0x155/0x260 [ 713.992904] ion_page_pool_alloc+0x118/0x1b0 [ 713.997445] ion_system_heap_allocate+0x133/0x8c0 [ 714.002297] ? ion_alloc+0x187/0x810 [ 714.006019] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 714.011465] ? ion_system_contig_heap_create+0x130/0x130 [ 714.016916] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 714.021927] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 714.026765] ion_alloc+0x204/0x810 [ 714.030306] ? ion_dma_buf_release+0x40/0x40 [ 714.034714] ? __might_fault+0x177/0x1b0 [ 714.038782] ion_ioctl+0xea/0x1f0 [ 714.042230] ? ion_query_heaps+0x360/0x360 [ 714.046465] ? ion_query_heaps+0x360/0x360 [ 714.050736] do_vfs_ioctl+0x75a/0xff0 [ 714.054544] ? ioctl_preallocate+0x1a0/0x1a0 [ 714.058955] ? lock_downgrade+0x740/0x740 [ 714.063106] ? __fget+0x225/0x360 [ 714.066554] ? do_vfs_ioctl+0xff0/0xff0 [ 714.070524] ? security_file_ioctl+0x83/0xb0 [ 714.075044] SyS_ioctl+0x7f/0xb0 [ 714.078459] ? do_vfs_ioctl+0xff0/0xff0 [ 714.082439] do_syscall_64+0x1d5/0x640 [ 714.086327] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 714.091514] RIP: 0033:0x466459 [ 714.094701] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 714.102403] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 714.109772] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000003 [ 714.117037] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 714.124297] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 714.131559] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 714.157954] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 714.183006] lowmem_reserve[]: 0 0 0 0 0 [ 714.191021] Node 1 Normal free:207148kB min:53696kB low:67120kB high:80544kB active_anon:964kB inactive_anon:8208kB active_file:24kB inactive_file:28kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:224kB bounce:0kB free_pcp:1372kB local_pcp:632kB free_cma:0kB [ 714.237028] lowmem_reserve[]: 0 0 0 0 0 [ 714.246765] Node 0 DMA: 21*4kB (UME) 8*8kB (UME) 8*16kB (UME) 4*32kB (UME) 4*64kB (UME) 2*128kB (UE) 2*256kB (UE) 3*512kB (UE) 2*1024kB (UE) 1*2048kB (E) 1*4096kB (M) = 11156kB [ 714.300610] Node 0 DMA32: 4921*4kB (UME) 4814*8kB (UME) 482*16kB (UME) 340*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 76788kB [ 714.316808] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 714.356152] Node 1 Normal: 713*4kB (UM) 1071*8kB (UME) 507*16kB (UME) 1065*32kB (UME) 748*64kB (UM) 219*128kB (UM) 122*256kB (UM) 57*512kB (UM) 2*1024kB (U) 0*2048kB 0*4096kB = 191980kB [ 714.411017] warn_alloc_show_mem: 2 callbacks suppressed [ 714.411021] Mem-Info: [ 714.418836] active_anon:12447 inactive_anon:8483 isolated_anon:0 [ 714.418836] active_file:263 inactive_file:485 isolated_file:0 [ 714.418836] unevictable:0 dirty:1 writeback:0 unstable:0 [ 714.418836] slab_reclaimable:13929 slab_unreclaimable:117399 [ 714.418836] mapped:44809 shmem:8982 pagetables:784 bounce:0 [ 714.418836] free:81109 free_pcp:685 free_cma:0 [ 714.458173] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 714.471064] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 714.488463] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 714.491687] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 714.514242] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 714.525397] 9764 total pagecache pages [ 714.530030] 0 pages in swap cache [ 714.534886] Node 0 active_anon:48824kB inactive_anon:25724kB active_file:1520kB inactive_file:1788kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:176608kB dirty:4kB writeback:0kB shmem:27712kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 714.545415] syz-executor.5 cpuset= [ 714.567901] Swap cache stats: add 0, delete 0, find 0/0 [ 714.582018] Free swap = 0kB [ 714.590230] / [ 714.593749] Total swap = 0kB [ 714.596680] mems_allowed=0-1 [ 714.608966] 2097051 pages RAM [ 714.609945] CPU: 0 PID: 14638 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 20:22:54 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) [ 714.620049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.628237] 0 pages HighMem/MovableOnly [ 714.629395] Call Trace: [ 714.629411] dump_stack+0x1b2/0x281 [ 714.629424] warn_alloc.cold+0x96/0x1cc [ 714.643524] ? zone_watermark_ok_safe+0x220/0x220 [ 714.644715] 363848 pages reserved [ 714.648376] __alloc_pages_nodemask+0x2127/0x2720 [ 714.656650] ? _raw_spin_unlock_irq+0x24/0x80 [ 714.661153] ? lock_acquire+0x170/0x3f0 [ 714.664026] 0 pages cma reserved [ 714.665169] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 714.665188] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 714.665200] ? __mutex_unlock_slowpath+0x75/0x770 [ 714.665211] ? ion_page_pool_alloc+0x9e/0x1b0 [ 714.665223] alloc_pages_current+0x155/0x260 [ 714.665233] ion_page_pool_alloc+0x118/0x1b0 [ 714.668951] Node 1 active_anon:964kB inactive_anon:8208kB active_file:24kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:3128kB dirty:0kB writeback:0kB shmem:8216kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 714.673408] ion_system_heap_allocate+0x133/0x8c0 [ 714.673419] ? _raw_spin_unlock+0x29/0x40 [ 714.673428] ? _ion_heap_freelist_drain+0x6e/0x410 [ 714.673436] ? ion_system_contig_heap_create+0x130/0x130 [ 714.673446] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 714.673456] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 714.673466] ion_alloc+0x27a/0x810 [ 714.673479] ? ion_dma_buf_release+0x40/0x40 [ 714.673491] ? __might_fault+0x177/0x1b0 [ 714.673502] ion_ioctl+0xea/0x1f0 [ 714.673510] ? ion_query_heaps+0x360/0x360 [ 714.673521] ? ion_query_heaps+0x360/0x360 [ 714.673530] do_vfs_ioctl+0x75a/0xff0 [ 714.673542] ? ioctl_preallocate+0x1a0/0x1a0 [ 714.699093] Node 0 [ 714.723865] ? lock_downgrade+0x740/0x740 [ 714.723879] ? __fget+0x225/0x360 [ 714.723889] ? do_vfs_ioctl+0xff0/0xff0 [ 714.723899] ? security_file_ioctl+0x83/0xb0 [ 714.723908] SyS_ioctl+0x7f/0xb0 [ 714.723915] ? do_vfs_ioctl+0xff0/0xff0 [ 714.723926] do_syscall_64+0x1d5/0x640 [ 714.723940] entry_SYSCALL_64_after_hwframe+0x46/0xbb 20:22:54 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) [ 714.723947] RIP: 0033:0x466459 [ 714.723952] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 714.723961] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 714.723966] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 714.723971] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 714.723976] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 714.723981] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 714.906262] DMA free:11088kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:808kB inactive_file:500kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 714.936127] lowmem_reserve[]: 0 2717 2718 2718 2718 20:22:54 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) [ 714.953145] Node 0 DMA32 free:42676kB min:36200kB low:45248kB high:54296kB active_anon:48824kB inactive_anon:25724kB active_file:2612kB inactive_file:6108kB unevictable:0kB writepending:4kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2912kB bounce:0kB free_pcp:784kB local_pcp:352kB free_cma:0kB [ 714.991116] lowmem_reserve[]: 0 0 0 0 0 [ 715.021116] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 715.115417] lowmem_reserve[]: 0 0 0 0 0 [ 715.141260] Node 1 Normal free:209232kB min:53696kB low:67120kB high:80544kB active_anon:996kB inactive_anon:8212kB active_file:28kB inactive_file:416kB unevictable:0kB writepending:8kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:176kB bounce:0kB free_pcp:440kB local_pcp:344kB free_cma:0kB [ 715.194235] lowmem_reserve[]: 0 0 0 0 0 [ 715.223557] Node 0 DMA: 84*4kB (UME) 37*8kB (UME) 28*16kB (UME) 17*32kB (UME) 4*64kB (UME) 2*128kB (UE) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 1*2048kB (E) 1*4096kB (M) = 11096kB [ 715.298894] Node 0 DMA32: 567*4kB (UME) 484*8kB (UME) 106*16kB (UME) 160*32kB (UME) 777*64kB (U) 44*128kB (U) 0*256kB 0*512kB 16*1024kB (U) 0*2048kB 0*4096kB = 84700kB [ 715.323795] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 715.360957] Node 1 Normal: 1*4kB (U) 2*8kB (UM) 2*16kB (E) 3*32kB (UE) 178*64kB (U) 1*128kB (U) 1*256kB (M) 1*512kB (M) 320*1024kB (U) 45*2048kB (U) 1*4096kB (U) = 436372kB [ 715.420959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 715.430052] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 715.453003] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 715.465247] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 715.504148] 11547 total pagecache pages [ 715.508170] 0 pages in swap cache [ 715.513004] Swap cache stats: add 0, delete 0, find 0/0 [ 715.518480] Free swap = 0kB [ 715.530990] Total swap = 0kB [ 715.534030] 2097051 pages RAM [ 715.537129] 0 pages HighMem/MovableOnly [ 715.555022] 363848 pages reserved [ 715.558509] 0 pages cma reserved [ 715.860956] warn_alloc: 1 callbacks suppressed [ 715.860960] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 715.881646] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 715.888058] CPU: 1 PID: 14623 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 715.896031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.905385] Call Trace: [ 715.907982] dump_stack+0x1b2/0x281 [ 715.911612] warn_alloc.cold+0x96/0x1cc [ 715.915587] ? zone_watermark_ok_safe+0x220/0x220 [ 715.920428] __alloc_pages_nodemask+0x2127/0x2720 [ 715.925252] ? lock_acquire+0x170/0x3f0 [ 715.929225] ? lock_acquire+0x170/0x3f0 [ 715.933182] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 715.938021] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 715.943459] ? __mutex_unlock_slowpath+0x75/0x770 [ 715.948282] alloc_pages_current+0x155/0x260 [ 715.952672] ion_page_pool_alloc+0x118/0x1b0 [ 715.957062] ion_system_heap_allocate+0x133/0x8c0 [ 715.961884] ? _raw_spin_unlock+0x29/0x40 [ 715.966010] ? _ion_heap_freelist_drain+0x6e/0x410 [ 715.970921] ? ion_system_contig_heap_create+0x130/0x130 [ 715.976351] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 715.981346] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 715.986166] ion_alloc+0x27a/0x810 [ 715.989688] ? ion_dma_buf_release+0x40/0x40 [ 715.994098] ? __might_fault+0x177/0x1b0 [ 715.998140] ion_ioctl+0xea/0x1f0 [ 716.001572] ? ion_query_heaps+0x360/0x360 [ 716.005788] ? ion_query_heaps+0x360/0x360 [ 716.010002] do_vfs_ioctl+0x75a/0xff0 [ 716.013802] ? ioctl_preallocate+0x1a0/0x1a0 [ 716.018199] ? lock_downgrade+0x740/0x740 [ 716.022335] ? __fget+0x225/0x360 [ 716.025772] ? do_vfs_ioctl+0xff0/0xff0 [ 716.029733] ? security_file_ioctl+0x83/0xb0 [ 716.034128] SyS_ioctl+0x7f/0xb0 [ 716.037497] ? do_vfs_ioctl+0xff0/0xff0 [ 716.041459] do_syscall_64+0x1d5/0x640 [ 716.045335] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 716.050512] RIP: 0033:0x466459 [ 716.053683] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 716.061375] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 716.068626] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000003 [ 716.075962] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 716.083218] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 716.090467] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 716.113423] systemd-journal invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 716.113688] syz-executor.4: [ 716.126531] systemd-journal cpuset=/ mems_allowed=0-1 [ 716.134968] CPU: 1 PID: 13939 Comm: systemd-journal Not tainted 4.14.230-syzkaller #0 [ 716.142937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.152280] Call Trace: [ 716.154861] dump_stack+0x1b2/0x281 [ 716.158483] dump_header+0x178/0x82f [ 716.162193] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 716.162307] warn_alloc_show_mem: 2 callbacks suppressed [ 716.162310] Mem-Info: [ 716.167291] ? ___ratelimit+0x2cd/0x530 [ 716.178993] oom_kill_process.cold+0x10/0xa40 [ 716.183491] out_of_memory+0xe3e/0x1190 [ 716.187463] ? oom_killer_disable+0x1c0/0x1c0 [ 716.190483] page allocation failure: order:4 [ 716.191947] ? mutex_trylock+0x152/0x1a0 [ 716.191958] __alloc_pages_nodemask+0x23e1/0x2720 [ 716.191978] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 716.196356] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 716.200409] alloc_pages_current+0x155/0x260 [ 716.207432] active_anon:12449 inactive_anon:8483 isolated_anon:0 [ 716.207432] active_file:19 inactive_file:8 isolated_file:0 [ 716.207432] unevictable:0 dirty:1 writeback:5 unstable:0 [ 716.207432] slab_reclaimable:13910 slab_unreclaimable:119849 [ 716.207432] mapped:44341 shmem:8982 pagetables:784 bounce:0 [ 716.207432] free:13811 free_pcp:30 free_cma:0 [ 716.210043] filemap_fault+0x11a1/0x1ad0 [ 716.237267] Node 0 active_anon:48828kB inactive_anon:25720kB active_file:64kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:174088kB dirty:0kB writeback:20kB shmem:27708kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 716.254394] ext4_filemap_fault+0x84/0xb0 [ 716.254405] __do_fault+0xfa/0x380 [ 716.266035] (null) [ 716.286278] __handle_mm_fault+0x2497/0x4620 [ 716.286288] ? vm_insert_page+0x7c0/0x7c0 [ 716.286305] ? mark_held_locks+0xa6/0xf0 [ 716.291757] Node 1 active_anon:968kB inactive_anon:8212kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:3276kB dirty:4kB writeback:0kB shmem:8220kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 716.293965] handle_mm_fault+0x455/0x9c0 [ 716.296086] Node 0 [ 716.300477] __do_page_fault+0x549/0xad0 [ 716.304622] syz-executor.4 cpuset= [ 716.308697] ? spurious_fault+0x640/0x640 [ 716.335534] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:40kB inactive_file:0kB unevictable:0kB writepending:8kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 716.339558] ? do_page_fault+0x60/0x500 [ 716.341785] lowmem_reserve[]: [ 716.345812] ? page_fault+0x2f/0x50 [ 716.349340] 0 [ 716.353481] page_fault+0x45/0x50 [ 716.353489] RIP: 0001:0xffffffffffffffff [ 716.353494] RSP: a3af21e0:00007fff29ea24f0 EFLAGS: 7fff29ea2300 [ 716.353911] Mem-Info: [ 716.390594] syz-executor.5: [ 716.391779] active_anon:12449 inactive_anon:8483 isolated_anon:0 [ 716.391779] active_file:19 inactive_file:8 isolated_file:0 [ 716.391779] unevictable:0 dirty:1 writeback:5 unstable:0 [ 716.391779] slab_reclaimable:13910 slab_unreclaimable:119849 [ 716.391779] mapped:44341 shmem:8982 pagetables:784 bounce:0 [ 716.391779] free:13811 free_pcp:30 free_cma:0 [ 716.395174] page allocation failure: order:0 [ 716.399228] Node 0 active_anon:48828kB inactive_anon:25720kB active_file:64kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:174088kB dirty:0kB writeback:20kB shmem:27708kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 716.405299] syz-executor.0: [ 716.407687] Node 1 active_anon:968kB inactive_anon:8212kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:3276kB dirty:4kB writeback:0kB shmem:8220kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 716.410684] page allocation failure: order:0 [ 716.443631] Node 0 [ 716.456982] / [ 716.475779] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:60kB inactive_file:0kB unevictable:0kB writepending:8kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 716.485620] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 716.508895] 2717 [ 716.513715] (null) [ 716.514007] 2718 [ 716.542757] mems_allowed=0-1 [ 716.550164] lowmem_reserve[]: [ 716.553603] CPU: 0 PID: 14608 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 716.556148] 0 [ 716.559218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.571207] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 716.578319] Call Trace: [ 716.578327] (null) [ 716.585415] dump_stack+0x1b2/0x281 [ 716.585428] warn_alloc.cold+0x96/0x1cc [ 716.585440] ? zone_watermark_ok_safe+0x220/0x220 [ 716.585464] __alloc_pages_nodemask+0x2127/0x2720 [ 716.585474] ? lock_acquire+0x170/0x3f0 [ 716.585486] ? lock_acquire+0x170/0x3f0 [ 716.585500] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 716.590832] 2717 [ 716.593807] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 716.597749] 2718 [ 716.602577] ? __mutex_unlock_slowpath+0x75/0x770 [ 716.602592] alloc_pages_current+0x155/0x260 [ 716.602605] ion_page_pool_alloc+0x118/0x1b0 [ 716.602615] ion_system_heap_allocate+0x133/0x8c0 [ 716.602628] ? _raw_spin_unlock+0x29/0x40 [ 716.611067] syz-executor.0 cpuset= [ 716.611411] ? _ion_heap_freelist_drain+0x6e/0x410 [ 716.615356] / [ 716.620180] ? ion_system_contig_heap_create+0x130/0x130 [ 716.624994] 2718 [ 716.627742] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 716.629777] 2718 [ 716.634603] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 716.634613] ion_alloc+0x27a/0x810 [ 716.634627] ? ion_dma_buf_release+0x40/0x40 [ 716.634638] ? __might_fault+0x177/0x1b0 [ 716.634650] ion_ioctl+0xea/0x1f0 [ 716.634659] ? ion_query_heaps+0x360/0x360 [ 716.634674] ? ion_query_heaps+0x360/0x360 [ 716.644296] 2718 [ 716.648296] do_vfs_ioctl+0x75a/0xff0 [ 716.652734] mems_allowed=0-1 [ 716.655943] ? ioctl_preallocate+0x1a0/0x1a0 [ 716.667986] ? lock_downgrade+0x740/0x740 [ 716.670022] Node 0 [ 716.675019] ? __fget+0x225/0x360 [ 716.675029] ? do_vfs_ioctl+0xff0/0xff0 [ 716.675040] ? security_file_ioctl+0x83/0xb0 [ 716.675051] SyS_ioctl+0x7f/0xb0 [ 716.677098] 2718 [ 716.681913] ? do_vfs_ioctl+0xff0/0xff0 [ 716.681926] do_syscall_64+0x1d5/0x640 [ 716.681940] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 716.681949] RIP: 0033:0x466459 [ 716.681954] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 716.681965] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 716.681971] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 716.681979] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 716.705778] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 716.707817] Node 0 [ 716.711590] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 716.731159] syz-executor.5 cpuset= [ 716.737974] DMA32 free:17924kB min:36200kB low:45248kB high:54296kB active_anon:48828kB inactive_anon:25720kB active_file:24kB inactive_file:32kB unevictable:0kB writepending:12kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2912kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 716.740656] / [ 716.742725] lowmem_reserve[]: [ 716.754952] CPU: 0 PID: 14634 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 716.760777] 0 [ 716.766629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.766633] Call Trace: [ 716.766652] dump_stack+0x1b2/0x281 [ 716.766665] warn_alloc.cold+0x96/0x1cc [ 716.766676] ? zone_watermark_ok_safe+0x220/0x220 [ 716.766687] ? usleep_range+0x130/0x130 [ 716.779079] DMA32 free:17924kB min:36200kB low:45248kB high:54296kB active_anon:48828kB inactive_anon:25720kB active_file:24kB inactive_file:32kB unevictable:0kB writepending:12kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2912kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 716.781212] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 716.781226] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 716.781236] ? run_timer_softirq+0x5a0/0x5a0 [ 716.781253] __alloc_pages_nodemask+0x2127/0x2720 [ 716.788512] lowmem_reserve[]: [ 716.795776] ? lock_acquire+0x170/0x3f0 [ 716.795791] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 716.795801] ? ion_page_pool_alloc+0x9e/0x1b0 [ 716.795817] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 716.795831] ? retint_kernel+0x2d/0x2d [ 716.795843] alloc_pages_current+0x155/0x260 [ 716.795854] ion_page_pool_alloc+0x118/0x1b0 [ 716.803112] 0 [ 716.805323] ion_system_heap_allocate+0x133/0x8c0 [ 716.808834] 0 [ 716.836844] ? _raw_spin_unlock+0x29/0x40 [ 716.836852] ? _ion_heap_freelist_drain+0x6e/0x410 [ 716.836861] ? ion_system_contig_heap_create+0x130/0x130 [ 716.836870] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 716.836881] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 716.836892] ion_alloc+0x27a/0x810 [ 716.836904] ? ion_dma_buf_release+0x40/0x40 [ 716.836917] ? __might_fault+0x177/0x1b0 [ 716.836928] ion_ioctl+0xea/0x1f0 [ 716.836936] ? ion_query_heaps+0x360/0x360 [ 716.836947] ? ion_query_heaps+0x360/0x360 [ 716.843963] 0 [ 716.849592] do_vfs_ioctl+0x75a/0xff0 [ 716.853055] 0 [ 716.860808] ? ioctl_preallocate+0x1a0/0x1a0 [ 716.866814] 0 [ 716.866983] ? lock_downgrade+0x740/0x740 [ 716.872602] 0 [ 716.875759] ? __fget+0x225/0x360 [ 716.879702] 0 [ 716.907831] ? do_vfs_ioctl+0xff0/0xff0 [ 716.907843] ? security_file_ioctl+0x83/0xb0 [ 716.907853] SyS_ioctl+0x7f/0xb0 [ 716.907861] ? do_vfs_ioctl+0xff0/0xff0 [ 716.907873] do_syscall_64+0x1d5/0x640 [ 716.907888] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 716.907897] RIP: 0033:0x466459 [ 716.907902] RSP: 002b:00007fcbd0bd8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 716.907912] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 716.907920] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 716.918036] 0 [ 716.922380] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 716.922385] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 716.922390] R13: 00007ffdcf99cddf R14: 00007fcbd0bd8300 R15: 0000000000022000 [ 716.928465] mems_allowed=0-1 [ 716.930326] 0 [ 716.934321] CPU: 0 PID: 14638 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 716.934327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.934331] Call Trace: [ 716.934352] dump_stack+0x1b2/0x281 [ 716.934365] warn_alloc.cold+0x96/0x1cc [ 716.934376] ? zone_watermark_ok_safe+0x220/0x220 [ 716.949110] ? usleep_range+0x130/0x130 [ 716.954190] Node 0 [ 716.957365] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 716.965801] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 716.968373] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 716.970149] lowmem_reserve[]: [ 716.974277] ? run_timer_softirq+0x5a0/0x5a0 [ 716.974295] __alloc_pages_nodemask+0x2127/0x2720 [ 716.974311] ? lock_acquire+0x170/0x3f0 [ 716.974325] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 716.974340] ? ion_page_pool_alloc+0x9e/0x1b0 [ 716.974356] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 716.984697] alloc_pages_current+0x155/0x260 [ 716.984710] ion_page_pool_alloc+0x118/0x1b0 [ 716.984720] ion_system_heap_allocate+0x133/0x8c0 [ 716.984733] ? _raw_spin_unlock+0x29/0x40 [ 716.984742] ? _ion_heap_freelist_drain+0x6e/0x410 [ 716.984751] ? ion_system_contig_heap_create+0x130/0x130 [ 716.984759] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 716.984770] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 716.994131] 0 [ 716.994585] ion_alloc+0x27a/0x810 [ 716.998204] 0 [ 717.002610] ? ion_dma_buf_release+0x40/0x40 [ 717.002624] ? __might_fault+0x177/0x1b0 [ 717.002636] ion_ioctl+0xea/0x1f0 [ 717.002645] ? ion_query_heaps+0x360/0x360 [ 717.007438] Node 0 [ 717.010124] ? ion_query_heaps+0x360/0x360 [ 717.017669] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 717.018545] do_vfs_ioctl+0x75a/0xff0 [ 717.020320] lowmem_reserve[]: [ 717.024105] ? ioctl_preallocate+0x1a0/0x1a0 [ 717.024119] ? lock_downgrade+0x740/0x740 [ 717.024132] ? __fget+0x225/0x360 [ 717.024141] ? do_vfs_ioctl+0xff0/0xff0 [ 717.024153] ? security_file_ioctl+0x83/0xb0 [ 717.027720] 0 [ 717.030318] SyS_ioctl+0x7f/0xb0 [ 717.035439] 0 [ 717.036228] ? do_vfs_ioctl+0xff0/0xff0 [ 717.038002] 0 [ 717.041434] do_syscall_64+0x1d5/0x640 [ 717.041450] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 717.041458] RIP: 0033:0x466459 [ 717.041462] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 717.041471] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 717.041476] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 717.041481] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 717.041488] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 717.045045] 0 [ 717.047223] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 717.062548] 0 [ 717.154672] warn_alloc_show_mem: 2 callbacks suppressed [ 717.154675] Mem-Info: [ 717.156093] 0 [ 717.165503] active_anon:12449 inactive_anon:8483 isolated_anon:0 [ 717.165503] active_file:13 inactive_file:662 isolated_file:0 [ 717.165503] unevictable:0 dirty:0 writeback:0 unstable:0 [ 717.165503] slab_reclaimable:13910 slab_unreclaimable:119839 [ 717.165503] mapped:44741 shmem:8982 pagetables:784 bounce:0 [ 717.165503] free:51837 free_pcp:38 free_cma:0 [ 717.293962] Node 0 active_anon:48828kB inactive_anon:25720kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:174088kB dirty:0kB writeback:0kB shmem:27708kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 717.306680] 0 [ 717.394584] Node 1 active_anon:968kB inactive_anon:8212kB active_file:8kB inactive_file:2704kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:5076kB dirty:0kB writeback:0kB shmem:8220kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 717.396860] Node 1 [ 717.424837] Node 0 [ 717.427749] Normal free:468340kB min:53696kB low:67120kB high:80544kB active_anon:968kB inactive_anon:8212kB active_file:8kB inactive_file:2904kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:224kB bounce:0kB free_pcp:212kB local_pcp:12kB free_cma:0kB [ 717.429605] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:16kB inactive_file:28kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 717.429609] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 717.429628] Node 0 DMA32 free:45212kB min:36200kB low:45248kB high:54296kB active_anon:48828kB inactive_anon:25720kB active_file:36kB inactive_file:1412kB unevictable:0kB writepending:148kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2912kB bounce:0kB free_pcp:224kB local_pcp:180kB free_cma:0kB [ 717.429647] lowmem_reserve[]: 0 0 0 0 0 [ 717.429665] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 717.429682] lowmem_reserve[]: [ 717.431762] lowmem_reserve[]: [ 717.570828] 0 [ 717.580432] 0 [ 717.614943] 0 [ 717.660010] Node 1 Normal free:743520kB min:53696kB low:67120kB high:80544kB active_anon:968kB inactive_anon:8212kB active_file:8kB inactive_file:3404kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:224kB bounce:0kB free_pcp:208kB local_pcp:120kB free_cma:0kB [ 717.695540] lowmem_reserve[]: 0 0 0 0 0 [ 717.700024] Node 0 DMA: 3*4kB (ME) 4*8kB (ME) 5*16kB (UME) 3*32kB (UME) 4*64kB (UME) 4*128kB (UME) 3*256kB (ME) 4*512kB (UME) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10972kB [ 717.710816] 0 0 0 [ 717.718004] Node 1 Normal free:824496kB min:53696kB low:67120kB high:80544kB active_anon:968kB inactive_anon:8212kB active_file:8kB inactive_file:3604kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:224kB bounce:0kB free_pcp:180kB local_pcp:132kB free_cma:0kB [ 717.740815] Node 0 DMA32: 1552*4kB (ME) 735*8kB (ME) 165*16kB (ME) 33*32kB (ME) 446*64kB (U) 2*128kB (U) 0*256kB 1*512kB (U) 28*1024kB (U) 0*2048kB 0*4096kB = 73768kB [ 717.780829] 0 0 0 0 0 [ 717.783392] Node 0 DMA: 3*4kB (ME) 4*8kB (ME) 5*16kB (UME) 3*32kB (UME) 11*64kB (UME) 6*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 12188kB [ 717.790807] lowmem_reserve[]: 0 0 0 0 0 [ 717.806906] Node 0 DMA: 3*4kB (ME) 4*8kB (ME) 5*16kB (UME) 3*32kB (UME) 11*64kB (UME) 6*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 12188kB [ 717.810831] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 717.840810] Node 0 DMA32: 1553*4kB (UME) 736*8kB (UME) 166*16kB (UME) 34*32kB (UME) 1099*64kB (UME) 241*128kB (UME) 88*256kB (U) 5*512kB (U) 28*1024kB (U) 0*2048kB 0*4096kB = 170788kB [ 717.841928] Node 0 DMA32: 1553*4kB (UME) 736*8kB (UME) 166*16kB (UME) 33*32kB (ME) 761*64kB (UME) 242*128kB (UME) 88*256kB (U) 5*512kB (U) 28*1024kB (U) 0*2048kB 0*4096kB = 149252kB [ 717.882493] Node 1 [ 717.899161] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 717.912508] Node 0 [ 717.930815] Normal: [ 717.932837] Normal: [ 717.933066] 0*4kB [ 717.935373] 0*4kB [ 717.937673] 0*8kB [ 717.939798] 0*8kB [ 717.941975] Node 1 Normal: 0*4kB 0*8kB 3*16kB (ME) 4*32kB (UME) 1401*64kB (UM) 173*128kB (UM) 102*256kB (U) 37*512kB (U) 618*1024kB (UM) 90*2048kB (U) 2*4096kB (U) = 982384kB [ 717.962498] 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 717.970809] 3*16kB (ME) 4*32kB (UME) 1401*64kB (UM) 173*128kB (UM) 102*256kB (U) 37*512kB (U) 618*1024kB (UM) 90*2048kB (U) 2*4096kB (U) = 982384kB [ 717.982503] Node 1 Normal: 0*4kB 0*8kB 3*16kB (ME) 4*32kB (UME) 1401*64kB (UM) [ 717.984376] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 717.984586] 173*128kB [ 717.991858] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 717.991866] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 717.991871] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 717.991879] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 718.031541] (UM) 102*256kB (U) 37*512kB (U) 618*1024kB (UM) 90*2048kB (U) 2*4096kB (U) = 982384kB [ 718.039365] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 718.060815] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 718.069650] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 718.071373] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 718.100812] 10289 total pagecache pages [ 718.104827] 0 pages in swap cache [ 718.108272] Swap cache stats: add 0, delete 0, find 0/0 [ 718.111369] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 718.113686] 10289 total pagecache pages [ 718.130812] Free swap = 0kB [ 718.133827] Total swap = 0kB [ 718.136834] 2097051 pages RAM [ 718.139926] 0 pages HighMem/MovableOnly [ 718.143784] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 718.150790] 0 pages in swap cache [ 718.156143] Swap cache stats: add 0, delete 0, find 0/0 [ 718.165201] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 718.170800] 363848 pages reserved [ 718.177218] 0 pages cma reserved [ 718.180821] Free swap = 0kB [ 718.183732] 10289 total pagecache pages [ 718.183827] Total swap = 0kB [ 718.187783] 0 pages in swap cache [ 718.200814] 2097051 pages RAM [ 718.204020] 0 pages HighMem/MovableOnly [ 718.207983] 363848 pages reserved [ 718.220812] 0 pages cma reserved [ 718.223538] Swap cache stats: add 0, delete 0, find 0/0 [ 718.229523] Free swap = 0kB [ 718.250823] Total swap = 0kB [ 718.253848] 2097051 pages RAM [ 718.256957] 0 pages HighMem/MovableOnly [ 718.270808] 363848 pages reserved [ 718.280968] 0 pages cma reserved [ 718.284351] Out of memory (oom_kill_allocating_task): Kill process 13939 (systemd-journal) score 0 or sacrifice child [ 718.310821] Killed process 13939 (systemd-journal) total-vm:46096kB, anon-rss:472kB, file-rss:4kB, shmem-rss:3244kB [ 718.507380] systemd[1]: systemd-journald.service: Failed with result 'signal'. [ 718.537835] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 718.565400] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 718.576832] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 718.594959] systemd[1]: Stopped Journal Service. [ 718.620394] systemd[1]: Starting Journal Service... [ 718.855229] systemd[1]: Starting Load/Save RF Kill Switch Status... [ 718.870434] systemd-journald[14660]: File /run/log/journal/04d8c135ee6b410280ba31a58c89679d/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 718.991066] syz-executor.0 (14345) used greatest stack depth: 24872 bytes left [ 719.011881] systemd[1]: Started Load/Save RF Kill Switch Status. [ 719.444086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 719.474918] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 719.496251] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 719.530797] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 719.538849] device bridge_slave_1 left promiscuous mode [ 719.580906] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.588858] device bridge_slave_0 left promiscuous mode [ 719.611448] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.623911] device veth1_macvtap left promiscuous mode [ 719.629217] device veth0_macvtap left promiscuous mode [ 719.666990] device veth1_vlan left promiscuous mode [ 719.677177] device veth0_vlan left promiscuous mode [ 719.788149] oom_reaper: reaped process 14642 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 719.823195] rs:main Q:Reg invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 719.847666] rs:main Q:Reg cpuset=/ mems_allowed=0-1 [ 719.873157] CPU: 1 PID: 14364 Comm: rs:main Q:Reg Not tainted 4.14.230-syzkaller #0 [ 719.880965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 719.890308] Call Trace: [ 719.892898] dump_stack+0x1b2/0x281 [ 719.896527] dump_header+0x178/0x82f [ 719.900243] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 719.905350] ? ___ratelimit+0x2cd/0x530 [ 719.909322] oom_kill_process.cold+0x10/0xa40 [ 719.913872] out_of_memory+0xe3e/0x1190 [ 719.917851] ? oom_killer_disable+0x1c0/0x1c0 [ 719.922331] ? mutex_trylock+0x152/0x1a0 [ 719.926371] __alloc_pages_nodemask+0x23e1/0x2720 [ 719.931201] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 719.936032] alloc_pages_current+0x155/0x260 [ 719.940420] filemap_fault+0x11a1/0x1ad0 [ 719.944470] ext4_filemap_fault+0x84/0xb0 [ 719.948611] __do_fault+0xfa/0x380 [ 719.952130] __handle_mm_fault+0x2497/0x4620 [ 719.956518] ? vm_insert_page+0x7c0/0x7c0 [ 719.960643] ? lock_downgrade+0x740/0x740 [ 719.964770] ? vfs_write+0x35d/0x4d0 [ 719.968465] ? mark_held_locks+0xa6/0xf0 [ 719.972508] handle_mm_fault+0x455/0x9c0 [ 719.976548] __do_page_fault+0x549/0xad0 [ 719.980590] ? spurious_fault+0x640/0x640 [ 719.984716] ? do_page_fault+0x60/0x500 [ 719.988665] ? page_fault+0x2f/0x50 [ 719.992268] page_fault+0x45/0x50 [ 719.995698] RIP: 9b6bcbec:0x7f9e1c042bc0 [ 719.999734] RSP: 9b6bcbec:000055e79d0c0260 EFLAGS: 55e79d0c5d30 [ 720.003204] Mem-Info: [ 720.004447] syz-executor.4: [ 720.009275] active_anon:12571 inactive_anon:10512 isolated_anon:0 [ 720.009275] active_file:7 inactive_file:18 isolated_file:0 [ 720.009275] unevictable:0 dirty:3 writeback:0 unstable:0 [ 720.009275] slab_reclaimable:13853 slab_unreclaimable:119872 [ 720.009275] mapped:43919 shmem:11026 pagetables:752 bounce:0 [ 720.009275] free:14021 free_pcp:41 free_cma:0 [ 720.042280] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 720.049571] Node 0 active_anon:48032kB inactive_anon:25712kB active_file:12kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:174088kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 720.090178] Node 1 active_anon:2156kB inactive_anon:16336kB active_file:52kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1428kB dirty:0kB writeback:0kB shmem:16400kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 720.115948] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 720.160326] CPU: 0 PID: 14608 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 720.166271] Node 0 [ 720.168233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.168251] DMA free:10960kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 720.170454] Call Trace: [ 720.207516] lowmem_reserve[]: 0 2717 [ 720.207875] dump_stack+0x1b2/0x281 [ 720.207889] warn_alloc.cold+0x96/0x1cc [ 720.212931] 2718 [ 720.215192] ? zone_watermark_ok_safe+0x220/0x220 [ 720.219132] 2718 [ 720.221176] ? usleep_range+0x130/0x130 [ 720.221186] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 720.221198] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 720.221208] ? run_timer_softirq+0x5a0/0x5a0 [ 720.221226] __alloc_pages_nodemask+0x2127/0x2720 [ 720.221242] ? lock_acquire+0x170/0x3f0 [ 720.221258] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 720.232244] syz-executor.3: [ 720.237182] ? ion_page_pool_alloc+0x9e/0x1b0 [ 720.243955] 2718 [ 720.246565] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 720.256359] page allocation failure: order:0 [ 720.260188] ? __sanitizer_cov_trace_pc+0x41/0x50 [ 720.267663] alloc_pages_current+0x155/0x260 [ 720.269804] Node 0 [ 720.275238] ion_page_pool_alloc+0x118/0x1b0 [ 720.275249] ion_system_heap_allocate+0x133/0x8c0 [ 720.275261] ? _raw_spin_unlock+0x29/0x40 [ 720.275270] ? _ion_heap_freelist_drain+0x6e/0x410 [ 720.275280] ? ion_system_contig_heap_create+0x130/0x130 [ 720.275290] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 720.275299] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 720.275310] ion_alloc+0x27a/0x810 [ 720.286378] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 720.288937] ? ion_dma_buf_release+0x40/0x40 [ 720.291726] (null) [ 720.295532] ? __might_fault+0x177/0x1b0 [ 720.300343] syz-executor.3 cpuset= [ 720.304473] ion_ioctl+0xea/0x1f0 [ 720.304482] ? ion_query_heaps+0x360/0x360 [ 720.304495] ? ion_query_heaps+0x360/0x360 [ 720.304505] do_vfs_ioctl+0x75a/0xff0 [ 720.304518] ? ioctl_preallocate+0x1a0/0x1a0 [ 720.304528] ? lock_downgrade+0x740/0x740 [ 720.304540] ? __fget+0x225/0x360 [ 720.304549] ? do_vfs_ioctl+0xff0/0xff0 [ 720.315705] DMA32 free:18088kB min:36200kB low:45248kB high:54296kB active_anon:48032kB inactive_anon:25712kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7520kB pagetables:2708kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 720.319895] ? security_file_ioctl+0x83/0xb0 [ 720.325283] lowmem_reserve[]: [ 720.328234] SyS_ioctl+0x7f/0xb0 [ 720.340621] / [ 720.341830] ? do_vfs_ioctl+0xff0/0xff0 [ 720.347586] mems_allowed=0-1 [ 720.349385] do_syscall_64+0x1d5/0x640 [ 720.357827] 0 [ 720.361253] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 720.361262] RIP: 0033:0x466459 [ 720.361267] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 720.361276] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 720.361284] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 720.375767] 0 [ 720.377011] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 720.395923] 0 [ 720.408828] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 720.408834] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 720.434098] Mem-Info: [ 720.441065] CPU: 1 PID: 14623 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 720.447804] syz-executor.2: [ 720.450365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.457773] active_anon:12547 inactive_anon:10512 isolated_anon:0 [ 720.457773] active_file:16 inactive_file:16 isolated_file:0 [ 720.457773] unevictable:0 dirty:0 writeback:0 unstable:0 [ 720.457773] slab_reclaimable:13847 slab_unreclaimable:119864 [ 720.457773] mapped:43879 shmem:11026 pagetables:752 bounce:0 [ 720.457773] free:13966 free_pcp:0 free_cma:0 [ 720.464966] Call Trace: [ 720.464986] dump_stack+0x1b2/0x281 [ 720.465000] warn_alloc.cold+0x96/0x1cc [ 720.466781] page allocation failure: order:0 [ 720.474029] ? zone_watermark_ok_safe+0x220/0x220 [ 720.474039] ? usleep_range+0x130/0x130 [ 720.474050] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 720.475854] Node 0 active_anon:48032kB inactive_anon:25712kB active_file:12kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:174088kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 720.483096] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 720.483107] ? run_timer_softirq+0x5a0/0x5a0 [ 720.483123] __alloc_pages_nodemask+0x2127/0x2720 [ 720.490375] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 720.492766] ? lock_acquire+0x170/0x3f0 [ 720.492782] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 720.500633] (null) [ 720.503636] ? ion_page_pool_alloc+0x9e/0x1b0 [ 720.503652] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 720.503671] alloc_pages_current+0x155/0x260 [ 720.513045] Node 1 active_anon:2156kB inactive_anon:16336kB active_file:52kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1428kB dirty:0kB writeback:0kB shmem:16400kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 720.546060] ion_page_pool_alloc+0x118/0x1b0 [ 720.546070] ion_system_heap_allocate+0x133/0x8c0 [ 720.546081] ? _raw_spin_unlock+0x29/0x40 [ 720.546092] ? _ion_heap_freelist_drain+0x6e/0x410 [ 720.548666] syz-executor.2 cpuset= [ 720.552262] ? ion_system_contig_heap_create+0x130/0x130 [ 720.552273] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 720.552286] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 720.556343] / [ 720.560733] ion_alloc+0x27a/0x810 [ 720.565590] mems_allowed=0-1 [ 720.569528] ? ion_dma_buf_release+0x40/0x40 [ 720.574656] Node 0 [ 720.602311] ? __might_fault+0x177/0x1b0 [ 720.602327] ion_ioctl+0xea/0x1f0 [ 720.640683] DMA free:10960kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 720.644558] ? ion_query_heaps+0x360/0x360 [ 720.648940] lowmem_reserve[]: [ 720.675988] ? ion_query_heaps+0x360/0x360 [ 720.675998] do_vfs_ioctl+0x75a/0xff0 [ 720.676012] ? ioctl_preallocate+0x1a0/0x1a0 [ 720.720651] 0 [ 720.721272] ? lock_downgrade+0x740/0x740 [ 720.725649] 2717 [ 720.727876] ? __fget+0x225/0x360 [ 720.740649] 2718 [ 720.760918] ? do_vfs_ioctl+0xff0/0xff0 [ 720.760929] ? security_file_ioctl+0x83/0xb0 [ 720.760939] SyS_ioctl+0x7f/0xb0 [ 720.790649] 2718 [ 720.791948] ? do_vfs_ioctl+0xff0/0xff0 [ 720.793985] 2718 [ 720.797941] do_syscall_64+0x1d5/0x640 [ 720.817544] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 720.822712] RIP: 0033:0x466459 [ 720.822714] Node 0 DMA32 free:18088kB min:36200kB low:45248kB high:54296kB active_anon:48032kB inactive_anon:25712kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7520kB pagetables:2708kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 720.825890] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 720.862010] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 720.869264] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000003 [ 720.876516] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 720.880640] lowmem_reserve[]: [ 720.883764] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 720.883773] 0 [ 720.886852] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 720.903141] CPU: 0 PID: 14642 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 720.911011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.915005] 0 [ 720.920366] Call Trace: [ 720.920372] 0 [ 720.922161] dump_stack+0x1b2/0x281 [ 720.922175] warn_alloc.cold+0x96/0x1cc [ 720.922187] ? zone_watermark_ok_safe+0x220/0x220 [ 720.922196] ? usleep_range+0x130/0x130 [ 720.922205] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 720.922217] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 720.922227] ? run_timer_softirq+0x5a0/0x5a0 [ 720.922244] __alloc_pages_nodemask+0x2127/0x2720 [ 720.930209] ? lock_acquire+0x170/0x3f0 [ 720.935865] Node 0 [ 720.938999] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 720.947964] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 720.948030] ? ion_page_pool_alloc+0x9e/0x1b0 [ 720.954745] lowmem_reserve[]: [ 720.957415] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 720.967272] 0 [ 720.968406] ? retint_kernel+0x2d/0x2d [ 720.974937] 0 [ 720.998112] alloc_pages_current+0x155/0x260 [ 720.998127] ion_page_pool_alloc+0x118/0x1b0 [ 720.998138] ion_system_heap_allocate+0x133/0x8c0 [ 720.998148] ? ion_alloc+0x187/0x810 [ 720.998159] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 720.998169] ? ion_system_contig_heap_create+0x130/0x130 [ 720.998178] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 720.998189] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 721.009397] 0 [ 721.011291] ion_alloc+0x204/0x810 [ 721.011305] ? ion_dma_buf_release+0x40/0x40 [ 721.011317] ? __might_fault+0x177/0x1b0 [ 721.011328] ion_ioctl+0xea/0x1f0 [ 721.013107] 0 [ 721.016974] ? ion_query_heaps+0x360/0x360 [ 721.018766] 0 [ 721.023156] ? ion_query_heaps+0x360/0x360 [ 721.023167] do_vfs_ioctl+0x75a/0xff0 [ 721.023178] ? ioctl_preallocate+0x1a0/0x1a0 [ 721.023188] ? lock_downgrade+0x740/0x740 [ 721.023201] ? __fget+0x225/0x360 [ 721.023211] ? do_vfs_ioctl+0xff0/0xff0 [ 721.023222] ? security_file_ioctl+0x83/0xb0 [ 721.023231] SyS_ioctl+0x7f/0xb0 [ 721.023238] ? do_vfs_ioctl+0xff0/0xff0 [ 721.023250] do_syscall_64+0x1d5/0x640 [ 721.036176] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 721.043280] Node 1 [ 721.047026] RIP: 0033:0x466459 [ 721.057115] Normal free:26824kB min:53696kB low:67120kB high:80544kB active_anon:2156kB inactive_anon:16336kB active_file:16kB inactive_file:92kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:300kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 721.058622] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 [ 721.063814] lowmem_reserve[]: [ 721.066523] ORIG_RAX: 0000000000000010 [ 721.070558] 0 [ 721.073987] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 721.073994] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 721.073999] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 721.074004] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 721.074009] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 721.083041] 0 [ 721.092842] 0 [ 721.099461] 0 [ 721.105259] 0 [ 721.107767] 0 [ 721.110291] 0 [ 721.118703] 0 [ 721.128431] 0 [ 721.132174] Node 0 DMA: 2*4kB (UE) 3*8kB (UME) 3*16kB [ 721.165775] Node 0 [ 721.175398] (UME) [ 721.188431] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 721.190572] 2*32kB [ 721.196219] lowmem_reserve[]: 0 0 0 0 0 [ 721.196241] Node 1 Normal free:26944kB min:53696kB low:67120kB high:80544kB active_anon:2156kB inactive_anon:16336kB active_file:56kB inactive_file:52kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:300kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 721.196262] lowmem_reserve[]: [ 721.210187] (ME) [ 721.218113] 0 [ 721.219819] 3*64kB [ 721.221626] 0 0 0 0 [ 721.221641] Node 0 DMA: 2*4kB (UE) 3*8kB (UME) 3*16kB (UME) 2*32kB (ME) 3*64kB (UME) [ 721.230243] (UME) [ 721.230505] 3*128kB [ 721.232759] 3*128kB (UME) 2*256kB (ME) 3*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) [ 721.241733] (UME) [ 721.266567] = 10960kB [ 721.296233] 2*256kB [ 721.309452] Node 0 [ 721.330635] (ME) 3*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10960kB [ 721.374221] systemd[1]: Started Journal Service. [ 721.375678] DMA32: 1954*4kB (UME) 742*8kB (UME) 152*16kB (ME) 39*32kB (UME) 7*64kB (UM) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18136kB [ 721.401153] Node 0 DMA32: 1961*4kB (UME) 1317*8kB (UME) 173*16kB (UME) 41*32kB (UME) 7*64kB (UM) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23292kB [ 721.417475] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 721.437741] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 721.459714] Node 1 Normal: 795*4kB (U) 564*8kB (UM) 5*16kB (UE) 6*32kB (UE) 26*64kB (UM) 60*128kB (UM) 8*256kB (UM) 8*512kB (UM) 129*1024kB (UM) 14*2048kB (U) 0*4096kB = 184220kB [ 721.474041] Node 1 Normal: 806*4kB (U) 710*8kB (U) 188*16kB (UME) 11*32kB (UME) 29*64kB (UM) 62*128kB (UM) 11*256kB (UM) 10*512kB (UM) 130*1024kB (UM) 14*2048kB (U) 0*4096kB = 191784kB [ 721.498574] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 721.508803] device hsr_slave_1 left promiscuous mode [ 721.521656] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 721.524063] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 721.554490] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 721.554793] device hsr_slave_0 left promiscuous mode [ 721.563956] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 721.568480] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 721.568488] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 721.568494] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 721.568497] 12353 