lloc_alloc+0xca/0x280 [ 1035.310558][T21107] vmalloc_user+0x6b/0x90 [ 1035.316090][T21096] Node 0 active_anon:954236kB inactive_anon:812kB active_file:32632kB inactive_file:161648kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:372kB writeback:400kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 534528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1035.321118][T21107] ? vb2_vmalloc_alloc+0xca/0x280 [ 1035.321134][T21107] vb2_vmalloc_alloc+0xca/0x280 [ 1035.321152][T21107] ? __vb2_queue_alloc+0xf5/0xf40 [ 1035.360077][T21096] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1035.364248][T21107] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1035.364261][T21107] __vb2_queue_alloc+0x5a6/0xf40 [ 1035.364291][T21107] vb2_core_create_bufs+0x2bc/0x790 [ 1035.364307][T21107] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1035.364318][T21107] ? __vb2_queue_alloc+0xf40/0xf40 [ 1035.364334][T21107] ? lock_acquire+0x16f/0x3f0 [ 1035.364350][T21107] ? __video_do_ioctl+0x398/0xce0 [ 1035.364363][T21107] ? __lock_acquire+0x548/0x3fb0 [ 1035.364384][T21107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.364402][T21107] vb2_create_bufs+0x472/0x7d0 [ 1035.388857][T21096] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.397875][T21107] ? vb2_request_queue+0x120/0x120 [ 1035.397892][T21107] ? __lock_acquire+0x548/0x3fb0 [ 1035.397908][T21107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.397923][T21107] ? debug_smp_processor_id+0x3c/0x280 [ 1035.397943][T21107] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1035.397969][T21107] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1035.397987][T21107] v4l_create_bufs+0xc0/0x180 [ 1035.398007][T21107] __video_do_ioctl+0x7f1/0xce0 [ 1035.430274][T21096] lowmem_reserve[]: 0 2553 2555 2555 [ 1035.440663][T21107] ? v4l_s_fmt+0xab0/0xab0 [ 1035.440686][T21107] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1035.440702][T21107] ? _copy_from_user+0xdd/0x150 [ 1035.440721][T21107] video_usercopy+0x4c5/0x10d0 [ 1035.440734][T21107] ? v4l_s_fmt+0xab0/0xab0 [ 1035.440756][T21107] ? v4l_enumstd+0x70/0x70 [ 1035.440774][T21107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.478877][T21096] Node 0 DMA32 free:645036kB min:36232kB low:45288kB high:54344kB active_anon:954236kB inactive_anon:812kB active_file:32632kB inactive_file:161648kB unevictable:0kB writepending:824kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14144kB pagetables:25768kB bounce:0kB free_pcp:1748kB local_pcp:1356kB free_cma:0kB [ 1035.481701][T21107] ? tomoyo_path_number_perm+0x263/0x520 [ 1035.481721][T21107] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1035.481753][T21107] ? video_usercopy+0x10d0/0x10d0 [ 1035.481768][T21107] video_ioctl2+0x2d/0x35 [ 1035.481786][T21107] v4l2_ioctl+0x156/0x1b0 [ 1035.481801][T21107] ? video_devdata+0xa0/0xa0 [ 1035.481822][T21107] do_vfs_ioctl+0xd6e/0x1390 [ 1035.481847][T21107] ? ioctl_preallocate+0x210/0x210 [ 1035.488311][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 1035.492813][T21107] ? __fget+0x381/0x550 [ 1035.492836][T21107] ? ksys_dup3+0x3e0/0x3e0 [ 1035.492859][T21107] ? nsecs_to_jiffies+0x30/0x30 [ 1035.492881][T21107] ? tomoyo_file_ioctl+0x23/0x30 [ 1035.492901][T21107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.528702][T21096] lowmem_reserve[]: 0 0 2 2 [ 1035.529984][T21107] ? security_file_ioctl+0x93/0xc0 [ 1035.530004][T21107] ksys_ioctl+0xab/0xd0 [ 1035.552506][T21096] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.556988][T21107] __x64_sys_ioctl+0x73/0xb0 [ 1035.557010][T21107] do_syscall_64+0x103/0x670 [ 1035.581283][T21096] lowmem_reserve[]: 0 0 0 0 [ 1035.582583][T21107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1035.582596][T21107] RIP: 0033:0x458c29 [ 1035.582610][T21107] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1035.582619][T21107] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1035.582633][T21107] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1035.582641][T21107] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1035.582650][T21107] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1035.582659][T21107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1035.582668][T21107] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1035.595676][T21102] CPU: 1 PID: 21102 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1035.610088][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1035.633507][T21102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1035.633513][T21102] Call