total pagecache pages [ 721.568507] 0 pages in swap cache [ 721.568515] Swap cache stats: add 0, delete 0, find 0/0 [ 721.577129] 12353 total pagecache pages [ 721.577139] 0 pages in swap cache [ 721.577144] Swap cache stats: add 0, delete 0, find 0/0 [ 721.577147] Free swap = 0kB [ 721.577151] Total swap = 0kB [ 721.577159] 2097051 pages RAM [ 721.630720] Free swap = 0kB [ 721.652445] team0 (unregistering): Port device team_slave_1 removed [ 721.667827] Total swap = 0kB [ 721.670894] 2097051 pages RAM [ 721.685693] team0 (unregistering): Port device team_slave_0 removed [ 721.698109] 0 pages HighMem/MovableOnly [ 721.707341] 363848 pages reserved [ 721.724273] warn_alloc_show_mem: 1 callbacks suppressed [ 721.724276] Mem-Info: [ 721.724753] 0 pages cma reserved [ 721.729964] active_anon:12572 inactive_anon:10512 isolated_anon:0 [ 721.729964] active_file:265 inactive_file:1442 isolated_file:0 [ 721.729964] unevictable:0 dirty:0 writeback:0 unstable:0 [ 721.729964] slab_reclaimable:13839 slab_unreclaimable:118986 [ 721.729964] mapped:44929 shmem:11026 pagetables:752 bounce:0 [ 721.729964] free:93856 free_pcp:707 free_cma:0 [ 721.732349] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 721.735906] 0 pages HighMem/MovableOnly [ 721.801180] Node 0 active_anon:48032kB inactive_anon:25712kB active_file:1004kB inactive_file:916kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:174588kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 721.858333] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 721.910784] Node 1 active_anon:2256kB inactive_anon:16336kB active_file:1356kB inactive_file:3752kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:5328kB dirty:0kB writeback:0kB shmem:16400kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 721.959249] bond0 (unregistering): Released all slaves [ 721.960661] 363848 pages reserved [ 721.967993] 0 pages cma reserved [ 721.990844] Out of memory (oom_kill_allocating_task): Kill process 14364 (rs:main Q:Reg) score 0 or sacrifice child [ 722.020616] Node 0 DMA free:10960kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 722.049325] Killed process 14357 (rsyslogd) total-vm:254332kB, anon-rss:976kB, file-rss:0kB, shmem-rss:0kB [ 722.071964] oom_reaper: reaped process 14357 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 722.100699] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 722.105772] Node 0 DMA32 free:178544kB min:36200kB low:45248kB high:54296kB active_anon:47508kB inactive_anon:25712kB active_file:2304kB inactive_file:1388kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7424kB pagetables:2708kB bounce:0kB free_pcp:1348kB local_pcp:648kB free_cma:0kB [ 722.181022] lowmem_reserve[]: 0 0 0 0 0 [ 722.185042] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 722.230768] lowmem_reserve[]: 0 0 0 0 0 [ 722.234800] Node 1 Normal free:1085636kB min:53696kB low:67120kB high:80544kB active_anon:1680kB inactive_anon:16336kB active_file:1928kB inactive_file:3228kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:300kB bounce:0kB free_pcp:1360kB local_pcp:740kB free_cma:0kB [ 722.271480] lowmem_reserve[]: 0 0 0 0 0 [ 722.280628] Node 0 DMA: 2*4kB (UE) 3*8kB (UME) 3*16kB (UME) 2*32kB (ME) 7*64kB (UME) 3*128kB (UME) 2*256kB (ME) 3*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 11216kB [ 722.320717] Node 0 DMA32: 15905*4kB (UME) 3561*8kB (UME) 1739*16kB (UME) 626*32kB (UME) 752*64kB (UM) 158*128kB (U) 23*256kB (U) 13*512kB (U) 18*1024kB (U) 0*2048kB 0*4096kB = 239292kB [ 722.337663] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 722.380659] Node 1 Normal: 5444*4kB (UM) 1227*8kB (UM) 1341*16kB (UME) 1036*32kB (UME) 2002*64kB (UM) 243*128kB (U) 43*256kB (UM) 43*512kB (UM) 593*1024kB (UM) 116*2048kB (U) 10*4096kB (U) = 1164216kB [ 722.420798] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 722.440674] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 722.449292] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 722.458297] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 722.488891] 13721 total pagecache pages [ 722.492946] 0 pages in swap cache [ 722.496391] Swap cache stats: add 0, delete 0, find 0/0 [ 722.513919] Free swap = 0kB [ 722.517018] Total swap = 0kB [ 722.530591] 2097051 pages RAM [ 722.533858] 0 pages HighMem/MovableOnly [ 722.537820] 363848 pages reserved [ 722.563784] 0 pages cma reserved 20:23:03 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:03 executing program 3: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:03 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:03 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:23:03 executing program 0: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:23:03 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:03 executing program 3: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:04 executing program 3: r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:04 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 725.039422] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 725.049773] syz-executor.4: [ 725.052081] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 725.057344] page allocation failure: order:4 [ 725.060399] CPU: 0 PID: 14694 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 725.061881] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 725.064797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.064802] Call Trace: [ 725.064818] dump_stack+0x1b2/0x281 [ 725.064831] warn_alloc.cold+0x96/0x1cc [ 725.076814] syz-executor.2: [ 725.079800] ? zone_watermark_ok_safe+0x220/0x220 [ 725.079823] __alloc_pages_nodemask+0x2127/0x2720 [ 725.111945] ? lock_acquire+0x170/0x3f0 [ 725.114380] (null) [ 725.115920] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 725.115937] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 725.118097] syz-executor.4 cpuset= [ 725.122893] ? __mutex_unlock_slowpath+0x75/0x770 [ 725.122907] alloc_pages_current+0x155/0x260 [ 725.122920] ion_page_pool_alloc+0x118/0x1b0 [ 725.122931] ion_system_heap_allocate+0x133/0x8c0 [ 725.122940] ? ion_alloc+0x187/0x810 [ 725.122949] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 725.122959] ? ion_system_contig_heap_create+0x130/0x130 [ 725.138695] page allocation failure: order:4 [ 725.141131] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 725.141145] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 725.141156] ion_alloc+0x204/0x810 [ 725.141171] ? ion_dma_buf_release+0x40/0x40 [ 725.145591] / [ 725.150388] ? __might_fault+0x177/0x1b0 [ 725.161682] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 725.164947] ion_ioctl+0xea/0x1f0 [ 725.164956] ? ion_query_heaps+0x360/0x360 [ 725.164968] ? ion_query_heaps+0x360/0x360 [ 725.180005] (null) [ 725.182695] do_vfs_ioctl+0x75a/0xff0 [ 725.182709] ? ioctl_preallocate+0x1a0/0x1a0 [ 725.182718] ? lock_downgrade+0x740/0x740 [ 725.182734] ? __fget+0x225/0x360 [ 725.195605] syz-executor.2 cpuset= [ 725.199960] ? do_vfs_ioctl+0xff0/0xff0 [ 725.199972] ? security_file_ioctl+0x83/0xb0 [ 725.199982] SyS_ioctl+0x7f/0xb0 [ 725.203488] mems_allowed=0-1 [ 725.207627] ? do_vfs_ioctl+0xff0/0xff0 [ 725.207640] do_syscall_64+0x1d5/0x640 [ 725.207654] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 725.222817] / [ 725.226283] RIP: 0033:0x466459 [ 725.246272] mems_allowed=0-1 [ 725.248116] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 725.248128] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 725.248133] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 725.248141] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 725.298524] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 725.305781] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 725.334095] CPU: 1 PID: 14685 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 725.342015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.351374] Call Trace: [ 725.354076] dump_stack+0x1b2/0x281 [ 725.357710] warn_alloc.cold+0x96/0x1cc [ 725.361696] ? zone_watermark_ok_safe+0x220/0x220 [ 725.366559] __alloc_pages_nodemask+0x2127/0x2720 [ 725.371398] ? ___preempt_schedule+0x16/0x18 [ 725.375805] ? lock_acquire+0x170/0x3f0 [ 725.379788] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 725.384633] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 725.387151] Mem-Info: [ 725.390076] ? __mutex_unlock_slowpath+0x75/0x770 [ 725.390085] ? retint_kernel+0x2d/0x2d [ 725.390098] alloc_pages_current+0x155/0x260 [ 725.390111] ion_page_pool_alloc+0x118/0x1b0 [ 725.392592] active_anon:12247 inactive_anon:10512 isolated_anon:0 [ 725.392592] active_file:1973 inactive_file:5027 isolated_file:0 [ 725.392592] unevictable:0 dirty:63 writeback:0 unstable:0 [ 725.392592] slab_reclaimable:13874 slab_unreclaimable:118442 [ 725.392592] mapped:48280 shmem:11026 pagetables:781 bounce:0 [ 725.392592] free:139032 free_pcp:342 free_cma:0 [ 725.397327] ion_system_heap_allocate+0x133/0x8c0 [ 725.397338] ? ion_alloc+0x187/0x810 [ 725.397349] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 725.397363] ? ion_system_contig_heap_create+0x130/0x130 [ 725.401309] Node 0 active_anon:48220kB inactive_anon:25720kB active_file:5120kB inactive_file:17592kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:187360kB dirty:248kB writeback:0kB shmem:27712kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 725.405617] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 725.405630] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 725.405643] ion_alloc+0x204/0x810 [ 725.405658] ? ion_dma_buf_release+0x40/0x40 [ 725.410121] Node 1 active_anon:768kB inactive_anon:16328kB active_file:2772kB inactive_file:2516kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:5760kB dirty:4kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 725.443792] ? __might_fault+0x177/0x1b0 [ 725.443804] ion_ioctl+0xea/0x1f0 [ 725.443813] ? ion_query_heaps+0x360/0x360 [ 725.443826] ? ion_query_heaps+0x360/0x360 [ 725.443836] do_vfs_ioctl+0x75a/0xff0 [ 725.443847] ? ioctl_preallocate+0x1a0/0x1a0 [ 725.448724] Node 0 [ 725.452361] ? lock_downgrade+0x740/0x740 [ 725.452375] ? __fget+0x225/0x360 [ 725.452385] ? do_vfs_ioctl+0xff0/0xff0 [ 725.452395] ? security_file_ioctl+0x83/0xb0 [ 725.452405] SyS_ioctl+0x7f/0xb0 [ 725.457892] DMA free:11100kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 725.463372] ? do_vfs_ioctl+0xff0/0xff0 [ 725.463384] do_syscall_64+0x1d5/0x640 [ 725.463399] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 725.463408] RIP: 0033:0x466459 [ 725.463416] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 [ 725.491668] lowmem_reserve[]: [ 725.496579] ORIG_RAX: 0000000000000010 [ 725.496585] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 725.496589] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 725.496595] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 725.496600] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 725.496606] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 725.501426] CPU: 1 PID: 14692 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 725.505302] syz-executor.3: [ 725.509359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.509363] Call Trace: [ 725.509380] dump_stack+0x1b2/0x281 [ 725.509395] warn_alloc.cold+0x96/0x1cc [ 725.542319] 0 [ 725.544214] ? zone_watermark_ok_safe+0x220/0x220 [ 725.544238] __alloc_pages_nodemask+0x2127/0x2720 [ 725.552889] 2717 [ 725.556677] ? __schedule+0x893/0x1de0 [ 725.556695] ? lock_acquire+0x170/0x3f0 [ 725.556712] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 725.556727] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 725.577633] 2718 [ 725.579256] ? __mutex_unlock_slowpath+0x75/0x770 [ 725.579275] alloc_pages_current+0x155/0x260 [ 725.593636] 2718 [ 725.608199] ion_page_pool_alloc+0x118/0x1b0 [ 725.608211] ion_system_heap_allocate+0x133/0x8c0 [ 725.608221] ? ion_alloc+0x187/0x810 [ 725.608231] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 725.608241] ? ion_system_contig_heap_create+0x130/0x130 [ 725.638619] page allocation failure: order:4 [ 725.644082] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 725.644095] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 725.644104] ion_alloc+0x204/0x810 [ 725.644117] ? ion_dma_buf_release+0x40/0x40 [ 725.644127] ? __might_fault+0x177/0x1b0 [ 725.644136] ion_ioctl+0xea/0x1f0 [ 725.644142] ? ion_query_heaps+0x360/0x360 [ 725.644151] ? ion_query_heaps+0x360/0x360 [ 725.644159] do_vfs_ioctl+0x75a/0xff0 [ 725.644171] ? ioctl_preallocate+0x1a0/0x1a0 [ 725.644179] ? lock_downgrade+0x740/0x740 [ 725.644189] ? __fget+0x225/0x360 [ 725.644196] ? do_vfs_ioctl+0xff0/0xff0 [ 725.644204] ? security_file_ioctl+0x83/0xb0 [ 725.644213] SyS_ioctl+0x7f/0xb0 [ 725.644220] ? do_vfs_ioctl+0xff0/0xff0 [ 725.644231] do_syscall_64+0x1d5/0x640 [ 725.644244] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 725.644251] RIP: 0033:0x466459 [ 725.644255] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 725.644267] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 725.664882] 2718 [ 725.666124] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 725.666130] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 725.666135] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 725.666141] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 725.903941] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 725.911674] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 725.917795] CPU: 0 PID: 14707 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 725.925664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.935007] Call Trace: [ 725.937600] dump_stack+0x1b2/0x281 [ 725.941229] warn_alloc.cold+0x96/0x1cc [ 725.945200] ? zone_watermark_ok_safe+0x220/0x220 [ 725.950054] __alloc_pages_nodemask+0x2127/0x2720 [ 725.954903] ? lock_acquire+0x170/0x3f0 [ 725.958880] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 725.963728] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 725.969179] ? __mutex_unlock_slowpath+0x75/0x770 [ 725.974019] ? alloc_pages_current+0x123/0x260 [ 725.978612] alloc_pages_current+0x155/0x260 [ 725.983045] ion_page_pool_alloc+0x118/0x1b0 [ 725.987497] ion_system_heap_allocate+0x133/0x8c0 [ 725.992340] ? ion_alloc+0x187/0x810 [ 725.996048] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 726.001494] ? ion_system_contig_heap_create+0x130/0x130 [ 726.006942] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 726.011958] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 726.016802] ion_alloc+0x204/0x810 [ 726.020347] ? ion_dma_buf_release+0x40/0x40 [ 726.024751] ? __might_fault+0x177/0x1b0 [ 726.028810] ion_ioctl+0xea/0x1f0 [ 726.032261] ? ion_query_heaps+0x360/0x360 [ 726.036549] ? ion_query_heaps+0x360/0x360 [ 726.040813] do_vfs_ioctl+0x75a/0xff0 [ 726.044612] ? ioctl_preallocate+0x1a0/0x1a0 [ 726.049025] ? lock_downgrade+0x740/0x740 [ 726.053216] ? __fget+0x225/0x360 [ 726.056665] ? do_vfs_ioctl+0xff0/0xff0 [ 726.060644] ? security_file_ioctl+0x83/0xb0 [ 726.065046] SyS_ioctl+0x7f/0xb0 [ 726.068413] ? do_vfs_ioctl+0xff0/0xff0 [ 726.072391] do_syscall_64+0x1d5/0x640 [ 726.076279] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 726.081461] RIP: 0033:0x466459 [ 726.084640] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 726.092344] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 726.099616] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000003 [ 726.106885] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 726.114147] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 726.122277] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 726.135824] Node 0 DMA32 free:339648kB min:36200kB low:45248kB high:54296kB active_anon:48324kB inactive_anon:25720kB active_file:5360kB inactive_file:17628kB unevictable:0kB writepending:292kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3204kB bounce:0kB free_pcp:148kB local_pcp:32kB free_cma:0kB [ 726.217440] lowmem_reserve[]: 0 0 0 0 0 [ 726.225898] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 726.256643] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 726.288519] lowmem_reserve[]: 0 0 0 0 0 [ 726.297005] Node 1 Normal free:152592kB min:53696kB low:67120kB high:80544kB active_anon:768kB inactive_anon:16328kB active_file:3276kB inactive_file:1908kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:96kB bounce:0kB free_pcp:140kB local_pcp:140kB free_cma:0kB [ 726.304418] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 726.383687] lowmem_reserve[]: 0 0 0 0 0 [ 726.386061] CPU: 1 PID: 14691 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 726.394299] Node 0 [ 726.395575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.395580] Call Trace: [ 726.395599] dump_stack+0x1b2/0x281 [ 726.399989] DMA: [ 726.407155] warn_alloc.cold+0x96/0x1cc [ 726.407168] ? zone_watermark_ok_safe+0x220/0x220 [ 726.407190] __alloc_pages_nodemask+0x2127/0x2720 [ 726.424999] 101*4kB [ 726.429029] ? lock_acquire+0x170/0x3f0 [ 726.429046] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 726.440140] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 726.444384] (UE) [ 726.445591] ? __mutex_unlock_slowpath+0x75/0x770 [ 726.445607] alloc_pages_current+0x155/0x260 [ 726.449833] 39*8kB [ 726.452475] ion_page_pool_alloc+0x118/0x1b0 [ 726.452486] ion_system_heap_allocate+0x133/0x8c0 [ 726.452498] ? ion_alloc+0x187/0x810 [ 726.462564] (UME) [ 726.463524] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 726.479611] ? ion_system_contig_heap_create+0x130/0x130 [ 726.480295] 28*16kB [ 726.485055] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 726.485069] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 726.485081] ion_alloc+0x204/0x810 [ 726.496056] (UME) [ 726.497213] ? ion_dma_buf_release+0x40/0x40 [ 726.497226] ? __might_fault+0x177/0x1b0 [ 726.511339] ion_ioctl+0xea/0x1f0 [ 726.511644] 19*32kB [ 726.514789] ? ion_query_heaps+0x360/0x360 [ 726.514803] ? ion_query_heaps+0x360/0x360 [ 726.523642] (UME) [ 726.525761] do_vfs_ioctl+0x75a/0xff0 [ 726.525778] ? ioctl_preallocate+0x1a0/0x1a0 [ 726.532248] 2*64kB [ 726.536076] ? lock_downgrade+0x740/0x740 [ 726.536090] ? __fget+0x225/0x360 [ 726.545917] ? do_vfs_ioctl+0xff0/0xff0 [ 726.545937] (ME) [ 726.549880] ? security_file_ioctl+0x83/0xb0 [ 726.549892] SyS_ioctl+0x7f/0xb0 [ 726.559677] ? do_vfs_ioctl+0xff0/0xff0 [ 726.563651] do_syscall_64+0x1d5/0x640 [ 726.563925] 4*128kB [ 726.567654] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 726.567663] RIP: 0033:0x466459 [ 726.567671] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 [ 726.577620] (UME) [ 726.578508] ORIG_RAX: 0000000000000010 [ 726.578516] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 726.596904] 2*256kB [ 726.597200] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 726.597206] (ME) [ 726.599505] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 726.599511] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 726.599517] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 726.634103] warn_alloc_show_mem: 3 callbacks suppressed [ 726.634106] Mem-Info: [ 726.645675] active_anon:12273 inactive_anon:10512 isolated_anon:0 [ 726.645675] active_file:2406 inactive_file:4327 isolated_file:25 [ 726.645675] unevictable:0 dirty:74 writeback:0 unstable:0 [ 726.645675] slab_reclaimable:13801 slab_unreclaimable:119098 [ 726.645675] mapped:57119 shmem:11026 pagetables:825 bounce:0 [ 726.645675] free:62969 free_pcp:211 free_cma:0 [ 726.683160] Node 0 active_anon:48324kB inactive_anon:25720kB active_file:6368kB inactive_file:15524kB unevictable:0kB isolated(anon):0kB isolated(file):100kB mapped:222516kB dirty:292kB writeback:0kB shmem:27712kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 726.704421] 2*512kB [ 726.715125] Node 1 active_anon:768kB inactive_anon:16328kB active_file:3256kB inactive_file:1784kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:6060kB dirty:4kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 726.726758] (ME) [ 726.748418] Node 0 DMA free:11116kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 726.776385] 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 11116kB [ 726.804153] Node 0 DMA32: 1745*4kB (ME) 552*8kB (ME) 115*16kB (ME) 931*32kB (UME) 5*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 43348kB [ 726.804730] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 726.827016] Node 0 DMA32 free:42532kB min:36200kB low:45248kB high:54296kB active_anon:48324kB inactive_anon:25720kB active_file:5864kB inactive_file:16068kB unevictable:0kB writepending:292kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3204kB bounce:0kB free_pcp:732kB local_pcp:316kB free_cma:0kB [ 726.833861] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 726.859833] lowmem_reserve[]: 0 0 0 0 0 [ 726.869079] Node 1 Normal: 8*4kB (UM) 1048*8kB (U) 2502*16kB (UE) 2188*32kB (UE) 68*64kB (U) 11*128kB (U) 8*256kB (U) 4*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 128320kB [ 726.875380] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 726.888848] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 726.916289] lowmem_reserve[]: 0 0 0 0 0 [ 726.923153] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 726.926324] Node 1 [ 726.936144] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 726.937984] Normal free:128312kB min:53696kB low:67120kB high:80544kB active_anon:768kB inactive_anon:16328kB active_file:3276kB inactive_file:1908kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:96kB bounce:0kB free_pcp:212kB local_pcp:120kB free_cma:0kB [ 726.938451] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 726.947454] lowmem_reserve[]: [ 726.977051] 17605 total pagecache pages [ 726.987424] 0 [ 726.988334] 0 pages in swap cache [ 726.991819] 0 [ 726.994101] Swap cache stats: add 0, delete 0, find 0/0 [ 726.996922] 0 [ 726.998746] Free swap = 0kB [ 727.008398] 0 0 [ 727.009073] Total swap = 0kB [ 727.011902] Node 0 DMA: 101*4kB (UE) 39*8kB [ 727.014134] 2097051 pages RAM [ 727.014140] (UME) [ 727.018600] 0 pages HighMem/MovableOnly [ 727.026035] 28*16kB [ 727.028092] 363848 pages reserved [ 727.028094] (UME) 19*32kB [ 727.030532] 0 pages cma reserved [ 727.035471] (UME) 2*64kB (ME) 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 11116kB [ 727.073955] Node 0 DMA32: 1746*4kB (UME) 553*8kB (UME) 115*16kB (ME) 859*32kB (UME) 5*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 41056kB [ 727.143118] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 727.194063] Node 1 Normal: 115*4kB (UM) 75*8kB (M) 35*16kB (ME) 1296*32kB (UME) 75*64kB (UM) 15*128kB (UM) 8*256kB (U) 4*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 53908kB [ 727.281529] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 727.298313] IPVS: ftp: loaded support on port[0] = 21 [ 727.333341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 727.356811] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 727.373411] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 727.382449] 11137 total pagecache pages [ 727.386864] 0 pages in swap cache [ 727.397348] Swap cache stats: add 0, delete 0, find 0/0 [ 727.402767] Free swap = 0kB [ 727.406039] Total swap = 0kB [ 727.409049] 2097051 pages RAM [ 727.412229] 0 pages HighMem/MovableOnly [ 727.416192] 363848 pages reserved [ 727.419642] 0 pages cma reserved [ 728.418616] oom_reaper: reaped process 14685 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 728.513940] oom_reaper: reaped process 14707 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 728.524023] syz-executor.3: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 728.532268] kworker/u4:1 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 728.537690] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 728.555171] CPU: 1 PID: 14707 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 728.563051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 728.565893] syz-executor.2: [ 728.572402] Call Trace: [ 728.572421] dump_stack+0x1b2/0x281 [ 728.572437] warn_alloc.cold+0x96/0x1cc [ 728.575446] page allocation failure: order:0 [ 728.578020] ? zone_watermark_ok_safe+0x220/0x220 [ 728.581647] kworker/u4:1 cpuset= [ 728.585570] ? usleep_range+0x130/0x130 [ 728.589951] / [ 728.594778] ? try_to_free_pages+0x23f/0x6e0 [ 728.594788] ? _find_next_bit+0xdb/0x100 [ 728.598253] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 728.602181] ? run_timer_softirq+0x5a0/0x5a0 [ 728.602200] __alloc_pages_nodemask+0x2127/0x2720 [ 728.603895] (null) [ 728.608310] ? lock_acquire+0x170/0x3f0 [ 728.612363] mems_allowed=0-1 [ 728.619425] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 728.623850] syz-executor.2 cpuset= [ 728.628654] ? ion_page_pool_alloc+0x9e/0x1b0 [ 728.634374] / [ 728.634742] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 728.637835] mems_allowed=0-1 [ 728.642682] alloc_pages_current+0x155/0x260 [ 728.642694] ion_page_pool_alloc+0x118/0x1b0 [ 728.642704] ion_system_heap_allocate+0x133/0x8c0 [ 728.674483] ? ion_alloc+0x187/0x810 [ 728.678185] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 728.683615] ? ion_system_contig_heap_create+0x130/0x130 [ 728.689056] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 728.694057] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 728.698883] ion_alloc+0x204/0x810 [ 728.702410] ? ion_dma_buf_release+0x40/0x40 [ 728.706802] ? __might_fault+0x177/0x1b0 [ 728.710846] ion_ioctl+0xea/0x1f0 [ 728.714279] ? ion_query_heaps+0x360/0x360 [ 728.718505] ? ion_query_heaps+0x360/0x360 [ 728.722719] do_vfs_ioctl+0x75a/0xff0 [ 728.726500] ? ioctl_preallocate+0x1a0/0x1a0 [ 728.730887] ? lock_downgrade+0x740/0x740 [ 728.735025] ? __fget+0x225/0x360 [ 728.738458] ? do_vfs_ioctl+0xff0/0xff0 [ 728.742414] ? security_file_ioctl+0x83/0xb0 [ 728.746804] SyS_ioctl+0x7f/0xb0 [ 728.750238] ? do_vfs_ioctl+0xff0/0xff0 [ 728.754201] do_syscall_64+0x1d5/0x640 [ 728.758085] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 728.763264] RIP: 0033:0x466459 [ 728.766430] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 728.774122] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 728.781374] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000003 [ 728.788626] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 728.795873] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 728.803125] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 728.810388] CPU: 0 PID: 14808 Comm: kworker/u4:1 Not tainted 4.14.230-syzkaller #0 [ 728.816011] Mem-Info: [ 728.818201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 728.820656] active_anon:12409 inactive_anon:10516 isolated_anon:0 [ 728.820656] active_file:9 inactive_file:33 isolated_file:0 [ 728.820656] unevictable:0 dirty:0 writeback:0 unstable:0 [ 728.820656] slab_reclaimable:13779 slab_unreclaimable:118388 [ 728.820656] mapped:52655 shmem:11031 pagetables:847 bounce:0 [ 728.820656] free:13831 free_pcp:125 free_cma:0 [ 728.829935] Call Trace: [ 728.865626] dump_stack+0x1b2/0x281 [ 728.866579] Node 0 active_anon:48940kB inactive_anon:25736kB active_file:64kB inactive_file:88kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208956kB dirty:0kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 728.869264] dump_header+0x178/0x82f [ 728.900609] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 728.905700] ? ___ratelimit+0x2cd/0x530 [ 728.909659] oom_kill_process.cold+0x10/0xa40 [ 728.912136] Node 1 active_anon:696kB inactive_anon:16328kB active_file:0kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1664kB dirty:0kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 728.914140] ? lock_downgrade+0x740/0x740 [ 728.945132] out_of_memory+0x2dc/0x1190 [ 728.949090] ? oom_killer_disable+0x1c0/0x1c0 [ 728.953566] ? mutex_trylock+0x152/0x1a0 [ 728.957611] __alloc_pages_nodemask+0x23e1/0x2720 [ 728.962452] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 728.967291] ? cache_grow_begin+0x3f/0x700 [ 728.970259] Node 0 DMA free:10952kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 728.971516] cache_grow_begin+0x91/0x700 [ 728.971529] fallback_alloc+0x207/0x2c0 [ 729.005731] kmem_cache_alloc+0x1e5/0x3c0 [ 729.009862] getname_kernel+0x4e/0x340 [ 729.013731] call_usermodehelper_exec_async+0x2df/0x510 [ 729.019075] ? call_usermodehelper_exec_work+0x2a0/0x2a0 [ 729.024522] ret_from_fork+0x24/0x30 [ 729.028227] CPU: 1 PID: 14685 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 729.036796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.044766] Mem-Info: [ 729.046157] Call Trace: [ 729.048563] active_anon:12385 inactive_anon:10516 isolated_anon:0 [ 729.048563] active_file:18 inactive_file:13 isolated_file:0 [ 729.048563] unevictable:0 dirty:0 writeback:0 unstable:0 [ 729.048563] slab_reclaimable:13779 slab_unreclaimable:118380 [ 729.048563] mapped:52657 shmem:11031 pagetables:847 bounce:0 [ 729.048563] free:13830 free_pcp:125 free_cma:0 [ 729.051127] dump_stack+0x1b2/0x281 [ 729.051141] warn_alloc.cold+0x96/0x1cc [ 729.051162] ? zone_watermark_ok_safe+0x220/0x220 [ 729.084381] lowmem_reserve[]: [ 729.087971] ? usleep_range+0x130/0x130 [ 729.091934] 0 [ 729.096740] ? try_to_free_pages+0x23f/0x6e0 [ 729.099816] 2717 [ 729.103787] ? _find_next_bit+0xdb/0x100 [ 729.103797] ? run_timer_softirq+0x5a0/0x5a0 [ 729.103814] __alloc_pages_nodemask+0x2127/0x2720 [ 729.105585] 2718 [ 729.109978] ? lock_acquire+0x170/0x3f0 [ 729.112026] 2718 [ 729.116065] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 729.120452] 2718 [ 729.125262] ? ion_page_pool_alloc+0x9e/0x1b0 [ 729.131253] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 729.131272] alloc_pages_current+0x155/0x260 [ 729.133318] Node 0 active_anon:48844kB inactive_anon:25736kB active_file:60kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:0kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 729.138144] ion_page_pool_alloc+0x118/0x1b0 [ 729.140187] Node 1 active_anon:696kB inactive_anon:16328kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1724kB dirty:0kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 729.144652] ion_system_heap_allocate+0x133/0x8c0 [ 729.144662] ? ion_alloc+0x187/0x810 [ 729.144673] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 729.150098] Node 0 [ 729.154480] ? ion_system_contig_heap_create+0x130/0x130 [ 729.154489] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 729.154502] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 729.182251] Node 0 [ 729.186624] ion_alloc+0x204/0x810 [ 729.213624] DMA32 free:17740kB min:36200kB low:45248kB high:54296kB active_anon:48844kB inactive_anon:25736kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7840kB pagetables:3288kB bounce:0kB free_pcp:276kB local_pcp:60kB free_cma:0kB [ 729.218421] ? ion_dma_buf_release+0x40/0x40 [ 729.222131] DMA free:10952kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 729.227539] ? __might_fault+0x177/0x1b0 [ 729.229749] lowmem_reserve[]: [ 729.235180] ion_ioctl+0xea/0x1f0 [ 729.235189] ? ion_query_heaps+0x360/0x360 [ 729.235200] ? ion_query_heaps+0x360/0x360 [ 729.235211] do_vfs_ioctl+0x75a/0xff0 [ 729.240203] lowmem_reserve[]: [ 729.245046] ? ioctl_preallocate+0x1a0/0x1a0 [ 729.245054] ? lock_downgrade+0x740/0x740 [ 729.245067] ? __fget+0x225/0x360 [ 729.247273] 0 [ 729.250790] ? do_vfs_ioctl+0xff0/0xff0 [ 729.250800] ? security_file_ioctl+0x83/0xb0 [ 729.250811] SyS_ioctl+0x7f/0xb0 [ 729.279006] 0 [ 729.283379] ? do_vfs_ioctl+0xff0/0xff0 [ 729.283391] do_syscall_64+0x1d5/0x640 [ 729.283406] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 729.308894] 0 [ 729.312919] RIP: 0033:0x466459 [ 729.312924] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 729.312936] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 729.316015] 0 [ 729.319451] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 729.323803] 2717 [ 729.327998] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 729.331794] 2718 [ 729.334862] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 729.334869] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 729.339250] 2718 [ 729.404731] chnl_net:caif_netlink_parms(): no params data found [ 729.407670] Bluetooth: hci4 command 0x0409 tx timeout [ 729.449061] 0 0 [ 729.461609] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 729.497359] lowmem_reserve[]: 0 0 0 0 0 [ 729.510724] Node 1 Normal free:118788kB min:53696kB low:67120kB high:80544kB active_anon:696kB inactive_anon:16328kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:100kB bounce:0kB free_pcp:224kB local_pcp:104kB free_cma:0kB [ 729.570613] lowmem_reserve[]: 0 0 0 0 0 [ 729.574632] Node 0 DMA: 58*4kB (UE) 38*8kB (UE) 27*16kB (UE) 18*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 10952kB [ 729.617212] 2718 [ 729.619295] Node 0 DMA32 free:45180kB min:36200kB low:45248kB high:54296kB active_anon:48992kB inactive_anon:25736kB active_file:500kB inactive_file:8344kB unevictable:0kB writepending:4kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7808kB pagetables:3292kB bounce:0kB free_pcp:608kB local_pcp:336kB free_cma:0kB [ 729.658579] Node 0 DMA32: 1479*4kB (UME) 562*8kB (UE) 77*16kB (UME) 14*32kB (UME) 4*64kB (UM) 1*128kB (U) 0*256kB 1*512kB (M) 1*1024kB (M) 9*2048kB (U) 3*4096kB (U) = 44732kB [ 729.704292] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 729.738453] lowmem_reserve[]: 0 0 0 0 0 [ 729.742579] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 729.796436] Node 1 Normal: 1*4kB (M) 0*8kB 3*16kB (UE) 2*32kB (E) 14*64kB (UM) 11*128kB (UM) 1*256kB (U) 0*512kB 407*1024kB (U) 2*2048kB (U) 0*4096kB = 423540kB [ 729.837593] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 729.850937] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 729.859536] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 729.884892] lowmem_reserve[]: 0 0 0 0 0 [ 729.888900] Node 1 Normal free:481712kB min:53696kB low:67120kB high:80544kB active_anon:896kB inactive_anon:16328kB active_file:804kB inactive_file:1800kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:100kB bounce:0kB free_pcp:456kB local_pcp:112kB free_cma:0kB [ 729.966190] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 729.975417] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.003399] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.010923] 13962 total pagecache pages [ 730.014912] 0 pages in swap cache [ 730.018356] Swap cache stats: add 0, delete 0, find 0/0 [ 730.028895] device bridge_slave_0 entered promiscuous mode [ 730.044286] lowmem_reserve[]: 0 0 0 0 0 [ 730.048298] Node 0 DMA: 1*4kB (E) 1*8kB (E) 6*16kB (UE) 18*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 11116kB [ 730.068971] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.083838] Free swap = 0kB [ 730.086871] Total swap = 0kB [ 730.089886] 2097051 pages RAM [ 730.103048] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.123746] 0 pages HighMem/MovableOnly [ 730.127728] 363848 pages reserved [ 730.132428] device bridge_slave_1 entered promiscuous mode [ 730.138651] Node 0 DMA32: 1477*4kB (E) 469*8kB (UE) 72*16kB (E) 11*32kB (E) 448*64kB (U) 37*128kB (U) 2*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45084kB [ 730.157727] 0 pages cma reserved [ 730.197830] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 730.254589] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 730.262230] Node 1 Normal: 2*4kB (UM) 1*8kB (M) 3*16kB (ME) 3*32kB (UE) 2172*64kB (UM) 173*128kB (UM) 18*256kB (U) 4*512kB (U) 68*1024kB (U) 19*2048kB (U) 0*4096kB = 276512kB [ 730.304828] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 730.345288] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 730.370786] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 730.379404] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 730.390955] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 730.406568] 13962 total pagecache pages [ 730.431003] 0 pages in swap cache [ 730.434995] Swap cache stats: add 0, delete 0, find 0/0 [ 730.435126] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 730.450286] Free swap = 0kB [ 730.453320] Total swap = 0kB [ 730.456341] 2097051 pages RAM [ 730.459446] 0 pages HighMem/MovableOnly [ 730.461948] team0: Port device team_slave_0 added [ 730.468391] 363848 pages reserved [ 730.481036] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 730.484028] 0 pages cma reserved [ 730.523126] team0: Port device team_slave_1 added [ 730.546348] Out of memory: Kill process 14689 (syz-executor.1) score 1004 or sacrifice child [ 730.574163] Killed process 14691 (syz-executor.1) total-vm:93384kB, anon-rss:152kB, file-rss:34820kB, shmem-rss:0kB [ 730.613510] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 730.625701] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 730.636545] CPU: 1 PID: 14685 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 730.644451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 730.653802] Call Trace: [ 730.656394] dump_stack+0x1b2/0x281 [ 730.660026] warn_alloc.cold+0x96/0x1cc [ 730.663999] ? zone_watermark_ok_safe+0x220/0x220 [ 730.668854] __alloc_pages_nodemask+0x2127/0x2720 [ 730.673689] ? _raw_spin_unlock_irq+0x5a/0x80 [ 730.678164] ? finish_task_switch+0x178/0x610 [ 730.682635] ? finish_task_switch+0x14d/0x610 [ 730.687114] ? lock_acquire+0x170/0x3f0 [ 730.691069] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 730.695893] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 730.701325] ? __mutex_unlock_slowpath+0x75/0x770 [ 730.706148] alloc_pages_current+0x155/0x260 [ 730.710535] ion_page_pool_alloc+0x118/0x1b0 [ 730.714923] ion_system_heap_allocate+0x133/0x8c0 [ 730.719755] ? _raw_spin_unlock+0x29/0x40 [ 730.723881] ? _ion_heap_freelist_drain+0x6e/0x410 [ 730.728786] ? ion_system_contig_heap_create+0x130/0x130 [ 730.734234] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 730.739227] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 730.744048] ion_alloc+0x27a/0x810 [ 730.747566] ? ion_dma_buf_release+0x40/0x40 [ 730.751953] ? __might_fault+0x177/0x1b0 [ 730.755991] ion_ioctl+0xea/0x1f0 [ 730.759436] ? ion_query_heaps+0x360/0x360 [ 730.763653] ? ion_query_heaps+0x360/0x360 [ 730.767882] do_vfs_ioctl+0x75a/0xff0 [ 730.771669] ? ioctl_preallocate+0x1a0/0x1a0 [ 730.776068] ? lock_downgrade+0x740/0x740 [ 730.780198] ? __fget+0x225/0x360 [ 730.783632] ? do_vfs_ioctl+0xff0/0xff0 [ 730.787588] ? security_file_ioctl+0x83/0xb0 [ 730.791976] SyS_ioctl+0x7f/0xb0 [ 730.795319] ? do_vfs_ioctl+0xff0/0xff0 [ 730.799273] do_syscall_64+0x1d5/0x640 [ 730.803141] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 730.808306] RIP: 0033:0x466459 [ 730.811472] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 730.819157] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 730.826405] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 730.833652] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 730.840902] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 730.848155] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 730.856283] syz-executor.3: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 730.858086] warn_alloc_show_mem: 1 callbacks suppressed [ 730.858089] Mem-Info: [ 730.868136] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 730.868158] CPU: 1 PID: 14707 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 730.868164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 730.868168] Call Trace: [ 730.868183] dump_stack+0x1b2/0x281 [ 730.868197] warn_alloc.cold+0x96/0x1cc [ 730.868210] ? zone_watermark_ok_safe+0x220/0x220 [ 730.868231] __alloc_pages_nodemask+0x2127/0x2720 [ 730.868241] ? lock_acquire+0x170/0x3f0 [ 730.868253] ? lock_acquire+0x170/0x3f0 [ 730.868269] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 730.868286] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 730.868298] ? __mutex_unlock_slowpath+0x75/0x770 [ 730.868313] alloc_pages_current+0x155/0x260 [ 730.868324] ion_page_pool_alloc+0x118/0x1b0 [ 730.920639] oom_reaper: reaped process 14691 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 730.922073] ion_system_heap_allocate+0x133/0x8c0 [ 730.932032] active_anon:12409 inactive_anon:10515 isolated_anon:0 [ 730.932032] active_file:46 inactive_file:27 isolated_file:0 [ 730.932032] unevictable:0 dirty:14 writeback:6 unstable:0 [ 730.932032] slab_reclaimable:13792 slab_unreclaimable:118886 [ 730.932032] mapped:52692 shmem:11031 pagetables:848 bounce:0 [ 730.932032] free:13841 free_pcp:186 free_cma:0 [ 730.936275] ? _raw_spin_unlock+0x29/0x40 [ 730.960732] oom_reaper: reaped process 14692 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 730.964640] ? _ion_heap_freelist_drain+0x6e/0x410 [ 730.997963] Node 0 active_anon:48908kB inactive_anon:25732kB active_file:84kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208932kB dirty:52kB writeback:20kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 731.002056] ? ion_system_contig_heap_create+0x130/0x130 [ 731.002067] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 731.002080] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 731.012041] Node 1 active_anon:728kB inactive_anon:16328kB active_file:100kB inactive_file:92kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1836kB dirty:4kB writeback:4kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 731.016925] ion_alloc+0x27a/0x810 [ 731.044775] Node 0 [ 731.050181] ? ion_dma_buf_release+0x40/0x40 [ 731.050193] ? __might_fault+0x177/0x1b0 [ 731.055190] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 731.060002] ion_ioctl+0xea/0x1f0 [ 731.087056] lowmem_reserve[]: [ 731.090567] ? ion_query_heaps+0x360/0x360 [ 731.090582] ? ion_query_heaps+0x360/0x360 [ 731.092806] 0 [ 731.097194] do_vfs_ioctl+0x75a/0xff0 [ 731.101240] 2717 [ 731.126712] ? ioctl_preallocate+0x1a0/0x1a0 [ 731.126719] ? lock_downgrade+0x740/0x740 [ 731.126732] ? __fget+0x225/0x360 [ 731.130167] 2718 [ 731.133243] ? do_vfs_ioctl+0xff0/0xff0 [ 731.137450] 2718 [ 731.141668] ? security_file_ioctl+0x83/0xb0 [ 731.141678] SyS_ioctl+0x7f/0xb0 [ 731.141687] ? do_vfs_ioctl+0xff0/0xff0 [ 731.143461] 2718 [ 731.147245] do_syscall_64+0x1d5/0x640 [ 731.153670] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 731.153678] RIP: 0033:0x466459 [ 731.153686] RSP: 002b:00007faef7867188 EFLAGS: 00000246 [ 731.157809] Node 0 [ 731.161235] ORIG_RAX: 0000000000000010 [ 731.161242] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 731.161247] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000003 [ 731.161252] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 731.161259] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 731.163307] DMA32 free:18048kB min:36200kB low:45248kB high:54296kB active_anon:49008kB inactive_anon:25732kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:72kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7808kB pagetables:3292kB bounce:0kB free_pcp:628kB local_pcp:628kB free_cma:0kB [ 731.167245] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 731.169279] lowmem_reserve[]: [ 731.182878] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask= [ 731.208262] 0 [ 731.214539] (null), order=0, oom_score_adj=0 [ 731.214550] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 731.214571] CPU: 1 PID: 7967 Comm: syz-fuzzer Not tainted 4.14.230-syzkaller #0 [ 731.214575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 731.214579] Call Trace: [ 731.214593] dump_stack+0x1b2/0x281 [ 731.214604] dump_header+0x178/0x82f [ 731.214616] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 731.238599] 0 [ 731.264729] ? ___ratelimit+0x2cd/0x530 [ 731.264741] oom_kill_process.cold+0x10/0xa40 [ 731.264758] out_of_memory+0xe3e/0x1190 [ 731.272017] 0 [ 731.275096] ? oom_killer_disable+0x1c0/0x1c0 [ 731.284784] 0 [ 731.286555] ? mutex_trylock+0x152/0x1a0 [ 731.291032] 0 [ 731.295755] __alloc_pages_nodemask+0x23e1/0x2720 [ 731.312528] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 731.312551] alloc_pages_current+0x155/0x260 [ 731.315099] Node 0 [ 731.318711] filemap_fault+0x11a1/0x1ad0 [ 731.322423] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 731.327484] ext4_filemap_fault+0x84/0xb0 [ 731.329252] lowmem_reserve[]: [ 731.333204] __do_fault+0xfa/0x380 [ 731.333214] __handle_mm_fault+0x2497/0x4620 [ 731.333224] ? vm_insert_page+0x7c0/0x7c0 [ 731.337690] 0 [ 731.341666] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 731.341681] ? mark_held_locks+0xa6/0xf0 [ 731.343457] 0 [ 731.347945] handle_mm_fault+0x455/0x9c0 [ 731.349719] 0 [ 731.353759] __do_page_fault+0x549/0xad0 [ 731.353773] ? spurious_fault+0x640/0x640 [ 731.355550] 0 [ 731.360372] ? do_page_fault+0x60/0x500 [ 731.360380] ? page_fault+0x2f/0x50 [ 731.360389] page_fault+0x45/0x50 [ 731.365201] 0 [ 731.369598] RIP: 2000:0xc005d30e40 [ 731.375852] RSP: 458000:000000c000331bb8 EFLAGS: ffffffffffffffff [ 731.400750] Node 1 [ 731.407467] Mem-Info: [ 731.407955] Normal free:26344kB min:53696kB low:67120kB high:80544kB active_anon:724kB inactive_anon:16328kB active_file:40kB inactive_file:40kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:100kB bounce:0kB free_pcp:124kB local_pcp:124kB free_cma:0kB [ 731.411525] active_anon:12385 inactive_anon:10515 isolated_anon:0 [ 731.411525] active_file:17 inactive_file:30 isolated_file:0 [ 731.411525] unevictable:0 dirty:16 writeback:0 unstable:0 [ 731.411525] slab_reclaimable:13793 slab_unreclaimable:118850 [ 731.411525] mapped:52682 shmem:11031 pagetables:848 bounce:0 [ 731.411525] free:13847 free_pcp:218 free_cma:0 [ 731.411540] Node 0 active_anon:48816kB inactive_anon:25732kB active_file:28kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:60kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 731.411553] Node 1 active_anon:724kB inactive_anon:16328kB active_file:40kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1824kB dirty:4kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 731.411557] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 731.411573] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 731.411593] Node 0 DMA32 free:18072kB min:36200kB low:45248kB high:54296kB active_anon:48816kB inactive_anon:25732kB active_file:28kB inactive_file:80kB unevictable:0kB writepending:60kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7808kB pagetables:3292kB bounce:0kB free_pcp:748kB local_pcp:120kB free_cma:0kB [ 731.411610] lowmem_reserve[]: 0 0 0 0 0 [ 731.411629] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 731.411643] lowmem_reserve[]: 0 0 0 0 0 [ 731.411661] Node 1 Normal free:26344kB min:53696kB low:67120kB high:80544kB active_anon:724kB inactive_anon:16328kB active_file:40kB inactive_file:40kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:100kB bounce:0kB free_pcp:124kB local_pcp:0kB free_cma:0kB [ 731.411677] lowmem_reserve[]: 0 0 0 0 0 [ 731.411693] Node 0 DMA: 1*4kB (E) 1*8kB (E) 1*16kB (E) 14*32kB (UE) 2*64kB (UE) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) [ 731.440085] lowmem_reserve[]: [ 731.440471] 2*2048kB (ME) 1*4096kB (U) = 10972kB [ 731.440493] Node 0 DMA32: 2068*4kB (ME) 709*8kB (ME) 136*16kB (ME) 41*32kB (UME) 0*64kB 3*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18072kB [ 731.440555] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB [ 731.460594] 0 [ 731.461591] 0*1024kB [ 731.463351] 0 [ 731.466868] 0*2048kB [ 731.494935] 0 [ 731.505680] 0*4096kB [ 731.555694] Bluetooth: hci4 command 0x041b tx timeout [ 731.572228] = 0kB [ 731.617575] 0 [ 731.620311] Node 1 [ 731.625268] 0 [ 731.654287] Normal: 58*4kB (UM) 44*8kB (UM) 80*16kB (UME) 397*32kB (UME) 20*64kB (UM) 10*128kB (M) 24*256kB (U) [ 731.686497] Node 0 [ 731.716619] 6*512kB [ 731.726183] DMA: [ 731.757384] (U) [ 731.764376] 1*4kB [ 731.786898] 0*1024kB [ 731.789371] (E) 1*8kB (E) 1*16kB (E) 14*32kB (UE) 2*64kB (UE) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 10972kB [ 731.818567] 0*2048kB [ 731.826761] Node 0 DMA32: 2068*4kB (ME) 709*8kB (ME) 136*16kB (ME) 41*32kB (UME) 0*64kB 3*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18072kB [ 731.826829] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB [ 731.847714] 0*4096kB [ 731.849755] 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 731.864702] Node 1 Normal: 58*4kB (UM) 44*8kB (UM) 80*16kB (UME) 397*32kB (UME) 20*64kB (UM) 10*128kB (M) 24*256kB (U) 6*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 26344kB [ 731.878141] = 26344kB [ 731.879928] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 731.893293] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 731.901909] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 731.908273] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 731.912568] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 731.928820] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 731.935558] 11078 total pagecache pages [ 731.937443] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 731.952598] 0 pages in swap cache [ 731.956046] Swap cache stats: add 0, delete 0, find 0/0 [ 731.959708] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 731.972787] Free swap = 0kB [ 731.975802] Total swap = 0kB [ 731.978813] 2097051 pages RAM [ 731.979613] 11078 total pagecache pages [ 731.985456] 0 pages HighMem/MovableOnly [ 731.985897] 0 pages in swap cache [ 731.989847] 363848 pages reserved [ 732.003704] Swap cache stats: add 0, delete 0, find 0/0 [ 732.008706] 0 pages cma reserved [ 732.009064] Free swap = 0kB [ 732.018811] Total swap = 0kB [ 732.027504] 2097051 pages RAM [ 732.031328] 0 pages HighMem/MovableOnly [ 732.035290] 363848 pages reserved [ 732.038715] 0 pages cma reserved [ 732.048498] Out of memory (oom_kill_allocating_task): Kill process 7967 (syz-fuzzer) score 0 or sacrifice child [ 732.069665] Killed process 7979 (syz-executor.4) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 732.096132] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 732.108801] syz-executor.1: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 732.112465] syz-executor.4: [ 732.127165] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 732.134965] CPU: 0 PID: 7967 Comm: syz-fuzzer Not tainted 4.14.230-syzkaller #0 [ 732.137699] syz-executor.1 cpuset= [ 732.142397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.142401] Call Trace: [ 732.142417] dump_stack+0x1b2/0x281 [ 732.142429] dump_header+0x178/0x82f [ 732.142440] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 732.142450] ? ___ratelimit+0x2cd/0x530 [ 732.142460] oom_kill_process.cold+0x10/0xa40 [ 732.142478] out_of_memory+0xe3e/0x1190 [ 732.142491] ? oom_killer_disable+0x1c0/0x1c0 [ 732.153358] syz-executor.2: [ 732.155353] ? mutex_trylock+0x152/0x1a0 [ 732.157909] page allocation failure: order:0 [ 732.161517] __alloc_pages_nodemask+0x23e1/0x2720 [ 732.161538] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 732.161563] alloc_pages_current+0x155/0x260 [ 732.161574] filemap_fault+0x11a1/0x1ad0 [ 732.161592] ext4_filemap_fault+0x84/0xb0 [ 732.179509] / [ 732.182744] __do_fault+0xfa/0x380 [ 732.203508] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 732.208301] __handle_mm_fault+0x2497/0x4620 [ 732.226669] mems_allowed=0-1 [ 732.233166] ? vm_insert_page+0x7c0/0x7c0 [ 732.233180] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 732.233196] ? mark_held_locks+0xa6/0xf0 [ 732.233207] handle_mm_fault+0x455/0x9c0 [ 732.233220] __do_page_fault+0x549/0xad0 [ 732.233233] ? spurious_fault+0x640/0x640 [ 732.253061] (null) [ 732.255526] ? do_page_fault+0x60/0x500 [ 732.259562] syz-executor.2 cpuset= [ 732.263598] ? page_fault+0x2f/0x50 [ 732.263605] page_fault+0x45/0x50 [ 732.263613] RIP: 2000:0xc005d30e40 [ 732.263617] RSP: 458000:000000c000331bb8 EFLAGS: ffffffffffffffff [ 732.275524] page allocation failure: order:0 [ 732.291719] CPU: 1 PID: 14691 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 732.296290] syz-executor.3: [ 732.298793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.310282] page allocation failure: order:0 [ 732.318977] Call Trace: [ 732.318987] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 732.323374] dump_stack+0x1b2/0x281 [ 732.323389] warn_alloc.cold+0x96/0x1cc [ 732.325957] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 732.333031] ? zone_watermark_ok_safe+0x220/0x220 [ 732.333042] ? usleep_range+0x130/0x130 [ 732.333051] ? try_to_free_pages+0x23f/0x6e0 [ 732.336654] (null) [ 732.340602] ? _find_next_bit+0xdb/0x100 [ 732.340613] ? run_timer_softirq+0x5a0/0x5a0 [ 732.340629] __alloc_pages_nodemask+0x2127/0x2720 [ 732.347691] syz-executor.3 cpuset= [ 732.352521] ? lock_acquire+0x170/0x3f0 [ 732.352537] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 732.356488] (null) [ 732.360873] ? ion_page_pool_alloc+0x9e/0x1b0 [ 732.360888] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 732.360901] ? retint_kernel+0x2d/0x2d [ 732.363024] syz-executor.4 cpuset= [ 732.367065] alloc_pages_current+0x155/0x260 [ 732.371459] / [ 732.376268] ion_page_pool_alloc+0x118/0x1b0 [ 732.379781] mems_allowed=0-1 [ 732.383733] ion_system_heap_allocate+0x133/0x8c0 [ 732.383742] ? ion_alloc+0x187/0x810 [ 732.383752] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 732.388573] / [ 732.390700] ? ion_system_contig_heap_create+0x130/0x130 [ 732.395202] mems_allowed=0-1 [ 732.400610] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 732.400621] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 732.400633] ion_alloc+0x204/0x810 [ 732.459003] ? ion_dma_buf_release+0x40/0x40 [ 732.463396] ? __might_fault+0x177/0x1b0 [ 732.467439] ion_ioctl+0xea/0x1f0 [ 732.470874] ? ion_query_heaps+0x360/0x360 [ 732.475114] ? ion_query_heaps+0x360/0x360 [ 732.479332] do_vfs_ioctl+0x75a/0xff0 [ 732.483116] ? ioctl_preallocate+0x1a0/0x1a0 [ 732.487505] ? lock_downgrade+0x740/0x740 [ 732.491661] ? __fget+0x225/0x360 [ 732.495094] ? do_vfs_ioctl+0xff0/0xff0 [ 732.499065] ? security_file_ioctl+0x83/0xb0 [ 732.503460] SyS_ioctl+0x7f/0xb0 [ 732.506806] ? do_vfs_ioctl+0xff0/0xff0 [ 732.510763] do_syscall_64+0x1d5/0x640 [ 732.514635] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 732.519805] RIP: 0033:0x466459 [ 732.522978] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 732.530667] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 732.537919] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 732.545170] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 732.552419] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 732.559679] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 732.560102] Mem-Info: [ 732.582459] / mems_allowed=0-1 [ 732.585681] CPU: 1 PID: 14685 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 732.593544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.602875] Call Trace: [ 732.605458] dump_stack+0x1b2/0x281 [ 732.609071] warn_alloc.cold+0x96/0x1cc [ 732.610093] active_anon:12385 inactive_anon:10515 isolated_anon:0 [ 732.610093] active_file:46 inactive_file:0 isolated_file:0 [ 732.610093] unevictable:0 dirty:16 writeback:0 unstable:0 [ 732.610093] slab_reclaimable:13781 slab_unreclaimable:118778 [ 732.610093] mapped:52682 shmem:11031 pagetables:848 bounce:0 [ 732.610093] free:13827 free_pcp:261 free_cma:0 [ 732.613038] ? zone_watermark_ok_safe+0x220/0x220 [ 732.651377] ? usleep_range+0x130/0x130 [ 732.655333] ? try_to_free_pages+0x23f/0x6e0 [ 732.659727] ? _find_next_bit+0xdb/0x100 [ 732.663771] ? run_timer_softirq+0x5a0/0x5a0 [ 732.668165] __alloc_pages_nodemask+0x2127/0x2720 [ 732.672994] ? lock_acquire+0x170/0x3f0 [ 732.676953] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 732.681779] ? ion_page_pool_alloc+0x9e/0x1b0 [ 732.686499] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 732.691937] alloc_pages_current+0x155/0x260 [ 732.696430] ion_page_pool_alloc+0x118/0x1b0 [ 732.700818] ion_system_heap_allocate+0x133/0x8c0 [ 732.705641] ? _raw_spin_unlock+0x29/0x40 [ 732.709860] ? _ion_heap_freelist_drain+0x6e/0x410 [ 732.710079] Node 0 active_anon:48816kB inactive_anon:25732kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:60kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 732.714858] ? ion_system_contig_heap_create+0x130/0x130 [ 732.748115] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 732.753119] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 732.757941] ion_alloc+0x27a/0x810 [ 732.761464] ? ion_dma_buf_release+0x40/0x40 [ 732.765853] ? __might_fault+0x177/0x1b0 [ 732.769901] ion_ioctl+0xea/0x1f0 [ 732.773335] ? ion_query_heaps+0x360/0x360 [ 732.777551] ? ion_query_heaps+0x360/0x360 [ 732.781768] do_vfs_ioctl+0x75a/0xff0 [ 732.785553] ? ioctl_preallocate+0x1a0/0x1a0 [ 732.789940] ? lock_downgrade+0x740/0x740 [ 732.794072] ? __fget+0x225/0x360 [ 732.797505] ? do_vfs_ioctl+0xff0/0xff0 [ 732.801461] ? security_file_ioctl+0x83/0xb0 [ 732.805869] SyS_ioctl+0x7f/0xb0 [ 732.809222] ? do_vfs_ioctl+0xff0/0xff0 [ 732.810092] Node 1 active_anon:724kB inactive_anon:16328kB active_file:40kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1824kB dirty:4kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 732.813274] do_syscall_64+0x1d5/0x640 [ 732.844220] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 732.849390] RIP: 0033:0x466459 [ 732.852562] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 732.860271] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 732.867540] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 732.874789] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 732.882040] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 732.889289] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 732.896554] CPU: 0 PID: 14692 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 732.904434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.907621] warn_alloc_show_mem: 1 callbacks suppressed [ 732.907624] Mem-Info: [ 732.913862] Call Trace: [ 732.913881] dump_stack+0x1b2/0x281 [ 732.913894] warn_alloc.cold+0x96/0x1cc [ 732.913905] ? zone_watermark_ok_safe+0x220/0x220 [ 732.913915] ? usleep_range+0x130/0x130 [ 732.913922] ? try_to_free_pages+0x23f/0x6e0 [ 732.913932] ? _find_next_bit+0xdb/0x100 [ 732.913942] ? run_timer_softirq+0x5a0/0x5a0 [ 732.913961] __alloc_pages_nodemask+0x2127/0x2720 [ 732.950558] active_anon:12385 inactive_anon:10515 isolated_anon:0 [ 732.950558] active_file:46 inactive_file:0 isolated_file:0 [ 732.950558] unevictable:0 dirty:16 writeback:0 unstable:0 [ 732.950558] slab_reclaimable:13781 slab_unreclaimable:118778 [ 732.950558] mapped:52682 shmem:11031 pagetables:848 bounce:0 [ 732.950558] free:13827 free_pcp:261 free_cma:0 [ 732.953419] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 732.958242] Node 0 active_anon:48816kB inactive_anon:25732kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:60kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 732.991526] ? migrate_swap_stop+0x880/0x880 [ 732.991535] ? lock_acquire+0x170/0x3f0 [ 732.991556] alloc_pages_current+0x155/0x260 [ 732.991569] ion_page_pool_alloc+0x118/0x1b0 [ 732.991578] ion_system_heap_allocate+0x133/0x8c0 [ 732.991588] ? ion_alloc+0x187/0x810 [ 732.991598] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 732.991607] ? ion_system_contig_heap_create+0x130/0x130 [ 732.991616] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 732.991626] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 732.991636] ion_alloc+0x204/0x810 [ 732.991649] ? ion_dma_buf_release+0x40/0x40 [ 732.991659] ? __might_fault+0x177/0x1b0 [ 732.991670] ion_ioctl+0xea/0x1f0 [ 733.086029] ? ion_query_heaps+0x360/0x360 [ 733.088823] Node 1 active_anon:724kB inactive_anon:16328kB active_file:16kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1824kB dirty:4kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 733.090260] ? ion_query_heaps+0x360/0x360 [ 733.090271] do_vfs_ioctl+0x75a/0xff0 [ 733.090284] ? ioctl_preallocate+0x1a0/0x1a0 [ 733.090296] ? lock_downgrade+0x740/0x740 [ 733.133754] ? __fget+0x225/0x360 [ 733.137187] ? do_vfs_ioctl+0xff0/0xff0 [ 733.141156] ? security_file_ioctl+0x83/0xb0 [ 733.145558] SyS_ioctl+0x7f/0xb0 [ 733.148916] ? do_vfs_ioctl+0xff0/0xff0 [ 733.152888] do_syscall_64+0x1d5/0x640 [ 733.156776] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 733.161959] RIP: 0033:0x466459 [ 733.165230] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 733.172936] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 733.180207] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 733.187469] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 733.194729] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 733.201993] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 733.217315] CPU: 1 PID: 14707 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 733.220420] Node 0 [ 733.225286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.225303] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 733.227508] Call Trace: [ 733.257077] lowmem_reserve[]: [ 733.262335] dump_stack+0x1b2/0x281 [ 733.262350] warn_alloc.cold+0x96/0x1cc [ 733.267161] 0 [ 733.268009] ? zone_watermark_ok_safe+0x220/0x220 [ 733.277248] 2717 [ 733.277349] ? usleep_range+0x130/0x130 [ 733.287333] 2718 2718 [ 733.288170] ? try_to_free_pages+0x23f/0x6e0 [ 733.288180] ? _find_next_bit+0xdb/0x100 [ 733.290671] 2718 [ 733.295050] ? run_timer_softirq+0x5a0/0x5a0 [ 733.305531] __alloc_pages_nodemask+0x2127/0x2720 [ 733.310375] ? lock_acquire+0x170/0x3f0 [ 733.310391] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 733.314341] Node 0 [ 733.319247] ? ion_page_pool_alloc+0x9e/0x1b0 [ 733.319267] DMA32 free:24832kB min:36200kB low:45248kB high:54296kB active_anon:48816kB inactive_anon:25732kB active_file:32kB inactive_file:76kB unevictable:0kB writepending:60kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7776kB pagetables:3292kB bounce:0kB free_pcp:948kB local_pcp:712kB free_cma:0kB [ 733.354306] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 733.354327] alloc_pages_current+0x155/0x260 [ 733.364158] ion_page_pool_alloc+0x118/0x1b0 [ 733.368565] ion_system_heap_allocate+0x133/0x8c0 [ 733.373405] ? _raw_spin_unlock+0x29/0x40 [ 733.377548] ? _ion_heap_freelist_drain+0x6e/0x410 [ 733.382473] ? ion_system_contig_heap_create+0x130/0x130 [ 733.387923] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 733.390052] lowmem_reserve[]: [ 733.392932] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 733.392934] 0 0 [ 733.396163] ion_alloc+0x27a/0x810 [ 733.406474] ? ion_dma_buf_release+0x40/0x40 [ 733.410044] 0 0 [ 733.410877] ? __might_fault+0x177/0x1b0 [ 733.410890] ion_ioctl+0xea/0x1f0 [ 733.412882] 0 [ 733.416911] ? ion_query_heaps+0x360/0x360 [ 733.426348] ? ion_query_heaps+0x360/0x360 [ 733.430575] do_vfs_ioctl+0x75a/0xff0 [ 733.430577] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 733.434366] ? ioctl_preallocate+0x1a0/0x1a0 [ 733.434375] ? lock_downgrade+0x740/0x740 [ 733.434388] ? __fget+0x225/0x360 [ 733.471839] ? do_vfs_ioctl+0xff0/0xff0 [ 733.475808] ? security_file_ioctl+0x83/0xb0 [ 733.480213] SyS_ioctl+0x7f/0xb0 [ 733.483571] ? do_vfs_ioctl+0xff0/0xff0 [ 733.487545] do_syscall_64+0x1d5/0x640 [ 733.490039] lowmem_reserve[]: [ 733.491432] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 733.491443] RIP: 0033:0x466459 [ 733.494548] 0 [ 733.499697] RSP: 002b:00007faef7867188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 733.510032] 0 [ 733.512340] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 733.512346] 0 [ 733.514122] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000003 [ 733.514129] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 733.537685] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 733.539034] 0 [ 733.544946] R13: 00007ffd0904d43f R14: 00007faef7867300 R15: 0000000000022000 [ 733.549527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 733.570065] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 733.576346] 0 [ 733.596291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 733.596296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 733.597788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 733.647326] Node 1 Normal free:293052kB min:53696kB low:67120kB high:80544kB active_anon:824kB inactive_anon:16328kB active_file:40kB inactive_file:5140kB unevictable:0kB writepending:152kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:100kB bounce:0kB free_pcp:244kB local_pcp:176kB free_cma:0kB [ 733.650048] lowmem_reserve[]: [ 733.676468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 733.679769] lowmem_reserve[]: [ 733.705028] 0 2717 2718 2718 2718 [ 733.711721] Node 0 DMA32 free:37752kB min:36200kB low:45248kB high:54296kB active_anon:48816kB inactive_anon:25732kB active_file:32kB inactive_file:76kB unevictable:0kB writepending:60kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7776kB pagetables:3292kB bounce:0kB free_pcp:868kB local_pcp:236kB free_cma:0kB [ 733.719940] 0 [ 733.740944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 733.741888] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 733.760224] Bluetooth: hci4 command 0x040f tx timeout [ 733.760296] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 733.772320] lowmem_reserve[]: 0 0 0 0 0 [ 733.775544] 0 [ 733.776308] Node 0 [ 733.776310] 0 0 [ 733.778107] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 733.790024] 0 [ 733.826454] device hsr_slave_0 entered promiscuous mode [ 733.834408] device hsr_slave_1 entered promiscuous mode [ 733.839881] Node 0 DMA: 1*4kB (E) 2*8kB (UE) 1*16kB (E) 2*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 2*2048kB (ME) 1*4096kB (U) = 11556kB [ 733.841482] lowmem_reserve[]: [ 733.855686] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 733.866158] 0 0 0 0 0 [ 733.868687] Node 1 Normal free:594580kB min:53696kB low:67120kB high:80544kB active_anon:824kB inactive_anon:16328kB active_file:40kB inactive_file:5140kB unevictable:0kB writepending:152kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:100kB bounce:0kB free_pcp:280kB local_pcp:68kB free_cma:0kB [ 733.897989] Node 0 DMA32: 2102*4kB (UME) 1619*8kB (UME) 242*16kB (UME) 50*32kB (UME) 1*64kB (U) 5*128kB (U) 2*256kB (U) 3*512kB (U) 2*1024kB (U) 9*2048kB (U) 3*4096kB (U) = 62352kB [ 733.899327] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 733.930430] lowmem_reserve[]: 0 0 0 0 0 [ 733.934437] Node 0 DMA: 1*4kB (E) 2*8kB (UE) 1*16kB (E) 2*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 2*2048kB (ME) 1*4096kB (U) = 11556kB [ 733.949919] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB [ 733.951254] Node 0 [ 733.953657] = 0kB [ 733.964497] DMA32: 2056*4kB (UME) 1566*8kB (UME) 242*16kB (UME) 49*32kB (UME) 1*64kB (U) 5*128kB (U) 2*256kB (U) 3*512kB (U) 2*1024kB (U) 9*2048kB (U) 3*4096kB (U) = 61712kB [ 733.980012] Node 1 Normal: 1*4kB (M) 50*8kB (UM) 32*16kB (UME) 17*32kB (UME) 46*64kB (UM) 2*128kB (UM) 4*256kB (U) 7*512kB (UM) 597*1024kB [ 733.983882] Node 0 [ 733.983946] (UM) [ 733.997439] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 734.012970] Node 1 Normal: 1*4kB (M) 50*8kB (UM) 34*16kB (UME) 20*32kB (UME) 48*64kB (UM) 2*128kB (UM) 4*256kB (U) 7*512kB (UM) 598*1024kB (UM) 79*2048kB (U) 3*4096kB (U) = 795956kB [ 734.029889] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 734.038947] 69*2048kB (U) 2*4096kB (U) = 770100kB [ 734.038970] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 734.038976] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 734.038981] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 734.038987] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 734.038991] 12487 total pagecache pages [ 734.039000] 0 pages in swap cache [ 734.039005] Swap cache stats: add 0, delete 0, find 0/0 [ 734.039009] Free swap = 0kB [ 734.039012] Total swap = 0kB [ 734.039018] 2097051 pages RAM [ 734.039022] 0 pages HighMem/MovableOnly [ 734.039025] 363848 pages reserved [ 734.039028] 0 pages cma reserved [ 734.039035] Out of memory (oom_kill_allocating_task): Kill process 7967 (syz-fuzzer) score 0 or sacrifice child [ 734.039092] Killed process 14001 (syz-executor.3) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 734.057901] oom_reaper: reaped process 7979 (syz-executor.4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 734.070935] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 734.130609] oom_reaper: reaped process 14001 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 734.164987] warn_alloc_show_mem: 2 callbacks suppressed [ 734.164991] Mem-Info: [ 734.181925] active_anon:12360 inactive_anon:10515 isolated_anon:0 [ 734.181925] active_file:186 inactive_file:1845 isolated_file:0 [ 734.181925] unevictable:0 dirty:41 writeback:0 unstable:0 [ 734.181925] slab_reclaimable:13713 slab_unreclaimable:119777 [ 734.181925] mapped:45417 shmem:11031 pagetables:811 bounce:0 [ 734.181925] free:252558 free_pcp:273 free_cma:0 [ 734.254032] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 734.268489] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 20:23:14 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 734.276777] Node 0 active_anon:48716kB inactive_anon:25732kB active_file:800kB inactive_file:2696kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:149104kB dirty:60kB writeback:0kB shmem:27732kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 734.305943] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 734.323895] 13486 total pagecache pages [ 734.328041] 0 pages in swap cache [ 734.340540] Swap cache stats: add 0, delete 0, find 0/0 [ 734.345974] Free swap = 0kB [ 734.349145] Total swap = 0kB 20:23:14 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 734.369426] Node 1 active_anon:824kB inactive_anon:16328kB active_file:1044kB inactive_file:4184kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:6364kB dirty:104kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 734.406193] 2097051 pages RAM [ 734.419565] 0 pages HighMem/MovableOnly [ 734.423650] 363848 pages reserved [ 734.424181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 734.427102] 0 pages cma reserved 20:23:14 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 734.453631] Node 0 DMA free:11876kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 734.469343] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 734.507044] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 734.532671] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 734.539294] Node 0 DMA32 free:93468kB min:36200kB low:45248kB high:54296kB active_anon:48484kB inactive_anon:25732kB active_file:1300kB inactive_file:6096kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7808kB pagetables:2996kB bounce:0kB free_pcp:744kB local_pcp:424kB free_cma:0kB [ 734.546459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 734.608808] lowmem_reserve[]: 0 0 0 0 0 [ 734.630905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 734.639348] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 734.672838] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 734.678922] 8021q: adding VLAN 0 to HW filter on device team0 [ 734.710156] lowmem_reserve[]: 0 0 0 0 0 [ 734.714327] Node 1 Normal free:1598668kB min:53696kB low:67120kB high:80544kB active_anon:824kB inactive_anon:16328kB active_file:2144kB inactive_file:3084kB unevictable:0kB writepending:136kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:100kB bounce:0kB free_pcp:308kB local_pcp:84kB free_cma:0kB [ 734.723006] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 734.780358] lowmem_reserve[]: 0 0 0 0 0 [ 734.794002] Node 0 DMA: 1*4kB (E) 2*8kB (UE) 2*16kB (UE) 2*32kB (UE) 6*64kB (UE) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 2*2048kB (ME) 1*4096kB (U) = 11892kB [ 734.840133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 734.840673] Node 0 [ 734.848291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 734.858523] DMA32: 1584*4kB (UE) 545*8kB (UE) 353*16kB (UME) 24*32kB (UME) 1522*64kB (U) 62*128kB (UM) 28*256kB (U) 16*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 137816kB [ 734.890236] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 734.890497] bridge0: port 1(bridge_slave_0) entered blocking state [ 734.907350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 734.913912] Node 1 Normal: 1*4kB (M) 54*8kB (UM) 36*16kB (UME) 18*32kB (UME) 4090*64kB (UM) 721*128kB (UM) 103*256kB (U) 60*512kB (UM) 318*1024kB (UM) 205*2048kB (U) 22*4096kB (U) = 1248308kB [ 734.950040] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 734.958916] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 734.971297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 734.989996] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 734.998874] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 735.000833] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 735.029999] 14785 total pagecache pages [ 735.034003] 0 pages in swap cache [ 735.037461] Swap cache stats: add 0, delete 0, find 0/0 [ 735.045464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 735.060074] Free swap = 0kB [ 735.063108] Total swap = 0kB [ 735.066148] 2097051 pages RAM [ 735.069244] 0 pages HighMem/MovableOnly [ 735.070435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 735.090093] 363848 pages reserved [ 735.093571] 0 pages cma reserved [ 735.104408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 735.112179] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.118537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 735.150343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 735.172849] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 735.200447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 735.210684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 735.219700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 735.230572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 735.240697] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 735.248413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 735.270528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 735.280456] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 735.289600] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 735.310337] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 735.317411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 735.345915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 735.360866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 735.383224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 735.406246] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 735.433481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 735.504145] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 735.541467] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 735.547739] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 735.554498] syz-executor.3 (14002) used greatest stack depth: 24544 bytes left [ 735.562960] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 735.595525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 735.684482] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 735.686889] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 735.713955] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 735.717035] syz-executor.1 cpuset= [ 735.719077] CPU: 0 PID: 14692 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 735.719078] / mems_allowed=0-1 [ 735.722597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.722601] Call Trace: [ 735.722616] dump_stack+0x1b2/0x281 [ 735.722630] warn_alloc.cold+0x96/0x1cc [ 735.722641] ? zone_watermark_ok_safe+0x220/0x220 [ 735.722664] __alloc_pages_nodemask+0x2127/0x2720 [ 735.722673] ? _raw_spin_unlock_irq+0x24/0x80 [ 735.722688] ? lock_acquire+0x170/0x3f0 [ 735.771266] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 735.776113] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 735.781566] ? __mutex_unlock_slowpath+0x75/0x770 [ 735.786407] alloc_pages_current+0x155/0x260 [ 735.790816] ion_page_pool_alloc+0x118/0x1b0 [ 735.795218] ion_system_heap_allocate+0x133/0x8c0 [ 735.800048] ? _raw_spin_unlock+0x29/0x40 [ 735.804192] ? _ion_heap_freelist_drain+0x6e/0x410 [ 735.809113] ? ion_system_contig_heap_create+0x130/0x130 [ 735.814553] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 735.819551] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 735.824488] ion_alloc+0x27a/0x810 [ 735.828012] ? ion_dma_buf_release+0x40/0x40 [ 735.832410] ? __might_fault+0x177/0x1b0 [ 735.836472] ion_ioctl+0xea/0x1f0 [ 735.839924] ? ion_query_heaps+0x360/0x360 [ 735.844157] ? ion_query_heaps+0x360/0x360 [ 735.848385] do_vfs_ioctl+0x75a/0xff0 [ 735.852180] ? ioctl_preallocate+0x1a0/0x1a0 [ 735.856574] ? lock_downgrade+0x740/0x740 [ 735.860707] ? __fget+0x225/0x360 [ 735.864142] ? do_vfs_ioctl+0xff0/0xff0 [ 735.868096] ? security_file_ioctl+0x83/0xb0 [ 735.872505] SyS_ioctl+0x7f/0xb0 [ 735.875869] ? do_vfs_ioctl+0xff0/0xff0 [ 735.879838] do_syscall_64+0x1d5/0x640 [ 735.883724] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 735.888912] RIP: 0033:0x466459 [ 735.892097] RSP: 002b:00007efd1de4b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 735.899792] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 735.907042] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 735.914296] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 735.924074] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 735.931337] R13: 00007fff8e7cfe1f R14: 00007efd1de4b300 R15: 0000000000022000 [ 735.938606] CPU: 1 PID: 14691 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 735.939697] Bluetooth: hci4 command 0x0419 tx timeout [ 735.946482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.946486] Call Trace: [ 735.946501] dump_stack+0x1b2/0x281 [ 735.946514] warn_alloc.cold+0x96/0x1cc [ 735.960877] Mem-Info: [ 735.961023] ? zone_watermark_ok_safe+0x220/0x220 [ 735.963592] active_anon:12365 inactive_anon:10514 isolated_anon:0 [ 735.963592] active_file:1547 inactive_file:2380 isolated_file:0 [ 735.963592] unevictable:0 dirty:63 writeback:0 unstable:0 [ 735.963592] slab_reclaimable:13707 slab_unreclaimable:119389 [ 735.963592] mapped:37906 shmem:11030 pagetables:747 bounce:0 [ 735.963592] free:73989 free_pcp:348 free_cma:0 [ 735.967200] __alloc_pages_nodemask+0x2127/0x2720 [ 735.971170] Node 0 active_anon:47948kB inactive_anon:25728kB active_file:3296kB inactive_file:7020kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:144976kB dirty:96kB writeback:0kB shmem:27728kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 735.973569] ? io_schedule_timeout+0x140/0x140 [ 735.978415] Node 1 active_anon:1512kB inactive_anon:16328kB active_file:2892kB inactive_file:2500kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:6648kB dirty:156kB writeback:0kB shmem:16392kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 736.012059] ? lock_acquire+0x170/0x3f0 [ 736.012075] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 736.012095] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 736.016914] Node 0 [ 736.045006] ? __mutex_unlock_slowpath+0x75/0x770 [ 736.045015] ? __sanitizer_cov_trace_pc+0x3d/0x50 [ 736.045029] alloc_pages_current+0x155/0x260 [ 736.049595] DMA free:11032kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 736.077153] ion_page_pool_alloc+0x118/0x1b0 [ 736.077162] ion_system_heap_allocate+0x133/0x8c0 [ 736.077175] ? _raw_spin_unlock+0x29/0x40 [ 736.081133] lowmem_reserve[]: [ 736.085946] ? _ion_heap_freelist_drain+0x6e/0x410 [ 736.091384] 0 [ 736.093587] ? ion_system_contig_heap_create+0x130/0x130 [ 736.098397] 2717 [ 736.103218] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 736.103228] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 736.103239] ion_alloc+0x27a/0x810 [ 736.107619] 2718 [ 736.133103] ? ion_dma_buf_release+0x40/0x40 [ 736.133115] ? __might_fault+0x177/0x1b0 [ 736.133127] ion_ioctl+0xea/0x1f0 [ 736.137504] 2718 [ 736.142324] ? ion_query_heaps+0x360/0x360 [ 736.142336] ? ion_query_heaps+0x360/0x360 [ 736.142346] do_vfs_ioctl+0x75a/0xff0 [ 736.146466] 2718 [ 736.149553] ? ioctl_preallocate+0x1a0/0x1a0 [ 736.156244] ? lock_downgrade+0x740/0x740 [ 736.161692] Node 0 [ 736.163727] ? __fget+0x225/0x360 [ 736.168724] DMA32 free:230016kB min:36200kB low:45248kB high:54296kB active_anon:47948kB inactive_anon:25728kB active_file:3296kB inactive_file:7020kB unevictable:0kB writepending:96kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2740kB bounce:0kB free_pcp:1392kB local_pcp:684kB free_cma:0kB [ 736.173532] ? do_vfs_ioctl+0xff0/0xff0 [ 736.173542] ? security_file_ioctl+0x83/0xb0 [ 736.173552] SyS_ioctl+0x7f/0xb0 [ 736.177064] lowmem_reserve[]: [ 736.179108] ? do_vfs_ioctl+0xff0/0xff0 [ 736.183500] 0 [ 736.187531] do_syscall_64+0x1d5/0x640 [ 736.190964] 0 [ 736.193002] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 736.197201] 0 [ 736.201414] RIP: 0033:0x466459 [ 736.201419] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 736.201428] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 736.201435] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 736.205207] 0 [ 736.207249] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 736.211642] 0 [ 736.215756] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 736.221483] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 736.374328] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 736.440211] lowmem_reserve[]: 0 0 0 0 0 [ 736.444234] Node 1 Normal free:101040kB min:53696kB low:67120kB high:80544kB active_anon:1488kB inactive_anon:16328kB active_file:2936kB inactive_file:2468kB unevictable:0kB writepending:156kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:144kB bounce:0kB free_pcp:632kB local_pcp:632kB free_cma:0kB [ 736.479307] lowmem_reserve[]: 0 0 0 0 0 [ 736.484212] Node 0 DMA: 84*4kB (UE) 7*8kB (UE) 5*16kB (UE) 4*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 11032kB [ 736.500216] Node 0 DMA32: 10828*4kB (UE) 8162*8kB (UE) 5387*16kB (UE) 981*32kB (UME) 303*64kB (U) 169*128kB (U) 57*256kB (U) 11*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 287440kB [ 736.502262] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 736.519472] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 736.544101] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 736.553517] Node 1 Normal: 5284*4kB (U) 939*8kB (U) 658*16kB (UE) 747*32kB (UE) 14*64kB (U) 2*128kB (U) 0*256kB 2*512kB (U) 280*1024kB (U) 0*2048kB 0*4096kB = 351976kB [ 736.573677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 736.582199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 736.600069] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 736.608924] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 736.620574] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 736.629419] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 736.646205] 15008 total pagecache pages [ 736.650618] 0 pages in swap cache [ 736.654070] Swap cache stats: add 0, delete 0, find 0/0 [ 736.659429] Free swap = 0kB [ 736.668959] Total swap = 0kB [ 736.672716] 2097051 pages RAM [ 736.675823] 0 pages HighMem/MovableOnly [ 736.679785] 363848 pages reserved [ 736.689659] 0 pages cma reserved [ 736.717216] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 736.730672] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 736.737490] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 736.759676] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 736.767161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 736.775875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 736.787777] device veth0_vlan entered promiscuous mode [ 736.797244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 736.806905] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 736.819456] device veth1_vlan entered promiscuous mode [ 736.828637] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 736.840820] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 736.858246] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 736.868207] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 736.880713] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 736.888143] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 736.900389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 736.907998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 736.922417] device veth0_macvtap entered promiscuous mode [ 736.928597] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 736.942361] device veth1_macvtap entered promiscuous mode [ 736.948579] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 736.968342] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 736.982185] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 736.995368] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 737.005138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.019608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 737.029995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.039096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 737.054005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.063185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 737.078261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.087986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 737.102317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.114106] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 737.124993] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 737.133719] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 737.144346] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 737.153553] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 737.164573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 737.175825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 737.189548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.203410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 737.213152] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.226957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 737.237328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.250792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 737.263526] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.275223] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 737.289369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.301710] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 737.308596] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 737.321264] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 737.329258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 20:23:17 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:17 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:17 executing program 3: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:17 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) [ 737.775274] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 737.788920] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 737.853836] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 737.877321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 737.897278] device bridge_slave_1 left promiscuous mode [ 737.909712] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.941895] device bridge_slave_0 left promiscuous mode [ 737.963028] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.998658] device veth1_macvtap left promiscuous mode [ 738.017778] device veth0_macvtap left promiscuous mode [ 738.032345] device veth1_vlan left promiscuous mode [ 738.043024] device veth0_vlan left promiscuous mode [ 738.288730] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 738.300840] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 738.319555] device hsr_slave_1 left promiscuous mode [ 738.349580] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 738.366428] syz-executor.2: page allocation failure: order:4 [ 738.366439] device hsr_slave_0 left promiscuous mode [ 738.366515] CPU: 1 PID: 14988 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 738.385303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.394654] Call Trace: [ 738.397228] dump_stack+0x1b2/0x281 [ 738.400838] warn_alloc.cold+0x96/0x1cc [ 738.404794] ? zone_watermark_ok_safe+0x220/0x220 [ 738.409619] ? uhci_scan_schedule.part.0+0x18a0/0x3050 [ 738.414902] __alloc_pages_nodemask+0x2127/0x2720 [ 738.419730] ? lock_acquire+0x170/0x3f0 [ 738.423689] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 738.428517] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 738.434037] ? __mutex_unlock_slowpath+0x75/0x770 [ 738.438861] ? __alloc_pages_nodemask+0x277/0x2720 [ 738.443774] alloc_pages_current+0x155/0x260 [ 738.448165] ion_page_pool_alloc+0x118/0x1b0 [ 738.452556] ion_system_heap_allocate+0x133/0x8c0 [ 738.457379] ? ion_alloc+0x187/0x810 [ 738.461073] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 738.466502] ? ion_system_contig_heap_create+0x130/0x130 [ 738.471932] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 738.476932] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 738.481755] ion_alloc+0x204/0x810 [ 738.485279] ? ion_dma_buf_release+0x40/0x40 [ 738.489672] ? __might_fault+0x177/0x1b0 [ 738.493802] ion_ioctl+0xea/0x1f0 [ 738.497238] ? ion_query_heaps+0x360/0x360 [ 738.501457] ? ion_query_heaps+0x360/0x360 [ 738.505671] do_vfs_ioctl+0x75a/0xff0 [ 738.509453] ? ioctl_preallocate+0x1a0/0x1a0 [ 738.513840] ? lock_downgrade+0x740/0x740 [ 738.517970] ? __fget+0x225/0x360 [ 738.521405] ? do_vfs_ioctl+0xff0/0xff0 [ 738.525360] ? security_file_ioctl+0x83/0xb0 [ 738.529745] SyS_ioctl+0x7f/0xb0 [ 738.533108] ? do_vfs_ioctl+0xff0/0xff0 [ 738.537072] do_syscall_64+0x1d5/0x640 [ 738.540957] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 738.546152] RIP: 0033:0x466459 [ 738.549325] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 738.557019] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 738.564281] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 738.571539] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 738.578791] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 738.586044] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 738.602750] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 738.615604] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 738.623494] CPU: 0 PID: 14978 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 738.626812] team0 (unregistering): Port device team_slave_1 removed [ 738.631369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.631375] Call Trace: [ 738.631392] dump_stack+0x1b2/0x281 [ 738.631406] warn_alloc.cold+0x96/0x1cc [ 738.631417] ? zone_watermark_ok_safe+0x220/0x220 [ 738.631440] __alloc_pages_nodemask+0x2127/0x2720 [ 738.631457] ? lock_acquire+0x170/0x3f0 [ 738.631472] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 738.631490] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 738.631502] ? __mutex_unlock_slowpath+0x75/0x770 [ 738.631517] alloc_pages_current+0x155/0x260 [ 738.631530] ion_page_pool_alloc+0x118/0x1b0 [ 738.631540] ion_system_heap_allocate+0x133/0x8c0 [ 738.631550] ? ion_alloc+0x187/0x810 [ 738.631562] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 738.708881] ? ion_system_contig_heap_create+0x130/0x130 [ 738.714330] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 738.719360] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 738.724204] ion_alloc+0x204/0x810 [ 738.727745] ? ion_dma_buf_release+0x40/0x40 [ 738.729887] syz-executor.2 cpuset= [ 738.732149] ? __might_fault+0x177/0x1b0 [ 738.732164] ion_ioctl+0xea/0x1f0 [ 738.738976] / [ 738.739729] ? ion_query_heaps+0x360/0x360 [ 738.749090] ? ion_query_heaps+0x360/0x360 [ 738.753321] do_vfs_ioctl+0x75a/0xff0 [ 738.754297] mems_allowed=0-1 [ 738.757149] ? ioctl_preallocate+0x1a0/0x1a0 [ 738.757158] ? lock_downgrade+0x740/0x740 [ 738.757171] ? __fget+0x225/0x360 [ 738.772224] ? do_vfs_ioctl+0xff0/0xff0 [ 738.776192] ? security_file_ioctl+0x83/0xb0 [ 738.780592] SyS_ioctl+0x7f/0xb0 [ 738.783947] ? do_vfs_ioctl+0xff0/0xff0 [ 738.787908] do_syscall_64+0x1d5/0x640 [ 738.791790] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 738.796966] RIP: 0033:0x466459 [ 738.800142] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 738.807842] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 738.815095] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 738.822358] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 738.829619] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 738.836878] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 738.844154] CPU: 1 PID: 14972 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 738.846836] warn_alloc_show_mem: 1 callbacks suppressed [ 738.846839] Mem-Info: [ 738.852055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.852059] Call Trace: [ 738.852076] dump_stack+0x1b2/0x281 [ 738.852088] warn_alloc.cold+0x96/0x1cc [ 738.852101] ? zone_watermark_ok_safe+0x220/0x220 [ 738.857485] active_anon:12842 inactive_anon:10509 isolated_anon:35 [ 738.857485] active_file:2327 inactive_file:4064 isolated_file:8 [ 738.857485] unevictable:0 dirty:46 writeback:0 unstable:0 [ 738.857485] slab_reclaimable:13690 slab_unreclaimable:118084 [ 738.857485] mapped:39951 shmem:11023 pagetables:734 bounce:0 [ 738.857485] free:66652 free_pcp:129 free_cma:0 [ 738.859859] __alloc_pages_nodemask+0x2127/0x2720 [ 738.859875] ? lock_acquire+0x170/0x3f0 [ 738.870668] Node 0 active_anon:50080kB inactive_anon:25712kB active_file:6884kB inactive_file:14248kB unevictable:0kB isolated(anon):92kB isolated(file):0kB mapped:153352kB dirty:180kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 738.871778] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 738.871795] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 738.875426] Node 1 active_anon:1388kB inactive_anon:16324kB active_file:2424kB inactive_file:2008kB unevictable:0kB isolated(anon):48kB isolated(file):48kB mapped:6452kB dirty:4kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 738.879355] ? __mutex_unlock_slowpath+0x75/0x770 [ 738.879373] alloc_pages_current+0x155/0x260 [ 738.884234] Node 0 [ 738.918021] ion_page_pool_alloc+0x118/0x1b0 [ 