Trace: [ 1035.633537][T21102] dump_stack+0x172/0x1f0 [ 1035.633558][T21102] warn_alloc.cold+0x87/0x17f [ 1035.633572][T21102] ? zone_watermark_ok_safe+0x260/0x260 [ 1035.633587][T21102] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1035.633627][T21102] __vmalloc_node_range+0x48a/0x790 [ 1035.633643][T21102] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1035.633663][T21102] ? kmem_cache_alloc_trace+0x354/0x760 [ 1035.633677][T21102] ? vb2_vmalloc_alloc+0xca/0x280 [ 1035.633694][T21102] vmalloc_user+0x6b/0x90 [ 1035.633707][T21102] ? vb2_vmalloc_alloc+0xca/0x280 [ 1035.633722][T21102] vb2_vmalloc_alloc+0xca/0x280 [ 1035.633734][T21102] ? __vb2_queue_alloc+0xf5/0xf40 [ 1035.633751][T21102] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1035.633763][T21102] __vb2_queue_alloc+0x5a6/0xf40 [ 1035.633795][T21102] vb2_core_create_bufs+0x2bc/0x790 [ 1035.633814][T21102] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1035.633825][T21102] ? __vb2_queue_alloc+0xf40/0xf40 [ 1035.633839][T21102] ? lock_acquire+0x16f/0x3f0 [ 1035.633863][T21102] ? __video_do_ioctl+0x398/0xce0 [ 1035.633877][T21102] ? __lock_acquire+0x548/0x3fb0 [ 1035.646838][T21096] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.650589][T21102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.650610][T21102] vb2_create_bufs+0x472/0x7d0 [ 1035.650628][T21102] ? vb2_request_queue+0x120/0x120 [ 1035.655710][T21096] lowmem_reserve[]: 0 0 0 0 [ 1035.659277][T21102] ? __lock_acquire+0x548/0x3fb0 [ 1035.659296][T21102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.659311][T21102] ? debug_smp_processor_id+0x3c/0x280 [ 1035.659333][T21102] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1035.670190][T21096] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1035.673672][T21102] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1035.673690][T21102] v4l_create_bufs+0xc0/0x180 [ 1035.673710][T21102] __video_do_ioctl+0x7f1/0xce0 [ 1035.673733][T21102] ? v4l_s_fmt+0xab0/0xab0 [ 1035.673754][T21102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1035.673771][T21102] ? _copy_from_user+0xdd/0x150 [ 1035.673788][T21102] video_usercopy+0x4c5/0x10d0 [ 1035.673806][T21102] ? v4l_s_fmt+0xab0/0xab0 [ 1035.680296][T21096] Node 0 DMA32: 31*4kB (UME) 55*8kB (E) 98*16kB (UME) 746*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 134*4096kB (UM) = 644756kB [ 1035.683929][T21102] ? v4l_enumstd+0x70/0x70 [ 1035.683952][T21102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.683969][T21102] ? tomoyo_path_number_perm+0x263/0x520 [ 1035.683987][T21102] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1035.684018][T21102] ? video_usercopy+0x10d0/0x10d0 [ 1035.684033][T21102] video_ioctl2+0x2d/0x35 [ 1035.684048][T21102] v4l2_ioctl+0x156/0x1b0 [ 1035.684062][T21102] ? video_devdata+0xa0/0xa0 [ 1035.684081][T21102] do_vfs_ioctl+0xd6e/0x1390 [ 1035.684101][T21102] ? ioctl_preallocate+0x210/0x210 [ 1035.696094][T21096] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1035.699766][T21102] ? __fget+0x381/0x550 [ 1035.699790][T21102] ? ksys_dup3+0x3e0/0x3e0 [ 1035.699810][T21102] ? nsecs_to_jiffies+0x30/0x30 [ 1035.728727][T21096] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1035.746299][T21102] ? tomoyo_file_ioctl+0x23/0x30 [ 1035.746315][T21102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.746330][T21102] ? security_file_ioctl+0x93/0xc0 [ 1035.746349][T21102] ksys_ioctl+0xab/0xd0 [ 1035.746367][T21102] __x64_sys_ioctl+0x73/0xb0 [ 1035.746384][T21102] do_syscall_64+0x103/0x670 [ 1035.746404][T21102] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1035.746415][T21102] RIP: 0033:0x458c29 [ 1035.746429][T21102] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1035.746436][T21102] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1035.746450][T21102] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1035.746458][T21102] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1035.746468][T21102] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1035.746476][T21102] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1035.746484][T21102] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1035.770317][T21096] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1035.803597][T21096] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1035.822745][T21096] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1035.822756][T21096] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1035.822762][T21096] 