738.918031] ion_system_heap_allocate+0x133/0x8c0 [ 738.918041] ? ion_alloc+0x187/0x810 [ 738.918053] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 738.922920] DMA free:11128kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 738.926825] ? ion_system_contig_heap_create+0x130/0x130 [ 738.926834] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 738.926849] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 738.956228] lowmem_reserve[]: [ 738.959929] ion_alloc+0x204/0x810 [ 738.959943] ? ion_dma_buf_release+0x40/0x40 [ 738.959955] ? __might_fault+0x177/0x1b0 [ 738.965400] 0 [ 738.992866] ion_ioctl+0xea/0x1f0 [ 738.992875] ? ion_query_heaps+0x360/0x360 [ 738.992886] ? ion_query_heaps+0x360/0x360 [ 738.992896] do_vfs_ioctl+0x75a/0xff0 [ 738.997732] 2717 [ 739.002124] ? ioctl_preallocate+0x1a0/0x1a0 [ 739.002135] ? lock_downgrade+0x740/0x740 [ 739.002148] ? __fget+0x225/0x360 [ 739.004386] 2718 [ 739.008776] ? do_vfs_ioctl+0xff0/0xff0 [ 739.008786] ? security_file_ioctl+0x83/0xb0 [ 739.008796] SyS_ioctl+0x7f/0xb0 [ 739.013774] 2718 [ 739.017426] ? do_vfs_ioctl+0xff0/0xff0 [ 739.017437] do_syscall_64+0x1d5/0x640 [ 739.017452] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 739.022906] 2718 [ 739.048353] RIP: 0033:0x466459 [ 739.048358] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 739.048369] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 739.048374] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 739.048381] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 739.058886] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 739.058891] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 739.180419] team0 (unregistering): Port device team_slave_0 removed [ 739.184858] Node 0 DMA32 free:45204kB min:36200kB low:45248kB high:54296kB active_anon:50124kB inactive_anon:25712kB active_file:6924kB inactive_file:14276kB unevictable:0kB writepending:212kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7616kB pagetables:2792kB bounce:0kB free_pcp:464kB local_pcp:240kB free_cma:0kB [ 739.225908] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 739.234918] lowmem_reserve[]: 0 0 0 0 0 [ 739.247774] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 739.262810] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 739.357116] lowmem_reserve[]: 0 0 0 0 0 [ 739.362124] bond0 (unregistering): Released all slaves [ 739.364489] Node 1 Normal free:53900kB min:53696kB low:67120kB high:80544kB active_anon:1500kB inactive_anon:16324kB active_file:896kB inactive_file:1020kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:152kB bounce:0kB free_pcp:856kB local_pcp:120kB free_cma:0kB [ 739.463444] lowmem_reserve[]: 0 0 0 0 0 [ 739.467513] Node 0 DMA: 65*4kB (UE) 14*8kB (UE) 6*16kB (UE) 5*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 11060kB [ 739.489117] Node 0 DMA32: 2218*4kB (UME) 899*8kB (UME) 190*16kB (UME) 363*32kB (UME) 46*64kB (UM) 8*128kB (UM) 4*256kB (M) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 37760kB [ 739.508832] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 739.523709] Node 1 Normal: 106*4kB (M) 72*8kB (M) 40*16kB (ME) 1577*32kB (UME) 16*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53128kB [ 739.539624] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 739.552804] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 739.562392] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 739.575394] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 739.586398] 11543 total pagecache pages [ 739.594308] 0 pages in swap cache [ 739.604305] Swap cache stats: add 0, delete 0, find 0/0 [ 739.621839] Free swap = 0kB [ 739.629478] Total swap = 0kB [ 739.638594] 2097051 pages RAM [ 739.645173] 0 pages HighMem/MovableOnly [ 739.649182] 363848 pages reserved [ 739.655633] 0 pages cma reserved [ 739.907953] syz-executor.2 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 740.005238] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 740.025898] CPU: 1 PID: 7984 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 740.033706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.043045] Call Trace: [ 740.045619] dump_stack+0x1b2/0x281 [ 740.049228] dump_header+0x178/0x82f [ 740.052923] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 740.058008] ? ___ratelimit+0x2cd/0x530 [ 740.061970] oom_kill_process.cold+0x10/0xa40 [ 740.066449] out_of_memory+0xe3e/0x1190 [ 740.070927] ? oom_killer_disable+0x1c0/0x1c0 [ 740.075402] ? mutex_trylock+0x152/0x1a0 [ 740.079442] __alloc_pages_nodemask+0x23e1/0x2720 [ 740.084271] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 740.089106] alloc_pages_current+0x155/0x260 [ 740.093602] filemap_fault+0x11a1/0x1ad0 [ 740.097646] ext4_filemap_fault+0x84/0xb0 [ 740.101774] __do_fault+0xfa/0x380 [ 740.105291] __handle_mm_fault+0x2497/0x4620 [ 740.109678] ? vm_insert_page+0x7c0/0x7c0 [ 740.113814] ? hrtimer_nanosleep+0x1ff/0x4b0 [ 740.118201] ? nanosleep_copyout+0x100/0x100 [ 740.122682] ? mark_held_locks+0xa6/0xf0 [ 740.126832] handle_mm_fault+0x455/0x9c0 [ 740.130879] __do_page_fault+0x549/0xad0 [ 740.134934] ? spurious_fault+0x640/0x640 [ 740.139065] ? do_page_fault+0x60/0x500 [ 740.143020] ? page_fault+0x2f/0x50 [ 740.146642] page_fault+0x45/0x50 [ 740.150077] RIP: b447c:0x7 [ 740.152896] RSP: 23e0:00007ffec6b9eefc EFLAGS: 00000032 [ 740.175983] Mem-Info: [ 740.198923] active_anon:12948 inactive_anon:10509 isolated_anon:0 [ 740.198923] active_file:0 inactive_file:25 isolated_file:0 [ 740.198923] unevictable:0 dirty:0 writeback:0 unstable:0 [ 740.198923] slab_reclaimable:13690 slab_unreclaimable:116856 [ 740.198923] mapped:38964 shmem:11023 pagetables:751 bounce:0 [ 740.198923] free:25160 free_pcp:83 free_cma:0 [ 740.263600] Node 0 active_anon:50252kB inactive_anon:25712kB active_file:0kB inactive_file:96kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:139428kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 740.303888] Node 1 active_anon:1540kB inactive_anon:16324kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16428kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 740.342859] Node 0 DMA free:11060kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 740.380975] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 740.386024] Node 0 DMA32 free:35980kB min:36200kB low:45248kB high:54296kB active_anon:50252kB inactive_anon:25712kB active_file:100kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2800kB bounce:0kB free_pcp:116kB local_pcp:116kB free_cma:0kB [ 740.427048] lowmem_reserve[]: 0 0 0 0 0 [ 740.435478] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 740.472930] lowmem_reserve[]: 0 0 0 0 0 [ 740.476929] Node 1 Normal free:53600kB min:53696kB low:67120kB high:80544kB active_anon:1540kB inactive_anon:16324kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:204kB bounce:0kB free_pcp:216kB local_pcp:120kB free_cma:0kB [ 740.520829] lowmem_reserve[]: 0 0 0 0 0 [ 740.524836] Node 0 DMA: 65*4kB (UE) 14*8kB (UE) 6*16kB (UE) 5*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 11060kB [ 740.552245] Node 0 DMA32: 2265*4kB (UME) 819*8kB (ME) 193*16kB (UME) 292*32kB (UME) 50*64kB (UM) 11*128kB (UM) 3*256kB (M) 5*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 35980kB [ 740.580875] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 740.601406] Node 1 Normal: 84*4kB (UM) 58*8kB (UM) 40*16kB (ME) 1572*32kB (UME) 29*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53600kB [ 740.627172] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 740.651933] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 740.674319] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 740.696528] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 740.711422] 11048 total pagecache pages [ 740.715398] 0 pages in swap cache [ 740.718841] Swap cache stats: add 0, delete 0, find 0/0 [ 740.738002] Free swap = 0kB [ 740.745006] Total swap = 0kB [ 740.748021] 2097051 pages RAM [ 740.764793] 0 pages HighMem/MovableOnly [ 740.768779] 363848 pages reserved [ 740.785872] 0 pages cma reserved [ 740.789237] Out of memory (oom_kill_allocating_task): Kill process 7984 (syz-executor.2) score 0 or sacrifice child [ 740.814085] Killed process 14972 (syz-executor.2) total-vm:93252kB, anon-rss:2192kB, file-rss:34820kB, shmem-rss:0kB [ 740.867011] oom_reaper: reaped process 14972 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 740.894814] systemd-journal invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 740.923596] systemd-journal cpuset=/ mems_allowed=0-1 [ 740.928810] CPU: 0 PID: 14660 Comm: systemd-journal Not tainted 4.14.230-syzkaller #0 [ 740.936767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.946118] Call Trace: [ 740.948704] dump_stack+0x1b2/0x281 [ 740.952330] dump_header+0x178/0x82f [ 740.956041] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 740.961138] ? ___ratelimit+0x2cd/0x530 [ 740.965110] oom_kill_process.cold+0x10/0xa40 [ 740.969607] out_of_memory+0xe3e/0x1190 [ 740.973577] ? oom_killer_disable+0x1c0/0x1c0 [ 740.978063] ? mutex_trylock+0x152/0x1a0 [ 740.982117] __alloc_pages_nodemask+0x23e1/0x2720 [ 740.986964] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 740.991826] alloc_pages_current+0x155/0x260 [ 740.996226] filemap_fault+0x11a1/0x1ad0 [ 741.000286] ext4_filemap_fault+0x84/0xb0 [ 741.004427] __do_fault+0xfa/0x380 [ 741.007960] __handle_mm_fault+0x2497/0x4620 [ 741.012361] ? vm_insert_page+0x7c0/0x7c0 [ 741.016507] ? __fsnotify_inode_delete+0x20/0x20 [ 741.021262] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 741.027925] ? mark_held_locks+0xa6/0xf0 [ 741.031980] handle_mm_fault+0x455/0x9c0 [ 741.036037] __do_page_fault+0x549/0xad0 [ 741.040097] ? spurious_fault+0x640/0x640 [ 741.044235] ? do_page_fault+0x60/0x500 [ 741.048203] ? page_fault+0x2f/0x50 [ 741.051821] page_fault+0x45/0x50 [ 741.055266] RIP: 0030:0x55fc330ae958 [ 741.058964] RSP: 2a23b580:00007f932af956c0 EFLAGS: 7ffd2a23ad3c [ 741.099786] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 741.108920] Mem-Info: [ 741.139485] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 741.145473] active_anon:12415 inactive_anon:10509 isolated_anon:0 [ 741.145473] active_file:15 inactive_file:10 isolated_file:0 [ 741.145473] unevictable:0 dirty:0 writeback:0 unstable:0 [ 741.145473] slab_reclaimable:13690 slab_unreclaimable:116758 [ 741.145473] mapped:38964 shmem:11023 pagetables:750 bounce:0 [ 741.145473] free:13963 free_pcp:60 free_cma:0 [ 741.162425] CPU: 1 PID: 14972 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 741.186498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 741.195844] Call Trace: [ 741.198432] dump_stack+0x1b2/0x281 [ 741.202059] warn_alloc.cold+0x96/0x1cc [ 741.206028] ? zone_watermark_ok_safe+0x220/0x220 [ 741.209802] Node 0 active_anon:48120kB inactive_anon:25712kB active_file:48kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:139428kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 741.210861] ? usleep_range+0x130/0x130 [ 741.238544] Node 1 active_anon:1540kB inactive_anon:16324kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16428kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 741.242463] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 741.242476] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 741.242488] ? run_timer_softirq+0x5a0/0x5a0 [ 741.269542] Node 0 [ 741.274619] __alloc_pages_nodemask+0x2127/0x2720 [ 741.274636] ? lock_acquire+0x170/0x3f0 [ 741.279733] DMA free:10960kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 741.284105] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 741.286309] lowmem_reserve[]: [ 741.291131] ? ion_page_pool_alloc+0x9e/0x1b0 [ 741.291147] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 741.291157] ? check_preemption_disabled+0x35/0x240 [ 741.295106] 0 [ 741.320682] alloc_pages_current+0x155/0x260 [ 741.320695] ion_page_pool_alloc+0x118/0x1b0 [ 741.325509] 2717 [ 741.328596] ion_system_heap_allocate+0x133/0x8c0 [ 741.333093] 2718 [ 741.338511] ? ion_alloc+0x187/0x810 [ 741.343512] 2718 [ 741.345288] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 741.349680] 2718 [ 741.354058] ? ion_system_contig_heap_create+0x130/0x130 [ 741.360912] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 741.360922] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 741.360932] ion_alloc+0x204/0x810 [ 741.362971] Node 0 [ 741.366670] ? ion_dma_buf_release+0x40/0x40 [ 741.368712] DMA32 free:18080kB min:36200kB low:45248kB high:54296kB active_anon:48120kB inactive_anon:25712kB active_file:48kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2796kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 741.374136] ? __might_fault+0x177/0x1b0 [ 741.374148] ion_ioctl+0xea/0x1f0 [ 741.374157] ? ion_query_heaps+0x360/0x360 [ 741.376192] lowmem_reserve[]: [ 741.381624] ? ion_query_heaps+0x360/0x360 [ 741.381633] do_vfs_ioctl+0x75a/0xff0 [ 741.381645] ? ioctl_preallocate+0x1a0/0x1a0 [ 741.386638] 0 [ 741.391457] ? lock_downgrade+0x740/0x740 [ 741.391470] ? __fget+0x225/0x360 [ 741.391481] ? do_vfs_ioctl+0xff0/0xff0 [ 741.395006] 0 [ 741.397233] ? security_file_ioctl+0x83/0xb0 [ 741.401639] 0 [ 741.430409] SyS_ioctl+0x7f/0xb0 [ 741.430419] ? do_vfs_ioctl+0xff0/0xff0 [ 741.430430] do_syscall_64+0x1d5/0x640 [ 741.430444] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 741.434485] 0 [ 741.437919] RIP: 0033:0x466459 [ 741.442145] 0 [ 741.445212] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 [ 741.453212] ORIG_RAX: 0000000000000010 [ 741.453219] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 741.453224] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 741.453229] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 741.453236] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 741.457617] Node 0 [ 741.459399] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 741.463556] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 741.569566] warn_alloc_show_mem: 2 callbacks suppressed [ 741.569569] Mem-Info: [ 741.575374] syz-executor.0: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 741.575397] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 741.602157] CPU: 0 PID: 14988 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 741.609346] active_anon:12415 inactive_anon:10509 isolated_anon:0 [ 741.609346] active_file:15 inactive_file:10 isolated_file:0 [ 741.609346] unevictable:0 dirty:0 writeback:0 unstable:0 [ 741.609346] slab_reclaimable:13690 slab_unreclaimable:116758 [ 741.609346] mapped:38964 shmem:11023 pagetables:750 bounce:0 [ 741.609346] free:13963 free_pcp:96 free_cma:0 [ 741.610038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 741.610041] Call Trace: [ 741.610058] dump_stack+0x1b2/0x281 [ 741.610073] warn_alloc.cold+0x96/0x1cc [ 741.610085] ? zone_watermark_ok_safe+0x220/0x220 [ 741.610096] ? usleep_range+0x130/0x130 [ 741.610105] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 741.610117] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 741.610126] ? run_timer_softirq+0x5a0/0x5a0 [ 741.610141] __alloc_pages_nodemask+0x2127/0x2720 [ 741.610156] ? lock_acquire+0x170/0x3f0 [ 741.610172] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 741.610180] ? ion_page_pool_alloc+0x9e/0x1b0 [ 741.610202] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 741.667417] Node 0 active_anon:48120kB inactive_anon:25712kB active_file:48kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:139428kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 741.667775] alloc_pages_current+0x155/0x260 [ 741.698446] Node 1 active_anon:1540kB inactive_anon:16324kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16428kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 741.699793] ion_page_pool_alloc+0x118/0x1b0 [ 741.699804] ion_system_heap_allocate+0x133/0x8c0 [ 741.699815] ? ion_alloc+0x187/0x810 [ 741.699827] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 741.699836] ? ion_system_contig_heap_create+0x130/0x130 [ 741.699846] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 741.699857] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 741.699868] ion_alloc+0x204/0x810 [ 741.726577] Node 0 [ 741.737436] ? ion_dma_buf_release+0x40/0x40 [ 741.737450] ? __might_fault+0x177/0x1b0 [ 741.737462] ion_ioctl+0xea/0x1f0 [ 741.737471] ? ion_query_heaps+0x360/0x360 [ 741.737484] ? ion_query_heaps+0x360/0x360 [ 741.737495] do_vfs_ioctl+0x75a/0xff0 [ 741.737506] ? ioctl_preallocate+0x1a0/0x1a0 [ 741.737515] ? lock_downgrade+0x740/0x740 [ 741.737529] ? __fget+0x225/0x360 [ 741.768084] DMA free:10960kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 741.769055] ? do_vfs_ioctl+0xff0/0xff0 [ 741.797900] lowmem_reserve[]: [ 741.802642] ? security_file_ioctl+0x83/0xb0 [ 741.802653] SyS_ioctl+0x7f/0xb0 [ 741.802663] ? do_vfs_ioctl+0xff0/0xff0 [ 741.802675] do_syscall_64+0x1d5/0x640 [ 741.802691] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 741.802699] RIP: 0033:0x466459 [ 741.802704] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 741.802716] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 741.827068] 0 [ 741.828741] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 741.828749] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 741.858232] 2717 [ 741.869986] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 741.869991] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 741.875465] lowmem_reserve[]: [ 741.891153] 2718 [ 741.897654] 0 [ 741.898110] 2718 [ 741.901246] 0 [ 741.942478] 2718 [ 741.959205] 0 0 0 [ 741.966506] Node 1 Normal free:26812kB min:53696kB low:67120kB high:80544kB active_anon:1540kB inactive_anon:16324kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:204kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 742.007429] lowmem_reserve[]: 0 0 0 0 0 [ 742.011426] Node 0 DMA32 free:18032kB min:36200kB low:45248kB high:54296kB active_anon:48120kB inactive_anon:25712kB active_file:48kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2796kB bounce:0kB free_pcp:264kB local_pcp:144kB free_cma:0kB [ 742.014675] Node 0 DMA: 40*4kB (UE) 14*8kB (UE) 6*16kB (UE) 5*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 10960kB [ 742.053911] lowmem_reserve[]: [ 742.078890] Node 0 [ 742.078945] 0 [ 742.083656] DMA32: 2140*4kB (ME) 768*8kB (UME) 136*16kB (ME) 34*32kB (UME) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18032kB [ 742.086225] 0 [ 742.111065] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 742.113290] 0 [ 742.131856] Node 1 Normal: 84*4kB (UM) 58*8kB (UM) 41*16kB (UME) 735*32kB (UME) 29*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26832kB [ 742.137575] 0 [ 742.159702] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 742.161040] 0 [ 742.161504] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 742.229628] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 742.229636] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 742.238470] Node 0 [ 742.303303] 11134 total pagecache pages [ 742.329628] 0 pages in swap cache [ 742.333096] Swap cache stats: add 0, delete 0, find 0/0 [ 742.338446] Free swap = 0kB [ 742.368104] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 742.388267] Total swap = 0kB [ 742.418225] 2097051 pages RAM [ 742.429920] 0 pages HighMem/MovableOnly [ 742.443672] 363848 pages reserved [ 742.453358] 0 pages cma reserved [ 742.461128] Out of memory (oom_kill_allocating_task): Kill process 14660 (systemd-journal) score 0 or sacrifice child [ 742.474856] lowmem_reserve[]: 0 0 0 0 0 [ 742.489658] Killed process 14660 (systemd-journal) total-vm:46096kB, anon-rss:472kB, file-rss:0kB, shmem-rss:2256kB [ 742.492364] Node 1 Normal free:26864kB min:53696kB low:67120kB high:80544kB active_anon:1540kB inactive_anon:16324kB active_file:604kB inactive_file:84kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:204kB bounce:0kB free_pcp:672kB local_pcp:16kB free_cma:0kB [ 742.517676] oom_reaper: reaped process 14988 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 742.574223] in:imklog invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 742.587631] in:imklog cpuset=/ mems_allowed=0-1 [ 742.589863] lowmem_reserve[]: 0 0 0 0 0 [ 742.592392] CPU: 0 PID: 14678 Comm: in:imklog Not tainted 4.14.230-syzkaller #0 [ 742.596320] Node 0 [ 742.603745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 742.603749] Call Trace: [ 742.603764] dump_stack+0x1b2/0x281 [ 742.603776] dump_header+0x178/0x82f [ 742.603786] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 742.603795] ? ___ratelimit+0x2cd/0x530 [ 742.603806] oom_kill_process.cold+0x10/0xa40 [ 742.603823] out_of_memory+0xe3e/0x1190 [ 742.603835] ? oom_killer_disable+0x1c0/0x1c0 [ 742.603844] ? mutex_trylock+0x152/0x1a0 [ 742.613397] DMA: [ 742.615405] __alloc_pages_nodemask+0x23e1/0x2720 [ 742.617963] 56*4kB [ 742.621581] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 742.621605] alloc_pages_current+0x155/0x260 [ 742.625292] (UE) [ 742.630375] filemap_fault+0x11a1/0x1ad0 [ 742.630392] ext4_filemap_fault+0x84/0xb0 [ 742.630402] __do_fault+0xfa/0x380 [ 742.635466] 14*8kB [ 742.638832] __handle_mm_fault+0x2497/0x4620 [ 742.642825] (UE) [ 742.647260] ? vm_insert_page+0x7c0/0x7c0 [ 742.651311] 6*16kB [ 742.653341] ? lock_downgrade+0x740/0x740 [ 742.658149] (UE) 5*32kB [ 742.660378] ? mark_held_locks+0xa6/0xf0 [ 742.660390] handle_mm_fault+0x455/0x9c0 [ 742.660401] __do_page_fault+0x549/0xad0 [ 742.660413] ? spurious_fault+0x640/0x640 [ 742.665237] (UE) [ 742.669626] ? do_page_fault+0x60/0x500 [ 742.669634] ? page_fault+0x2f/0x50 [ 742.669641] page_fault+0x45/0x50 [ 742.669648] RIP: 0000:0x1f9f [ 742.669652] RSP: fc027e88:0000000000000000 EFLAGS: 7f11013e7430 [ 742.675883] Mem-Info: [ 742.680496] 1*64kB [ 742.684371] active_anon:12315 inactive_anon:10509 isolated_anon:0 [ 742.684371] active_file:59 inactive_file:1 isolated_file:3 [ 742.684371] unevictable:0 dirty:0 writeback:0 unstable:0 [ 742.684371] slab_reclaimable:13673 slab_unreclaimable:116733 [ 742.684371] mapped:43539 shmem:11023 pagetables:750 bounce:0 [ 742.684371] free:15303 free_pcp:33 free_cma:0 [ 742.699695] (E) [ 742.706377] Node 0 active_anon:48120kB inactive_anon:25712kB active_file:136kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:142728kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 742.729753] 3*128kB [ 742.735741] Node 1 active_anon:1140kB inactive_anon:16324kB active_file:100kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31428kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 742.738239] (UE) [ 742.744304] Node 0 DMA free:11024kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 742.744320] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 742.744344] Node 0 DMA32 free:22864kB min:36200kB low:45248kB high:54296kB active_anon:48120kB inactive_anon:25712kB active_file:148kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2796kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 742.744360] lowmem_reserve[]: 0 0 0 0 0 [ 742.744379] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 742.744394] lowmem_reserve[]: [ 742.782077] 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 11024kB [ 742.782115] Node 0 DMA32: 2201*4kB (UME) 786*8kB (UME) 145*16kB (UME) 167*32kB (UME) 0*64kB 0*128kB 0*256kB [ 742.788046] 0 [ 742.812224] 0*512kB [ 742.820252] 0 [ 742.842151] 0*1024kB [ 742.846638] 0 [ 742.870261] 0*2048kB [ 742.877861] 0 [ 742.903555] 0*4096kB = 22756kB [ 742.903563] Node 0 Normal: 0*4kB 0*8kB 0*16kB [ 742.911798] 0 [ 742.944851] 0*32kB [ 742.965081] 0*64kB [ 742.967392] Node 1 [ 742.969170] 0*128kB 0*256kB [ 742.974599] syz-executor.0: [ 742.979578] 0*512kB [ 742.985361] Normal free:26792kB min:53696kB low:67120kB high:80544kB active_anon:1540kB inactive_anon:16324kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:212kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 742.985414] 0*1024kB [ 742.988410] lowmem_reserve[]: [ 743.004031] 0*2048kB [ 743.025935] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 743.041534] 0*4096kB = 0kB [ 743.044375] Node 1 Normal: 78*4kB (UM) 58*8kB (UM) 52*16kB (UME) 225*32kB (UME) 277*64kB (UM) 2*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26792kB [ 743.044768] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 743.065745] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 743.070495] CPU: 0 PID: 14988 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 743.074613] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 743.082450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 743.082454] Call Trace: [ 743.082472] dump_stack+0x1b2/0x281 [ 743.082487] warn_alloc.cold+0x96/0x1cc [ 743.082499] ? zone_watermark_ok_safe+0x220/0x220 [ 743.082522] __alloc_pages_nodemask+0x2127/0x2720 [ 743.082538] ? lock_acquire+0x170/0x3f0 [ 743.096860] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 743.100431] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 743.100449] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 743.100461] ? __mutex_unlock_slowpath+0x75/0x770 [ 743.103025] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 743.106662] alloc_pages_current+0x155/0x260 [ 743.118631] 11048 total pagecache pages [ 743.120258] ion_page_pool_alloc+0x118/0x1b0 [ 743.120269] ion_system_heap_allocate+0x133/0x8c0 [ 743.120280] ? _raw_spin_unlock+0x29/0x40 [ 743.120290] ? _ion_heap_freelist_drain+0x6e/0x410 [ 743.124243] 0 pages in swap cache [ 743.133052] ? ion_system_contig_heap_create+0x130/0x130 [ 743.133062] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 743.133073] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 743.133084] ion_alloc+0x27a/0x810 [ 743.133099] ? ion_dma_buf_release+0x40/0x40 [ 743.133111] ? __might_fault+0x177/0x1b0 [ 743.133120] ion_ioctl+0xea/0x1f0 [ 743.133129] ? ion_query_heaps+0x360/0x360 [ 743.145661] Swap cache stats: add 0, delete 0, find 0/0 [ 743.148201] ? ion_query_heaps+0x360/0x360 [ 743.157243] Free swap = 0kB [ 743.161143] do_vfs_ioctl+0x75a/0xff0 [ 743.161156] ? ioctl_preallocate+0x1a0/0x1a0 [ 743.161166] ? lock_downgrade+0x740/0x740 [ 743.161179] ? __fget+0x225/0x360 [ 743.161189] ? do_vfs_ioctl+0xff0/0xff0 [ 743.161200] ? security_file_ioctl+0x83/0xb0 [ 743.161212] SyS_ioctl+0x7f/0xb0 [ 743.173209] Total swap = 0kB [ 743.174370] ? do_vfs_ioctl+0xff0/0xff0 [ 743.178493] 2097051 pages RAM [ 743.183405] do_syscall_64+0x1d5/0x640 [ 743.183421] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 743.183429] RIP: 0033:0x466459 [ 743.183435] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 743.183444] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 743.183451] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 743.194994] 0 pages HighMem/MovableOnly [ 743.197305] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 743.203870] 363848 pages reserved [ 743.205642] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 743.216433] 0 pages cma reserved [ 743.217500] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 743.333229] 0 [ 743.349756] systemd[1]: systemd-journald.service: Failed with result 'signal'. [ 743.370340] 0 0 0 0 [ 743.376789] Node 0 DMA: 56*4kB (UE) 14*8kB (UE) 6*16kB (UE) 5*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 11024kB [ 743.433716] Node 0 DMA32: 2168*4kB (ME) 769*8kB (UME) 134*16kB (ME) 609*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36456kB [ 743.456308] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 743.461976] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 743.485398] Node 1 Normal: 99*4kB (UM) 73*8kB (UM) 61*16kB (UME) 578*32kB (UME) 78*64kB (UM) 2*128kB (M) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 26724kB [ 743.519588] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 743.528539] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 743.540939] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 743.546068] CPU: 0 PID: 14972 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 743.553940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 743.563285] Call Trace: [ 743.565879] dump_stack+0x1b2/0x281 [ 743.569508] warn_alloc.cold+0x96/0x1cc [ 743.573479] ? zone_watermark_ok_safe+0x220/0x220 [ 743.578329] __alloc_pages_nodemask+0x2127/0x2720 [ 743.583168] ? lock_acquire+0x170/0x3f0 [ 743.587140] ? lock_acquire+0x170/0x3f0 [ 743.591123] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 743.595971] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 743.601421] ? __mutex_unlock_slowpath+0x75/0x770 [ 743.606264] alloc_pages_current+0x155/0x260 [ 743.610671] ion_page_pool_alloc+0x118/0x1b0 [ 743.615072] ion_system_heap_allocate+0x133/0x8c0 [ 743.619911] ? _raw_spin_unlock+0x29/0x40 [ 743.624054] ? _ion_heap_freelist_drain+0x6e/0x410 [ 743.628976] ? ion_system_contig_heap_create+0x130/0x130 [ 743.634425] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 743.639436] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 743.644275] ion_alloc+0x27a/0x810 [ 743.647818] ? ion_dma_buf_release+0x40/0x40 [ 743.652226] ? __might_fault+0x177/0x1b0 [ 743.656281] ion_ioctl+0xea/0x1f0 [ 743.659745] ? ion_query_heaps+0x360/0x360 [ 743.663979] ? ion_query_heaps+0x360/0x360 [ 743.668205] do_vfs_ioctl+0x75a/0xff0 [ 743.672004] ? ioctl_preallocate+0x1a0/0x1a0 [ 743.676401] ? lock_downgrade+0x740/0x740 [ 743.680546] ? __fget+0x225/0x360 [ 743.684000] ? do_vfs_ioctl+0xff0/0xff0 [ 743.687967] ? security_file_ioctl+0x83/0xb0 [ 743.688520] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 743.692365] SyS_ioctl+0x7f/0xb0 [ 743.692373] ? do_vfs_ioctl+0xff0/0xff0 [ 743.692384] do_syscall_64+0x1d5/0x640 [ 743.692399] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 743.692406] RIP: 0033:0x466459 [ 743.692413] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 743.728454] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 743.735717] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 743.742980] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 743.750244] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 743.757506] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 743.804673] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 743.815870] 11054 total pagecache pages [ 743.816399] warn_alloc_show_mem: 1 callbacks suppressed [ 743.816402] Mem-Info: [ 743.819881] 0 pages in swap cache [ 743.819887] Swap cache stats: add 0, delete 0, find 0/0 [ 743.819891] Free swap = 0kB [ 743.819893] Total swap = 0kB [ 743.819900] 2097051 pages RAM [ 743.819906] 0 pages HighMem/MovableOnly [ 743.829039] active_anon:12275 inactive_anon:10508 isolated_anon:0 [ 743.829039] active_file:21 inactive_file:0 isolated_file:32 [ 743.829039] unevictable:0 dirty:0 writeback:0 unstable:0 [ 743.829039] slab_reclaimable:13673 slab_unreclaimable:116397 [ 743.829039] mapped:45071 shmem:11023 pagetables:736 bounce:0 [ 743.829039] free:18465 free_pcp:30 free_cma:0 [ 743.831106] 363848 pages reserved [ 743.831109] 0 pages cma reserved [ 743.831116] Out of memory (oom_kill_allocating_task): Kill process 14678 (in:imklog) score 0 or sacrifice child [ 743.831159] Killed process 14674 (rsyslogd) total-vm:254332kB, anon-rss:856kB, file-rss:0kB, shmem-rss:0kB [ 743.836474] Node 0 active_anon:48028kB inactive_anon:25712kB active_file:80kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:147680kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 743.950324] oom_reaper: reaped process 14694 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 743.960361] Node 1 active_anon:972kB inactive_anon:16320kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32604kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 743.988648] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 744.015139] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 744.026629] Node 0 DMA32 free:18240kB min:36200kB low:45248kB high:54296kB active_anon:47176kB inactive_anon:25712kB active_file:48kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7488kB pagetables:2696kB bounce:0kB free_pcp:164kB local_pcp:0kB free_cma:0kB [ 744.032284] syz-executor.0 invoked oom-killer: gfp_mask=0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 744.055986] lowmem_reserve[]: 0 0 0 0 0 [ 744.074799] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 744.095735] (null) [ 744.106245] syz-executor.5: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 744.125983] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 744.131130] CPU: 0 PID: 14694 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 744.135060] , order=0, oom_score_adj=1000 [ 744.138995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 744.139001] Call Trace: [ 744.139017] dump_stack+0x1b2/0x281 [ 744.157433] syz-executor.0 cpuset= [ 744.158854] warn_alloc.cold+0x96/0x1cc [ 744.158866] ? zone_watermark_ok_safe+0x220/0x220 [ 744.167321] / [ 744.171261] ? usleep_range+0x130/0x130 [ 744.171274] ? try_to_free_pages+0x23f/0x6e0 [ 744.171285] ? _find_next_bit+0xdb/0x100 [ 744.185435] ? run_timer_softirq+0x5a0/0x5a0 [ 744.186975] mems_allowed=0-1 [ 744.189842] __alloc_pages_nodemask+0x2127/0x2720 [ 744.189861] ? lock_acquire+0x170/0x3f0 [ 744.189877] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 744.189888] ? ion_page_pool_alloc+0x9e/0x1b0 [ 744.189905] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 744.189923] alloc_pages_current+0x155/0x260 [ 744.220910] ion_page_pool_alloc+0x118/0x1b0 [ 744.225312] ion_system_heap_allocate+0x133/0x8c0 [ 744.230146] ? ion_alloc+0x187/0x810 [ 744.233852] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 744.239290] ? ion_system_contig_heap_create+0x130/0x130 [ 744.244731] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 744.249745] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 744.254583] ion_alloc+0x204/0x810 [ 744.258113] ? ion_dma_buf_release+0x40/0x40 [ 744.262512] ? __might_fault+0x177/0x1b0 [ 744.266569] ion_ioctl+0xea/0x1f0 [ 744.270014] ? ion_query_heaps+0x360/0x360 [ 744.274245] ? ion_query_heaps+0x360/0x360 [ 744.278467] do_vfs_ioctl+0x75a/0xff0 [ 744.282259] ? ioctl_preallocate+0x1a0/0x1a0 [ 744.286656] ? lock_downgrade+0x740/0x740 [ 744.290820] ? __fget+0x225/0x360 [ 744.294268] ? do_vfs_ioctl+0xff0/0xff0 [ 744.298229] ? security_file_ioctl+0x83/0xb0 [ 744.302625] SyS_ioctl+0x7f/0xb0 [ 744.305981] ? do_vfs_ioctl+0xff0/0xff0 [ 744.309949] do_syscall_64+0x1d5/0x640 [ 744.313833] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 744.319008] RIP: 0033:0x466459 [ 744.322183] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 744.329887] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 744.337252] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 744.344508] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 744.351771] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 744.359033] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 744.367864] CPU: 1 PID: 14988 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 744.373965] lowmem_reserve[]: [ 744.375750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 744.375757] 0 [ 744.378838] Call Trace: [ 744.388207] 0 [ 744.389968] dump_stack+0x1b2/0x281 [ 744.389982] dump_header+0x178/0x82f [ 744.392538] 0 [ 744.394342] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 744.397938] 0 [ 744.401632] ? ___ratelimit+0x2cd/0x530 [ 744.401645] oom_kill_process.cold+0x10/0xa40 [ 744.401664] out_of_memory+0xe3e/0x1190 [ 744.401679] ? oom_killer_disable+0x1c0/0x1c0 [ 744.403463] 0 [ 744.408550] ? mutex_trylock+0x152/0x1a0 [ 744.414286] __alloc_pages_nodemask+0x23e1/0x2720 [ 744.418749] Node 1 [ 744.422718] ? lock_acquire+0x170/0x3f0 [ 744.422734] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 744.427214] Normal free:26872kB min:53696kB low:67120kB high:80544kB active_anon:872kB inactive_anon:16320kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:136kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 744.428988] ? ion_page_pool_alloc+0x9e/0x1b0 [ 744.433038] lowmem_reserve[]: [ 744.437851] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 744.440077] 0 [ 744.444025] alloc_pages_current+0x155/0x260 [ 744.448832] 0 [ 744.476230] ion_page_pool_alloc+0x118/0x1b0 [ 744.476240] ion_system_heap_allocate+0x133/0x8c0 [ 744.476251] ? _raw_spin_unlock+0x29/0x40 [ 744.476261] ? _ion_heap_freelist_drain+0x6e/0x410 [ 744.480747] 0 [ 744.483817] ? ion_system_contig_heap_create+0x130/0x130 [ 744.489234] 0 [ 744.491018] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 744.491028] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 744.491041] ion_alloc+0x27a/0x810 [ 744.495454] 0 [ 744.497242] ? ion_dma_buf_release+0x40/0x40 [ 744.506553] ? __might_fault+0x177/0x1b0 [ 744.510699] Node 0 [ 744.515588] ion_ioctl+0xea/0x1f0 [ 744.517358] DMA: 41*4kB [ 744.522797] ? ion_query_heaps+0x360/0x360 [ 744.522809] ? ion_query_heaps+0x360/0x360 [ 744.522822] do_vfs_ioctl+0x75a/0xff0 [ 744.524689] (UE) [ 744.529777] ? ioctl_preallocate+0x1a0/0x1a0 [ 744.529786] ? lock_downgrade+0x740/0x740 [ 744.529799] ? __fget+0x225/0x360 [ 744.534613] 14*8kB [ 744.538132] ? do_vfs_ioctl+0xff0/0xff0 [ 744.539933] (UE) [ 744.544305] ? security_file_ioctl+0x83/0xb0 [ 744.548354] 6*16kB [ 744.550574] SyS_ioctl+0x7f/0xb0 [ 744.550582] ? do_vfs_ioctl+0xff0/0xff0 [ 744.550596] do_syscall_64+0x1d5/0x640 [ 744.554026] (UE) [ 744.556689] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 744.560914] 5*32kB [ 744.565120] RIP: 0033:0x466459 [ 744.568895] (UE) [ 744.570935] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 744.570945] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 744.570950] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 744.570954] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 744.570959] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 744.570964] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 744.586487] Mem-Info: [ 744.596784] 1*64kB [ 744.611859] active_anon:12012 inactive_anon:10508 isolated_anon:0 [ 744.611859] active_file:13 inactive_file:12 isolated_file:0 [ 744.611859] unevictable:0 dirty:0 writeback:0 unstable:0 [ 744.611859] slab_reclaimable:13665 slab_unreclaimable:116414 [ 744.611859] mapped:45057 shmem:11023 pagetables:708 bounce:0 [ 744.611859] free:13833 free_pcp:30 free_cma:0 [ 744.645349] (E) [ 744.804283] Node 0 active_anon:47176kB inactive_anon:25712kB active_file:48kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:147616kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 744.834992] 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 10964kB [ 744.859541] Node 1 active_anon:1372kB inactive_anon:16320kB active_file:1004kB inactive_file:7656kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:66512kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 744.879483] Node 0 DMA32: 2078*4kB (ME) 739*8kB (ME) 130*16kB (UME) 33*32kB (UME) 806*64kB (UM) 79*128kB (U) 12*256kB (U) 10*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 87248kB [ 744.932160] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 744.949479] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 744.974163] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 744.990054] Node 1 Normal: 2*4kB (UM) 2*8kB (UM) 2*16kB (E) 5*32kB (UME) 1959*64kB (UM) 74*128kB (UM) 20*256kB (U) 22*512kB (U) 221*1024kB (U) 21*2048kB (U) 1*4096kB (U) = 424856kB [ 744.999500] Node 0 DMA32 free:133292kB min:36200kB low:45248kB high:54296kB active_anon:47444kB inactive_anon:25712kB active_file:172kB inactive_file:796kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7488kB pagetables:2736kB bounce:0kB free_pcp:432kB local_pcp:236kB free_cma:0kB [ 745.029479] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 745.049414] lowmem_reserve[]: 0 0 0 0 0 [ 745.059500] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 745.059509] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 745.063470] Node 0 [ 745.072697] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 745.092318] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL [ 745.109503] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 745.119470] 13674 total pagecache pages [ 745.149565] systemd[1]: rsyslog.service: Unit entered failed state. [ 745.169558] 0 pages in swap cache [ 745.172254] lowmem_reserve[]: [ 745.173011] Swap cache stats: add 0, delete 0, find 0/0 [ 745.173017] 0 [ 745.176096] Free swap = 0kB [ 745.176101] Total swap = 0kB [ 745.189693] systemd[1]: rsyslog.service: Failed with result 'signal'. [ 745.192216] 0 0 0 0 [ 745.198592] Node 1 Normal free:425188kB min:53696kB low:67120kB high:80544kB active_anon:584kB inactive_anon:16320kB active_file:3976kB inactive_file:4780kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:412kB bounce:0kB free_pcp:1368kB local_pcp:652kB free_cma:0kB [ 745.206129] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 745.249542] 2097051 pages RAM [ 745.252647] 0 pages HighMem/MovableOnly [ 745.256605] 363848 pages reserved [ 745.260151] 0 pages cma reserved [ 745.271363] lowmem_reserve[]: 0 0 0 0 0 [ 745.275388] Node 0 DMA: 41*4kB (UE) 14*8kB (UE) 6*16kB (UE) 5*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 10964kB [ 745.309936] systemd[1]: rsyslog.service: Service hold-off time over, scheduling restart. [ 745.318975] systemd[1]: Stopped System Logging Service. [ 745.332587] Node 0 DMA32: 1501*4kB (ME) 734*8kB (UME) 129*16kB (ME) 33*32kB (UME) 986*64kB (UM) 128*128kB (U) 54*256kB (U) 10*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 113428kB [ 745.362837] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 745.368429] systemd[1]: Starting System Logging Service... [ 745.376517] Node 1 Normal: 52*4kB (UM) 15*8kB (UM) 6*16kB (UME) 9*32kB (UME) 2193*64kB (UM) 194*128kB (UM) 24*256kB (U) 24*512kB (U) 221*1024kB (U) 21*2048kB (U) 1*4096kB (U) = 457736kB [ 745.397319] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 745.405331] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 745.430328] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 745.432346] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 745.479479] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 745.519478] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 745.528098] 14044 total pagecache pages [ 745.553874] 0 pages in swap cache [ 745.579540] Swap cache stats: add 0, delete 0, find 0/0 [ 745.585287] Free swap = 0kB [ 745.588348] Total swap = 0kB [ 745.594242] 2097051 pages RAM [ 745.597376] 0 pages HighMem/MovableOnly [ 745.612397] 363848 pages reserved [ 745.615943] 0 pages cma reserved [ 745.619308] Out of memory (oom_kill_allocating_task): Kill process 14988 (syz-executor.0) score 0 or sacrifice child [ 745.652261] Killed process 14988 (syz-executor.0) total-vm:93384kB, anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 745.665673] syz-executor.0: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 745.719062] oom_reaper: reaped process 14978 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 745.723851] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 745.752188] CPU: 1 PID: 14988 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 745.760076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.769421] Call Trace: [ 745.772010] dump_stack+0x1b2/0x281 [ 745.775639] warn_alloc.cold+0x96/0x1cc [ 745.779606] ? zone_watermark_ok_safe+0x220/0x220 [ 745.784457] ? wait_for_completion_io+0x10/0x10 [ 745.789124] __alloc_pages_nodemask+0x2127/0x2720 [ 745.793966] ? lock_acquire+0x170/0x3f0 [ 745.797937] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 745.802771] ? ion_page_pool_alloc+0x9e/0x1b0 [ 745.804743] ion_system_heap invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 745.807265] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 745.807268] , order=0, oom_score_adj=0 [ 745.807274] ion_system_heap cpuset= [ 745.817051] alloc_pages_current+0x155/0x260 [ 745.817065] ion_page_pool_alloc+0x118/0x1b0 [ 745.822505] / [ 745.826448] ion_system_heap_allocate+0x133/0x8c0 [ 745.830062] mems_allowed=0-1 [ 745.834449] ? _raw_spin_unlock+0x29/0x40 [ 745.852527] ? _ion_heap_freelist_drain+0x6e/0x410 [ 745.857459] ? ion_system_contig_heap_create+0x130/0x130 [ 745.862890] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 745.867888] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 745.872712] ion_alloc+0x27a/0x810 [ 745.876233] ? ion_dma_buf_release+0x40/0x40 [ 745.880626] ? __might_fault+0x177/0x1b0 [ 745.884667] ion_ioctl+0xea/0x1f0 [ 745.888101] ? ion_query_heaps+0x360/0x360 [ 745.892317] ? ion_query_heaps+0x360/0x360 [ 745.896535] do_vfs_ioctl+0x75a/0xff0 [ 745.900317] ? ioctl_preallocate+0x1a0/0x1a0 [ 745.904719] ? lock_downgrade+0x740/0x740 [ 745.908849] ? __fget+0x225/0x360 [ 745.912281] ? do_vfs_ioctl+0xff0/0xff0 [ 745.916235] ? security_file_ioctl+0x83/0xb0 [ 745.920625] SyS_ioctl+0x7f/0xb0 [ 745.923971] ? do_vfs_ioctl+0xff0/0xff0 [ 745.927925] do_syscall_64+0x1d5/0x640 [ 745.931795] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 745.936964] RIP: 0033:0x466459 [ 745.940220] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 745.947906] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 745.955154] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 745.962404] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 745.969671] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 745.976920] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 745.984180] CPU: 0 PID: 4247 Comm: ion_system_heap Not tainted 4.14.230-syzkaller #0 [ 745.992054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.001426] Call Trace: [ 746.004010] dump_stack+0x1b2/0x281 [ 746.007659] dump_header+0x178/0x82f [ 746.011369] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 746.011923] syz-executor.1: [ 746.016457] ? ___ratelimit+0x2cd/0x530 [ 746.016460] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 746.019462] oom_kill_process.cold+0x10/0xa40 [ 746.019473] ? lock_downgrade+0x740/0x740 [ 746.019488] out_of_memory+0x2dc/0x1190 [ 746.019501] ? oom_killer_disable+0x1c0/0x1c0 [ 746.019509] ? mutex_trylock+0x152/0x1a0 [ 746.019520] __alloc_pages_nodemask+0x23e1/0x2720 [ 746.019539] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 746.043505] (null) [ 746.045944] ? ion_heap_clear_pages+0x4c/0x70 [ 746.056444] syz-executor.1 cpuset= [ 746.059273] ? lock_acquire+0x170/0x3f0 [ 746.068173] / [ 746.070782] ? cache_grow_begin+0x3f/0x700 [ 746.084166] cache_grow_begin+0x91/0x700 [ 746.084522] mems_allowed=0-1 [ 746.088222] fallback_alloc+0x207/0x2c0 [ 746.095271] kmem_cache_alloc_node_trace+0xed/0x400 [ 746.100281] __get_vm_area_node+0xed/0x340 [ 746.104522] vmap+0xd5/0x290 [ 746.107522] ? ion_heap_clear_pages+0x23/0x70 [ 746.112001] ? vunmap+0x50/0x50 [ 746.115269] ? __vunmap+0x21c/0x300 [ 746.118890] ion_heap_clear_pages+0x23/0x70 [ 746.123204] ion_heap_sglist_zero+0x165/0x220 [ 746.127685] ? ion_heap_clear_pages+0x70/0x70 [ 746.132170] ? finish_task_switch+0x178/0x610 [ 746.136661] ? pagerange_is_ram_callback+0x100/0x100 [ 746.141752] ? ion_heap_deferred_free+0x222/0x470 [ 746.146583] ion_system_heap_free+0x1d0/0x240 [ 746.151072] ion_buffer_destroy+0x132/0x190 [ 746.155387] ion_heap_deferred_free+0x22a/0x470 [ 746.160047] ? __schedule+0x7a7/0x1de0 [ 746.163926] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 746.168582] ? wait_woken+0x230/0x230 [ 746.172371] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 746.177481] ? ion_heap_shrink_scan+0x1a0/0x1a0 [ 746.182138] kthread+0x30d/0x420 [ 746.185494] ? kthread_create_on_node+0xd0/0xd0 [ 746.190156] ret_from_fork+0x24/0x30 [ 746.196517] warn_alloc_show_mem: 2 callbacks suppressed [ 746.196520] Mem-Info: [ 746.197090] syz-executor.5: [ 746.209053] active_anon:12008 inactive_anon:10508 isolated_anon:0 [ 746.209053] active_file:22 inactive_file:26 isolated_file:0 [ 746.209053] unevictable:0 dirty:0 writeback:0 unstable:0 [ 746.209053] slab_reclaimable:13657 slab_unreclaimable:115640 [ 746.209053] mapped:52242 shmem:11023 pagetables:773 bounce:0 [ 746.209053] free:13877 free_pcp:30 free_cma:0 [ 746.227726] CPU: 0 PID: 14978 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 746.253167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.258176] Node 0 active_anon:47652kB inactive_anon:25712kB active_file:32kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:147616kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 746.262507] Call Trace: [ 746.262526] dump_stack+0x1b2/0x281 [ 746.262539] warn_alloc.cold+0x96/0x1cc [ 746.262552] ? zone_watermark_ok_safe+0x220/0x220 [ 746.262563] ? usleep_range+0x130/0x130 [ 746.262571] ? try_to_free_pages+0x23f/0x6e0 [ 746.262580] ? _find_next_bit+0xdb/0x100 [ 746.262591] ? run_timer_softirq+0x5a0/0x5a0 [ 746.303124] Node 1 active_anon:452kB inactive_anon:16320kB active_file:8kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:61284kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 746.305211] __alloc_pages_nodemask+0x2127/0x2720 [ 746.309147] Node 0 [ 746.313542] ? lock_acquire+0x170/0x3f0 [ 746.313558] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 746.313568] ? ion_page_pool_alloc+0x9e/0x1b0 [ 746.313586] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 746.313606] alloc_pages_current+0x155/0x260 [ 746.313616] ion_page_pool_alloc+0x118/0x1b0 [ 746.313624] ion_system_heap_allocate+0x133/0x8c0 [ 746.313634] ? ion_alloc+0x187/0x810 [ 746.330608] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 746.349111] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 746.349122] ? ion_system_contig_heap_create+0x130/0x130 [ 746.349131] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 746.349144] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 746.349155] ion_alloc+0x204/0x810 [ 746.349169] ? ion_dma_buf_release+0x40/0x40 [ 746.349182] ? __might_fault+0x177/0x1b0 [ 746.349193] ion_ioctl+0xea/0x1f0 [ 746.349201] ? ion_query_heaps+0x360/0x360 [ 746.349212] ? ion_query_heaps+0x360/0x360 [ 746.366841] lowmem_reserve[]: [ 746.369504] do_vfs_ioctl+0x75a/0xff0 [ 746.369517] ? ioctl_preallocate+0x1a0/0x1a0 [ 746.369526] ? lock_downgrade+0x740/0x740 [ 746.369540] ? __fget+0x225/0x360 [ 746.369550] ? do_vfs_ioctl+0xff0/0xff0 [ 746.369561] ? security_file_ioctl+0x83/0xb0 [ 746.369571] SyS_ioctl+0x7f/0xb0 [ 746.369580] ? do_vfs_ioctl+0xff0/0xff0 [ 746.386928] 0 [ 746.388636] do_syscall_64+0x1d5/0x640 [ 746.396830] 2717 [ 746.417816] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 746.417825] RIP: 0033:0x466459 [ 746.417830] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 746.417839] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 746.417845] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 746.417850] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 746.417856] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 746.417861] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 746.424259] page allocation failure: order:4 [ 746.443987] 2718 [ 746.467273] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 746.484444] 2718 [ 746.491979] (null) [ 746.509362] 2718 [ 746.512268] syz-executor.5 cpuset= [ 746.516472] syz-executor.2: [ 746.521420] / mems_allowed=0-1 [ 746.521438] CPU: 0 PID: 14694 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 746.521444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.521448] Call Trace: [ 746.521465] dump_stack+0x1b2/0x281 [ 746.521478] warn_alloc.cold+0x96/0x1cc [ 746.521490] ? zone_watermark_ok_safe+0x220/0x220 [ 746.521511] __alloc_pages_nodemask+0x2127/0x2720 [ 746.521528] ? lock_acquire+0x170/0x3f0 [ 746.521544] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 746.521561] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 746.521574] ? __mutex_unlock_slowpath+0x75/0x770 [ 746.521584] ? __list_del_entry_valid+0xb3/0xf0 [ 746.521597] alloc_pages_current+0x155/0x260 [ 746.521610] ion_page_pool_alloc+0x118/0x1b0 [ 746.541447] page allocation failure: order:0 [ 746.543376] ion_system_heap_allocate+0x133/0x8c0 [ 746.564320] ? _raw_spin_unlock+0x29/0x40 [ 746.585161] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 746.587737] ? _ion_heap_freelist_drain+0x6e/0x410 [ 746.613735] Node 0 [ 746.615152] ? ion_system_contig_heap_create+0x130/0x130 [ 746.638001] DMA32 free:18044kB min:36200kB low:45248kB high:54296kB active_anon:47652kB inactive_anon:25712kB active_file:32kB inactive_file:32kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7520kB pagetables:2752kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 746.639009] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 746.665847] (null) [ 746.666488] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 746.686994] lowmem_reserve[]: [ 746.690247] ion_alloc+0x27a/0x810 [ 746.690262] ? ion_dma_buf_release+0x40/0x40 [ 746.690276] ? __might_fault+0x177/0x1b0 [ 746.690288] ion_ioctl+0xea/0x1f0 [ 746.690297] ? ion_query_heaps+0x360/0x360 [ 746.690309] ? ion_query_heaps+0x360/0x360 [ 746.690319] do_vfs_ioctl+0x75a/0xff0 [ 746.690331] ? ioctl_preallocate+0x1a0/0x1a0 [ 746.690343] ? lock_downgrade+0x740/0x740 [ 746.738046] syz-executor.2 cpuset= [ 746.741375] ? __fget+0x225/0x360 [ 746.741386] ? do_vfs_ioctl+0xff0/0xff0 [ 746.741397] ? security_file_ioctl+0x83/0xb0 [ 746.741408] SyS_ioctl+0x7f/0xb0 [ 746.741416] ? do_vfs_ioctl+0xff0/0xff0 [ 746.741427] do_syscall_64+0x1d5/0x640 [ 746.741442] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 746.764491] / [ 746.765625] RIP: 0033:0x466459 [ 746.786018] mems_allowed=0-1 [ 746.788475] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 746.817113] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 746.824367] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 746.831629] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 746.838885] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 746.846226] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 746.856395] 0 0 0 0 0 [ 746.858920] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 746.861319] CPU: 0 PID: 14972 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 746.892307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.899246] lowmem_reserve[]: [ 746.901648] Call Trace: [ 746.901667] dump_stack+0x1b2/0x281 [ 746.901681] warn_alloc.cold+0x96/0x1cc [ 746.901694] ? zone_watermark_ok_safe+0x220/0x220 [ 746.901704] ? usleep_range+0x130/0x130 [ 746.901712] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 746.901724] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 746.901734] ? run_timer_softirq+0x5a0/0x5a0 [ 746.909199] 0 [ 746.911000] __alloc_pages_nodemask+0x2127/0x2720 [ 746.911017] ? lock_acquire+0x170/0x3f0 [ 746.911033] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 746.911043] ? ion_page_pool_alloc+0x9e/0x1b0 [ 746.911059] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 746.911079] alloc_pages_current+0x155/0x260 [ 746.931260] 0 [ 746.933893] ion_page_pool_alloc+0x118/0x1b0 [ 746.938268] 0 [ 746.940050] ion_system_heap_allocate+0x133/0x8c0 [ 746.940062] ? _raw_spin_unlock+0x29/0x40 [ 746.940071] ? _ion_heap_freelist_drain+0x6e/0x410 [ 746.940080] ? ion_system_contig_heap_create+0x130/0x130 [ 746.940097] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 746.940109] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 746.940120] ion_alloc+0x27a/0x810 [ 746.940134] ? ion_dma_buf_release+0x40/0x40 [ 746.940146] ? __might_fault+0x177/0x1b0 [ 746.940157] ion_ioctl+0xea/0x1f0 [ 746.959874] 0 [ 746.963674] ? ion_query_heaps+0x360/0x360 [ 746.968053] 0 [ 746.969838] ? ion_query_heaps+0x360/0x360 [ 746.969850] do_vfs_ioctl+0x75a/0xff0 [ 746.969861] ? ioctl_preallocate+0x1a0/0x1a0 [ 746.969870] ? lock_downgrade+0x740/0x740 [ 746.969884] ? __fget+0x225/0x360 [ 746.969893] ? do_vfs_ioctl+0xff0/0xff0 [ 746.969906] ? security_file_ioctl+0x83/0xb0 [ 746.969915] SyS_ioctl+0x7f/0xb0 [ 746.969924] ? do_vfs_ioctl+0xff0/0xff0 [ 746.989956] do_syscall_64+0x1d5/0x640 [ 746.989972] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 746.989981] RIP: 0033:0x466459 [ 746.989986] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 746.989996] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 746.990001] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 746.990009] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 747.009282] Node 1 [ 747.013182] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 747.013188] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 747.064675] Mem-Info: [ 747.103020] Normal free:64864kB min:53696kB low:67120kB high:80544kB active_anon:452kB inactive_anon:16320kB active_file:28kB inactive_file:532kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:192kB pagetables:352kB bounce:0kB free_pcp:0kB local_pcp:12kB free_cma:0kB [ 747.108388] syz-executor.5: [ 747.124537] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.139379] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 747.190099] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 747.195561] CPU: 0 PID: 14694 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 747.196313] lowmem_reserve[]: [ 747.203437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 747.203441] Call Trace: [ 747.203457] dump_stack+0x1b2/0x281 [ 747.203471] warn_alloc.cold+0x96/0x1cc [ 747.203490] ? zone_watermark_ok_safe+0x220/0x220 [ 747.203499] ? usleep_range+0x130/0x130 [ 747.203519] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 747.203531] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 747.203545] ? run_timer_softirq+0x5a0/0x5a0 [ 747.203562] __alloc_pages_nodemask+0x2127/0x2720 [ 747.203576] ? lock_acquire+0x170/0x3f0 [ 747.203590] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 747.203603] ? ion_page_pool_alloc+0x9e/0x1b0 [ 747.203618] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 747.203635] ? __list_del_entry_valid+0xb3/0xf0 [ 747.256993] 0 [ 747.258242] alloc_pages_current+0x155/0x260 [ 747.258256] ion_page_pool_alloc+0x118/0x1b0 [ 747.258266] ion_system_heap_allocate+0x133/0x8c0 [ 747.258278] ? _raw_spin_unlock+0x29/0x40 [ 747.258288] ? _ion_heap_freelist_drain+0x6e/0x410 [ 747.286571] 0 [ 747.288250] ? ion_system_contig_heap_create+0x130/0x130 [ 747.288262] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 747.288273] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 747.288285] ion_alloc+0x27a/0x810 [ 747.288298] ? ion_dma_buf_release+0x40/0x40 [ 747.288310] ? __might_fault+0x177/0x1b0 [ 747.288321] ion_ioctl+0xea/0x1f0 [ 747.334643] ? ion_query_heaps+0x360/0x360 [ 747.336467] 0 [ 747.338876] ? ion_query_heaps+0x360/0x360 [ 747.338888] do_vfs_ioctl+0x75a/0xff0 [ 747.338899] ? ioctl_preallocate+0x1a0/0x1a0 [ 747.338909] ? lock_downgrade+0x740/0x740 [ 747.338923] ? __fget+0x225/0x360 [ 747.338932] ? do_vfs_ioctl+0xff0/0xff0 [ 747.338943] ? security_file_ioctl+0x83/0xb0 [ 747.338955] SyS_ioctl+0x7f/0xb0 [ 747.338963] ? do_vfs_ioctl+0xff0/0xff0 [ 747.338975] do_syscall_64+0x1d5/0x640 [ 747.338991] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 747.351515] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.353301] RIP: 0033:0x466459 [ 747.353306] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 747.353316] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 747.353321] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 747.353326] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 747.353332] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 747.353337] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 747.354930] warn_alloc_show_mem: 3 callbacks suppressed [ 747.354933] Mem-Info: [ 747.382221] 0 [ 747.403040] active_anon:12101 inactive_anon:10508 isolated_anon:0 [ 747.403040] active_file:690 inactive_file:1616 isolated_file:0 [ 747.403040] unevictable:0 dirty:0 writeback:0 unstable:0 [ 747.403040] slab_reclaimable:13657 slab_unreclaimable:115957 [ 747.403040] mapped:53700 shmem:11023 pagetables:776 bounce:0 [ 747.403040] free:62021 free_pcp:292 free_cma:0 [ 747.412815] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.420945] Node 0 active_anon:47452kB inactive_anon:25712kB active_file:32kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:147616kB dirty:0kB writeback:0kB shmem:27704kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 747.463158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 747.487163] Node 1 active_anon:1052kB inactive_anon:16320kB active_file:2828kB inactive_file:6632kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:67384kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 747.531837] 0 [ 747.585177] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 747.618388] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 747.624182] Node 0 DMA32 free:20396kB min:36200kB low:45248kB high:54296kB active_anon:47452kB inactive_anon:25712kB active_file:32kB inactive_file:32kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7520kB pagetables:2752kB bounce:0kB free_pcp:960kB local_pcp:436kB free_cma:0kB [ 747.626116] device bridge_slave_1 left promiscuous mode [ 747.656494] lowmem_reserve[]: 0 0 0 0 0 [ 747.665279] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 747.669453] Node 0 [ 747.698714] bridge0: port 2(bridge_slave_1) entered disabled state [ 747.717584] device bridge_slave_0 left promiscuous mode [ 747.732746] lowmem_reserve[]: 0 0 0 0 0 [ 747.736747] Node 1 Normal free:589964kB min:53696kB low:67120kB high:80544kB active_anon:1452kB inactive_anon:16320kB active_file:3228kB inactive_file:8132kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:256kB pagetables:352kB bounce:0kB free_pcp:256kB local_pcp:156kB free_cma:0kB [ 747.749359] DMA: [ 747.776778] bridge0: port 1(bridge_slave_0) entered disabled state [ 747.788167] device veth1_macvtap left promiscuous mode [ 747.789366] 41*4kB (UE) 14*8kB (UE) 6*16kB (UE) 5*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 10964kB [ 747.796309] device veth0_macvtap left promiscuous mode [ 747.816208] lowmem_reserve[]: 0 0 0 0 0 [ 747.820657] device veth1_vlan left promiscuous mode [ 747.825699] device veth0_vlan left promiscuous mode [ 747.833745] Node 0 DMA: 41*4kB (UE) 14*8kB (UE) 6*16kB (UE) 5*32kB (UE) 1*64kB (E) 3*128kB (UE) 1*256kB (E) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 10964kB [ 747.849366] Node 0 DMA32: 1989*4kB (ME) 1166*8kB (UME) 143*16kB (UME) 31*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20564kB [ 747.889371] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 747.898972] Node 0 DMA32: 1865*4kB (ME) 1236*8kB (UME) 154*16kB (UME) 31*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 23*1024kB (U) 5*2048kB (U) 0*4096kB = 54596kB [ 747.929356] Node 1 Normal: 1*4kB (M) 2*8kB (UM) 2*16kB (E) 2*32kB (E) 1*64kB (U) 1*128kB (M) 1*256kB (M) 18*512kB (U) 649*1024kB (UM) 96*2048kB (U) 0*4096kB = 870964kB [ 747.942527] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 747.969395] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 747.975796] Node 1 [ 747.978242] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 747.978244] Normal: 1*4kB (M) 2*8kB (UM) 2*16kB (E) 2*32kB (E) 1*64kB (U) 1*128kB (M) 1*256kB (M) 18*512kB (U) 640*1024kB (UM) 96*2048kB (U) 0*4096kB = 861748kB [ 747.999433] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 748.018638] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 748.043091] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 748.060066] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 748.068653] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 748.069380] 14130 total pagecache pages [ 748.091084] 0 pages in swap cache [ 748.094604] Swap cache stats: add 0, delete 0, find 0/0 [ 748.101421] device hsr_slave_1 left promiscuous mode [ 748.109462] Free swap = 0kB [ 748.112486] Total swap = 0kB [ 748.115511] 2097051 pages RAM [ 748.118614] 0 pages HighMem/MovableOnly [ 748.119565] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 748.140878] 14130 total pagecache pages [ 748.144578] 363848 pages reserved [ 748.144878] 0 pages in swap cache [ 748.148363] device hsr_slave_0 left promiscuous mode [ 748.157003] 0 pages cma reserved [ 748.159330] Swap cache stats: add 0, delete 0, find 0/0 [ 748.169901] Free swap = 0kB [ 748.172921] Total swap = 0kB [ 748.175928] 2097051 pages RAM [ 748.179018] 0 pages HighMem/MovableOnly [ 748.199390] 363848 pages reserved [ 748.202866] 0 pages cma reserved [ 748.206690] team0 (unregistering): Port device team_slave_1 removed [ 748.229854] team0 (unregistering): Port device team_slave_0 removed [ 748.249776] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 748.273220] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 748.362794] bond0 (unregistering): Released all slaves [ 748.488280] active_anon:12473 inactive_anon:10512 isolated_anon:0 [ 748.488280] active_file:894 inactive_file:2226 isolated_file:0 [ 748.488280] unevictable:0 dirty:81 writeback:0 unstable:0 [ 748.488280] slab_reclaimable:13672 slab_unreclaimable:114878 [ 748.488280] mapped:54166 shmem:11029 pagetables:797 bounce:0 [ 748.488280] free:214420 free_pcp:394 free_cma:0 [ 748.539407] Node 0 active_anon:47688kB inactive_anon:25708kB active_file:44kB inactive_file:296kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:147660kB dirty:108kB writeback:0kB shmem:27700kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 749.082054] Node 1 active_anon:2204kB inactive_anon:16340kB active_file:3532kB inactive_file:8624kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:69012kB dirty:216kB writeback:0kB shmem:16416kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 749.206606] Node 0 DMA free:12608kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 749.286795] IPVS: ftp: loaded support on port[0] = 21 [ 749.294425] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 749.366106] Node 0 DMA32 free:1004644kB min:36200kB low:45248kB high:54296kB active_anon:47700kB inactive_anon:25708kB active_file:44kB inactive_file:352kB unevictable:0kB writepending:116kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2752kB bounce:0kB free_pcp:960kB local_pcp:272kB free_cma:0kB [ 749.463724] chnl_net:caif_netlink_parms(): no params data found [ 749.464130] lowmem_reserve[]: 0 0 0 0 0 [ 749.476844] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 749.502908] lowmem_reserve[]: 0 0 0 0 0 [ 749.506946] Node 1 Normal free:969952kB min:53696kB low:67120kB high:80544kB active_anon:2204kB inactive_anon:16340kB active_file:3532kB inactive_file:8624kB unevictable:0kB writepending:216kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:288kB pagetables:436kB bounce:0kB free_pcp:752kB local_pcp:644kB free_cma:0kB [ 749.537848] lowmem_reserve[]: 0 0 0 0 0 [ 749.542422] Node 0 DMA: 21*4kB (UE) 37*8kB (UE) 42*16kB (UE) 5*32kB (UE) 10*64kB (UE) 5*128kB (UE) 2*256kB (UE) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 12732kB [ 749.558429] Node 0 DMA32: 12263*4kB (UME) 16656*8kB (UME) 10476*16kB (UME) 6223*32kB (UME) 3187*64kB (UME) 871*128kB (UM) 343*256kB (U) 120*512kB (U) 39*1024kB (U) 4*2048kB (U) 1*4096kB (U) = 1065980kB [ 749.561644] systemd-journald[14998]: File /run/log/journal/04d8c135ee6b410280ba31a58c89679d/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 749.576961] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 749.602605] Bluetooth: hci5 command 0x0409 tx timeout [ 749.607857] Node 1 Normal: 2342*4kB (UM) 1806*8kB (UM) 1483*16kB (UME) 1403*32kB (UME) 6128*64kB (UM) 1990*128kB (UM) 511*256kB (U) 121*512kB (U) 37*1024kB (U) 0*2048kB 0*4096kB = 970008kB [ 749.625102] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 749.635860] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 749.645518] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 749.662548] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 749.675890] 16314 total pagecache pages [ 749.685466] 0 pages in swap cache [ 749.688918] Swap cache stats: add 0, delete 0, find 0/0 [ 749.694482] Free swap = 0kB [ 749.697658] Total swap = 0kB [ 749.704639] 2097051 pages RAM [ 749.707744] 0 pages HighMem/MovableOnly [ 749.711848] 363848 pages reserved [ 749.715287] 0 pages cma reserved [ 749.718712] Out of memory: Kill process 7960 (syz-fuzzer) score 5 or sacrifice child [ 749.731921] Killed process 14990 (syz-executor.3) total-vm:84924kB, anon-rss:68kB, file-rss:0kB, shmem-rss:0kB [ 749.742351] bridge0: port 1(bridge_slave_0) entered blocking state [ 749.748747] bridge0: port 1(bridge_slave_0) entered disabled state [ 749.756203] device bridge_slave_0 entered promiscuous mode 20:23:29 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:29 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:29 executing program 0: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:23:29 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:23:29 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:29 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:29 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 750.339931] device bridge_slave_0 left promiscuous mode [ 750.345558] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.447916] bond0 (unregistering): Released all slaves [ 750.567884] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 750.568727] syz-executor.2: [ 750.580267] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 750.606848] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 750.613327] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 750.627213] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 750.633636] CPU: 0 PID: 15157 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 750.641518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.650865] Call Trace: [ 750.653450] dump_stack+0x1b2/0x281 [ 750.657080] warn_alloc.cold+0x96/0x1cc [ 750.661054] ? zone_watermark_ok_safe+0x220/0x220 [ 750.665912] __alloc_pages_nodemask+0x2127/0x2720 [ 750.670756] ? lock_acquire+0x170/0x3f0 [ 750.674744] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 750.679598] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 750.685051] ? __mutex_unlock_slowpath+0x75/0x770 [ 750.689890] ? alloc_pages_current+0x37/0x260 [ 750.694386] alloc_pages_current+0x155/0x260 [ 750.698791] ion_page_pool_alloc+0x118/0x1b0 [ 750.703200] ion_system_heap_allocate+0x133/0x8c0 [ 750.708043] ? ion_alloc+0x187/0x810 [ 750.711763] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 750.717217] ? ion_system_contig_heap_create+0x130/0x130 [ 750.722660] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 750.727673] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 750.732513] ion_alloc+0x204/0x810 [ 750.736050] ? ion_dma_buf_release+0x40/0x40 [ 750.740458] ? __might_fault+0x177/0x1b0 [ 750.744530] ion_ioctl+0xea/0x1f0 [ 750.747986] ? ion_query_heaps+0x360/0x360 [ 750.752226] ? ion_query_heaps+0x360/0x360 [ 750.756471] do_vfs_ioctl+0x75a/0xff0 [ 750.760280] ? ioctl_preallocate+0x1a0/0x1a0 [ 750.764691] ? lock_downgrade+0x740/0x740 [ 750.768845] ? __fget+0x225/0x360 [ 750.772296] ? do_vfs_ioctl+0xff0/0xff0 [ 750.776278] ? security_file_ioctl+0x83/0xb0 [ 750.780679] SyS_ioctl+0x7f/0xb0 [ 750.784040] ? do_vfs_ioctl+0xff0/0xff0 [ 750.788012] do_syscall_64+0x1d5/0x640 [ 750.791909] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 750.797089] RIP: 0033:0x466459 [ 750.800277] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 750.807985] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 750.815251] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 750.822516] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 750.822798] syz-executor.2 cpuset= [ 750.829777] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 750.829783] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 750.841530] CPU: 0 PID: 15159 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 750.855830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.865178] Call Trace: [ 750.867777] dump_stack+0x1b2/0x281 [ 750.871402] warn_alloc.cold+0x96/0x1cc [ 750.875374] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 750.880389] ? zone_watermark_ok_safe+0x220/0x220 [ 750.885244] __alloc_pages_nodemask+0x2127/0x2720 [ 750.890085] ? __schedule+0x893/0x1de0 [ 750.893977] ? lock_acquire+0x170/0x3f0 [ 750.897953] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 750.902799] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 750.908248] ? __mutex_unlock_slowpath+0x75/0x770 [ 750.913093] ? retint_kernel+0x2d/0x2d [ 750.916988] alloc_pages_current+0x155/0x260 [ 750.921399] ion_page_pool_alloc+0x118/0x1b0 [ 750.922378] / mems_allowed=0-1 [ 750.925799] ion_system_heap_allocate+0x133/0x8c0 [ 750.925809] ? ion_alloc+0x187/0x810 [ 750.937505] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 750.942960] ? ion_system_contig_heap_create+0x130/0x130 [ 750.948411] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 750.953418] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 750.958264] ion_alloc+0x204/0x810 [ 750.961892] ? ion_dma_buf_release+0x40/0x40 [ 750.966295] ? __might_fault+0x177/0x1b0 [ 750.970354] ion_ioctl+0xea/0x1f0 [ 750.973925] ? ion_query_heaps+0x360/0x360 [ 750.978172] ? ion_query_heaps+0x360/0x360 [ 750.982406] do_vfs_ioctl+0x75a/0xff0 [ 750.986211] ? ioctl_preallocate+0x1a0/0x1a0 [ 750.990607] ? lock_downgrade+0x740/0x740 [ 750.994737] ? __fget+0x225/0x360 [ 750.998167] ? do_vfs_ioctl+0xff0/0xff0 [ 750.999628] systemd[1]: Started Journal Service. [ 751.002124] ? security_file_ioctl+0x83/0xb0 [ 751.011256] SyS_ioctl+0x7f/0xb0 [ 751.014621] ? do_vfs_ioctl+0xff0/0xff0 [ 751.018595] do_syscall_64+0x1d5/0x640 [ 751.022477] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 751.027654] RIP: 0033:0x466459 [ 751.030838] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 751.038544] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 751.045812] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 751.053070] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 751.060339] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 751.067596] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 751.074863] CPU: 1 PID: 15154 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 751.082743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 751.092090] Call Trace: [ 751.094005] Mem-Info: [ 751.094672] dump_stack+0x1b2/0x281 [ 751.097158] active_anon:13054 inactive_anon:12549 isolated_anon:0 [ 751.097158] active_file:1769 inactive_file:5330 isolated_file:0 [ 751.097158] unevictable:0 dirty:129 writeback:0 unstable:0 [ 751.097158] slab_reclaimable:13682 slab_unreclaimable:116050 [ 751.097158] mapped:48652 shmem:13072 pagetables:756 bounce:0 [ 751.097158] free:214698 free_pcp:95 free_cma:0 [ 751.100666] warn_alloc.cold+0x96/0x1cc [ 751.100680] ? zone_watermark_ok_safe+0x220/0x220 [ 751.100703] __alloc_pages_nodemask+0x2127/0x2720 [ 751.100719] ? lock_acquire+0x170/0x3f0 [ 751.100745] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 751.135349] Node 0 active_anon:50220kB inactive_anon:33900kB active_file:656kB inactive_file:16188kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:156716kB dirty:256kB writeback:0kB shmem:35892kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 751.138433] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 751.138448] ? __mutex_unlock_slowpath+0x75/0x770 [ 751.138461] alloc_pages_current+0x155/0x260 [ 751.138474] ion_page_pool_alloc+0x118/0x1b0 [ 751.151986] Node 1 active_anon:1996kB inactive_anon:16296kB active_file:6420kB inactive_file:5232kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37892kB dirty:260kB writeback:0kB shmem:16396kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 751.152066] ion_system_heap_allocate+0x133/0x8c0 [ 751.162408] Node 0 [ 751.184973] ? ion_alloc+0x187/0x810 [ 751.184985] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 751.184995] ? ion_system_contig_heap_create+0x130/0x130 [ 751.185004] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 751.185016] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 751.185027] ion_alloc+0x204/0x810 [ 751.220967] DMA free:11204kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 751.231630] ? ion_dma_buf_release+0x40/0x40 [ 751.231644] ? __might_fault+0x177/0x1b0 [ 751.231656] ion_ioctl+0xea/0x1f0 [ 751.231664] ? ion_query_heaps+0x360/0x360 [ 751.231675] ? ion_query_heaps+0x360/0x360 [ 751.247687] lowmem_reserve[]: [ 751.247841] do_vfs_ioctl+0x75a/0xff0 [ 751.259996] 0 [ 751.263100] ? ioctl_preallocate+0x1a0/0x1a0 [ 751.263110] ? lock_downgrade+0x740/0x740 [ 751.263126] ? __fget+0x225/0x360 [ 751.270003] 2717 [ 751.292125] ? do_vfs_ioctl+0xff0/0xff0 [ 751.292138] ? security_file_ioctl+0x83/0xb0 [ 751.292149] SyS_ioctl+0x7f/0xb0 [ 751.292156] ? do_vfs_ioctl+0xff0/0xff0 [ 751.292168] do_syscall_64+0x1d5/0x640 [ 751.292183] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 751.320813] 2718 [ 751.321128] RIP: 0033:0x466459 [ 751.331088] 2718 [ 751.333063] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 751.333073] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 751.333079] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 751.333085] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 751.333090] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 751.333096] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 751.708018] 2718 [ 751.714670] Node 0 DMA32 free:288036kB min:36200kB low:45248kB high:54296kB active_anon:50120kB inactive_anon:33900kB active_file:656kB inactive_file:16592kB unevictable:0kB writepending:256kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7488kB pagetables:2752kB bounce:0kB free_pcp:920kB local_pcp:220kB free_cma:0kB [ 751.816220] lowmem_reserve[]: 0 0 0 0 0 [ 751.832126] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 751.912608] lowmem_reserve[]: 0 0 0 0 0 [ 751.923811] Node 1 Normal free:555988kB min:53696kB low:67120kB high:80544kB active_anon:1896kB inactive_anon:16296kB active_file:7520kB inactive_file:4132kB unevictable:0kB writepending:260kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:256kB pagetables:272kB bounce:0kB free_pcp:172kB local_pcp:148kB free_cma:0kB [ 752.013616] lowmem_reserve[]: 0 0 0 0 0 [ 752.031315] Node 0 DMA: 16*4kB (UE) 36*8kB (UE) 39*16kB (UE) 6*32kB (UE) 2*64kB (UE) 5*128kB (UE) 2*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11152kB [ 752.079157] Node 0 DMA32: 1273*4kB (E) 536*8kB (UME) 86*16kB (UE) 4083*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 141412kB 20:23:31 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 752.119152] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 752.143733] Node 1 Normal: 2199*4kB (UM) 1699*8kB (UM) 1340*16kB (UME) 1359*32kB (UME) 1*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 114*2048kB (U) 3*4096kB (U) = 333524kB [ 752.179154] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 752.199177] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 752.207770] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 752.239421] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 752.248012] 20347 total pagecache pages [ 752.269147] 0 pages in swap cache [ 752.272612] Swap cache stats: add 0, delete 0, find 0/0 [ 752.277959] Free swap = 0kB [ 752.289228] Total swap = 0kB [ 752.292260] 2097051 pages RAM [ 752.295363] 0 pages HighMem/MovableOnly [ 752.329176] 363848 pages reserved [ 752.332669] 0 pages cma reserved [ 753.733457] IPVS: ftp: loaded support on port[0] = 21 [ 753.908984] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 753.994568] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 754.015294] oom_reaper: reaped process 15159 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 754.033972] CPU: 0 PID: 15177 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 754.041853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.051197] Call Trace: [ 754.053788] dump_stack+0x1b2/0x281 [ 754.057411] warn_alloc.cold+0x96/0x1cc [ 754.061380] ? zone_watermark_ok_safe+0x220/0x220 [ 754.066231] __alloc_pages_nodemask+0x2127/0x2720 [ 754.071070] ? lock_acquire+0x170/0x3f0 [ 754.075043] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 754.079886] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 754.085329] ? __mutex_unlock_slowpath+0x75/0x770 [ 754.090165] ? alloc_pages_current+0x123/0x260 [ 754.094739] alloc_pages_current+0x155/0x260 [ 754.099140] ion_page_pool_alloc+0x118/0x1b0 [ 754.103541] ion_system_heap_allocate+0x133/0x8c0 [ 754.108403] ? ion_alloc+0x187/0x810 [ 754.111751] syz-executor.3 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask= [ 754.112107] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 754.112116] ? ion_system_contig_heap_create+0x130/0x130 [ 754.112129] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 754.112140] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 754.142077] ion_alloc+0x204/0x810 [ 754.145616] ? ion_dma_buf_release+0x40/0x40 [ 754.150018] ? __might_fault+0x177/0x1b0 [ 754.153955] (null), order=1, oom_score_adj=0 [ 754.154069] ion_ioctl+0xea/0x1f0 [ 754.154078] ? ion_query_heaps+0x360/0x360 [ 754.158588] syz-executor.3 cpuset= [ 754.161979] ? ion_query_heaps+0x360/0x360 [ 754.161989] do_vfs_ioctl+0x75a/0xff0 [ 754.162000] ? ioctl_preallocate+0x1a0/0x1a0 [ 754.162009] ? lock_downgrade+0x740/0x740 [ 754.162021] ? __fget+0x225/0x360 [ 754.162030] ? do_vfs_ioctl+0xff0/0xff0 [ 754.162043] ? security_file_ioctl+0x83/0xb0 [ 754.162053] SyS_ioctl+0x7f/0xb0 [ 754.177450] / [ 754.177871] ? do_vfs_ioctl+0xff0/0xff0 [ 754.177887] do_syscall_64+0x1d5/0x640 [ 754.177902] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 754.209913] mems_allowed=0-1 [ 754.211099] RIP: 0033:0x466459 [ 754.222519] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 754.230219] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 754.237478] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 754.244735] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 754.251992] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 754.259244] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 754.292563] CPU: 1 PID: 15174 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 754.300451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.309796] Call Trace: [ 754.312383] dump_stack+0x1b2/0x281 [ 754.316000] dump_header+0x178/0x82f [ 754.319726] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 754.324818] ? ___ratelimit+0x2cd/0x530 [ 754.328801] oom_kill_process.cold+0x10/0xa40 [ 754.333303] out_of_memory+0xe3e/0x1190 [ 754.337271] ? oom_killer_disable+0x1c0/0x1c0 [ 754.341765] ? mutex_trylock+0x152/0x1a0 [ 754.345841] __alloc_pages_nodemask+0x23e1/0x2720 [ 754.350688] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 754.355531] ? mark_held_locks+0xa6/0xf0 [ 754.359588] ? cache_grow_begin+0x3f/0x700 [ 754.363816] cache_grow_begin+0x91/0x700 [ 754.367872] fallback_alloc+0x207/0x2c0 [ 754.371840] kmem_cache_alloc_trace+0x1f1/0x3d0 [ 754.376505] kobject_uevent_env+0x20c/0xf40 [ 754.380825] net_rx_queue_update_kobjects+0xce/0x3e0 [ 754.385920] ? kset_register+0x16a/0x1c0 [ 754.389975] netdev_register_kobject+0x26f/0x410 [ 754.391146] warn_alloc_show_mem: 2 callbacks suppressed [ 754.391149] Mem-Info: [ 754.394717] register_netdevice+0x955/0xe40 [ 754.400090] active_anon:13108 inactive_anon:12552 isolated_anon:0 [ 754.400090] active_file:16 inactive_file:15 isolated_file:0 [ 754.400090] unevictable:0 dirty:0 writeback:0 unstable:0 [ 754.400090] slab_reclaimable:13669 slab_unreclaimable:114872 [ 754.400090] mapped:52680 shmem:13077 pagetables:800 bounce:0 [ 754.400090] free:13955 free_pcp:91 free_cma:0 [ 754.402448] ? netdev_change_features+0xa0/0xa0 [ 754.406762] Node 0 active_anon:50460kB inactive_anon:33904kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:180916kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 754.439876] bond_newlink+0x3d/0x80 [ 754.439887] rtnl_newlink+0xfab/0x1860 [ 754.439897] ? __lock_acquire+0x5fc/0x3f20 [ 754.439907] ? validate_nla+0x192/0x5e0 [ 754.444565] Node 1 active_anon:1972kB inactive_anon:16304kB active_file:44kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:29804kB dirty:0kB writeback:0kB shmem:16412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 754.472301] ? memcpy+0x35/0x50 [ 754.472309] ? nla_strlcpy+0xcc/0x100 [ 754.472318] ? rtnl_newlink+0x43d/0x1860 [ 754.472328] ? __lock_acquire+0x5fc/0x3f20 [ 754.475924] Node 0 [ 754.479797] ? bond_changelink+0x1960/0x1960 [ 754.479803] ? trace_hardirqs_on+0x10/0x10 [ 754.479812] ? rtnl_dellink+0x6a0/0x6a0 [ 754.484027] DMA free:10976kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 754.487970] ? trace_hardirqs_on+0x10/0x10 [ 754.515104] lowmem_reserve[]: [ 754.518348] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 754.522130] 0 [ 754.526155] ? deref_stack_reg+0x124/0x1a0 [ 754.530371] 2717 [ 754.532602] ? lock_acquire+0x170/0x3f0 [ 754.536956] 2718 [ 754.541165] ? lock_downgrade+0x740/0x740 [ 754.541175] ? rtnl_dellink+0x6a0/0x6a0 [ 754.541185] rtnetlink_rcv_msg+0x3be/0xb10 [ 754.545127] 2718 [ 754.570621] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 754.570631] ? __netlink_lookup+0x345/0x5d0 [ 754.570644] netlink_rcv_skb+0x125/0x390 [ 754.570654] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 754.574868] 2718 [ 754.577951] ? netlink_ack+0x9a0/0x9a0 [ 754.585606] netlink_unicast+0x437/0x610 [ 754.589836] Node 0 [ 754.591866] ? netlink_sendskb+0xd0/0xd0 [ 754.595832] DMA32 free:18076kB min:36200kB low:45248kB high:54296kB active_anon:50460kB inactive_anon:33904kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2928kB bounce:0kB free_pcp:240kB local_pcp:120kB free_cma:0kB [ 754.597864] ? __check_object_size+0x179/0x230 [ 754.601997] lowmem_reserve[]: [ 754.605950] netlink_sendmsg+0x62e/0xb80 [ 754.610170] 0 [ 754.612202] ? nlmsg_notify+0x170/0x170 [ 754.616663] 0 [ 754.620965] ? security_socket_sendmsg+0x83/0xb0 [ 754.620972] ? nlmsg_notify+0x170/0x170 [ 754.620981] sock_sendmsg+0xb5/0x100 [ 754.625011] 0 [ 754.629485] SyS_sendto+0x1c7/0x2c0 [ 754.629493] ? SyS_getpeername+0x220/0x220 [ 754.629502] ? vm_insert_page+0x7c0/0x7c0 [ 754.631535] 0 [ 754.635414] ? up_read+0x17/0x30 [ 754.639449] 0 [ 754.641651] ? __do_page_fault+0x159/0xad0 [ 754.673936] ? do_syscall_64+0x4c/0x640 [ 754.673943] ? SyS_getpeername+0x220/0x220 [ 754.673951] do_syscall_64+0x1d5/0x640 [ 754.673964] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 754.678513] Node 0 [ 754.681593] RIP: 0033:0x4193ec [ 754.681597] RSP: 002b:00007fffa7dd5920 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 754.681606] RAX: ffffffffffffffda RBX: 00000000014a4320 RCX: 00000000004193ec [ 754.681613] RDX: 0000000000000038 RSI: 00000000014a4370 RDI: 0000000000000003 [ 754.685658] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 754.687421] RBP: 0000000000000000 R08: 00007fffa7dd5974 R09: 000000000000000c [ 754.687428] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 754.691388] lowmem_reserve[]: [ 754.693169] R13: 00000000014a4370 R14: 0000000000000003 R15: 0000000000000000 [ 754.697893] 0 [ 754.711817] Mem-Info: [ 754.719010] syz-executor.1: [ 754.721523] active_anon:13108 inactive_anon:12552 isolated_anon:0 [ 754.721523] active_file:16 inactive_file:15 isolated_file:0 [ 754.721523] unevictable:0 dirty:0 writeback:0 unstable:0 [ 754.721523] slab_reclaimable:13669 slab_unreclaimable:114872 [ 754.721523] mapped:52680 shmem:13077 pagetables:800 bounce:0 [ 754.721523] free:13955 free_pcp:91 free_cma:0 [ 754.724799] page allocation failure: order:0 [ 754.726588] Node 0 active_anon:50460kB inactive_anon:33904kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:180916kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 754.740273] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 754.750201] Node 1 active_anon:1972kB inactive_anon:16304kB active_file:44kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:29804kB dirty:0kB writeback:0kB shmem:16412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 754.756854] 0 [ 754.764903] Node 0 [ 754.768995] 0 [ 754.782934] DMA free:10976kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 754.808017] (null) [ 754.814137] lowmem_reserve[]: [ 754.815355] syz-executor.1 cpuset= [ 754.818406] 0 2717 [ 754.833227] / [ 754.872269] 2718 [ 754.906176] 0 [ 754.935981] 2718 [ 754.947510] 0 [ 754.975303] 2718 [ 754.984229] Node 1 [ 754.986265] Node 0 [ 754.986286] Normal free:26792kB min:53696kB low:67120kB high:80544kB active_anon:1968kB inactive_anon:16304kB active_file:48kB inactive_file:40kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:256kB pagetables:272kB bounce:0kB free_pcp:124kB local_pcp:124kB free_cma:0kB [ 754.988494] DMA32 free:18084kB min:36200kB low:45248kB high:54296kB active_anon:50364kB inactive_anon:33904kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2928kB bounce:0kB free_pcp:244kB local_pcp:128kB free_cma:0kB [ 754.994186] mems_allowed=0-1 [ 755.024685] lowmem_reserve[]: [ 755.049824] lowmem_reserve[]: [ 755.050441] Bluetooth: hci5 command 0x0409 tx timeout [ 755.053490] 0 0 0 0 0 [ 755.066317] Node 0 DMA: 2*4kB (UE) 1*8kB (E) 15*16kB (UE) 7*32kB (UE) 8*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 10976kB [ 755.071373] 0 [ 755.083634] Node 0 DMA32: 1785*4kB (ME) 577*8kB (UME) 98*16kB (ME) 33*32kB (UME) 26*64kB (ME) 8*128kB (UM) 4*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18092kB [ 755.094673] 0 0 0 0 [ 755.108986] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 755.116230] Node 0 [ 755.123168] CPU: 0 PID: 15159 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 755.128354] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 755.133254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 755.133259] Call Trace: [ 755.133279] dump_stack+0x1b2/0x281 [ 755.133292] warn_alloc.cold+0x96/0x1cc [ 755.133305] ? zone_watermark_ok_safe+0x220/0x220 [ 755.133314] ? usleep_range+0x130/0x130 [ 755.133325] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 755.171788] lowmem_reserve[]: [ 755.173703] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 755.177644] 0 [ 755.182464] ? run_timer_softirq+0x5a0/0x5a0 [ 755.182482] __alloc_pages_nodemask+0x2127/0x2720 [ 755.182499] ? lock_acquire+0x170/0x3f0 [ 755.182515] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 755.182525] ? ion_page_pool_alloc+0x9e/0x1b0 [ 755.182541] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 755.182560] alloc_pages_current+0x155/0x260 [ 755.199376] 0 [ 755.199662] ion_page_pool_alloc+0x118/0x1b0 [ 755.201430] 0 [ 755.205820] ion_system_heap_allocate+0x133/0x8c0 [ 755.223354] 0 [ 755.223902] ? ion_alloc+0x187/0x810 [ 755.236886] 0 [ 755.239874] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 755.239885] ? ion_system_contig_heap_create+0x130/0x130 [ 755.239895] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 755.239907] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 755.239917] ion_alloc+0x204/0x810 [ 755.239930] ? ion_dma_buf_release+0x40/0x40 [ 755.239943] ? __might_fault+0x177/0x1b0 [ 755.248341] ion_ioctl+0xea/0x1f0 [ 755.264716] Node 1 [ 755.269658] ? ion_query_heaps+0x360/0x360 [ 755.269671] ? ion_query_heaps+0x360/0x360 [ 755.269682] do_vfs_ioctl+0x75a/0xff0 [ 755.269694] ? ioctl_preallocate+0x1a0/0x1a0 [ 755.269703] ? lock_downgrade+0x740/0x740 [ 755.269716] ? __fget+0x225/0x360 [ 755.269725] ? do_vfs_ioctl+0xff0/0xff0 [ 755.269739] ? security_file_ioctl+0x83/0xb0 [ 755.287225] Normal free:26792kB min:53696kB low:67120kB high:80544kB active_anon:1968kB inactive_anon:16304kB active_file:36kB inactive_file:48kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:256kB pagetables:272kB bounce:0kB free_pcp:124kB local_pcp:0kB free_cma:0kB [ 755.289929] SyS_ioctl+0x7f/0xb0 [ 755.289938] ? do_vfs_ioctl+0xff0/0xff0 [ 755.289950] do_syscall_64+0x1d5/0x640 [ 755.289966] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 755.289975] RIP: 0033:0x466459 [ 755.289980] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 755.289991] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 755.296271] lowmem_reserve[]: [ 755.296419] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 755.313348] 0 [ 755.316350] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 755.327261] 0 [ 755.352708] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 755.352714] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 755.355258] Node 1 [ 755.373529] 0 [ 755.381878] Normal: [ 755.397465] 0 [ 755.398973] 156*4kB [ 755.399618] 0 [ 755.406848] (M) [ 755.420024] 121*8kB [ 755.434954] Node 0 [ 755.437180] (M) [ 755.437422] DMA: [ 755.439750] 87*16kB (ME) 68*32kB (UME) 32*64kB (M) 13*128kB (M) 4*256kB (M) 1*512kB (U) 0*1024kB 2*2048kB (U) 3*4096kB (U) = 26792kB [ 755.439805] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 755.439811] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 755.439817] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 755.439823] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 755.439827] 13108 total pagecache pages [ 755.439835] 0 pages in swap cache [ 755.439841] Swap cache stats: add 0, delete 0, find 0/0 [ 755.439844] Free swap = 0kB [ 755.439848] Total swap = 0kB [ 755.439853] 2097051 pages RAM [ 755.439856] 0 pages HighMem/MovableOnly [ 755.439859] 363848 pages reserved [ 755.439861] 0 pages cma reserved [ 755.441791] Mem-Info: [ 755.447700] 2*4kB [ 755.462350] active_anon:13083 inactive_anon:12552 isolated_anon:0 [ 755.462350] active_file:14 inactive_file:17 isolated_file:0 [ 755.462350] unevictable:0 dirty:0 writeback:0 unstable:0 [ 755.462350] slab_reclaimable:13669 slab_unreclaimable:114876 [ 755.462350] mapped:52680 shmem:13077 pagetables:800 bounce:0 [ 755.462350] free:13963 free_pcp:93 free_cma:0 [ 755.477734] (UE) [ 755.491237] Node 0 active_anon:50364kB inactive_anon:33904kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:180916kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 755.504537] 1*8kB [ 755.511365] Node 1 active_anon:1968kB inactive_anon:16304kB active_file:36kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:29804kB dirty:0kB writeback:0kB shmem:16412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 755.516060] (E) [ 755.521783] Node 0 [ 755.534209] 15*16kB [ 755.569849] DMA free:10976kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 755.604372] (UE) [ 755.629652] lowmem_reserve[]: [ 755.640226] 7*32kB [ 755.661157] 0 2717 2718 2718 2718 [ 755.666943] Node 0 DMA32 free:18084kB min:36200kB low:45248kB high:54296kB active_anon:50364kB inactive_anon:33904kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2928kB bounce:0kB free_pcp:248kB local_pcp:120kB free_cma:0kB [ 755.671012] (UE) [ 755.702765] lowmem_reserve[]: 0 0 0 0 0 [ 755.707482] 8*64kB [ 755.708801] Node 0 [ 755.708808] (UE) [ 755.713279] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 755.713283] lowmem_reserve[]: [ 755.717120] 4*128kB [ 755.746452] 0 0 0 0 0 [ 755.752843] (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 10976kB [ 755.753763] Node 1 [ 755.765442] Node 0 DMA32: 1785*4kB (ME) 577*8kB (UME) 98*16kB (ME) 33*32kB (UME) 26*64kB (ME) 8*128kB (UM) 4*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18092kB [ 755.768929] Normal free:26792kB min:53696kB low:67120kB high:80544kB active_anon:1968kB inactive_anon:16304kB active_file:36kB inactive_file:48kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:256kB pagetables:272kB bounce:0kB free_pcp:124kB local_pcp:124kB free_cma:0kB [ 755.791433] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 755.821331] lowmem_reserve[]: [ 755.835957] Node 1 [ 755.838024] 0 [ 755.840814] Normal: 156*4kB (M) 121*8kB (M) 87*16kB (ME) 68*32kB (UME) 32*64kB (M) 13*128kB (M) 4*256kB (M) 1*512kB (U) 0*1024kB 2*2048kB (U) 3*4096kB (U) = 26792kB [ 755.843995] 0 [ 755.866567] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 755.869066] 0 0 0 [ 755.877223] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 755.888969] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 755.894738] Node 0 [ 755.897791] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 755.897798] DMA: [ 755.901087] 13108 total pagecache pages [ 755.914705] 0 pages in swap cache [ 755.914800] 2*4kB [ 755.918141] Swap cache stats: add 0, delete 0, find 0/0 [ 755.918149] Free swap = 0kB [ 755.928839] (UE) 1*8kB (E) 15*16kB (UE) 7*32kB (UE) 8*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) [ 755.928959] Total swap = 0kB [ 755.934792] 2*1024kB [ 755.938545] 2097051 pages RAM [ 755.948719] 0 pages HighMem/MovableOnly [ 755.950506] (UE) 3*2048kB (UME) 0*4096kB = 10976kB [ 755.952714] 363848 pages reserved [ 755.957617] Node 0 [ 755.963268] 0 pages cma reserved [ 755.968972] Out of memory (oom_kill_allocating_task): Kill process 15174 (syz-executor.3) score 0 or sacrifice child [ 755.975995] DMA32: [ 755.982035] Killed process 15174 (syz-executor.3) total-vm:93120kB, anon-rss:80kB, file-rss:33936kB, shmem-rss:0kB [ 755.985917] 1785*4kB [ 756.006821] oom_reaper: reaped process 15174 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 756.011159] (ME) 577*8kB (UME) 98*16kB (ME) 33*32kB (UME) 26*64kB (ME) 8*128kB (UM) 4*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18092kB [ 756.040685] in:imklog invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 756.056845] Node 0 [ 756.075522] in:imklog cpuset= [ 756.076862] Normal: [ 756.077764] / [ 756.080873] 0*4kB [ 756.083316] mems_allowed=0-1 [ 756.084965] 0*8kB [ 756.087092] CPU: 1 PID: 15013 Comm: in:imklog Not tainted 4.14.230-syzkaller #0 [ 756.097111] 0*16kB [ 756.099721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 756.099725] Call Trace: [ 756.099743] dump_stack+0x1b2/0x281 [ 756.099755] dump_header+0x178/0x82f [ 756.101965] 0*32kB [ 756.111299] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 756.111308] ? ___ratelimit+0x2cd/0x530 [ 756.111319] oom_kill_process.cold+0x10/0xa40 [ 756.113876] 0*64kB [ 756.117486] out_of_memory+0xe3e/0x1190 [ 756.121180] 0*128kB [ 756.123383] ? oom_killer_disable+0x1c0/0x1c0 [ 756.128453] 0*256kB [ 756.132402] ? mutex_trylock+0x152/0x1a0 [ 756.132413] __alloc_pages_nodemask+0x23e1/0x2720 [ 756.132434] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 756.136891] 0*512kB [ 756.139120] alloc_pages_current+0x155/0x260 [ 756.139130] filemap_fault+0x11a1/0x1ad0 [ 756.143077] 0*1024kB [ 756.145384] ext4_filemap_fault+0x84/0xb0 [ 756.149872] 0*2048kB [ 756.152161] __do_fault+0xfa/0x380 [ 756.156188] 0*4096kB [ 756.161007] __handle_mm_fault+0x2497/0x4620 [ 756.161017] ? vm_insert_page+0x7c0/0x7c0 [ 756.161027] ? lock_downgrade+0x740/0x740 [ 756.165838] = 0kB [ 756.168143] ? mark_held_locks+0xa6/0xf0 [ 756.172539] Node 1 [ 756.176560] handle_mm_fault+0x455/0x9c0 [ 756.178955] Normal: [ 756.183071] __do_page_fault+0x549/0xad0 [ 756.185450] 156*4kB [ 756.188969] ? spurious_fault+0x640/0x640 [ 756.188977] ? do_page_fault+0x60/0x500 [ 756.188985] ? page_fault+0x2f/0x50 [ 756.191367] (M) [ 756.195749] page_fault+0x45/0x50 [ 756.199883] 121*8kB [ 756.203990] RIP: 1fa0:0x1f9f [ 756.206024] (M) [ 756.210057] RSP: 0000:000055771664a9d0 EFLAGS: 7f6422549da0 [ 756.210314] syz-executor.3: [ 756.212290] 87*16kB [ 756.216326] page allocation failure: order:1 [ 756.218622] (ME) [ 756.222691] Mem-Info: [ 756.222709] active_anon:13071 inactive_anon:12552 isolated_anon:0 [ 756.222709] active_file:15 inactive_file:16 isolated_file:0 [ 756.222709] unevictable:0 dirty:0 writeback:0 unstable:0 [ 756.222709] slab_reclaimable:13669 slab_unreclaimable:114871 [ 756.222709] mapped:52680 shmem:13077 pagetables:800 bounce:0 [ 756.222709] free:13965 free_pcp:107 free_cma:0 [ 756.222723] Node 0 active_anon:50332kB inactive_anon:33904kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:180916kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 756.222736] Node 1 active_anon:1952kB inactive_anon:16304kB active_file:40kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:29804kB dirty:0kB writeback:0kB shmem:16412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 756.222740] Node 0 DMA free:10976kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 756.222756] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 756.222776] Node 0 DMA32 free:18092kB min:36200kB low:45248kB high:54296kB active_anon:50332kB inactive_anon:33904kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2928kB bounce:0kB free_pcp:288kB local_pcp:168kB free_cma:0kB [ 756.222793] lowmem_reserve[]: 0 0 0 0 0 [ 756.222810] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 756.222828] lowmem_reserve[]: [ 756.240159] 68*32kB [ 756.244738] , mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask= [ 756.247563] (UME) [ 756.249547] (null) [ 756.249552] syz-executor.3 cpuset=/ [ 756.269925] 32*64kB [ 756.304563] 0 [ 756.345057] (M) [ 756.359510] 0 [ 756.399186] mems_allowed=0-1 [ 756.432796] 0 [ 756.450968] 13*128kB [ 756.465561] 0 [ 756.467885] (M) [ 756.473163] 0 [ 756.476195] 4*256kB [ 756.480410] (M) [ 756.489784] CPU: 0 PID: 15174 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 756.494736] Node 1 [ 756.499627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 756.499631] Call Trace: [ 756.499649] dump_stack+0x1b2/0x281 [ 756.499661] warn_alloc.cold+0x96/0x1cc [ 756.499672] ? zone_watermark_ok_safe+0x220/0x220 [ 756.499680] ? usleep_range+0x130/0x130 [ 756.499686] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 756.499697] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 756.507320] Normal free:26792kB min:53696kB low:67120kB high:80544kB active_anon:1952kB inactive_anon:16304kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:256kB pagetables:272kB bounce:0kB free_pcp:140kB local_pcp:16kB free_cma:0kB [ 756.511246] ? run_timer_softirq+0x5a0/0x5a0 [ 756.511262] __alloc_pages_nodemask+0x2127/0x2720 [ 756.511283] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 756.511302] ? mark_held_locks+0xa6/0xf0 [ 756.511312] ? cache_grow_begin+0x3f/0x700 [ 756.511322] cache_grow_begin+0x91/0x700 [ 756.511333] fallback_alloc+0x207/0x2c0 [ 756.526569] lowmem_reserve[]: [ 756.530227] kmem_cache_alloc_trace+0x1f1/0x3d0 [ 756.530241] kobject_uevent_env+0x20c/0xf40 [ 756.530258] net_rx_queue_update_kobjects+0xce/0x3e0 [ 756.530267] ? kset_register+0x16a/0x1c0 [ 756.530281] netdev_register_kobject+0x26f/0x410 [ 756.538619] 0 [ 756.540355] register_netdevice+0x955/0xe40 [ 756.540366] ? netdev_change_features+0xa0/0xa0 [ 756.540380] bond_newlink+0x3d/0x80 [ 756.540391] rtnl_newlink+0xfab/0x1860 [ 756.540401] ? __lock_acquire+0x5fc/0x3f20 [ 756.540411] ? validate_nla+0x192/0x5e0 [ 756.540420] ? memcpy+0x35/0x50 [ 756.580471] 0 [ 756.582553] ? nla_strlcpy+0xcc/0x100 [ 756.586595] 0 [ 756.590817] ? rtnl_newlink+0x43d/0x1860 [ 756.590825] ? __lock_acquire+0x5fc/0x3f20 [ 756.590841] ? bond_changelink+0x1960/0x1960 [ 756.590847] ? trace_hardirqs_on+0x10/0x10 [ 756.590855] ? rtnl_dellink+0x6a0/0x6a0 [ 756.590862] ? trace_hardirqs_on+0x10/0x10 [ 756.590871] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 756.590880] ? deref_stack_reg+0x124/0x1a0 [ 756.590920] ? lock_acquire+0x170/0x3f0 [ 756.607617] 0 [ 756.610937] ? lock_downgrade+0x740/0x740 [ 756.610948] ? rtnl_dellink+0x6a0/0x6a0 [ 756.610956] rtnetlink_rcv_msg+0x3be/0xb10 [ 756.610968] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 756.610979] ? __netlink_lookup+0x345/0x5d0 [ 756.610993] netlink_rcv_skb+0x125/0x390 [ 756.611001] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 756.618249] 0 [ 756.620121] ? netlink_ack+0x9a0/0x9a0 [ 756.620137] netlink_unicast+0x437/0x610 [ 756.620149] ? netlink_sendskb+0xd0/0xd0 [ 756.620158] ? __check_object_size+0x179/0x230 [ 756.620168] netlink_sendmsg+0x62e/0xb80 [ 756.620181] ? nlmsg_notify+0x170/0x170 [ 756.620194] ? security_socket_sendmsg+0x83/0xb0 [ 756.620202] ? nlmsg_notify+0x170/0x170 [ 756.620208] sock_sendmsg+0xb5/0x100 [ 756.620217] SyS_sendto+0x1c7/0x2c0 [ 756.639280] ? SyS_getpeername+0x220/0x220 [ 756.639288] ? vm_insert_page+0x7c0/0x7c0 [ 756.639312] ? up_read+0x17/0x30 [ 756.639322] ? __do_page_fault+0x159/0xad0 [ 756.644968] Node 0 [ 756.647397] ? do_syscall_64+0x4c/0x640 [ 756.663990] DMA: [ 756.665984] ? SyS_getpeername+0x220/0x220 [ 756.677576] 2*4kB [ 756.678791] do_syscall_64+0x1d5/0x640 [ 756.687974] (UE) [ 756.692820] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 756.692828] RIP: 0033:0x4193ec [ 756.692833] RSP: 002b:00007fffa7dd5920 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 756.692841] RAX: ffffffffffffffda RBX: 00000000014a4320 RCX: 00000000004193ec [ 756.692846] RDX: 0000000000000038 RSI: 00000000014a4370 RDI: 0000000000000003 [ 756.692850] RBP: 0000000000000000 R08: 00007fffa7dd5974 R09: 000000000000000c [ 756.692855] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 756.692859] R13: 00000000014a4370 R14: 0000000000000003 R15: 0000000000000000 [ 756.697063] 1*512kB [ 756.709938] 1*8kB [ 756.714884] (U) [ 756.715174] (E) [ 756.719877] 0*1024kB [ 756.736794] 15*16kB [ 756.740724] 2*2048kB [ 756.745914] (UE) [ 756.746357] (U) [ 756.763634] 7*32kB [ 756.766793] 3*4096kB [ 756.767658] (UE) [ 756.771376] (U) = 26792kB [ 756.771390] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 756.771396] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 756.771403] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 756.771409] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 756.771413] 13108 total pagecache pages [ 756.771423] 0 pages in swap cache [ 756.771428] Swap cache stats: add 0, delete 0, find 0/0 [ 756.771434] Free swap = 0kB [ 756.787745] 8*64kB [ 756.794519] Total swap = 0kB [ 756.798829] (UE) [ 756.799371] 2097051 pages RAM [ 756.815685] 4*128kB [ 756.819750] 0 pages HighMem/MovableOnly [ 756.824252] (UE) [ 756.827671] 363848 pages reserved [ 756.847684] 3*256kB [ 756.852516] 0 pages cma reserved [ 756.869425] (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 10976kB [ 756.987365] Node 0 DMA32: 1505*4kB (ME) 534*8kB (EH) 86*16kB (EH) 23*32kB (UME) 1409*64kB (UME) 269*128kB (UMH) 65*256kB (UMH) 7*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 157236kB [ 757.008134] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB [ 757.019196] Mem-Info: [ 757.032874] 0*4096kB = 0kB [ 757.054588] Node 1 Normal: 156*4kB (M) 121*8kB (M) 87*16kB (ME) 69*32kB (UME) 979*64kB (UM) 13*128kB (M) 4*256kB (M) 1*512kB (U) 8*1024kB (U) 2*2048kB (U) 3*4096kB (U) = 95624kB [ 757.063401] active_anon:13071 inactive_anon:12552 isolated_anon:0 [ 757.063401] active_file:65 inactive_file:2146 isolated_file:0 [ 757.063401] unevictable:0 dirty:0 writeback:0 unstable:0 [ 757.063401] slab_reclaimable:13669 slab_unreclaimable:115061 [ 757.063401] mapped:45513 shmem:13077 pagetables:800 bounce:0 [ 757.063401] free:64105 free_pcp:185 free_cma:0 [ 757.118981] Bluetooth: hci5 command 0x041b tx timeout [ 757.161206] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 757.196532] Node 0 active_anon:50332kB inactive_anon:33904kB active_file:320kB inactive_file:9040kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:182748kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 12288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 757.211158] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 757.260872] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 757.273850] Node 1 active_anon:1952kB inactive_anon:16304kB active_file:40kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:16412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 757.308937] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 757.317619] 16192 total pagecache pages [ 757.331354] 0 pages in swap cache [ 757.334811] Swap cache stats: add 0, delete 0, find 0/0 [ 757.348913] Node 0 DMA free:11144kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 757.351116] Free swap = 0kB [ 757.401605] Total swap = 0kB [ 757.404634] 2097051 pages RAM [ 757.429923] 0 pages HighMem/MovableOnly [ 757.446561] 363848 pages reserved [ 757.452007] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 757.457536] 0 pages cma reserved [ 757.467474] Out of memory (oom_kill_allocating_task): Kill process 15013 (in:imklog) score 0 or sacrifice child [ 757.477332] Node 0 DMA32 free:159484kB min:36200kB low:45248kB high:54296kB active_anon:50332kB inactive_anon:33904kB active_file:320kB inactive_file:19740kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2928kB bounce:0kB free_pcp:1412kB local_pcp:668kB free_cma:0kB [ 757.481240] Killed process 14997 (rsyslogd) total-vm:254332kB, anon-rss:1360kB, file-rss:0kB, shmem-rss:0kB [ 757.556130] lowmem_reserve[]: 0 0 0 0 0 [ 757.569645] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 757.618888] lowmem_reserve[]: 0 0 0 0 0 [ 757.622903] Node 1 Normal free:295412kB min:53696kB low:67120kB high:80544kB active_anon:1952kB inactive_anon:16304kB active_file:40kB inactive_file:44kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:272kB bounce:0kB free_pcp:800kB local_pcp:224kB free_cma:0kB [ 757.670405] oom_reaper: reaped process 14997 (rsyslogd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 757.749429] lowmem_reserve[]: 0 0 0 0 0 [ 757.753450] Node 0 DMA: 1*4kB (E) 9*8kB (UE) 26*16kB (UE) 10*32kB (UE) 5*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11116kB [ 757.816906] oom_reaper: reaped process 15177 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 757.852781] Node 0 DMA32: 1849*4kB (UME) 618*8kB (UMEH) 132*16kB (UMEH) 38*32kB (UMEH) 26*64kB (UMEH) 4*128kB (MH) 5*256kB (MH) 3*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 21684kB [ 757.893604] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 757.904388] Node 1 Normal: 132*4kB (M) 112*8kB (M) 82*16kB (UME) 75*32kB (UME) 39*64kB (M) 17*128kB (UM) 14*256kB (UM) 24*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 26704kB [ 757.934122] oom_reaper: reaped process 15154 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 757.937501] syz-executor.1: [ 757.944239] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 757.956353] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 757.960314] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 757.968550] systemd-cgroups invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 757.977888] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 757.992470] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 758.003773] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 758.004790] CPU: 0 PID: 15159 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 758.013665] 13108 total pagecache pages [ 758.021221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 758.021226] Call Trace: [ 758.021243] dump_stack+0x1b2/0x281 [ 758.021257] warn_alloc.cold+0x96/0x1cc [ 758.021270] ? zone_watermark_ok_safe+0x220/0x220 [ 758.021293] __alloc_pages_nodemask+0x2127/0x2720 [ 758.021305] ? check_preemption_disabled+0x35/0x240 [ 758.029419] 0 pages in swap cache [ 758.034593] ? lock_acquire+0x170/0x3f0 [ 758.037145] Swap cache stats: add 0, delete 0, find 0/0 [ 758.040752] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 758.040770] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 758.040784] ? __mutex_unlock_slowpath+0x75/0x770 [ 758.040799] alloc_pages_current+0x155/0x260 [ 758.046990] Free swap = 0kB [ 758.049581] ion_page_pool_alloc+0x118/0x1b0 [ 758.049591] ion_system_heap_allocate+0x133/0x8c0 [ 758.049602] ? _raw_spin_unlock+0x29/0x40 [ 758.049610] ? _ion_heap_freelist_drain+0x6e/0x410 [ 758.049619] ? ion_system_contig_heap_create+0x130/0x130 [ 758.049630] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 758.055774] Total swap = 0kB [ 758.059440] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 758.059451] ion_alloc+0x27a/0x810 [ 758.059464] ? ion_dma_buf_release+0x40/0x40 [ 758.059476] ? __might_fault+0x177/0x1b0 [ 758.059489] ion_ioctl+0xea/0x1f0 [ 758.059496] ? ion_query_heaps+0x360/0x360 [ 758.059508] ? ion_query_heaps+0x360/0x360 [ 758.059518] do_vfs_ioctl+0x75a/0xff0 [ 758.066045] 2097051 pages RAM [ 758.066905] ? ioctl_preallocate+0x1a0/0x1a0 [ 758.072267] 0 pages HighMem/MovableOnly [ 758.077060] ? lock_downgrade+0x740/0x740 [ 758.086617] 363848 pages reserved [ 758.087309] ? __fget+0x225/0x360 [ 758.091713] 0 pages cma reserved [ 758.095290] ? do_vfs_ioctl+0xff0/0xff0 [ 758.145776] systemd-cgroups cpuset= [ 758.147168] ? security_file_ioctl+0x83/0xb0 [ 758.156748] / [ 758.159370] SyS_ioctl+0x7f/0xb0 [ 758.184242] mems_allowed=0-1 [ 758.185146] ? do_vfs_ioctl+0xff0/0xff0 [ 758.209143] do_syscall_64+0x1d5/0x640 [ 758.213032] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 758.218211] RIP: 0033:0x466459 [ 758.221382] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 758.229083] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 758.236338] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 758.243590] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 758.250850] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 758.258104] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 758.267704] CPU: 1 PID: 15224 Comm: systemd-cgroups Not tainted 4.14.230-syzkaller #0 [ 758.275670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 758.276108] Mem-Info: [ 758.285006] Call Trace: [ 758.285022] dump_stack+0x1b2/0x281 [ 758.285034] dump_header+0x178/0x82f [ 758.285045] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 758.287447] active_anon:12106 inactive_anon:12552 isolated_anon:0 [ 758.287447] active_file:17 inactive_file:16 isolated_file:0 [ 758.287447] unevictable:0 dirty:0 writeback:0 unstable:0 [ 758.287447] slab_reclaimable:13644 slab_unreclaimable:115847 [ 758.287447] mapped:44036 shmem:13075 pagetables:758 bounce:0 [ 758.287447] free:13934 free_pcp:30 free_cma:0 [ 758.290004] ? ___ratelimit+0x2cd/0x530 [ 758.290015] oom_kill_process.cold+0x10/0xa40 [ 758.290033] out_of_memory+0xe3e/0x1190 [ 758.293634] Node 0 active_anon:47660kB inactive_anon:33904kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:176144kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 758.297316] ? oom_killer_disable+0x1c0/0x1c0 [ 758.302414] Node 1 active_anon:764kB inactive_anon:16304kB active_file:24kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16404kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 758.335530] ? mutex_trylock+0x152/0x1a0 [ 758.335542] __alloc_pages_nodemask+0x23e1/0x2720 [ 758.335562] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 758.339513] Node 0 [ 758.343989] alloc_pages_current+0x155/0x260 [ 758.347934] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 758.375494] filemap_fault+0x11a1/0x1ad0 [ 758.375515] ext4_filemap_fault+0x84/0xb0 [ 758.379993] lowmem_reserve[]: [ 758.406688] __do_fault+0xfa/0x380 [ 758.406698] __handle_mm_fault+0x2497/0x4620 [ 758.406708] ? vm_insert_page+0x7c0/0x7c0 [ 758.406719] ? vfs_statx_fd+0x6d/0xd0 [ 758.410770] 0 [ 758.415583] ? mark_held_locks+0xa6/0xf0 [ 758.420406] 2717 [ 758.422611] handle_mm_fault+0x455/0x9c0 [ 758.426983] 2718 2718 [ 758.452474] __do_page_fault+0x549/0xad0 [ 758.452487] ? spurious_fault+0x640/0x640 [ 758.456515] 2718 [ 758.460639] ? do_page_fault+0x60/0x500 [ 758.460647] ? page_fault+0x2f/0x50 [ 758.460657] page_fault+0x45/0x50 [ 758.467257] RIP: 468a6000:0x801 [ 758.471650] Node 0 [ 758.475755] RSP: 0000:0000000000000000 EFLAGS: 7f91464790ea [ 758.480567] Mem-Info: [ 758.481849] syz-executor.2: [ 758.485886] active_anon:12106 inactive_anon:12552 isolated_anon:0 [ 758.485886] active_file:17 inactive_file:16 isolated_file:0 [ 758.485886] unevictable:0 dirty:0 writeback:0 unstable:0 [ 758.485886] slab_reclaimable:13644 slab_unreclaimable:115847 [ 758.485886] mapped:44036 shmem:13075 pagetables:758 bounce:0 [ 758.485886] free:13934 free_pcp:30 free_cma:0 [ 758.487936] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 758.492027] Node 0 active_anon:47660kB inactive_anon:33904kB active_file:44kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:176144kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 758.496160] syz-executor.5: [ 758.498530] Node 1 active_anon:764kB inactive_anon:16304kB active_file:24kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16404kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 758.525550] DMA32 free:18064kB min:36200kB low:45248kB high:54296kB active_anon:47660kB inactive_anon:33904kB active_file:44kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7520kB pagetables:2908kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 758.528847] Node 0 [ 758.538223] page allocation failure: order:0 [ 758.567405] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 758.592181] lowmem_reserve[]: [ 758.604950] (null) [ 758.606167] 0 [ 758.636227] lowmem_reserve[]: [ 758.686018] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 758.698559] syz-executor.2 cpuset= [ 758.714607] (null) [ 758.716530] / [ 758.718141] syz-executor.5 cpuset= [ 758.720310] mems_allowed=0-1 [ 758.720323] CPU: 1 PID: 15154 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 758.720329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 758.720333] Call Trace: [ 758.720353] dump_stack+0x1b2/0x281 [ 758.720370] warn_alloc.cold+0x96/0x1cc [ 758.733968] / [ 758.736525] ? zone_watermark_ok_safe+0x220/0x220 [ 758.745868] mems_allowed=0-1 [ 758.748415] ? usleep_range+0x130/0x130 [ 758.752037] 0 [ 758.755972] ? try_to_free_pages+0x23f/0x6e0 [ 758.757671] 0 [ 758.762494] ? _find_next_bit+0xdb/0x100 [ 758.762505] ? run_timer_softirq+0x5a0/0x5a0 [ 758.762522] __alloc_pages_nodemask+0x2127/0x2720 [ 758.778793] 0 [ 758.781518] ? lock_acquire+0x170/0x3f0 [ 758.785890] 0 [ 758.790720] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 758.790732] ? ion_page_pool_alloc+0x9e/0x1b0 [ 758.807515] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 758.812942] Node 0 [ 758.812948] ? retint_kernel+0x2d/0x2d [ 758.812961] alloc_pages_current+0x155/0x260 [ 758.815179] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 758.819034] ion_page_pool_alloc+0x118/0x1b0 [ 758.819044] ion_system_heap_allocate+0x133/0x8c0 [ 758.819054] ? ion_alloc+0x187/0x810 [ 758.838791] lowmem_reserve[]: [ 758.848321] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 758.868789] 0 [ 758.869710] ? ion_system_contig_heap_create+0x130/0x130 [ 758.869711] 0 0 [ 758.871496] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 758.876914] 0 [ 758.878869] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 758.878882] ion_alloc+0x204/0x810 [ 758.893974] ? ion_dma_buf_release+0x40/0x40 [ 758.898362] ? __might_fault+0x177/0x1b0 [ 758.898787] 0 [ 758.902405] ion_ioctl+0xea/0x1f0 [ 758.902414] ? ion_query_heaps+0x360/0x360 [ 758.904188] Node 1 [ 758.907623] ? ion_query_heaps+0x360/0x360 [ 758.918245] do_vfs_ioctl+0x75a/0xff0 [ 758.922045] ? ioctl_preallocate+0x1a0/0x1a0 [ 758.926431] ? lock_downgrade+0x740/0x740 [ 758.928800] Normal free:26704kB min:53696kB low:67120kB high:80544kB active_anon:764kB inactive_anon:16304kB active_file:24kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:124kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 758.930561] ? __fget+0x225/0x360 [ 758.961645] ? do_vfs_ioctl+0xff0/0xff0 [ 758.965601] ? security_file_ioctl+0x83/0xb0 [ 758.969991] SyS_ioctl+0x7f/0xb0 [ 758.973347] ? do_vfs_ioctl+0xff0/0xff0 [ 758.977300] do_syscall_64+0x1d5/0x640 [ 758.978782] lowmem_reserve[]: 0 [ 758.981170] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 758.981172] 0 0 [ 758.984430] RIP: 0033:0x466459 [ 758.994715] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 759.002402] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 759.008779] 0 [ 759.009649] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 759.009654] 0 [ 759.011433] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 759.020455] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 759.020461] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 759.026250] 0 [ 759.027737] CPU: 0 PID: 15177 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 759.035010] 2717 [ 759.042224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 759.042227] Call Trace: [ 759.042246] dump_stack+0x1b2/0x281 [ 759.042259] warn_alloc.cold+0x96/0x1cc [ 759.042271] ? zone_watermark_ok_safe+0x220/0x220 [ 759.042280] ? usleep_range+0x130/0x130 [ 759.042289] ? try_to_free_pages+0x23f/0x6e0 [ 759.049284] 2718 [ 759.051928] ? _find_next_bit+0xdb/0x100 [ 759.053969] 2718 [ 759.063305] ? run_timer_softirq+0x5a0/0x5a0 [ 759.063324] __alloc_pages_nodemask+0x2127/0x2720 [ 759.063342] ? lock_acquire+0x170/0x3f0 [ 759.063357] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 759.071123] 2718 [ 759.073490] ? ion_page_pool_alloc+0x9e/0x1b0 [ 759.082256] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 759.082272] ? alloc_pages_current+0x37/0x260 [ 759.082283] alloc_pages_current+0x155/0x260 [ 759.082293] ion_page_pool_alloc+0x118/0x1b0 [ 759.082303] ion_system_heap_allocate+0x133/0x8c0 [ 759.088455] Node 0 [ 759.088729] ? ion_alloc+0x187/0x810 [ 759.096192] DMA32 free:17896kB min:36200kB low:45248kB high:54296kB active_anon:47660kB inactive_anon:33904kB active_file:44kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7520kB pagetables:2908kB bounce:0kB free_pcp:128kB local_pcp:8kB free_cma:0kB [ 759.099191] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 759.099202] ? ion_system_contig_heap_create+0x130/0x130 [ 759.099212] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 759.099222] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 759.099233] ion_alloc+0x204/0x810 [ 759.105256] lowmem_reserve[]: [ 759.108005] ? ion_dma_buf_release+0x40/0x40 [ 759.116767] 0 [ 759.119333] ? __might_fault+0x177/0x1b0 [ 759.119344] ion_ioctl+0xea/0x1f0 [ 759.119353] ? ion_query_heaps+0x360/0x360 [ 759.119364] ? ion_query_heaps+0x360/0x360 [ 759.119373] do_vfs_ioctl+0x75a/0xff0 [ 759.124795] 0 [ 759.129273] ? ioctl_preallocate+0x1a0/0x1a0 [ 759.129282] ? lock_downgrade+0x740/0x740 [ 759.129295] ? __fget+0x225/0x360 [ 759.129305] ? do_vfs_ioctl+0xff0/0xff0 [ 759.129317] ? security_file_ioctl+0x83/0xb0 [ 759.129326] SyS_ioctl+0x7f/0xb0 [ 759.129335] ? do_vfs_ioctl+0xff0/0xff0 [ 759.138883] 0 [ 759.142934] do_syscall_64+0x1d5/0x640 [ 759.145138] 0 [ 759.148836] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 759.148845] RIP: 0033:0x466459 [ 759.148849] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 759.148857] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 759.148862] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 759.148866] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 759.148871] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 759.148876] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 759.170803] Node 0 [ 759.178232] 0 [ 759.191038] DMA: [ 759.197738] 2*4kB [ 759.201302] Bluetooth: hci5 command 0x040f tx timeout [ 759.204373] (UE) [ 759.208801] Node 0 [ 759.210556] 2*8kB [ 759.214585] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 759.218002] (UE) [ 759.223415] lowmem_reserve[]: [ 759.226489] 24*16kB [ 759.230295] 0 [ 759.232069] (UE) [ 759.236449] 0 [ 759.240600] 10*32kB [ 759.244040] 0 [ 759.247986] (UE) [ 759.252391] 0 0 [ 759.255742] 4*64kB [ 759.259718] Node 1 Normal free:26704kB min:53696kB low:67120kB high:80544kB active_anon:764kB inactive_anon:16304kB active_file:24kB inactive_file:20kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:124kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 759.259738] lowmem_reserve[]: [ 759.263915] (UE) [ 759.265394] 0 [ 759.267174] 4*128kB [ 759.272365] 0 0 0 0 [ 759.272378] Node 0 DMA: 2*4kB (UE) 2*8kB (UE) 24*16kB (UE) 10*32kB (UE) 4*64kB (UE) 4*128kB (UE) 3*256kB [ 759.276128] (UE) [ 759.283326] (UE) 1*512kB [ 759.291095] 3*256kB [ 759.298061] (E) [ 759.306395] Mem-Info: [ 759.312518] 2*1024kB [ 759.319773] (UE) [ 759.321963] (UE) [ 759.323741] 1*512kB [ 759.325776] 3*2048kB [ 759.327900] (E) [ 759.333090] (UME) [ 759.335147] active_anon:12106 inactive_anon:12552 isolated_anon:0 [ 759.335147] active_file:16 inactive_file:15 isolated_file:2 [ 759.335147] unevictable:0 dirty:0 writeback:0 unstable:0 [ 759.335147] slab_reclaimable:13644 slab_unreclaimable:115430 [ 759.335147] mapped:44036 shmem:13075 pagetables:758 bounce:0 [ 759.335147] free:14359 free_pcp:0 free_cma:0 [ 759.337342] 0*4096kB [ 759.340690] Node 0 active_anon:47660kB inactive_anon:33904kB active_file:40kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:176144kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 759.376166] = 10968kB [ 759.379908] 2*1024kB [ 759.381604] Node 0 [ 759.383641] (UE) [ 759.385592] DMA32: [ 759.387803] 3*2048kB [ 759.438787] 1828*4kB [ 759.508803] Node 1 active_anon:764kB inactive_anon:16304kB active_file:24kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16404kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 759.678767] (UME) 0*4096kB = 10968kB [ 759.678883] (UMEH) [ 759.682509] Node 0 DMA32: 1820*4kB (MEH) 560*8kB (UME) 1009*16kB (UMEH) 3029*32kB (UMEH) 1672*64kB (UH) 193*128kB (UH) 47*256kB (UH) 33*512kB (U) 45*1024kB (U) 1*2048kB (U) 0*4096kB = 333600kB [ 759.682576] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB [ 759.685209] 639*8kB [ 759.718782] 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 759.726916] Node 1 Normal: 2835*4kB (UM) 1232*8kB (UM) 952*16kB (UME) 537*32kB (UME) 2425*64kB (UM) 409*128kB (UM) 73*256kB (UM) 47*512kB (U) 26*1024kB (U) 0*2048kB 0*4096kB = 330540kB [ 759.728892] (UME) [ 759.743914] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 759.768860] 188*16kB (UMEH) 72*32kB (UMEH) 27*64kB (UH) 1*128kB (H) 1*256kB (H) 0*512kB 37*1024kB (U) 0*2048kB 0*4096kB = 57736kB [ 759.781441] Node 0 DMA free:12272kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 759.821683] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 759.829550] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 759.844887] Node 1 Normal: 3849*4kB (UM) 1499*8kB (UM) 1193*16kB (UME) 832*32kB (UME) 2777*64kB (UM) 506*128kB (UM) 119*256kB (UM) 61*512kB (U) 27*1024kB (U) 0*2048kB 0*4096kB = 404940kB [ 759.872669] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 759.878952] Node 0 DMA32 free:339972kB min:36200kB low:45248kB high:54296kB active_anon:47660kB inactive_anon:33904kB active_file:356kB inactive_file:548kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2908kB bounce:0kB free_pcp:720kB local_pcp:676kB free_cma:0kB [ 759.880264] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 759.909105] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 759.936347] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 759.945440] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 759.968798] lowmem_reserve[]: 0 0 0 0 0 [ 759.972917] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 760.001647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 760.012990] 13965 total pagecache pages [ 760.018433] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 760.027171] 14002 total pagecache pages [ 760.030970] 0 pages in swap cache [ 760.043472] Swap cache stats: add 0, delete 0, find 0/0 [ 760.061326] Free swap = 0kB [ 760.064351] Total swap = 0kB [ 760.067357] 2097051 pages RAM [ 760.068815] 0 pages in swap cache [ 760.073912] Swap cache stats: add 0, delete 0, find 0/0 [ 760.085973] lowmem_reserve[]: 0 0 0 0 0 [ 760.091936] 0 pages HighMem/MovableOnly [ 760.095911] 363848 pages reserved [ 760.096188] Node 1 [ 760.100232] Free swap = 0kB [ 760.106264] Total swap = 0kB [ 760.108746] 0 pages cma reserved [ 760.109984] Normal free:440156kB min:53696kB low:67120kB high:80544kB active_anon:764kB inactive_anon:16304kB active_file:16kB inactive_file:24kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:124kB bounce:0kB free_pcp:1468kB local_pcp:728kB free_cma:0kB [ 760.159142] 2097051 pages RAM [ 760.162254] 0 pages HighMem/MovableOnly [ 760.166248] 363848 pages reserved [ 760.183011] 0 pages cma reserved [ 760.186451] Out of memory (oom_kill_allocating_task): Kill process 15224 (systemd-cgroups) score 0 or sacrifice child [ 760.197389] Killed process 15224 (systemd-cgroups) total-vm:14740kB, anon-rss:80kB, file-rss:0kB, shmem-rss:0kB [ 760.207747] lowmem_reserve[]: 0 0 0 0 0 [ 760.212299] Node 0 DMA: 6*4kB (UE) 35*8kB (UE) 25*16kB (UE) 11*32kB (UE) 4*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 1*1024kB (E) 2*2048kB (ME) 1*4096kB (U) = 12320kB [ 760.230034] oom_reaper: reaped process 15224 (systemd-cgroups), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 760.246143] Node 0 DMA32: 4944*4kB (UMEH) 2348*8kB (UME) 1537*16kB (UMEH) 3040*32kB (UMEH) 2128*64kB (UH) 230*128kB (UMH) 51*256kB (UMH) 34*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 356528kB [ 760.342246] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 760.353682] Node 1 Normal: 7830*4kB (UM) 1678*8kB (UM) 1361*16kB (UME) 996*32kB (UME) 3161*64kB (UM) 523*128kB (UM) 123*256kB (UM) 66*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 432920kB [ 760.371099] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 760.388844] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 760.397516] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 760.428948] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 760.437540] 15506 total pagecache pages [ 760.474667] 0 pages in swap cache [ 760.494053] Swap cache stats: add 0, delete 0, find 0/0 [ 760.509643] Free swap = 0kB [ 760.512711] Total swap = 0kB [ 760.521005] 2097051 pages RAM [ 760.528768] 0 pages HighMem/MovableOnly [ 760.540338] 363848 pages reserved [ 760.543799] 0 pages cma reserved [ 760.795614] oom_reaper: reaped process 15157 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 760.840653] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 760.864803] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 760.887233] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 760.896460] CPU: 1 PID: 15154 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 760.904353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 760.913699] Call Trace: [ 760.916286] dump_stack+0x1b2/0x281 [ 760.919908] warn_alloc.cold+0x96/0x1cc [ 760.923876] ? zone_watermark_ok_safe+0x220/0x220 [ 760.928727] __alloc_pages_nodemask+0x2127/0x2720 [ 760.933572] ? lock_acquire+0x170/0x3f0 [ 760.937548] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 760.942392] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 760.947837] ? __mutex_unlock_slowpath+0x75/0x770 [ 760.952677] alloc_pages_current+0x155/0x260 [ 760.957079] ion_page_pool_alloc+0x118/0x1b0 [ 760.961482] ion_system_heap_allocate+0x133/0x8c0 [ 760.966334] ? _raw_spin_unlock+0x29/0x40 [ 760.970483] ? _ion_heap_freelist_drain+0x6e/0x410 [ 760.975413] ? ion_system_contig_heap_create+0x130/0x130 [ 760.980853] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 760.985848] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 760.990668] ion_alloc+0x27a/0x810 [ 760.994186] ? ion_dma_buf_release+0x40/0x40 [ 760.998573] ? __might_fault+0x177/0x1b0 [ 761.002613] ion_ioctl+0xea/0x1f0 [ 761.006043] ? ion_query_heaps+0x360/0x360 [ 761.010259] ? ion_query_heaps+0x360/0x360 [ 761.014479] do_vfs_ioctl+0x75a/0xff0 [ 761.018258] ? ioctl_preallocate+0x1a0/0x1a0 [ 761.022643] ? lock_downgrade+0x740/0x740 [ 761.026772] ? __fget+0x225/0x360 [ 761.030211] ? do_vfs_ioctl+0xff0/0xff0 [ 761.034165] ? security_file_ioctl+0x83/0xb0 [ 761.038551] SyS_ioctl+0x7f/0xb0 [ 761.041893] ? do_vfs_ioctl+0xff0/0xff0 [ 761.045847] do_syscall_64+0x1d5/0x640 [ 761.049718] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 761.054885] RIP: 0033:0x466459 [ 761.058064] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 761.065751] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 761.073000] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 761.080248] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 761.087495] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 761.094740] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 761.132724] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 761.133705] warn_alloc_show_mem: 1 callbacks suppressed [ 761.133707] Mem-Info: [ 761.137862] CPU: 0 PID: 15177 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 761.143864] active_anon:12153 inactive_anon:12550 isolated_anon:0 [ 761.143864] active_file:28 inactive_file:2 isolated_file:8 [ 761.143864] unevictable:0 dirty:0 writeback:0 unstable:0 [ 761.143864] slab_reclaimable:13573 slab_unreclaimable:117057 [ 761.143864] mapped:44075 shmem:13071 pagetables:765 bounce:0 [ 761.143864] free:13816 free_pcp:139 free_cma:0 [ 761.145593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.153606] Node 0 active_anon:47864kB inactive_anon:33904kB active_file:108kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):32kB mapped:176300kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 761.186570] Call Trace: [ 761.186588] dump_stack+0x1b2/0x281 [ 761.186601] warn_alloc.cold+0x96/0x1cc [ 761.186612] ? zone_watermark_ok_safe+0x220/0x220 [ 761.186635] __alloc_pages_nodemask+0x2127/0x2720 [ 761.186644] ? ___preempt_schedule+0x16/0x18 [ 761.186659] ? lock_acquire+0x170/0x3f0 [ 761.196294] Node 1 active_anon:748kB inactive_anon:16296kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 761.223743] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 761.223762] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 761.223774] ? __mutex_unlock_slowpath+0x75/0x770 [ 761.223782] ? retint_kernel+0x2d/0x2d [ 761.223795] alloc_pages_current+0x155/0x260 [ 761.223808] ion_page_pool_alloc+0x118/0x1b0 [ 761.226382] Node 0 [ 761.229984] ion_system_heap_allocate+0x133/0x8c0 [ 761.229996] ? _raw_spin_unlock+0x29/0x40 [ 761.230006] ? _ion_heap_freelist_drain+0x6e/0x410 [ 761.233960] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 761.238781] ? ion_system_contig_heap_create+0x130/0x130 [ 761.238791] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 761.238801] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 761.238811] ion_alloc+0x27a/0x810 [ 761.238824] ? ion_dma_buf_release+0x40/0x40 [ 761.243647] lowmem_reserve[]: [ 761.248024] ? __might_fault+0x177/0x1b0 [ 761.252336] 0 [ 761.278493] ion_ioctl+0xea/0x1f0 [ 761.278503] ? ion_query_heaps+0x360/0x360 [ 761.278514] ? ion_query_heaps+0x360/0x360 [ 761.278527] do_vfs_ioctl+0x75a/0xff0 [ 761.283405] 2717 [ 761.288773] ? ioctl_preallocate+0x1a0/0x1a0 [ 761.288783] ? lock_downgrade+0x740/0x740 [ 761.288797] ? __fget+0x225/0x360 [ 761.293611] 2718 [ 761.297481] ? do_vfs_ioctl+0xff0/0xff0 [ 761.301886] 2718 [ 761.306251] ? security_file_ioctl+0x83/0xb0 [ 761.308457] 2718 [ 761.313278] SyS_ioctl+0x7f/0xb0 [ 761.313286] ? do_vfs_ioctl+0xff0/0xff0 [ 761.313296] do_syscall_64+0x1d5/0x640 [ 761.313310] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 761.313318] RIP: 0033:0x466459 [ 761.322340] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 761.322351] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 761.322356] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 761.322361] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 761.322366] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 761.322374] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 761.347883] Node 0 [ 761.490346] bond0 (unregistering): Released all slaves [ 761.504768] DMA32 free:19048kB min:36200kB low:45248kB high:54296kB active_anon:47864kB inactive_anon:33904kB active_file:108kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7584kB pagetables:2936kB bounce:0kB free_pcp:352kB local_pcp:68kB free_cma:0kB [ 761.533034] lowmem_reserve[]: 0 0 0 0 0 [ 761.537033] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 761.562768] lowmem_reserve[]: 0 0 0 0 0 [ 761.566771] Node 1 Normal free:26456kB min:53696kB low:67120kB high:80544kB active_anon:748kB inactive_anon:16296kB active_file:4kB inactive_file:8kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:124kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 761.594875] lowmem_reserve[]: 0 0 0 0 0 [ 761.598903] Node 0 DMA: 1*4kB (E) 5*8kB (UE) 25*16kB (UE) 11*32kB (UE) 3*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 10972kB [ 761.628737] Node 0 DMA32: 1913*4kB (UMEH) 593*8kB (UME) 107*16kB (UME) 35*32kB (UMEH) 12*64kB (MH) 3*128kB (MH) 1*256kB (H) 1*512kB (U) 1*1024kB (M) 0*2048kB 0*4096kB = 18172kB [ 761.668716] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 761.698683] Node 1 Normal: 116*4kB (UM) 114*8kB (UM) 78*16kB (UME) 68*32kB (UME) 37*64kB (UM) 15*128kB (M) 8*256kB (UM) 30*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 26496kB [ 761.718663] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 761.727496] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 761.753658] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 761.772943] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 761.795475] 13109 total pagecache pages [ 761.801430] 0 pages in swap cache [ 761.804869] Swap cache stats: add 0, delete 0, find 0/0 [ 761.810906] Free swap = 0kB [ 761.813908] Total swap = 0kB [ 761.816912] 2097051 pages RAM [ 761.821970] 0 pages HighMem/MovableOnly [ 761.825928] 363848 pages reserved [ 761.830050] 0 pages cma reserved [ 762.033948] syz-executor.4 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 762.048398] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 762.056173] CPU: 0 PID: 15263 Comm: syz-executor.4 Not tainted 4.14.230-syzkaller #0 [ 762.064043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.073381] Call Trace: [ 762.075960] dump_stack+0x1b2/0x281 [ 762.079578] dump_header+0x178/0x82f [ 762.083302] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 762.088396] ? ___ratelimit+0x2cd/0x530 [ 762.092368] oom_kill_process.cold+0x10/0xa40 [ 762.096857] out_of_memory+0xe3e/0x1190 [ 762.100824] ? oom_killer_disable+0x1c0/0x1c0 [ 762.105317] ? mutex_trylock+0x152/0x1a0 [ 762.109367] __alloc_pages_nodemask+0x23e1/0x2720 [ 762.114209] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 762.119056] alloc_pages_current+0x155/0x260 [ 762.123454] filemap_fault+0x11a1/0x1ad0 [ 762.127513] ext4_filemap_fault+0x84/0xb0 [ 762.131648] __do_fault+0xfa/0x380 [ 762.135194] __handle_mm_fault+0x2497/0x4620 [ 762.139590] ? vm_insert_page+0x7c0/0x7c0 [ 762.143726] ? __fsnotify_inode_delete+0x20/0x20 [ 762.148473] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 762.155141] ? mark_held_locks+0xa6/0xf0 [ 762.159193] handle_mm_fault+0x455/0x9c0 [ 762.163249] __do_page_fault+0x549/0xad0 [ 762.167302] ? spurious_fault+0x640/0x640 [ 762.171437] ? do_page_fault+0x60/0x500 [ 762.175400] ? page_fault+0x2f/0x50 [ 762.179013] page_fault+0x45/0x50 [ 762.182448] RIP: 56ca68: (null) [ 762.186491] RSP: 9204728:0000000000000003 EFLAGS: ffffffff [ 762.228712] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 762.234868] syz-executor.5: [ 762.248648] syz-executor.0: [ 762.249936] syz-executor.2 cpuset= [ 762.251665] page allocation failure: order:0 [ 762.254659] / [ 762.258175] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 762.264304] mems_allowed=0-1 [ 762.264316] CPU: 0 PID: 15154 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 762.271431] syz-executor.1: [ 762.274477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.284627] page allocation failure: order:0 [ 762.285365] Call Trace: [ 762.301667] dump_stack+0x1b2/0x281 [ 762.302053] page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 762.305293] warn_alloc.cold+0x96/0x1cc [ 762.305306] ? zone_watermark_ok_safe+0x220/0x220 [ 762.323938] ? usleep_range+0x130/0x130 [ 762.326590] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 762.327900] ? try_to_free_pages+0x23f/0x6e0 [ 762.327902] (null) [ 762.327907] syz-executor.5 cpuset= [ 762.334983] ? _find_next_bit+0xdb/0x100 [ 762.334994] ? run_timer_softirq+0x5a0/0x5a0 [ 762.335011] __alloc_pages_nodemask+0x2127/0x2720 [ 762.335029] ? lock_acquire+0x170/0x3f0 [ 762.348313] (null) [ 762.349125] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 762.349135] ? ion_page_pool_alloc+0x9e/0x1b0 [ 762.349151] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 762.353525] syz-executor.0 cpuset= [ 762.358355] alloc_pages_current+0x155/0x260 [ 762.371266] (null) [ 762.373736] ion_page_pool_alloc+0x118/0x1b0 [ 762.384193] / [ 762.387059] ion_system_heap_allocate+0x133/0x8c0 [ 762.393255] syz-executor.1 cpuset= [ 762.393604] ? _raw_spin_unlock+0x29/0x40 [ 762.395290] / [ 762.400117] ? _ion_heap_freelist_drain+0x6e/0x410 [ 762.412680] mems_allowed=0-1 [ 762.414366] ? ion_system_contig_heap_create+0x130/0x130 [ 762.422015] / [ 762.422869] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 762.422877] mems_allowed=0-1 [ 762.424572] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 762.437468] ion_alloc+0x27a/0x810 [ 762.441000] ? ion_dma_buf_release+0x40/0x40 [ 762.441977] mems_allowed=0-1 [ 762.445399] ? __might_fault+0x177/0x1b0 [ 762.452522] ion_ioctl+0xea/0x1f0 [ 762.455960] ? ion_query_heaps+0x360/0x360 [ 762.460184] ? ion_query_heaps+0x360/0x360 [ 762.464418] do_vfs_ioctl+0x75a/0xff0 [ 762.468221] ? ioctl_preallocate+0x1a0/0x1a0 [ 762.472612] ? lock_downgrade+0x740/0x740 [ 762.476746] ? __fget+0x225/0x360 [ 762.480186] ? do_vfs_ioctl+0xff0/0xff0 [ 762.484145] ? security_file_ioctl+0x83/0xb0 [ 762.488531] SyS_ioctl+0x7f/0xb0 [ 762.491881] ? do_vfs_ioctl+0xff0/0xff0 [ 762.495855] do_syscall_64+0x1d5/0x640 [ 762.499735] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 762.504910] RIP: 0033:0x466459 [ 762.508077] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 762.515780] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 762.523032] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 762.530290] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 762.537576] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 762.544842] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 762.560803] Mem-Info: [ 762.563234] active_anon:12153 inactive_anon:12550 isolated_anon:0 [ 762.563234] active_file:16 inactive_file:18 isolated_file:0 [ 762.563234] unevictable:0 dirty:0 writeback:0 unstable:0 [ 762.563234] slab_reclaimable:13548 slab_unreclaimable:116349 [ 762.563234] mapped:44075 shmem:13071 pagetables:765 bounce:0 [ 762.563234] free:13822 free_pcp:6 free_cma:0 [ 762.574360] CPU: 1 PID: 15159 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 762.601413] Node 0 active_anon:47864kB inactive_anon:33904kB active_file:60kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:176300kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 762.604167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.631844] Node 1 active_anon:748kB inactive_anon:16296kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 762.641285] Call Trace: [ 762.641306] dump_stack+0x1b2/0x281 [ 762.641320] warn_alloc.cold+0x96/0x1cc [ 762.641334] ? zone_watermark_ok_safe+0x220/0x220 [ 762.667894] Node 0 [ 762.670430] ? usleep_range+0x130/0x130 [ 762.670441] ? try_to_free_pages+0x23f/0x6e0 [ 762.670452] ? _find_next_bit+0xdb/0x100 [ 762.674075] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 762.678017] ? run_timer_softirq+0x5a0/0x5a0 [ 762.682860] lowmem_reserve[]: [ 762.685075] __alloc_pages_nodemask+0x2127/0x2720 [ 762.689030] 0 [ 762.693410] ? lock_acquire+0x170/0x3f0 [ 762.697433] 2717 [ 762.722930] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 762.722939] ? ion_page_pool_alloc+0x9e/0x1b0 [ 762.722955] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 762.727345] 2718 [ 762.730437] alloc_pages_current+0x155/0x260 [ 762.730450] ion_page_pool_alloc+0x118/0x1b0 [ 762.735261] 2718 [ 762.737042] ion_system_heap_allocate+0x133/0x8c0 [ 762.741001] 2718 [ 762.743028] ? _raw_spin_unlock+0x29/0x40 [ 762.752314] ? _ion_heap_freelist_drain+0x6e/0x410 [ 762.752323] ? ion_system_contig_heap_create+0x130/0x130 [ 762.752332] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 762.752342] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 762.757764] Node 0 [ 762.759804] ion_alloc+0x27a/0x810 [ 762.759821] ? ion_dma_buf_release+0x40/0x40 [ 762.764229] warn_alloc_show_mem: 1 callbacks suppressed [ 762.764232] Mem-Info: [ 762.768605] ? __might_fault+0x177/0x1b0 [ 762.768616] ion_ioctl+0xea/0x1f0 [ 762.768625] ? ion_query_heaps+0x360/0x360 [ 762.770674] active_anon:12153 inactive_anon:12550 isolated_anon:0 [ 762.770674] active_file:16 inactive_file:18 isolated_file:0 [ 762.770674] unevictable:0 dirty:0 writeback:0 unstable:0 [ 762.770674] slab_reclaimable:13548 slab_unreclaimable:116349 [ 762.770674] mapped:44075 shmem:13071 pagetables:765 bounce:0 [ 762.770674] free:13822 free_pcp:6 free_cma:0 [ 762.775483] ? ion_query_heaps+0x360/0x360 [ 762.777528] Node 0 active_anon:47864kB inactive_anon:33904kB active_file:60kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:176300kB dirty:0kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 762.781643] do_vfs_ioctl+0x75a/0xff0 [ 762.781654] ? ioctl_preallocate+0x1a0/0x1a0 [ 762.781665] ? lock_downgrade+0x740/0x740 [ 762.786581] DMA32 free:17820kB min:36200kB low:45248kB high:54296kB active_anon:47864kB inactive_anon:33904kB active_file:60kB inactive_file:64kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2936kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 762.792005] ? __fget+0x225/0x360 [ 762.792014] ? do_vfs_ioctl+0xff0/0xff0 [ 762.792025] ? security_file_ioctl+0x83/0xb0 [ 762.797008] lowmem_reserve[]: [ 762.801830] SyS_ioctl+0x7f/0xb0 [ 762.801837] ? do_vfs_ioctl+0xff0/0xff0 [ 762.801849] do_syscall_64+0x1d5/0x640 [ 762.804059] 0 [ 762.807582] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 762.811992] Node 1 active_anon:748kB inactive_anon:16296kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16388kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 762.817300] RIP: 0033:0x466459 [ 762.819698] 0 [ 762.823716] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 762.827153] 0 [ 762.831362] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 762.831367] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 762.831372] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 762.831377] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 762.831382] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 762.842095] CPU: 1 PID: 15177 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 762.872474] Node 0 [ 762.896307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.896311] Call Trace: [ 762.896328] dump_stack+0x1b2/0x281 [ 762.896341] warn_alloc.cold+0x96/0x1cc [ 762.924756] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 762.936546] ? zone_watermark_ok_safe+0x220/0x220 [ 762.936556] ? usleep_range+0x130/0x130 [ 762.936566] ? try_to_free_pages+0x23f/0x6e0 [ 762.940013] lowmem_reserve[]: [ 762.943956] ? _find_next_bit+0xdb/0x100 [ 762.948328] 0 [ 762.951414] ? run_timer_softirq+0x5a0/0x5a0 [ 762.951430] __alloc_pages_nodemask+0x2127/0x2720 [ 762.951447] ? lock_acquire+0x170/0x3f0 [ 762.954785] 0 [ 762.958738] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 762.958746] ? ion_page_pool_alloc+0x9e/0x1b0 [ 762.958761] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 762.962616] 0 [ 762.964406] ? retint_kernel+0x2d/0x2d [ 762.969586] 2717 [ 762.996099] alloc_pages_current+0x155/0x260 [ 762.996112] ion_page_pool_alloc+0x118/0x1b0 [ 763.001064] ion_system_heap_allocate+0x133/0x8c0 [ 763.008774] Node 0 [ 763.010541] ? _raw_spin_unlock+0x29/0x40 [ 763.017791] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 763.025044] ? _ion_heap_freelist_drain+0x6e/0x410 [ 763.025053] ? ion_system_contig_heap_create+0x130/0x130 [ 763.025069] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 763.032325] 2718 [ 763.039558] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 763.039569] ion_alloc+0x27a/0x810 [ 763.039583] ? ion_dma_buf_release+0x40/0x40 [ 763.046915] lowmem_reserve[]: [ 763.054773] ? __might_fault+0x177/0x1b0 [ 763.054784] ion_ioctl+0xea/0x1f0 [ 763.054793] ? ion_query_heaps+0x360/0x360 [ 763.057008] 2718 [ 763.066339] ? ion_query_heaps+0x360/0x360 [ 763.066348] do_vfs_ioctl+0x75a/0xff0 [ 763.066360] ? ioctl_preallocate+0x1a0/0x1a0 [ 763.068932] 0 [ 763.072526] ? lock_downgrade+0x740/0x740 [ 763.076468] 0 [ 763.101949] ? __fget+0x225/0x360 [ 763.101959] ? do_vfs_ioctl+0xff0/0xff0 [ 763.101971] ? security_file_ioctl+0x83/0xb0 [ 763.106785] 2718 [ 763.110733] SyS_ioctl+0x7f/0xb0 [ 763.110742] ? do_vfs_ioctl+0xff0/0xff0 [ 763.110753] do_syscall_64+0x1d5/0x640 [ 763.118216] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 763.122260] Node 0 [ 763.124027] RIP: 0033:0x466459 [ 763.128416] DMA32 free:17820kB min:36200kB low:45248kB high:54296kB active_anon:47864kB inactive_anon:33904kB active_file:60kB inactive_file:64kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7552kB pagetables:2936kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 763.133217] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 763.133227] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 763.133232] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 763.133239] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 763.137190] 0 [ 763.138964] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 763.138970] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 763.151521] CPU: 1 PID: 15157 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 763.163903] lowmem_reserve[]: [ 763.165816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 763.170219] 0 [ 763.175017] Call Trace: [ 763.177226] 0 [ 763.181358] dump_stack+0x1b2/0x281 [ 763.181372] warn_alloc.cold+0x96/0x1cc [ 763.206255] 0 [ 763.211145] ? zone_watermark_ok_safe+0x220/0x220 [ 763.211155] ? usleep_range+0x130/0x130 [ 763.211166] ? queue_work_on+0x10d/0x1d0 [ 763.216586] 0 [ 763.221579] ? _find_next_bit+0xdb/0x100 [ 763.221588] ? run_timer_softirq+0x5a0/0x5a0 [ 763.221605] __alloc_pages_nodemask+0x2127/0x2720 [ 763.228459] ? lock_acquire+0x170/0x3f0 [ 763.231981] Node 1 [ 763.236367] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 763.239458] 0 [ 763.243480] ? ion_page_pool_alloc+0x9e/0x1b0 [ 763.246913] 0 [ 763.251134] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 763.251152] alloc_pages_current+0x155/0x260 [ 763.253196] Normal free:26496kB min:53696kB low:67120kB high:80544kB active_anon:748kB inactive_anon:16296kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:124kB bounce:0kB free_pcp:24kB local_pcp:0kB free_cma:0kB [ 763.257397] ion_page_pool_alloc+0x118/0x1b0 [ 763.261184] lowmem_reserve[]: [ 763.265559] ion_system_heap_allocate+0x133/0x8c0 [ 763.267330] 0 [ 763.271453] ? ion_alloc+0x187/0x810 [ 763.271463] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 763.271473] ? ion_system_contig_heap_create+0x130/0x130 [ 763.273249] 0 [ 763.276689] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 763.285024] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 763.287056] Node 0 [ 763.290401] ion_alloc+0x204/0x810 [ 763.290417] ? ion_dma_buf_release+0x40/0x40 [ 763.294377] 0 [ 763.298358] ? __might_fault+0x177/0x1b0 [ 763.298372] ion_ioctl+0xea/0x1f0 [ 763.303620] 0 [ 763.305803] ? ion_query_heaps+0x360/0x360 [ 763.309010] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 763.336885] ? ion_query_heaps+0x360/0x360 [ 763.336895] do_vfs_ioctl+0x75a/0xff0 [ 763.336907] ? ioctl_preallocate+0x1a0/0x1a0 [ 763.344604] 0 [ 763.351849] ? lock_downgrade+0x740/0x740 [ 763.351863] ? __fget+0x225/0x360 [ 763.351873] ? do_vfs_ioctl+0xff0/0xff0 [ 763.359136] 0 [ 763.366377] ? security_file_ioctl+0x83/0xb0 [ 763.375396] SyS_ioctl+0x7f/0xb0 [ 763.375404] ? do_vfs_ioctl+0xff0/0xff0 [ 763.375414] do_syscall_64+0x1d5/0x640 [ 763.375428] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 763.388582] lowmem_reserve[]: [ 763.390530] RIP: 0033:0x466459 [ 763.393632] 0 [ 763.402967] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 763.402977] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 763.402982] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 763.402987] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 763.402992] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 763.403018] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 763.712780] Node 0 DMA: 4*4kB (UE) 6*8kB (UE) 25*16kB (UE) 11*32kB (UE) 7*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11248kB [ 763.748595] Node 0 DMA32: 2165*4kB (UMEH) 1701*8kB (UME) 1217*16kB (UME) 735*32kB (UMEH) 1373*64kB (UMEH) 201*128kB (UMH) 57*256kB (UH) 15*512kB (U) 6*1024kB (U) 0*2048kB 0*4096kB = 207276kB [ 763.788598] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 763.809158] Node 1 Normal: 4389*4kB (UM) 1283*8kB (UM) 335*16kB (UME) 265*32kB (UME) 2138*64kB (UM) 169*128kB (UM) 51*256kB (UM) 31*512kB (UM) 14*1024kB (U) 7*2048kB (U) 3*4096kB (U) = 270012kB [ 763.878578] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 763.887434] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 763.942702] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 763.968937] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 763.977553] 15238 total pagecache pages [ 763.981701] 0 pages in swap cache [ 763.985151] Swap cache stats: add 0, delete 0, find 0/0 [ 763.992146] Free swap = 0kB [ 763.994842] warn_alloc_show_mem: 1 callbacks suppressed [ 763.994845] Mem-Info: [ 763.995165] Total swap = 0kB [ 764.004091] active_anon:12328 inactive_anon:12550 isolated_anon:0 [ 764.004091] active_file:542 inactive_file:1571 isolated_file:0 [ 764.004091] unevictable:0 dirty:100 writeback:0 unstable:0 [ 764.004091] slab_reclaimable:13540 slab_unreclaimable:116583 [ 764.004091] mapped:45575 shmem:13071 pagetables:802 bounce:0 [ 764.004091] free:150847 free_pcp:609 free_cma:0 [ 764.006140] 2097051 pages RAM [ 764.040344] Node 0 active_anon:48608kB inactive_anon:33912kB active_file:2164kB inactive_file:6252kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:182304kB dirty:400kB writeback:0kB shmem:35908kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 764.046212] 0 pages HighMem/MovableOnly [ 764.075190] Node 1 active_anon:748kB inactive_anon:16296kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 764.078416] 363848 pages reserved [ 764.101914] Node 0 DMA free:11428kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 764.108737] 0 pages cma reserved [ 764.131933] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 764.134865] Out of memory (oom_kill_allocating_task): Kill process 15263 (syz-executor.4) score 0 or sacrifice child [ 764.140527] Node 0 DMA32 free:245024kB min:36200kB low:45248kB high:54296kB active_anon:48608kB inactive_anon:33912kB active_file:2164kB inactive_file:6252kB unevictable:0kB writepending:444kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7648kB pagetables:3016kB bounce:0kB free_pcp:1132kB local_pcp:468kB free_cma:0kB [ 764.153135] Killed process 15263 (syz-executor.4) total-vm:84924kB, anon-rss:72kB, file-rss:34252kB, shmem-rss:0kB [ 764.185805] lowmem_reserve[]: 0 0 0 0 0 [ 764.197600] 0 0 0 0 [ 764.200492] Node 1 Normal free:346628kB min:53696kB low:67120kB high:80544kB active_anon:748kB inactive_anon:16296kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:124kB bounce:0kB free_pcp:1296kB local_pcp:672kB free_cma:0kB [ 764.203211] Node 0 [ 764.231184] lowmem_reserve[]: [ 764.233068] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 764.233671] 0 [ 764.237219] lowmem_reserve[]: [ 764.262256] 0 0 0 0 [ 764.268480] 0 [ 764.269591] Node 0 [ 764.270432] 0 [ 764.271706] DMA: [ 764.274717] 0 [ 764.276187] 26*4kB [ 764.277638] 0 [ 764.279899] (UE) 15*8kB (UE) 27*16kB (UE) 11*32kB (UE) 7*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11440kB [ 764.288356] 0 [ 764.306397] Node 1 Normal free:346628kB min:53696kB low:67120kB high:80544kB active_anon:748kB inactive_anon:16296kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:124kB bounce:0kB free_pcp:1296kB local_pcp:624kB free_cma:0kB [ 764.326144] Node 0 [ 764.341352] lowmem_reserve[]: [ 764.342266] DMA32: [ 764.344318] 0 [ 764.347034] 2596*4kB (UEH) 1348*8kB (UE) 1821*16kB (UE) 1429*32kB (UMEH) 1443*64kB (UMEH) 209*128kB (UH) 63*256kB (UMH) 17*512kB (U) 3*1024kB (U) 0*2048kB 0*4096kB = 243040kB [ 764.352635] 0 [ 764.367918] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 764.372255] 0 0 0 [ 764.382903] Node 1 Normal: 9179*4kB (UM) 1701*8kB (UM) 1034*16kB (UME) 915*32kB (UME) 2166*64kB (UM) 220*128kB (UM) 91*256kB (UM) 38*512kB (UM) 14*1024kB (U) 7*2048kB (U) 3*4096kB (U) = 346644kB [ 764.385987] Node 0 [ 764.404258] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 764.406801] DMA: [ 764.415547] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 764.416767] 26*4kB [ 764.417604] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 764.417611] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 764.417615] 16338 total pagecache pages [ 764.417623] 0 pages in swap cache [ 764.417629] Swap cache stats: add 0, delete 0, find 0/0 [ 764.417632] Free swap = 0kB [ 764.417636] Total swap = 0kB [ 764.417642] 2097051 pages RAM [ 764.431211] (UE) [ 764.437486] 0 pages HighMem/MovableOnly [ 764.447659] 15*8kB [ 764.451106] 363848 pages reserved [ 764.453948] (UE) [ 764.458938] 0 pages cma reserved [ 764.466105] 27*16kB (UE) 11*32kB (UE) 7*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11440kB [ 764.498208] Node 0 DMA32: 2599*4kB (UMEH) 1147*8kB (UME) 1875*16kB (UME) 1447*32kB (UMEH) 1443*64kB (UEH) 208*128kB (UH) 63*256kB (UH) 17*512kB (U) 2*1024kB (U) 0*2048kB 0*4096kB = 241732kB [ 764.516440] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 764.528053] Node 1 Normal: 9179*4kB (UM) 1701*8kB (UM) 1034*16kB (UME) 915*32kB (UME) 2166*64kB (UM) 220*128kB (UM) 91*256kB (UM) 38*512kB (UM) 14*1024kB (U) 7*2048kB (U) 3*4096kB (U) = 346644kB [ 764.546243] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 764.555559] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 764.565012] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 764.574353] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 764.583401] 16375 total pagecache pages [ 764.587387] 0 pages in swap cache [ 764.594066] Swap cache stats: add 0, delete 0, find 0/0 [ 764.599985] Free swap = 0kB [ 764.602998] Total swap = 0kB [ 764.606014] 2097051 pages RAM [ 764.612423] 0 pages HighMem/MovableOnly [ 764.616408] 363848 pages reserved [ 764.620667] 0 pages cma reserved 20:23:52 executing program 3: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:52 executing program 0: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:52 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) 20:23:52 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:52 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:52 executing program 2: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) 20:23:52 executing program 0: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r1, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) [ 772.701121] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 772.727712] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 772.734816] CPU: 1 PID: 15292 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 772.742710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.752055] Call Trace: [ 772.754643] dump_stack+0x1b2/0x281 [ 772.758287] warn_alloc.cold+0x96/0x1cc [ 772.762259] ? zone_watermark_ok_safe+0x220/0x220 [ 772.767110] __alloc_pages_nodemask+0x2127/0x2720 [ 772.772045] ? __schedule+0x893/0x1de0 [ 772.775931] ? lock_acquire+0x170/0x3f0 [ 772.779905] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 772.784749] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 772.790198] ? __mutex_unlock_slowpath+0x75/0x770 [ 772.795037] alloc_pages_current+0x155/0x260 [ 772.799440] ion_page_pool_alloc+0x118/0x1b0 [ 772.803841] ion_system_heap_allocate+0x133/0x8c0 [ 772.808682] ? ion_alloc+0x187/0x810 [ 772.812391] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 772.817834] ? ion_system_contig_heap_create+0x130/0x130 [ 772.823278] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 772.828299] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 772.833138] ion_alloc+0x204/0x810 [ 772.836681] ? ion_dma_buf_release+0x40/0x40 [ 772.841083] ? __might_fault+0x177/0x1b0 [ 772.845138] ion_ioctl+0xea/0x1f0 [ 772.848584] ? ion_query_heaps+0x360/0x360 [ 772.852812] ? ion_query_heaps+0x360/0x360 [ 772.857040] do_vfs_ioctl+0x75a/0xff0 [ 772.860836] ? ioctl_preallocate+0x1a0/0x1a0 [ 772.865235] ? lock_downgrade+0x740/0x740 [ 772.869380] ? __fget+0x225/0x360 [ 772.872824] ? do_vfs_ioctl+0xff0/0xff0 [ 772.876790] ? security_file_ioctl+0x83/0xb0 [ 772.881194] SyS_ioctl+0x7f/0xb0 [ 772.884552] ? do_vfs_ioctl+0xff0/0xff0 [ 772.888523] do_syscall_64+0x1d5/0x640 [ 772.892411] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 772.897592] RIP: 0033:0x466459 [ 772.900779] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 772.908482] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 772.915744] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 772.923017] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 772.930278] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 772.937542] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 772.999149] warn_alloc_show_mem: 1 callbacks suppressed [ 772.999152] Mem-Info: [ 773.014108] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 773.025107] syz-executor.5: [ 773.026014] syz-executor.2: [ 773.029944] active_anon:12328 inactive_anon:12549 isolated_anon:24 [ 773.029944] active_file:1669 inactive_file:5716 isolated_file:24 [ 773.029944] unevictable:0 dirty:148 writeback:0 unstable:0 [ 773.029944] slab_reclaimable:13462 slab_unreclaimable:115077 [ 773.029944] mapped:40263 shmem:13070 pagetables:743 bounce:0 [ 773.029944] free:95217 free_pcp:167 free_cma:0 [ 773.030000] page allocation failure: order:4 [ 773.033069] Node 0 active_anon:49028kB inactive_anon:33904kB active_file:6664kB inactive_file:22864kB unevictable:0kB isolated(anon):0kB isolated(file):96kB mapped:161052kB dirty:588kB writeback:0kB shmem:35896kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 773.072347] page allocation failure: order:4 [ 773.101555] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 773.112123] CPU: 1 PID: 15287 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 773.120002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.129348] Call Trace: [ 773.131931] dump_stack+0x1b2/0x281 [ 773.135557] warn_alloc.cold+0x96/0x1cc [ 773.139528] ? zone_watermark_ok_safe+0x220/0x220 [ 773.144384] __alloc_pages_nodemask+0x2127/0x2720 [ 773.146036] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 773.149223] ? lock_acquire+0x170/0x3f0 [ 773.149240] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 773.149258] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 773.149270] ? __mutex_unlock_slowpath+0x75/0x770 [ 773.149284] alloc_pages_current+0x155/0x260 [ 773.149298] ion_page_pool_alloc+0x118/0x1b0 [ 773.167886] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 773.170605] ion_system_heap_allocate+0x133/0x8c0 [ 773.170616] ? ion_alloc+0x187/0x810 [ 773.170627] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 773.170642] ? ion_system_contig_heap_create+0x130/0x130 [ 773.170651] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 773.170661] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 773.170671] ion_alloc+0x204/0x810 [ 773.181520] (null) [ 773.184295] ? ion_dma_buf_release+0x40/0x40 [ 773.184309] ? __might_fault+0x177/0x1b0 [ 773.184329] ion_ioctl+0xea/0x1f0 [ 773.184346] ? ion_query_heaps+0x360/0x360 [ 773.192605] (null) [ 773.196264] ? ion_query_heaps+0x360/0x360 [ 773.196276] do_vfs_ioctl+0x75a/0xff0 [ 773.196289] ? ioctl_preallocate+0x1a0/0x1a0 [ 773.196297] ? lock_downgrade+0x740/0x740 [ 773.196310] ? __fget+0x225/0x360 [ 773.211637] syz-executor.5 cpuset= [ 773.215850] ? do_vfs_ioctl+0xff0/0xff0 [ 773.215862] ? security_file_ioctl+0x83/0xb0 [ 773.215872] SyS_ioctl+0x7f/0xb0 [ 773.215881] ? do_vfs_ioctl+0xff0/0xff0 [ 773.215895] do_syscall_64+0x1d5/0x640 [ 773.225183] syz-executor.2 cpuset= [ 773.226498] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 773.226507] RIP: 0033:0x466459 [ 773.226513] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 773.226522] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 773.226530] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 773.240582] / [ 773.242605] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 773.247150] / [ 773.248943] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 773.255747] mems_allowed=0-1 [ 773.257111] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 773.274928] Node 1 active_anon:284kB inactive_anon:16292kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 773.283031] mems_allowed=0-1 [ 773.285032] Node 0 [ 773.294969] CPU: 0 PID: 15290 Comm: syz-executor.5 Not tainted 4.14.230-syzkaller #0 [ 773.300138] DMA free:11080kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 773.307722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.307727] Call Trace: [ 773.307743] dump_stack+0x1b2/0x281 [ 773.307758] warn_alloc.cold+0x96/0x1cc [ 773.307770] ? zone_watermark_ok_safe+0x220/0x220 [ 773.315109] lowmem_reserve[]: [ 773.322296] __alloc_pages_nodemask+0x2127/0x2720 [ 773.322309] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 773.322322] ? lock_acquire+0x170/0x3f0 [ 773.322337] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 773.322355] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 773.327787] 0 [ 773.331299] ? __mutex_unlock_slowpath+0x75/0x770 [ 773.331315] alloc_pages_current+0x155/0x260 [ 773.331329] ion_page_pool_alloc+0x118/0x1b0 [ 773.331340] ion_system_heap_allocate+0x133/0x8c0 [ 773.331350] ? ion_alloc+0x187/0x810 [ 773.331359] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 773.331369] ? ion_system_contig_heap_create+0x130/0x130 [ 773.338907] 2717 [ 773.340341] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 773.340355] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 773.340366] ion_alloc+0x204/0x810 [ 773.340379] ? ion_dma_buf_release+0x40/0x40 [ 773.343521] 2718 [ 773.350731] ? __might_fault+0x177/0x1b0 [ 773.350744] ion_ioctl+0xea/0x1f0 [ 773.350753] ? ion_query_heaps+0x360/0x360 [ 773.350765] ? ion_query_heaps+0x360/0x360 [ 773.350775] do_vfs_ioctl+0x75a/0xff0 [ 773.350785] ? ioctl_preallocate+0x1a0/0x1a0 [ 773.350797] ? lock_downgrade+0x740/0x740 [ 773.381680] 2718 [ 773.382817] ? __fget+0x225/0x360 [ 773.382828] ? do_vfs_ioctl+0xff0/0xff0 [ 773.382840] ? security_file_ioctl+0x83/0xb0 [ 773.382853] SyS_ioctl+0x7f/0xb0 [ 773.390797] 2718 [ 773.416195] ? do_vfs_ioctl+0xff0/0xff0 [ 773.416208] do_syscall_64+0x1d5/0x640 [ 773.416224] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 773.416231] RIP: 0033:0x466459 [ 773.416236] RSP: 002b:00007fd0fb4c2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 773.416246] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 773.416251] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 773.416256] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 773.416261] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 773.416270] R13: 00007ffc4cfdcc4f R14: 00007fd0fb4c2300 R15: 0000000000022000 [ 773.480409] CPU: 0 PID: 15295 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 773.510352] Node 0 [ 773.515010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.515015] Call Trace: [ 773.515034] dump_stack+0x1b2/0x281 [ 773.515050] warn_alloc.cold+0x96/0x1cc [ 773.527495] DMA32 free:337168kB min:36200kB low:45248kB high:54296kB active_anon:49024kB inactive_anon:33908kB active_file:6692kB inactive_file:22980kB unevictable:0kB writepending:640kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7776kB pagetables:2912kB bounce:0kB free_pcp:900kB local_pcp:88kB free_cma:0kB [ 773.529047] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 773.529058] ? zone_watermark_ok_safe+0x220/0x220 [ 773.529089] __alloc_pages_nodemask+0x2127/0x2720 [ 773.529100] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 773.529117] ? lock_acquire+0x170/0x3f0 [ 773.537852] lowmem_reserve[]: [ 773.540992] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 773.541011] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 773.541025] ? __mutex_unlock_slowpath+0x75/0x770 [ 773.541040] alloc_pages_current+0x155/0x260 [ 773.541053] ion_page_pool_alloc+0x118/0x1b0 [ 773.550394] 0 [ 773.553389] ion_system_heap_allocate+0x133/0x8c0 [ 773.553400] ? ion_alloc+0x187/0x810 20:23:53 executing program 1: socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_udp(0xa, 0x2, 0x0) flock(r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) accept(r1, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x800, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x760ef0b4, 0x2}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) [ 773.553410] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 773.553419] ? ion_system_contig_heap_create+0x130/0x130 [ 773.560900] 0 [ 773.562851] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 773.562870] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 773.562882] ion_alloc+0x204/0x810 [ 773.570761] 0 [ 773.572671] ? ion_dma_buf_release+0x40/0x40 [ 773.572686] ? __might_fault+0x177/0x1b0 [ 773.572697] ion_ioctl+0xea/0x1f0 [ 773.580592] 0 [ 773.585690] ? ion_query_heaps+0x360/0x360 [ 773.585703] ? ion_query_heaps+0x360/0x360 [ 773.585714] do_vfs_ioctl+0x75a/0xff0 [ 773.585725] ? ioctl_preallocate+0x1a0/0x1a0 [ 773.597332] 0 [ 773.603838] ? lock_downgrade+0x740/0x740 [ 773.603852] ? __fget+0x225/0x360 [ 773.603862] ? do_vfs_ioctl+0xff0/0xff0 [ 773.603875] ? security_file_ioctl+0x83/0xb0 [ 773.603885] SyS_ioctl+0x7f/0xb0 [ 773.603892] ? do_vfs_ioctl+0xff0/0xff0 [ 773.603903] do_syscall_64+0x1d5/0x640 [ 773.603917] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 773.632926] RIP: 0033:0x466459 [ 773.632931] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 773.632943] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 773.632948] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 773.632956] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 773.647995] Node 0 [ 773.652372] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 773.652377] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 774.288113] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 774.366459] lowmem_reserve[]: 0 0 0 0 0 [ 774.378670] Node 1 Normal free:705892kB min:53696kB low:67120kB high:80544kB active_anon:284kB inactive_anon:16292kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:32kB bounce:0kB free_pcp:40kB local_pcp:32kB free_cma:0kB [ 774.466174] lowmem_reserve[]: 0 0 0 0 0 [ 774.478938] Node 0 DMA: 23*4kB (UE) 14*8kB (UE) 28*16kB (UE) 11*32kB (UE) 2*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11116kB [ 774.532467] Node 0 DMA32: 2*4kB (H) 564*8kB (UME) 100*16kB (UME) 420*32kB (UMEH) 333*64kB (UH) 18*128kB (UH) 10*256kB (UH) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45736kB [ 774.553277] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 774.571111] Node 1 Normal: 1*4kB (M) 2*8kB (M) 3*16kB (ME) 1044*32kB (UE) 1701*64kB (U) 1715*128kB (U) 328*256kB (U) 147*512kB (U) 12*1024kB (U) 0*2048kB 0*4096kB = 533380kB [ 774.625199] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 774.653601] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 774.684669] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 774.714848] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 774.748634] 20493 total pagecache pages [ 774.763038] 0 pages in swap cache [ 774.773239] Swap cache stats: add 0, delete 0, find 0/0 [ 774.790991] Free swap = 0kB [ 774.800997] Total swap = 0kB [ 774.812082] 2097051 pages RAM [ 774.823149] 0 pages HighMem/MovableOnly [ 774.836510] 363848 pages reserved [ 774.846721] 0 pages cma reserved [ 774.947153] syz-executor.1: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 774.967483] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 774.999112] CPU: 1 PID: 15299 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 775.007008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.016354] Call Trace: [ 775.018940] dump_stack+0x1b2/0x281 [ 775.022569] warn_alloc.cold+0x96/0x1cc [ 775.026548] ? zone_watermark_ok_safe+0x220/0x220 [ 775.031424] __alloc_pages_nodemask+0x2127/0x2720 [ 775.036270] ? lock_acquire+0x170/0x3f0 [ 775.040253] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 775.045107] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 775.050554] ? __mutex_unlock_slowpath+0x75/0x770 [ 775.055396] alloc_pages_current+0x155/0x260 [ 775.059798] ion_page_pool_alloc+0x118/0x1b0 [ 775.064186] ion_system_heap_allocate+0x133/0x8c0 [ 775.069013] ? ion_alloc+0x187/0x810 [ 775.072705] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 775.078132] ? ion_system_contig_heap_create+0x130/0x130 [ 775.083560] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 775.088569] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 775.093391] ion_alloc+0x204/0x810 [ 775.096912] ? ion_dma_buf_release+0x40/0x40 [ 775.101301] ? __might_fault+0x177/0x1b0 [ 775.105341] ion_ioctl+0xea/0x1f0 [ 775.108776] ? ion_query_heaps+0x360/0x360 [ 775.112991] ? ion_query_heaps+0x360/0x360 [ 775.117204] do_vfs_ioctl+0x75a/0xff0 [ 775.120987] ? ioctl_preallocate+0x1a0/0x1a0 [ 775.125468] ? lock_downgrade+0x740/0x740 [ 775.129598] ? __fget+0x225/0x360 [ 775.133030] ? do_vfs_ioctl+0xff0/0xff0 [ 775.136983] ? security_file_ioctl+0x83/0xb0 [ 775.141371] SyS_ioctl+0x7f/0xb0 [ 775.144715] ? do_vfs_ioctl+0xff0/0xff0 [ 775.148676] do_syscall_64+0x1d5/0x640 [ 775.152545] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 775.157716] RIP: 0033:0x466459 [ 775.160883] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 775.168570] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 775.175817] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 775.183064] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 775.190311] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 775.197557] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 775.259617] warn_alloc_show_mem: 3 callbacks suppressed [ 775.259621] Mem-Info: [ 775.267485] active_anon:12438 inactive_anon:12550 isolated_anon:0 [ 775.267485] active_file:311 inactive_file:312 isolated_file:56 [ 775.267485] unevictable:0 dirty:0 writeback:24 unstable:0 [ 775.267485] slab_reclaimable:13449 slab_unreclaimable:115536 [ 775.267485] mapped:53506 shmem:13071 pagetables:824 bounce:0 [ 775.267485] free:25308 free_pcp:222 free_cma:0 [ 775.301668] Node 0 active_anon:49436kB inactive_anon:33908kB active_file:720kB inactive_file:592kB unevictable:0kB isolated(anon):0kB isolated(file):96kB mapped:191788kB dirty:0kB writeback:92kB shmem:35900kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 775.330134] Node 1 active_anon:316kB inactive_anon:16292kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20936kB dirty:0kB writeback:4kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 775.357450] Node 0 DMA free:11044kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 775.386862] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 775.394552] Node 0 DMA32 free:35828kB min:36200kB low:45248kB high:54296kB active_anon:49436kB inactive_anon:33908kB active_file:1120kB inactive_file:840kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3136kB bounce:0kB free_pcp:344kB local_pcp:120kB free_cma:0kB [ 775.423851] lowmem_reserve[]: 0 0 0 0 0 [ 775.428130] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 775.455475] lowmem_reserve[]: 0 0 0 0 0 [ 775.459769] Node 1 Normal free:53612kB min:53696kB low:67120kB high:80544kB active_anon:316kB inactive_anon:16292kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:160kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 775.489417] lowmem_reserve[]: 0 0 0 0 0 [ 775.493818] Node 0 DMA: 9*4kB (UE) 12*8kB (UE) 28*16kB (UE) 11*32kB (UE) 2*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11044kB [ 775.511141] Node 0 DMA32: 1948*4kB (ME) 719*8kB (MEH) 209*16kB (MEH) 85*32kB (MEH) 52*64kB (MH) 16*128kB (UMH) 29*256kB (UMH) 5*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 35992kB [ 775.527630] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 775.540943] Node 1 Normal: 0*4kB 3*8kB (UM) 3*16kB (ME) 3*32kB (ME) 1*64kB (M) 1*128kB (M) 2*256kB (UM) 75*512kB (UM) 14*1024kB (U) 0*2048kB 0*4096kB = 53608kB [ 775.555517] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 775.565389] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 775.574170] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 775.590870] syz-executor.0 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 775.598001] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 775.678002] 13121 total pagecache pages [ 775.682001] 0 pages in swap cache [ 775.685440] Swap cache stats: add 0, delete 0, find 0/0 [ 775.731131] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 775.736265] CPU: 1 PID: 14709 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 775.737446] Free swap = 0kB [ 775.744127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.744131] Call Trace: [ 775.744149] dump_stack+0x1b2/0x281 [ 775.744161] dump_header+0x178/0x82f [ 775.744172] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 775.744182] ? ___ratelimit+0x2cd/0x530 [ 775.775424] oom_kill_process.cold+0x10/0xa40 [ 775.779926] out_of_memory+0xe3e/0x1190 [ 775.780163] Total swap = 0kB [ 775.783901] ? oom_killer_disable+0x1c0/0x1c0 [ 775.786910] 2097051 pages RAM [ 775.791381] ? mutex_trylock+0x152/0x1a0 [ 775.791393] __alloc_pages_nodemask+0x23e1/0x2720 [ 775.791417] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 775.791440] alloc_pages_current+0x155/0x260 [ 775.812582] filemap_fault+0x11a1/0x1ad0 [ 775.816643] ext4_filemap_fault+0x84/0xb0 [ 775.820785] __do_fault+0xfa/0x380 [ 775.824316] __handle_mm_fault+0x2497/0x4620 [ 775.828721] ? vm_insert_page+0x7c0/0x7c0 [ 775.832861] ? hrtimer_nanosleep+0x1ff/0x4b0 [ 775.837269] ? nanosleep_copyout+0x100/0x100 [ 775.841686] ? mark_held_locks+0xa6/0xf0 [ 775.845744] handle_mm_fault+0x455/0x9c0 [ 775.849800] __do_page_fault+0x549/0xad0 [ 775.853869] ? spurious_fault+0x640/0x640 [ 775.856096] 0 pages HighMem/MovableOnly [ 775.858003] ? do_page_fault+0x60/0x500 [ 775.858011] ? page_fault+0x2f/0x50 [ 775.858019] page_fault+0x45/0x50 [ 775.858026] RIP: bcd27:0x8 [ 775.858030] RSP: 000b:00007ffcdd857f2c EFLAGS: 0000003d [ 775.980812] 363848 pages reserved [ 776.005006] Mem-Info: [ 776.006801] 0 pages cma reserved [ 776.007435] active_anon:12439 inactive_anon:12550 isolated_anon:0 [ 776.007435] active_file:13 inactive_file:12 isolated_file:0 [ 776.007435] unevictable:0 dirty:0 writeback:0 unstable:0 [ 776.007435] slab_reclaimable:13439 slab_unreclaimable:115526 [ 776.007435] mapped:52851 shmem:13071 pagetables:824 bounce:0 [ 776.007435] free:25061 free_pcp:60 free_cma:0 [ 776.052615] Node 0 active_anon:49440kB inactive_anon:33908kB active_file:48kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:190468kB dirty:0kB writeback:0kB shmem:35900kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 776.088861] Node 1 active_anon:316kB inactive_anon:16292kB active_file:0kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20936kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 776.122344] Node 0 DMA free:11044kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 776.155043] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 776.160130] Node 0 DMA32 free:36080kB min:36200kB low:45248kB high:54296kB active_anon:49440kB inactive_anon:33908kB active_file:48kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3136kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB [ 776.195271] lowmem_reserve[]: 0 0 0 0 0 [ 776.199292] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 776.232588] lowmem_reserve[]: 0 0 0 0 0 [ 776.236585] Node 1 Normal free:53120kB min:53696kB low:67120kB high:80544kB active_anon:316kB inactive_anon:16292kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:160kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 776.269466] lowmem_reserve[]: 0 0 0 0 0 [ 776.273458] Node 0 DMA: 9*4kB (UE) 12*8kB (UE) 28*16kB (UE) 11*32kB (UE) 2*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11044kB [ 776.296380] Node 0 DMA32: 2010*4kB (UME) 697*8kB (ME) 190*16kB (ME) 75*32kB (ME) 56*64kB (M) 15*128kB (M) 27*256kB (UM) 5*512kB (UM) 2*1024kB (M) 0*2048kB 0*4096kB = 36080kB [ 776.318537] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 776.333424] Node 1 Normal: 4*4kB (UM) 2*8kB (M) 4*16kB (UME) 3*32kB (ME) 1*64kB (M) 1*128kB (M) 2*256kB (UM) 74*512kB (UM) 14*1024kB (U) 0*2048kB 0*4096kB = 53120kB [ 776.354728] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 776.363607] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 776.377907] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 776.386768] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 776.401675] 13096 total pagecache pages [ 776.405655] 0 pages in swap cache [ 776.411203] Swap cache stats: add 0, delete 0, find 0/0 [ 776.416557] Free swap = 0kB [ 776.423740] Total swap = 0kB [ 776.426752] 2097051 pages RAM [ 776.436337] 0 pages HighMem/MovableOnly [ 776.444370] 363848 pages reserved [ 776.447815] 0 pages cma reserved [ 776.457418] Out of memory (oom_kill_allocating_task): Kill process 14709 (syz-executor.0) score 0 or sacrifice child [ 776.480623] Killed process 15292 (syz-executor.0) total-vm:93252kB, anon-rss:148kB, file-rss:34820kB, shmem-rss:0kB [ 776.500067] syz-executor.2 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 776.522790] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 776.532102] CPU: 1 PID: 7984 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 776.539890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.549234] Call Trace: [ 776.551818] dump_stack+0x1b2/0x281 [ 776.555451] dump_header+0x178/0x82f [ 776.559160] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 776.564264] ? ___ratelimit+0x2cd/0x530 [ 776.568243] oom_kill_process.cold+0x10/0xa40 [ 776.572743] out_of_memory+0xe3e/0x1190 [ 776.576743] ? oom_killer_disable+0x1c0/0x1c0 [ 776.581232] ? mutex_trylock+0x152/0x1a0 [ 776.585289] __alloc_pages_nodemask+0x23e1/0x2720 [ 776.590139] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 776.595004] alloc_pages_current+0x155/0x260 [ 776.599415] filemap_fault+0x11a1/0x1ad0 [ 776.603478] ext4_filemap_fault+0x84/0xb0 [ 776.607624] __do_fault+0xfa/0x380 [ 776.611159] __handle_mm_fault+0x2497/0x4620 [ 776.615562] ? vm_insert_page+0x7c0/0x7c0 [ 776.619702] ? hrtimer_nanosleep+0x1ff/0x4b0 [ 776.624103] ? nanosleep_copyout+0x100/0x100 [ 776.628510] ? mark_held_locks+0xa6/0xf0 [ 776.632564] handle_mm_fault+0x455/0x9c0 [ 776.636622] __do_page_fault+0x549/0xad0 [ 776.640677] ? spurious_fault+0x640/0x640 [ 776.644814] ? do_page_fault+0x60/0x500 [ 776.648781] ? page_fault+0x2f/0x50 [ 776.652399] page_fault+0x45/0x50 [ 776.655843] RIP: bcdb3:0x5 [ 776.658674] RSP: 23e4:00007ffec6b9eefc EFLAGS: 00000063 [ 776.673064] Mem-Info: [ 776.691101] active_anon:12439 inactive_anon:12550 isolated_anon:0 [ 776.691101] active_file:17 inactive_file:8 isolated_file:0 [ 776.691101] unevictable:0 dirty:0 writeback:0 unstable:0 [ 776.691101] slab_reclaimable:13439 slab_unreclaimable:115527 [ 776.691101] mapped:52851 shmem:13071 pagetables:824 bounce:0 [ 776.691101] free:14253 free_pcp:60 free_cma:0 [ 776.734643] Node 0 active_anon:49440kB inactive_anon:33908kB active_file:52kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:190468kB dirty:0kB writeback:0kB shmem:35900kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 776.772788] Node 1 active_anon:316kB inactive_anon:16292kB active_file:16kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20936kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 776.810241] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 776.846802] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 776.848005] syz-executor.0: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 776.851868] Node 0 [ 776.872587] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 776.883093] DMA32 free:18100kB min:36200kB low:45248kB high:54296kB active_anon:49440kB inactive_anon:33908kB active_file:104kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3136kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 776.884003] CPU: 0 PID: 15292 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 776.913050] lowmem_reserve[]: [ 776.919075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.919080] Call Trace: [ 776.919099] dump_stack+0x1b2/0x281 [ 776.919113] warn_alloc.cold+0x96/0x1cc [ 776.922187] 0 [ 776.931528] ? zone_watermark_ok_safe+0x220/0x220 [ 776.931537] ? usleep_range+0x130/0x130 [ 776.931548] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 776.934102] 0 [ 776.937725] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 776.941686] 0 [ 776.943463] ? run_timer_softirq+0x5a0/0x5a0 [ 776.948284] 0 [ 776.952235] __alloc_pages_nodemask+0x2127/0x2720 [ 776.957301] 0 [ 776.959089] ? lock_acquire+0x170/0x3f0 [ 776.959104] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 776.965894] ? ion_page_pool_alloc+0x9e/0x1b0 [ 776.970305] Node 0 [ 776.972076] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 776.976891] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 776.978672] alloc_pages_current+0x155/0x260 [ 776.978685] ion_page_pool_alloc+0x118/0x1b0 [ 776.982645] lowmem_reserve[]: [ 776.987466] ion_system_heap_allocate+0x133/0x8c0 [ 776.991945] 0 [ 776.994151] ? ion_alloc+0x187/0x810 [ 776.999589] 0 [ 777.024456] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 777.024466] ? ion_system_contig_heap_create+0x130/0x130 [ 777.024481] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 777.028868] 0 [ 777.033246] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 777.036319] 0 [ 777.041138] ion_alloc+0x204/0x810 [ 777.041152] ? ion_dma_buf_release+0x40/0x40 [ 777.041164] ? __might_fault+0x177/0x1b0 [ 777.042935] 0 [ 777.046630] ion_ioctl+0xea/0x1f0 [ 777.053847] ? ion_query_heaps+0x360/0x360 [ 777.059284] Node 1 [ 777.064267] ? ion_query_heaps+0x360/0x360 [ 777.066062] Normal free:26832kB min:53696kB low:67120kB high:80544kB active_anon:316kB inactive_anon:16292kB active_file:40kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:160kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 777.070873] do_vfs_ioctl+0x75a/0xff0 [ 777.070885] ? ioctl_preallocate+0x1a0/0x1a0 [ 777.070895] ? lock_downgrade+0x740/0x740 [ 777.072679] lowmem_reserve[]: [ 777.076201] ? __fget+0x225/0x360 [ 777.080595] 0 [ 777.084709] ? do_vfs_ioctl+0xff0/0xff0 [ 777.086480] 0 [ 777.089912] ? security_file_ioctl+0x83/0xb0 [ 777.089922] SyS_ioctl+0x7f/0xb0 [ 777.089930] ? do_vfs_ioctl+0xff0/0xff0 [ 777.094132] 0 [ 777.096350] do_syscall_64+0x1d5/0x640 [ 777.100569] 0 [ 777.128214] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 777.128223] RIP: 0033:0x466459 [ 777.131996] 0 [ 777.136381] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 [ 777.143590] ORIG_RAX: 0000000000000010 [ 777.147158] Node 0 [ 777.148805] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 777.148811] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 777.148817] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 777.148821] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 777.148829] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 777.152772] DMA: [ 777.160713] Mem-Info: [ 777.185590] 1*4kB [ 777.191424] active_anon:12439 inactive_anon:12550 isolated_anon:0 [ 777.191424] active_file:13 inactive_file:12 isolated_file:0 [ 777.191424] unevictable:0 dirty:0 writeback:0 unstable:0 [ 777.191424] slab_reclaimable:13439 slab_unreclaimable:115527 [ 777.191424] mapped:52851 shmem:13071 pagetables:824 bounce:0 [ 777.191424] free:13974 free_pcp:74 free_cma:0 [ 777.207597] (E) [ 777.214423] Node 0 active_anon:49440kB inactive_anon:33908kB active_file:48kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:190468kB dirty:0kB writeback:0kB shmem:35900kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 777.235358] 6*8kB [ 777.240855] Node 1 active_anon:316kB inactive_anon:16292kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20936kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 777.291469] (UE) [ 777.308293] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 777.353803] 28*16kB (UE) 11*32kB (UE) 2*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 10964kB [ 777.382561] lowmem_reserve[]: [ 777.404729] Node 0 DMA32: 1955*4kB (UME) 645*8kB (UME) 134*16kB (UME) 39*32kB (UME) 22*64kB (UM) 3*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18164kB [ 777.414190] 0 [ 777.439500] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 777.443707] 2717 [ 777.464694] Node 1 Normal: 4*4kB (UM) 2*8kB (M) 3*16kB (ME) 4*32kB (UME) 2*64kB (UM) 1*128kB (M) 1*256kB (M) 23*512kB (UM) 14*1024kB (U) 0*2048kB 0*4096kB = 26832kB [ 777.472511] 2718 [ 777.494251] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 777.501792] 2718 2718 [ 777.507622] Node 0 DMA32 free:18100kB min:36200kB low:45248kB high:54296kB active_anon:49440kB inactive_anon:33908kB active_file:84kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3136kB bounce:0kB free_pcp:176kB local_pcp:140kB free_cma:0kB [ 777.508758] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 777.553552] lowmem_reserve[]: 0 0 0 0 0 [ 777.557191] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 777.557675] Node 0 [ 777.579251] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 777.583599] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 777.598925] 13096 total pagecache pages [ 777.631677] 0 pages in swap cache [ 777.633943] lowmem_reserve[]: [ 777.635125] Swap cache stats: add 0, delete 0, find 0/0 [ 777.635131] 0 [ 777.645709] Free swap = 0kB [ 777.654634] Total swap = 0kB [ 777.657645] 2097051 pages RAM [ 777.660832] 0 0 0 0 [ 777.663164] Node 1 Normal free:26832kB min:53696kB low:67120kB high:80544kB active_anon:316kB inactive_anon:16292kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:160kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 777.667930] 0 pages HighMem/MovableOnly [ 777.709538] 363848 pages reserved [ 777.712986] 0 pages cma reserved [ 777.714205] lowmem_reserve[]: [ 777.716335] Out of memory (oom_kill_allocating_task): Kill process 7984 (syz-executor.2) score 0 or sacrifice child [ 777.716337] 0 0 [ 777.727403] Killed process 15295 (syz-executor.2) total-vm:93252kB, anon-rss:148kB, file-rss:34820kB, shmem-rss:0kB [ 777.776370] oom_reaper: reaped process 15292 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 777.797395] 0 0 0 [ 777.799585] Node 0 DMA: 1*4kB (E) 6*8kB (UE) 28*16kB (UE) 11*32kB (UE) 2*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 10964kB [ 777.835607] Node 0 DMA32: 1955*4kB (UME) 645*8kB (UME) 134*16kB (UME) 39*32kB (UME) 22*64kB (UM) 3*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18164kB [ 777.854819] oom_reaper: reaped process 15295 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 777.861502] syz-executor.2: page allocation failure: order:0, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 777.879646] systemd-rfkill invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 777.897438] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 777.906132] systemd-rfkill cpuset=/ mems_allowed=0-1 [ 777.917401] CPU: 0 PID: 15282 Comm: systemd-rfkill Not tainted 4.14.230-syzkaller #0 [ 777.922511] syz-executor.2 cpuset= [ 777.925263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.925268] / [ 777.928785] Call Trace: [ 777.940023] Node 1 Normal: [ 777.942380] dump_stack+0x1b2/0x281 [ 777.942382] 4*4kB (UM) [ 777.945297] dump_header+0x178/0x82f [ 777.955156] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 777.958421] 2*8kB [ 777.960242] ? ___ratelimit+0x2cd/0x530 [ 777.960244] (M) 3*16kB [ 777.962376] oom_kill_process.cold+0x10/0xa40 [ 777.966318] (ME) [ 777.968890] out_of_memory+0xe3e/0x1190 [ 777.968903] ? oom_killer_disable+0x1c0/0x1c0 [ 777.977283] mems_allowed=0-1 [ 777.979359] ? mutex_trylock+0x152/0x1a0 [ 777.979371] __alloc_pages_nodemask+0x23e1/0x2720 [ 777.979391] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 777.990299] 4*32kB [ 777.990983] alloc_pages_current+0x155/0x260 [ 777.995782] (UME) [ 778.005032] filemap_fault+0x11a1/0x1ad0 [ 778.005051] ext4_filemap_fault+0x84/0xb0 [ 778.021923] __do_fault+0xfa/0x380 [ 778.025441] __handle_mm_fault+0x2497/0x4620 [ 778.027855] 2*64kB (UM) [ 778.029829] ? vm_insert_page+0x7c0/0x7c0 [ 778.029839] ? compat_poll_select_copy_remaining+0x2c0/0x2c0 [ 778.032497] 1*128kB [ 778.036623] ? ktime_get_ts64+0x261/0x3a0 [ 778.048811] ? mark_held_locks+0xa6/0xf0 [ 778.052850] handle_mm_fault+0x455/0x9c0 [ 778.056889] __do_page_fault+0x549/0xad0 [ 778.057852] (M) 1*256kB [ 778.060931] ? spurious_fault+0x640/0x640 [ 778.060940] ? do_page_fault+0x60/0x500 [ 778.063584] (M) [ 778.067711] ? page_fault+0x2f/0x50 [ 778.077217] page_fault+0x45/0x50 [ 778.080646] RIP: c65bb320:0x1 [ 778.083727] RSP: f0d05040:00007fffc65bb328 EFLAGS: 0000000b [ 778.083746] CPU: 1 PID: 15295 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 778.097309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.102169] 23*512kB [ 778.106645] Call Trace: [ 778.106651] (UM) [ 778.109044] dump_stack+0x1b2/0x281 [ 778.109058] warn_alloc.cold+0x96/0x1cc [ 778.109070] ? zone_watermark_ok_safe+0x220/0x220 [ 778.109080] ? usleep_range+0x130/0x130 [ 778.109089] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 778.109103] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 778.109115] ? run_timer_softirq+0x5a0/0x5a0 [ 778.124289] Mem-Info: [ 778.126105] __alloc_pages_nodemask+0x2127/0x2720 [ 778.135260] active_anon:12395 inactive_anon:12550 isolated_anon:0 [ 778.135260] active_file:15 inactive_file:1 isolated_file:0 [ 778.135260] unevictable:0 dirty:0 writeback:0 unstable:0 [ 778.135260] slab_reclaimable:13435 slab_unreclaimable:115518 [ 778.135260] mapped:52851 shmem:13071 pagetables:824 bounce:0 [ 778.135260] free:13982 free_pcp:118 free_cma:0 [ 778.140147] ? lock_acquire+0x170/0x3f0 [ 778.140164] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 778.140173] ? ion_page_pool_alloc+0x9e/0x1b0 [ 778.140190] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 778.140210] alloc_pages_current+0x155/0x260 [ 778.140224] ion_page_pool_alloc+0x118/0x1b0 [ 778.157183] 14*1024kB [ 778.184961] ion_system_heap_allocate+0x133/0x8c0 [ 778.184972] ? ion_alloc+0x187/0x810 [ 778.184982] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 778.184991] ? ion_system_contig_heap_create+0x130/0x130 [ 778.185000] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 778.185011] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 778.185021] ion_alloc+0x204/0x810 [ 778.185033] ? ion_dma_buf_release+0x40/0x40 [ 778.185046] ? __might_fault+0x177/0x1b0 [ 778.185058] ion_ioctl+0xea/0x1f0 [ 778.185067] ? ion_query_heaps+0x360/0x360 [ 778.185081] ? ion_query_heaps+0x360/0x360 [ 778.185093] do_vfs_ioctl+0x75a/0xff0 [ 778.203935] Node 0 active_anon:49264kB inactive_anon:33908kB active_file:48kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:190468kB dirty:0kB writeback:0kB shmem:35900kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 778.208192] ? ioctl_preallocate+0x1a0/0x1a0 [ 778.208203] ? lock_downgrade+0x740/0x740 [ 778.208216] ? __fget+0x225/0x360 [ 778.208226] ? do_vfs_ioctl+0xff0/0xff0 [ 778.208237] ? security_file_ioctl+0x83/0xb0 [ 778.208247] SyS_ioctl+0x7f/0xb0 [ 778.208260] ? do_vfs_ioctl+0xff0/0xff0 [ 778.208272] do_syscall_64+0x1d5/0x640 [ 778.208286] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 778.225871] Node 1 active_anon:316kB inactive_anon:16292kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20936kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 778.229088] RIP: 0033:0x466459 [ 778.229093] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 778.229103] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 778.229108] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 778.229113] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 778.229119] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 778.229123] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 778.229457] syz-executor.1: [ 778.245244] Node 0 [ 778.260107] page allocation failure: order:0 [ 778.274618] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 778.301743] (U) [ 778.325359] lowmem_reserve[]: [ 778.329801] 0*2048kB [ 778.356090] 0 [ 778.365931] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 778.386160] 2717 [ 778.391568] (null) [ 778.415037] 2718 [ 778.418601] 0*4096kB [ 778.446292] 2718 [ 778.448631] syz-executor.1 cpuset= [ 778.475538] = 26832kB [ 778.477632] 2718 [ 778.479494] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 778.492456] / mems_allowed=0-1 [ 778.495652] CPU: 1 PID: 15299 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 778.503517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.512856] Call Trace: [ 778.512876] dump_stack+0x1b2/0x281 [ 778.512889] warn_alloc.cold+0x96/0x1cc [ 778.512902] ? zone_watermark_ok_safe+0x220/0x220 [ 778.512912] ? usleep_range+0x130/0x130 [ 778.512921] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 778.512933] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 778.537034] Node 0 [ 778.541901] ? run_timer_softirq+0x5a0/0x5a0 [ 778.541921] __alloc_pages_nodemask+0x2127/0x2720 [ 778.541938] ? lock_acquire+0x170/0x3f0 [ 778.541955] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 778.541964] ? ion_page_pool_alloc+0x9e/0x1b0 [ 778.541980] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 778.572127] alloc_pages_current+0x155/0x260 [ 778.576538] ion_page_pool_alloc+0x118/0x1b0 [ 778.577552] DMA32 free:18164kB min:36200kB low:45248kB high:54296kB active_anon:49264kB inactive_anon:33908kB active_file:48kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3136kB bounce:0kB free_pcp:352kB local_pcp:316kB free_cma:0kB [ 778.580935] ion_system_heap_allocate+0x133/0x8c0 [ 778.580946] ? ion_alloc+0x187/0x810 [ 778.580956] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 778.580965] ? ion_system_contig_heap_create+0x130/0x130 [ 778.580975] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 778.580986] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 778.580997] ion_alloc+0x204/0x810 [ 778.581010] ? ion_dma_buf_release+0x40/0x40 [ 778.581022] ? __might_fault+0x177/0x1b0 [ 778.637007] lowmem_reserve[]: [ 778.638517] ion_ioctl+0xea/0x1f0 [ 778.638528] ? ion_query_heaps+0x360/0x360 [ 778.638540] ? ion_query_heaps+0x360/0x360 [ 778.638552] do_vfs_ioctl+0x75a/0xff0 [ 778.638564] ? ioctl_preallocate+0x1a0/0x1a0 [ 778.638573] ? lock_downgrade+0x740/0x740 [ 778.638587] ? __fget+0x225/0x360 [ 778.638597] ? do_vfs_ioctl+0xff0/0xff0 [ 778.638610] ? security_file_ioctl+0x83/0xb0 [ 778.667289] 0 [ 778.669324] SyS_ioctl+0x7f/0xb0 [ 778.669334] ? do_vfs_ioctl+0xff0/0xff0 [ 778.669347] do_syscall_64+0x1d5/0x640 [ 778.669363] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 778.669371] RIP: 0033:0x466459 [ 778.669376] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 778.669385] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 778.669392] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 778.696408] 0 [ 778.698887] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 778.698893] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 778.698899] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 778.700762] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 778.726369] 0 [ 778.727836] Mem-Info: [ 778.756879] 0 [ 778.759420] active_anon:12395 inactive_anon:12550 isolated_anon:0 [ 778.759420] active_file:12 inactive_file:13 isolated_file:0 [ 778.759420] unevictable:0 dirty:0 writeback:0 unstable:0 [ 778.759420] slab_reclaimable:13430 slab_unreclaimable:115506 [ 778.759420] mapped:52851 shmem:13071 pagetables:824 bounce:0 [ 778.759420] free:13990 free_pcp:118 free_cma:0 [ 778.785747] 0 [ 778.808204] Node 0 active_anon:49264kB inactive_anon:33908kB active_file:48kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:190468kB dirty:0kB writeback:0kB shmem:35900kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 778.825129] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 778.839545] Node 1 active_anon:316kB inactive_anon:16292kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20936kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 778.875663] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 778.895291] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 778.910768] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 778.915800] Node 0 DMA32 free:18164kB min:36200kB low:45248kB high:54296kB active_anon:49264kB inactive_anon:33908kB active_file:48kB inactive_file:48kB unevictable:0kB writepending:0kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7712kB pagetables:3136kB bounce:0kB free_pcp:352kB local_pcp:36kB free_cma:0kB [ 778.923263] Node 0 [ 778.972492] 13355 total pagecache pages [ 778.979547] 0 pages in swap cache [ 778.994078] Swap cache stats: add 0, delete 0, find 0/0 [ 779.010319] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 779.025300] lowmem_reserve[]: [ 779.040853] Free swap = 0kB [ 779.047031] Total swap = 0kB [ 779.056418] 2097051 pages RAM [ 779.065265] 0 pages HighMem/MovableOnly [ 779.074938] 363848 pages reserved [ 779.083843] 0 pages cma reserved [ 779.083852] 0 [ 779.087249] lowmem_reserve[]: 0 0 0 0 0 [ 779.095066] 0 0 0 0 [ 779.125093] Node 1 Normal free:86488kB min:53696kB low:67120kB high:80544kB active_anon:332kB inactive_anon:16292kB active_file:0kB inactive_file:2964kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:160kB bounce:0kB free_pcp:232kB local_pcp:124kB free_cma:0kB [ 779.134031] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 779.237813] lowmem_reserve[]: 0 0 0 0 0 [ 779.251196] Node 0 DMA: 1*4kB (E) 6*8kB (UE) 28*16kB (UE) 11*32kB (UE) 4*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11092kB [ 779.283755] IPVS: ftp: loaded support on port[0] = 21 [ 779.342475] Node 0 DMA32: 1581*4kB (UE) 571*8kB (UME) 98*16kB (UE) 19*32kB (UME) 850*64kB (UM) 437*128kB (UM) 98*256kB (UM) 14*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 155660kB [ 779.375932] lowmem_reserve[]: 0 0 0 0 0 [ 779.397867] Node 1 Normal free:67104kB min:53696kB low:67120kB high:80544kB active_anon:332kB inactive_anon:16292kB active_file:1488kB inactive_file:1156kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:128kB pagetables:160kB bounce:0kB free_pcp:624kB local_pcp:284kB free_cma:0kB [ 779.450638] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 779.493024] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 779.517827] lowmem_reserve[]: 0 0 0 0 0 [ 779.521872] Node 0 DMA: 1*4kB (E) 2*8kB (UE) 28*16kB (UE) 11*32kB (UE) 3*64kB (UE) 4*128kB (UE) 3*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 10996kB [ 779.534687] Node 1 Normal: 49*4kB (UM) 23*8kB (UM) 32*16kB [ 779.537469] syz-executor.0 cpuset= [ 779.544908] (UME) [ 779.547796] / mems_allowed=0-1 [ 779.553785] CPU: 1 PID: 15292 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 779.557555] 363*32kB [ 779.561774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.561779] Call Trace: [ 779.561797] dump_stack+0x1b2/0x281 [ 779.561810] warn_alloc.cold+0x96/0x1cc [ 779.561822] ? zone_watermark_ok_safe+0x220/0x220 [ 779.561844] __alloc_pages_nodemask+0x2127/0x2720 [ 779.561853] ? ___preempt_schedule+0x16/0x18 [ 779.561869] ? lock_acquire+0x170/0x3f0 [ 779.561882] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 779.561898] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 779.561909] ? __mutex_unlock_slowpath+0x75/0x770 [ 779.580021] (UME) [ 779.583765] alloc_pages_current+0x155/0x260 [ 779.600202] 135*64kB [ 779.601743] ion_page_pool_alloc+0x118/0x1b0 [ 779.606638] (UM) [ 779.612067] ion_system_heap_allocate+0x133/0x8c0 [ 779.612079] ? _raw_spin_unlock+0x29/0x40 [ 779.612087] ? _ion_heap_freelist_drain+0x6e/0x410 [ 779.612101] ? ion_system_contig_heap_create+0x130/0x130 [ 779.612113] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 779.622340] 8*128kB [ 779.623444] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 779.625821] (UM) [ 779.630208] ion_alloc+0x27a/0x810 [ 779.630223] ? ion_dma_buf_release+0x40/0x40 [ 779.630234] ? __might_fault+0x177/0x1b0 [ 779.630244] ion_ioctl+0xea/0x1f0 [ 779.630252] ? ion_query_heaps+0x360/0x360 [ 779.630264] ? ion_query_heaps+0x360/0x360 [ 779.630274] do_vfs_ioctl+0x75a/0xff0 [ 779.632312] 4*256kB [ 779.637135] ? ioctl_preallocate+0x1a0/0x1a0 [ 779.643513] Node 0 [ 779.646161] ? lock_downgrade+0x740/0x740 [ 779.652001] DMA32: [ 779.656581] ? __fget+0x225/0x360 [ 779.661677] (UM) [ 779.663708] ? do_vfs_ioctl+0xff0/0xff0 [ 779.665754] 11*512kB [ 779.669287] ? security_file_ioctl+0x83/0xb0 [ 779.669299] SyS_ioctl+0x7f/0xb0 [ 779.669307] ? do_vfs_ioctl+0xff0/0xff0 [ 779.669317] do_syscall_64+0x1d5/0x640 [ 779.669332] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 779.669339] RIP: 0033:0x466459 [ 779.669346] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 [ 779.674115] 2027*4kB [ 779.677768] ORIG_RAX: 0000000000000010 [ 779.677774] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 779.677780] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 779.677785] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 779.677790] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 779.677795] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 779.714395] (UM) [ 779.715060] (UME) [ 779.718463] 0*1024kB [ 779.720825] 683*8kB [ 779.725207] 0*2048kB [ 779.729042] (UME) [ 779.735901] 0*4096kB [ 779.736433] 157*16kB [ 779.741625] = 28828kB [ 779.741633] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 779.741640] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 779.745008] (UME) [ 779.752423] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 779.752593] 47*32kB [ 779.756547] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 779.763848] (UME) [ 779.773480] 13168 total pagecache pages [ 779.778740] 22*64kB [ 779.785650] 0 pages in swap cache [ 779.793248] (M) [ 779.797180] Swap cache stats: add 0, delete 0, find 0/0 [ 779.799535] 6*128kB (UM) 4*256kB (UM) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 21812kB [ 779.799570] Node 0 Normal: 0*4kB 0*8kB [ 779.816355] Free swap = 0kB [ 779.822456] 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 779.822493] Node 1 [ 779.833931] Total swap = 0kB [ 779.842548] Normal: [ 779.844375] 2097051 pages RAM [ 779.853137] 9*4kB [ 779.867790] 0 pages HighMem/MovableOnly [ 779.872330] (UM) [ 779.886115] 363848 pages reserved [ 779.887150] 6*8kB [ 779.895462] 0 pages cma reserved [ 779.895469] Out of memory (oom_kill_allocating_task): Kill process 15282 (systemd-rfkill) score 0 or sacrifice child [ 779.895491] Killed process 15282 (systemd-rfkill) total-vm:37800kB, anon-rss:376kB, file-rss:0kB, shmem-rss:0kB [ 779.897691] (UM) [ 779.911919] oom_reaper: reaped process 15299 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 779.912881] 10*16kB [ 779.914808] oom_reaper: reaped process 15282 (systemd-rfkill), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 779.917774] (UME) 349*32kB (UME) 84*64kB (UM) 10*128kB (UM) 5*256kB (UM) 12*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 26516kB [ 779.917833] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 779.917839] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 779.917844] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 779.917852] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 779.997356] oom_reaper: reaped process 15290 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 779.998476] 13110 total pagecache pages [ 780.029770] systemd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 780.042185] 0 pages in swap cache [ 780.045661] Swap cache stats: add 0, delete 0, find 0/0 [ 780.051092] Free swap = 0kB [ 780.052167] syz-executor.1: [ 780.054097] Total swap = 0kB [ 780.054113] page allocation failure: order:4 [ 780.057117] 2097051 pages RAM [ 780.065536] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 780.069525] systemd cpuset=/ mems_allowed=0-1 [ 780.079867] 0 pages HighMem/MovableOnly [ 780.083855] CPU: 0 PID: 1 Comm: systemd Not tainted 4.14.230-syzkaller #0 [ 780.085960] syz-executor.1 cpuset= [ 780.090762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.090766] Call Trace: [ 780.090780] dump_stack+0x1b2/0x281 [ 780.090792] dump_header+0x178/0x82f [ 780.090802] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 780.090812] ? ___ratelimit+0x2cd/0x530 [ 780.090822] oom_kill_process.cold+0x10/0xa40 [ 780.090832] ? lock_downgrade+0x740/0x740 [ 780.090846] out_of_memory+0x2dc/0x1190 [ 780.094372] syz-executor.0: [ 780.103786] ? oom_killer_disable+0x1c0/0x1c0 [ 780.103794] ? mutex_trylock+0x152/0x1a0 [ 780.103806] __alloc_pages_nodemask+0x23e1/0x2720 [ 780.114748] / [ 780.118841] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 780.122800] page allocation failure: order:0 [ 780.127262] ? cache_grow_begin+0x3f/0x700 [ 780.131395] mems_allowed=0-1 [ 780.135326] cache_grow_begin+0x91/0x700 [ 780.138339] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 780.142795] fallback_alloc+0x207/0x2c0 [ 780.157751] (null) [ 780.158181] kmem_cache_alloc+0x1e5/0x3c0 [ 780.162554] syz-executor.0 cpuset= [ 780.166767] getname_flags+0xc8/0x550 [ 780.187753] / [ 780.191161] do_sys_open+0x1ce/0x410 [ 780.194671] mems_allowed=0-1 [ 780.198447] ? filp_open+0x60/0x60 [ 780.198457] ? __do_page_fault+0x159/0xad0 [ 780.198467] ? do_syscall_64+0x4c/0x640 [ 780.218598] ? do_sys_open+0x410/0x410 [ 780.222462] do_syscall_64+0x1d5/0x640 [ 780.226342] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 780.231525] RIP: 0033:0x7fb063bf19b1 [ 780.235215] RSP: 002b:00007ffe40d88b98 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 780.242899] RAX: ffffffffffffffda RBX: 000000000000002f RCX: 00007fb063bf19b1 [ 780.250150] RDX: 000055e35bba3aa0 RSI: 0000000000090800 RDI: 000055e35bba3aa0 [ 780.257399] RBP: 00007ffe40d88bf0 R08: 0000000000000003 R09: 0000000000001010 [ 780.264649] R10: 0000000000000020 R11: 0000000000000202 R12: 000055e35bba3aa0 [ 780.271898] R13: 0000000000000000 R14: 0000000000000000 R15: 000055e35bae4818 [ 780.279174] CPU: 1 PID: 15299 Comm: syz-executor.1 Not tainted 4.14.230-syzkaller #0 [ 780.285772] 363848 pages reserved [ 780.287057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.290514] 0 pages cma reserved [ 780.299808] Call Trace: [ 780.299826] dump_stack+0x1b2/0x281 [ 780.299839] warn_alloc.cold+0x96/0x1cc [ 780.299851] ? zone_watermark_ok_safe+0x220/0x220 [ 780.299876] __alloc_pages_nodemask+0x2127/0x2720 [ 780.322988] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 780.328014] ? lock_acquire+0x170/0x3f0 [ 780.331989] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 780.336840] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 780.342286] ? __mutex_unlock_slowpath+0x75/0x770 [ 780.347125] alloc_pages_current+0x155/0x260 [ 780.351532] ion_page_pool_alloc+0x118/0x1b0 [ 780.355930] ion_system_heap_allocate+0x133/0x8c0 [ 780.360768] ? _raw_spin_unlock+0x29/0x40 [ 780.364906] ? _ion_heap_freelist_drain+0x6e/0x410 [ 780.369830] ? ion_system_contig_heap_create+0x130/0x130 [ 780.375271] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 780.380278] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 780.385113] ion_alloc+0x27a/0x810 [ 780.388651] ? ion_dma_buf_release+0x40/0x40 [ 780.393053] ? __might_fault+0x177/0x1b0 [ 780.397114] ion_ioctl+0xea/0x1f0 [ 780.400564] ? ion_query_heaps+0x360/0x360 [ 780.404794] ? ion_query_heaps+0x360/0x360 [ 780.409023] do_vfs_ioctl+0x75a/0xff0 [ 780.412817] ? ioctl_preallocate+0x1a0/0x1a0 [ 780.417213] ? lock_downgrade+0x740/0x740 [ 780.421358] ? __fget+0x225/0x360 [ 780.424826] ? do_vfs_ioctl+0xff0/0xff0 [ 780.428794] ? security_file_ioctl+0x83/0xb0 [ 780.433195] SyS_ioctl+0x7f/0xb0 [ 780.436551] ? do_vfs_ioctl+0xff0/0xff0 [ 780.440523] do_syscall_64+0x1d5/0x640 [ 780.444409] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 780.449587] RIP: 0033:0x466459 [ 780.452765] RSP: 002b:00007fcdda489188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 780.460464] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 780.467721] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 780.474984] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 780.482250] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 780.489524] R13: 00007ffe21b5ad8f R14: 00007fcdda489300 R15: 0000000000022000 [ 780.557770] CPU: 1 PID: 15292 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 780.565685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.575047] Call Trace: [ 780.577635] dump_stack+0x1b2/0x281 [ 780.581267] warn_alloc.cold+0x96/0x1cc [ 780.585256] ? zone_watermark_ok_safe+0x220/0x220 [ 780.590094] ? usleep_range+0x130/0x130 [ 780.594062] ? try_to_free_pages+0x23f/0x6e0 [ 780.598464] ? _find_next_bit+0xdb/0x100 [ 780.602536] ? run_timer_softirq+0x5a0/0x5a0 [ 780.606946] __alloc_pages_nodemask+0x2127/0x2720 [ 780.611792] ? lock_acquire+0x170/0x3f0 [ 780.615767] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 780.620606] ? ion_page_pool_alloc+0x9e/0x1b0 [ 780.625100] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 780.630556] alloc_pages_current+0x155/0x260 [ 780.634962] ion_page_pool_alloc+0x118/0x1b0 [ 780.639368] ion_system_heap_allocate+0x133/0x8c0 [ 780.644206] ? _raw_spin_unlock+0x29/0x40 [ 780.648344] ? _ion_heap_freelist_drain+0x6e/0x410 [ 780.653263] ? ion_system_contig_heap_create+0x130/0x130 [ 780.658709] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 780.663719] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 780.668557] ion_alloc+0x27a/0x810 [ 780.672092] ? ion_dma_buf_release+0x40/0x40 [ 780.676495] ? __might_fault+0x177/0x1b0 [ 780.680548] ion_ioctl+0xea/0x1f0 [ 780.684003] ? ion_query_heaps+0x360/0x360 [ 780.688232] ? ion_query_heaps+0x360/0x360 [ 780.692462] do_vfs_ioctl+0x75a/0xff0 [ 780.696257] ? ioctl_preallocate+0x1a0/0x1a0 [ 780.700655] ? lock_downgrade+0x740/0x740 [ 780.704798] ? __fget+0x225/0x360 [ 780.708247] ? do_vfs_ioctl+0xff0/0xff0 [ 780.712215] ? security_file_ioctl+0x83/0xb0 [ 780.716616] SyS_ioctl+0x7f/0xb0 [ 780.719984] ? do_vfs_ioctl+0xff0/0xff0 [ 780.723952] do_syscall_64+0x1d5/0x640 [ 780.727838] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 780.733015] RIP: 0033:0x466459 [ 780.736191] RSP: 002b:00007fae1df4d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 780.743894] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 780.751155] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000006 [ 780.758416] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 780.765677] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 780.772937] R13: 00007ffcdd857c6f R14: 00007fae1df4d300 R15: 0000000000022000 [ 780.793356] IPVS: ftp: loaded support on port[0] = 21 [ 780.808096] Mem-Info: [ 780.810673] active_anon:12311 inactive_anon:12556 isolated_anon:0 [ 780.810673] active_file:15 inactive_file:741 isolated_file:0 [ 780.810673] unevictable:0 dirty:0 writeback:0 unstable:0 [ 780.810673] slab_reclaimable:13377 slab_unreclaimable:114882 [ 780.810673] mapped:53355 shmem:13079 pagetables:824 bounce:0 [ 780.810673] free:121823 free_pcp:681 free_cma:0 [ 780.877752] warn_alloc_show_mem: 2 callbacks suppressed [ 780.877756] Mem-Info: [ 780.887927] active_anon:12311 inactive_anon:12556 isolated_anon:0 [ 780.887927] active_file:290 inactive_file:611 isolated_file:0 [ 780.887927] unevictable:0 dirty:0 writeback:0 unstable:0 [ 780.887927] slab_reclaimable:13377 slab_unreclaimable:115124 [ 780.887927] mapped:53530 shmem:13079 pagetables:824 bounce:0 [ 780.887927] free:117476 free_pcp:509 free_cma:0 [ 780.931864] Node 0 active_anon:48896kB inactive_anon:33932kB active_file:1256kB inactive_file:3140kB unevictable:0kB isolated(anon):0kB isolated(file):100kB mapped:193884kB dirty:0kB writeback:0kB shmem:35932kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 781.037930] syz-executor.2: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 781.038021] Bluetooth: hci5 command 0x0409 tx timeout [ 781.055729] Node 0 active_anon:48908kB inactive_anon:33932kB active_file:2292kB inactive_file:2280kB unevictable:0kB isolated(anon):48kB isolated(file):0kB mapped:194648kB dirty:24kB writeback:0kB shmem:35932kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 781.058521] Node 1 active_anon:348kB inactive_anon:16292kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20936kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 781.107788] Bluetooth: hci3 command 0x0409 tx timeout [ 781.121691] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 781.125954] chnl_net:caif_netlink_parms(): no params data found [ 781.127204] CPU: 0 PID: 15295 Comm: syz-executor.2 Not tainted 4.14.230-syzkaller #0 [ 781.140739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.150086] Call Trace: [ 781.152695] dump_stack+0x1b2/0x281 [ 781.156323] warn_alloc.cold+0x96/0x1cc [ 781.157204] syz-executor.3: page allocation failure: order:5 [ 781.160290] ? zone_watermark_ok_safe+0x220/0x220 [ 781.160313] __alloc_pages_nodemask+0x2127/0x2720 [ 781.166077] , mode:0x1084020(GFP_ATOMIC|__GFP_COMP), nodemask= [ 781.170903] ? lock_acquire+0x170/0x3f0 [ 781.175709] (null) [ 781.181661] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 781.185601] syz-executor.3 cpuset= [ 781.187737] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 781.192554] / [ 781.196077] ? __mutex_unlock_slowpath+0x75/0x770 [ 781.201496] mems_allowed=0-1 [ 781.203201] ? retint_kernel+0x2d/0x2d [ 781.214952] alloc_pages_current+0x155/0x260 [ 781.219343] ion_page_pool_alloc+0x118/0x1b0 [ 781.223730] ion_system_heap_allocate+0x133/0x8c0 [ 781.228550] ? _raw_spin_unlock+0x29/0x40 [ 781.232674] ? _ion_heap_freelist_drain+0x6e/0x410 [ 781.237581] ? ion_system_contig_heap_create+0x130/0x130 [ 781.243050] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 781.248057] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 781.252882] ion_alloc+0x27a/0x810 [ 781.256405] ? ion_dma_buf_release+0x40/0x40 [ 781.260793] ? __might_fault+0x177/0x1b0 [ 781.264834] ion_ioctl+0xea/0x1f0 [ 781.268267] ? ion_query_heaps+0x360/0x360 [ 781.272483] ? ion_query_heaps+0x360/0x360 [ 781.276700] do_vfs_ioctl+0x75a/0xff0 [ 781.280482] ? ioctl_preallocate+0x1a0/0x1a0 [ 781.284869] ? lock_downgrade+0x740/0x740 [ 781.288997] ? __fget+0x225/0x360 [ 781.292430] ? do_vfs_ioctl+0xff0/0xff0 [ 781.296385] ? security_file_ioctl+0x83/0xb0 [ 781.300774] SyS_ioctl+0x7f/0xb0 [ 781.304118] ? do_vfs_ioctl+0xff0/0xff0 [ 781.308072] do_syscall_64+0x1d5/0x640 [ 781.311958] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 781.317136] RIP: 0033:0x466459 [ 781.320305] RSP: 002b:00007fc10ef5c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 781.327995] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 781.335243] RDX: 0000000020000040 RSI: 00000000c0184900 RDI: 0000000000000005 [ 781.342491] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 781.349753] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 781.357010] R13: 00007ffec6b9ec3f R14: 00007fc10ef5c300 R15: 0000000000022000 [ 781.364274] CPU: 1 PID: 15304 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 781.372152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.381500] Call Trace: [ 781.384085] dump_stack+0x1b2/0x281 [ 781.387704] warn_alloc.cold+0x96/0x1cc [ 781.391671] ? zone_watermark_ok_safe+0x220/0x220 [ 781.396501] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 781.401951] ? wake_all_kswapds+0x175/0x360 [ 781.406278] __alloc_pages_nodemask+0x2127/0x2720 [ 781.411112] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 781.416117] ? __alloc_pages_nodemask+0x1a6e/0x2720 [ 781.421135] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 781.425967] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 781.428270] Node 0 [ 781.430793] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 781.430810] DMA free:10968kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 781.433017] ? calc_wheel_index+0xb1/0x1c0 [ 781.448272] lowmem_reserve[]: [ 781.463842] ? cache_alloc_refill+0x2fa/0x350 [ 781.463851] ? ____cache_alloc_node+0x156/0x1d0 [ 781.463862] cache_grow_begin+0x91/0x700 [ 781.463877] fallback_alloc+0x207/0x2c0 [ 781.463893] __kmalloc+0x213/0x400 [ 781.490444] 0 2717 [ 781.491838] ? batadv_hash_new+0xaa/0x270 [ 781.491848] batadv_hash_new+0xaa/0x270 [ 781.494062] 2718 [ 781.498187] ? batadv_bla_status_update+0x2b0/0x2b0 [ 781.498195] batadv_dat_init+0x61/0x170 [ 781.498204] batadv_mesh_init+0x4a8/0x630 [ 781.498214] batadv_softif_init_late+0xa26/0xc90 [ 781.498223] ? batadv_get_strings+0x40/0x40 [ 781.517901] 2718 [ 781.522022] ? dev_valid_name+0x1a0/0x1a0 [ 781.526313] 2718 [ 781.528358] ? batadv_get_strings+0x40/0x40 [ 781.528368] register_netdevice+0x291/0xe40 [ 781.528380] ? netdev_change_features+0xa0/0xa0 [ 781.528393] ? rtnl_create_link+0x129/0x890 [ 781.528405] rtnl_newlink+0x14ff/0x1860 [ 781.528413] ? rtnl_newlink+0x43d/0x1860 [ 781.552143] ? mark_held_locks+0xa6/0xf0 [ 781.556080] Node 0 [ 781.560118] ? rtnl_dellink+0x6a0/0x6a0 [ 781.560128] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 781.560137] ? _raw_spin_unlock_irq+0x5a/0x80 [ 781.560181] ? rtnl_dellink+0x6a0/0x6a0 [ 781.560190] rtnetlink_rcv_msg+0x3be/0xb10 [ 781.588053] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 781.590012] DMA32 free:81376kB min:36200kB low:45248kB high:54296kB active_anon:48908kB inactive_anon:33932kB active_file:2196kB inactive_file:2676kB unevictable:0kB writepending:24kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7840kB pagetables:3136kB bounce:0kB free_pcp:100kB local_pcp:116kB free_cma:0kB [ 781.592537] ? __netlink_lookup+0x345/0x5d0 [ 781.625559] netlink_rcv_skb+0x125/0x390 [ 781.629627] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 781.634117] ? netlink_ack+0x9a0/0x9a0 [ 781.638008] netlink_unicast+0x437/0x610 [ 781.642066] ? netlink_sendskb+0xd0/0xd0 [ 781.646122] ? __check_object_size+0x179/0x230 [ 781.650699] netlink_sendmsg+0x62e/0xb80 [ 781.654758] ? nlmsg_notify+0x170/0x170 [ 781.658729] ? security_socket_sendmsg+0x83/0xb0 [ 781.663478] ? nlmsg_notify+0x170/0x170 [ 781.667446] sock_sendmsg+0xb5/0x100 [ 781.671155] SyS_sendto+0x1c7/0x2c0 [ 781.674772] ? SyS_getpeername+0x220/0x220 [ 781.679000] ? vm_insert_page+0x7c0/0x7c0 [ 781.683158] ? up_read+0x17/0x30 [ 781.686606] ? __do_page_fault+0x159/0xad0 [ 781.687703] lowmem_reserve[]: [ 781.690830] ? do_syscall_64+0x4c/0x640 [ 781.690832] 0 0 [ 781.693917] ? SyS_getpeername+0x220/0x220 [ 781.704041] do_syscall_64+0x1d5/0x640 [ 781.707925] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 781.713103] RIP: 0033:0x4193ec [ 781.716283] RSP: 002b:00007ffc92cfe460 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 781.719938] 0 [ 781.723977] RAX: ffffffffffffffda RBX: 00000000014a4320 RCX: 00000000004193ec [ 781.723982] 0 [ 781.725757] RDX: 000000000000003c RSI: 00000000014a4370 RDI: 0000000000000003 [ 781.725763] RBP: 0000000000000000 R08: 00007ffc92cfe4b4 R09: 000000000000000c [ 781.749301] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 781.756571] R13: 00000000014a4370 R14: 0000000000000003 R15: 0000000000000000 [ 781.759931] 0 [ 781.778114] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 781.786269] Node 1 active_anon:348kB inactive_anon:16292kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20936kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 781.847689] lowmem_reserve[]: 0 0 0 0 0 [ 781.851705] Node 1 Normal free:82932kB min:53696kB low:67120kB high:80544kB active_anon:348kB inactive_anon:16292kB active_file:204kB inactive_file:8kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:160kB bounce:0kB free_pcp:384kB local_pcp:208kB free_cma:0kB [ 781.917699] lowmem_reserve[]: 0 0 0 0 0 [ 781.921713] Node 0 DMA: 20*4kB (UEH) 21*8kB (UEH) 29*16kB (UEH) 16*32kB (UEH) 3*64kB (UEH) 3*128kB (UEH) 2*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11016kB [ 781.941516] warn_alloc_show_mem: 2 callbacks suppressed [ 781.941519] Mem-Info: [ 781.943435] Node 0 [ 781.949853] active_anon:12314 inactive_anon:12556 isolated_anon:12 [ 781.949853] active_file:186 inactive_file:186 isolated_file:0 [ 781.949853] unevictable:0 dirty:6 writeback:0 unstable:0 [ 781.949853] slab_reclaimable:13377 slab_unreclaimable:116212 [ 781.949853] mapped:53146 shmem:13079 pagetables:824 bounce:0 [ 781.949853] free:28123 free_pcp:284 free_cma:0 [ 781.962992] DMA free:11000kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 781.997794] Node 0 DMA32: 1615*4kB (UME) 743*8kB (UME) 113*16kB (UME) 686*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36164kB [ 782.039555] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 782.050903] Node 0 active_anon:48908kB inactive_anon:33932kB active_file:368kB inactive_file:312kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:191368kB dirty:4kB writeback:0kB shmem:35932kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 782.070556] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 782.078766] Node 1 Normal: 0*4kB 1*8kB (U) 1*16kB (U) 1960*32kB [ 782.083779] Node 0 [ 782.084280] (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 62744kB [ 782.092710] DMA32 free:38684kB min:36200kB low:45248kB high:54296kB active_anon:48908kB inactive_anon:33932kB active_file:0kB inactive_file:488kB unevictable:0kB writepending:4kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7744kB pagetables:3136kB bounce:0kB free_pcp:768kB local_pcp:648kB free_cma:0kB [ 782.101090] Node 1 active_anon:348kB inactive_anon:16292kB active_file:664kB inactive_file:1284kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:22236kB dirty:0kB writeback:0kB shmem:16384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 782.131326] lowmem_reserve[]: [ 782.159046] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 782.159727] 0 [ 782.162900] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 782.172660] 0 [ 782.173816] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 782.183042] 0 [ 782.183420] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 782.194031] 0 [ 782.202641] 14010 total pagecache pages [ 782.208674] 0 pages in swap cache [ 782.212136] Swap cache stats: add 0, delete 0, find 0/0 [ 782.217485] Free swap = 0kB [ 782.218781] 0 [ 782.220692] Total swap = 0kB [ 782.222278] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 782.225284] 2097051 pages RAM [ 782.225290] 0 pages HighMem/MovableOnly [ 782.258522] Node 0 DMA free:11016kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 782.285038] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 782.290309] lowmem_reserve[]: 0 0 0 0 0 [ 782.290807] Node 0 [ 782.294300] Node 1 [ 782.294313] DMA32 free:37508kB min:36200kB low:45248kB high:54296kB active_anon:48908kB inactive_anon:33932kB active_file:152kB inactive_file:1364kB unevictable:0kB writepending:4kB present:3129332kB managed:2788132kB mlocked:0kB kernel_stack:7744kB pagetables:3136kB bounce:0kB free_pcp:664kB local_pcp:128kB free_cma:0kB [ 782.294317] lowmem_reserve[]: [ 782.296549] Normal free:60768kB min:53696kB low:67120kB high:80544kB active_anon:348kB inactive_anon:16292kB active_file:664kB inactive_file:1284kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:160kB bounce:0kB free_pcp:296kB local_pcp:128kB free_cma:0kB [ 782.299035] 363848 pages reserved [ 782.342685] lowmem_reserve[]: [ 782.359359] 0 [ 782.364788] 0 [ 782.365656] 0 [ 782.367434] 0 [ 782.369529] 0 0 0 [ 782.373299] 0 [ 782.375162] Node 0 [ 782.375164] 0 0 [ 782.376956] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:516kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 782.406543] lowmem_reserve[]: 0 0 0 0 0 [ 782.408930] Node 0 DMA: 20*4kB (UEH) 21*8kB (UEH) 29*16kB (UEH) 16*32kB (UEH) [ 782.410752] Node 1 [ 782.418916] 0 pages cma reserved [ 782.420490] 4*64kB [ 782.421145] Out of memory: Kill process 7960 (syz-fuzzer) score 5 or sacrifice child [ 782.424486] (UEH) [ 782.426748] Killed process 15303 (syz-executor.3) total-vm:84924kB, anon-rss:64kB, file-rss:0kB, shmem-rss:0kB [ 782.436441] 3*128kB [ 782.436987] Normal free:60560kB min:53696kB low:67120kB high:80544kB active_anon:348kB inactive_anon:16292kB active_file:664kB inactive_file:1284kB unevictable:0kB writepending:0kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:96kB pagetables:160kB bounce:0kB free_pcp:296kB local_pcp:168kB free_cma:0kB [ 782.449819] (UEH) [ 782.477983] lowmem_reserve[]: 0 0 0 0 0 [ 782.480680] 2*256kB [ 782.484100] Node 0 [ 782.484102] (UE) 1*512kB [ 782.486409] DMA: [ 782.488683] (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11080kB [ 782.493696] 20*4kB (UEH) 21*8kB (UEH) 29*16kB (UEH) 16*32kB (UEH) 4*64kB (UEH) 3*128kB (UEH) 2*256kB (UE) 1*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 0*4096kB = 11080kB [ 782.506656] Node 0 [ 782.528843] Node 0 [ 782.532097] DMA32: [ 782.532471] DMA32: [ 782.535042] 1148*4kB (UE) 872*8kB (UE) 146*16kB (UE) 693*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36080kB [ 782.551447] 1148*4kB [ 782.561606] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 782.568599] (UE) [ 782.576098] Node 1 Normal: 0*4kB 0*8kB 1*16kB (U) 1813*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 58032kB [ 782.593883] 872*8kB (UE) 146*16kB (UE) 693*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36080kB [ 782.594129] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 782.609938] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 782.614706] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 782.634154] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 782.644522] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 782.654689] 15416 total pagecache pages [ 782.659679] Node 1 Normal: 1*4kB (M) 0*8kB 0*16kB 1734*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55492kB [ 782.659865] 0 pages in swap cache [ 782.676447] Swap cache stats: add 0, delete 0, find 0/0 [ 782.685028] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 782.697392] Free swap = 0kB [ 782.700899] Total swap = 0kB [ 782.702606] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 782.713969] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 782.714036] 2097051 pages RAM [ 782.725366] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 782.736313] 0 pages HighMem/MovableOnly [ 782.739729] 15811 total pagecache pages [ 782.744530] 0 pages in swap cache [ 782.747840] 363848 pages reserved [ 782.750012] Swap cache stats: add 0, delete 0, find 0/0 [ 782.751687] 0 pages cma reserved [ 782.756752] Free swap = 0kB [ 782.756755] Total swap = 0kB [ 782.756762] 2097051 pages RAM [ 782.756765] 0 pages HighMem/MovableOnly [ 782.756768] 363848 pages reserved [ 782.756771] 0 pages cma reserved [ 782.788692] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: (null) [ 782.798900] ------------[ cut here ]------------ [ 782.803665] WARNING: CPU: 0 PID: 15304 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb [ 782.812752] Kernel panic - not syncing: panic_on_warn set ... [ 782.812752] [ 782.820107] CPU: 0 PID: 15304 Comm: syz-executor.3 Not tainted 4.14.230-syzkaller #0 [ 782.827975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.837319] Call Trace: [ 782.839907] dump_stack+0x1b2/0x281 [ 782.843535] panic+0x1f9/0x42d [ 782.846720] ? add_taint.cold+0x16/0x16 [ 782.850690] ? debug_print_object.cold+0xa7/0xdb [ 782.855438] ? debug_print_object.cold+0xa7/0xdb [ 782.860189] __warn.cold+0x20/0x44 [ 782.863725] ? ist_end_non_atomic+0x10/0x10 [ 782.868041] ? debug_print_object.cold+0xa7/0xdb [ 782.872792] report_bug+0x208/0x250 [ 782.876416] do_error_trap+0x195/0x2d0 [ 782.880305] ? math_error+0x2d0/0x2d0 [ 782.884109] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 782.888951] invalid_op+0x1b/0x40 [ 782.892399] RIP: 0010:debug_print_object.cold+0xa7/0xdb [ 782.897752] RSP: 0018:ffff88815c527248 EFLAGS: 00010086 [ 782.903111] RAX: 0000000000000061 RBX: 0000000000000005 RCX: 0000000000000000 [ 782.910370] RDX: 0000000000000000 RSI: ffffffff878bbbc0 RDI: ffffed102b8a4e3f [ 782.917638] RBP: ffffffff878b6e80 R08: 0000000000000061 R09: 0000000000000001 [ 782.924898] R10: 0000000000000000 R11: ffff88807534e240 R12: 0000000000000000 [ 782.932163] R13: 0000000000000000 R14: ffff8880153020f0 R15: 1ffff1102b8a4e52 [ 782.939446] ? debug_print_object.cold+0xa7/0xdb [ 782.944196] debug_object_assert_init+0x1d3/0x2d0 [ 782.949036] ? debug_object_active_state+0x330/0x330 [ 782.954133] ? rtnl_newlink+0x14ff/0x1860 [ 782.958278] ? rtnetlink_rcv_msg+0x3be/0xb10 [ 782.962679] ? netlink_rcv_skb+0x125/0x390 [ 782.966909] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 782.972278] del_timer+0x5d/0xe0 [ 782.975640] ? process_timeout+0x20/0x20 [ 782.979702] try_to_grab_pending+0x243/0x610 [ 782.984110] __cancel_work_timer+0x90/0x460 [ 782.988428] ? work_on_cpu_safe+0x70/0x70 [ 782.992577] ? batadv_tvlv_handler_get+0x1db/0x2b0 [ 782.997508] batadv_nc_mesh_free+0x41/0x120 [ 783.001829] batadv_mesh_free+0x70/0x150 [ 783.005886] batadv_mesh_init+0x561/0x630 [ 783.010033] batadv_softif_init_late+0xa26/0xc90 [ 783.014789] ? batadv_get_strings+0x40/0x40 [ 783.019104] ? dev_valid_name+0x1a0/0x1a0 [ 783.023271] ? batadv_get_strings+0x40/0x40 [ 783.027590] register_netdevice+0x291/0xe40 [ 783.031914] ? netdev_change_features+0xa0/0xa0 [ 783.036577] ? rtnl_create_link+0x129/0x890 [ 783.040895] rtnl_newlink+0x14ff/0x1860 [ 783.044864] ? rtnl_newlink+0x43d/0x1860 [ 783.048929] ? mark_held_locks+0xa6/0xf0 [ 783.052978] ? rtnl_dellink+0x6a0/0x6a0 [ 783.056943] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 783.061952] ? _raw_spin_unlock_irq+0x5a/0x80 [ 783.066471] ? rtnl_dellink+0x6a0/0x6a0 [ 783.070440] rtnetlink_rcv_msg+0x3be/0xb10 [ 783.074671] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 783.079162] ? __netlink_lookup+0x345/0x5d0 [ 783.083486] netlink_rcv_skb+0x125/0x390 [ 783.087539] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 783.092029] ? netlink_ack+0x9a0/0x9a0 [ 783.095920] netlink_unicast+0x437/0x610 [ 783.099983] ? netlink_sendskb+0xd0/0xd0 [ 783.104035] ? __check_object_size+0x179/0x230 [ 783.108613] netlink_sendmsg+0x62e/0xb80 [ 783.112667] ? nlmsg_notify+0x170/0x170 [ 783.116642] ? security_socket_sendmsg+0x83/0xb0 [ 783.121389] ? nlmsg_notify+0x170/0x170 [ 783.125356] sock_sendmsg+0xb5/0x100 [ 783.129066] SyS_sendto+0x1c7/0x2c0 [ 783.132686] ? SyS_getpeername+0x220/0x220 [ 783.136909] ? vm_insert_page+0x7c0/0x7c0 [ 783.141066] ? up_read+0x17/0x30 [ 783.144435] ? __do_page_fault+0x159/0xad0 [ 783.148668] ? do_syscall_64+0x4c/0x640 [ 783.152638] ? SyS_getpeername+0x220/0x220 [ 783.156869] do_syscall_64+0x1d5/0x640 [ 783.160757] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 783.165937] RIP: 0033:0x4193ec [ 783.169117] RSP: 002b:00007ffc92cfe460 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 783.176813] RAX: ffffffffffffffda RBX: 00000000014a4320 RCX: 00000000004193ec [ 783.184073] RDX: 000000000000003c RSI: 00000000014a4370 RDI: 0000000000000003 [ 783.191331] RBP: 0000000000000000 R08: 00007ffc92cfe4b4 R09: 000000000000000c [ 783.198590] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 783.205854] R13: 00000000014a4370 R14: 0000000000000003 R15: 0000000000000000 [ 783.214337] Kernel Offset: disabled [ 783.221889] Rebooting in 86400 seconds..