48853 total pagecache pages [ 1035.822777][T21096] 0 pages in swap cache [ 1035.838874][T21096] Swap cache stats: add 0, delete 0, find 0/0 [ 1036.365932][T21096] Free swap = 0kB [ 1036.369703][T21096] Total swap = 0kB [ 1036.375324][T21096] 1965979 pages RAM [ 1036.379148][T21096] 0 pages HighMem/MovableOnly [ 1036.383966][T21096] 339405 pages reserved [ 1036.388123][T21096] 0 pages cma reserved [ 1037.641700][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 1037.647898][T20067] Bluetooth: hci0: sending frame failed (-49) 09:14:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 09:14:04 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) pipe2(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r1, 0x28, 0x6, &(0x7f0000000340)={0x77359400}, 0x10) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r2 = syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x5, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x9, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000002c0)=@assoc_value={r3, 0x4}, 0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e22, @multicast1}}}, 0x0) 09:14:04 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x6800000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:04 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x40000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:04 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x3f000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:04 executing program 0: r0 = syz_open_dev$amidi(&(0x7f0000000200)='/dev/amidi#\x00', 0x9, 0x101000) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000240)={0x2, 0x5, 0x7ce, 0x37, 'syz0\x00', 0x3}) r1 = socket$inet(0x2, 0x1, 0x84) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1038.006329][T21124] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1038.027336][T21126] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1038.041629][T21118] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1038.059786][T21124] CPU: 1 PID: 21124 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1038.068933][T21124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1038.068941][T21124] Call Trace: [ 1038.068969][T21124] dump_stack+0x172/0x1f0 [ 1038.068994][T21124] warn_alloc.cold+0x87/0x17f [ 1038.069013][T21124] ? zone_watermark_ok_safe+0x260/0x260 [ 1038.069032][T21124] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1038.069073][T21124] __vmalloc_node_range+0x48a/0x790 [ 1038.069089][T21124] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1038.069107][T21124] ? kmem_cache_alloc_trace+0x354/0x760 [ 1038.069121][T21124] ? vb2_vmalloc_alloc+0xca/0x280 [ 1038.069139][T21124] vmalloc_user+0x6b/0x90 [ 1038.069153][T21124] ? vb2_vmalloc_alloc+0xca/0x280 [ 1038.069169][T21124] vb2_vmalloc_alloc+0xca/0x280 [ 1038.069182][T21124] ? __vb2_queue_alloc+0xf5/0xf40 [ 1038.069200][T21124] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1038.069213][T21124] __vb2_queue_alloc+0x5a6/0xf40 [ 1038.069246][T21124] vb2_core_create_bufs+0x2bc/0x790 [ 1038.137633][T21124] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1038.137649][T21124] ? __vb2_queue_alloc+0xf40/0xf40 [ 1038.137665][T21124] ? lock_acquire+0x16f/0x3f0 [ 1038.137694][T21124] ? __video_do_ioctl+0x398/0xce0 [ 1038.158588][T21124] ? __lock_acquire+0x548/0x3fb0 [ 1038.158613][T21124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.158633][T21124] vb2_create_bufs+0x472/0x7d0 [ 1038.158654][T21124] ? vb2_request_queue+0x120/0x120 [ 1038.194725][T21124] ? __lock_acquire+0x548/0x3fb0 [ 1038.204767][T21124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.211014][T21124] ? debug_smp_processor_id+0x3c/0x280 [ 1038.216482][T21124] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1038.221509][T21124] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1038.221530][T21124] v4l_create_bufs+0xc0/0x180 [ 1038.221549][T21124] __video_do_ioctl+0x7f1/0xce0 [ 1038.221573][T21124] ? v4l_s_fmt+0xab0/0xab0 [ 1038.221596][T21124] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1038.221613][T21124] ? _copy_from_user+0xdd/0x150 [ 1038.221633][T21124] video_usercopy+0x4c5/0x10d0 [ 1038.221649][T21124] ? v4l_s_fmt+0xab0/0xab0 [ 1038.221670][T21124] ? v4l_enumstd+0x70/0x70 [ 1038.265664][T21124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.271901][T21124] ? tomoyo_path_number_perm+0x263/0x520 [ 1038.271923][T21124] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1038.271954][T21124] ? video_usercopy+0x10d0/0x10d0 [ 1038.271969][T21124] video_ioctl2+0x2d/0x35 [ 1038.271985][T21124] v4l2_ioctl+0x156/0x1b0 [ 1038.271999][T21124] ? video_devdata+0xa0/0xa0 [ 1038.272018][T21124] do_vfs_ioctl+0xd6e/0x1390 [ 1038.272040][T21124] ? ioctl_preallocate+0x210/0x210 [ 1038.272054][T21124] ? __fget+0x381/0x550 [ 1038.272075][T21124] ? ksys_dup3+0x3e0/0x3e0 [ 1038.319925][T21124] ? nsecs_to_jiffies+0x30/0x30 [ 1038.324797][T21124] ? tomoyo_file_ioctl+0x23/0x30 [ 1038.329737][T21124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.336006][T21124] ? security_file_ioctl+0x93/0xc0 [ 1038.341125][T21124] ksys_ioctl+0xab/0xd0 [ 1038.345290][T21124] __x64_sys_ioctl+0x73/0xb0 [ 1038.349889][T21124] do_syscall_64+0x103/0x670 [ 1038.354481][T21124] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1038.360367][T21124] RIP: 0033:0x458c29 [ 1038.364263][T21124] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1038.383952][T21124] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1038.392367][T21124] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1038.400335][T21124] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1038.408304][T21124] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1038.416273][T21124] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1038.424239][T21124] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1038.434111][T21118] CPU: 0 PID: 21118 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1038.443237][T21118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1038.453290][T21118] Call Trace: [ 1038.453740][T21124] warn_alloc_show_mem: 2 callbacks suppressed [ 1038.453745][T21124] Mem-Info: [ 1038.456584][T21118] dump_stack+0x172/0x1f0 [ 1038.456607][T21118] warn_alloc.cold+0x87/0x17f [ 1038.456629][T21118] ? zone_watermark_ok_safe+0x260/0x260 [ 1038.464426][T21124] active_anon:240157 inactive_anon:201 isolated_anon:0 [ 1038.464426][T21124] active_file:8197 inactive_file:40426 isolated_file:0 [ 1038.464426][T21124] unevictable:0 dirty:114 writeback:0 unstable:0 [ 1038.464426][T21124] slab_reclaimable:14089 slab_unreclaimable:104245 [ 1038.464426][T21124] mapped:58824 shmem:248 pagetables:6531 bounce:0 [ 1038.464426][T21124] free:1111158 free_pcp:315 free_cma:0 [ 1038.465799][T21118] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1038.465841][T21118] __vmalloc_node_range+0x48a/0x790 [ 1038.470296][T21124] Node 0 active_anon:960628kB inactive_anon:804kB active_file:32652kB inactive_file:161704kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:456kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 538624kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1038.474842][T21118] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1038.474864][T21118] ? kmem_cache_alloc_trace+0x354/0x760 [ 1038.474877][T21118] ? vb2_vmalloc_alloc+0xca/0x280 [ 1038.474895][T21118] vmalloc_user+0x6b/0x90 [ 1038.474909][T21118] ? vb2_vmalloc_alloc+0xca/0x280 [ 1038.474929][T21118] vb2_vmalloc_alloc+0xca/0x280 [ 1038.481156][T21124] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1038.518458][T21118] ? __vb2_queue_alloc+0xf5/0xf40 [ 1038.518478][T21118] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1038.518489][T21118] __vb2_queue_alloc+0x5a6/0xf40 [ 1038.518517][T21118] vb2_core_create_bufs+0x2bc/0x790 [ 1038.518534][T21118] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1038.518547][T21118] ? __vb2_queue_alloc+0xf40/0xf40 [ 1038.518561][T21118] ? lock_acquire+0x16f/0x3f0 [ 1038.518584][T21118] ? __video_do_ioctl+0x398/0xce0 [ 1038.525070][T21124] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1038.530940][T21118] ? __lock_acquire+0x548/0x3fb0 [ 1038.530961][T21118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.530981][T21118] vb2_create_bufs+0x472/0x7d0 [ 1038.530997][T21118] ? vb2_request_queue+0x120/0x120 [ 1038.531016][T21118] ? __lock_acquire+0x548/0x3fb0 [ 1038.560596][T21124] lowmem_reserve[]: 0 2553 2555 2555 [ 1038.564906][T21118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.564922][T21118] ? debug_smp_processor_id+0x3c/0x280 [ 1038.564944][T21118] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1038.564961][T21118] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1038.564978][T21118] v4l_create_bufs+0xc0/0x180 [ 1038.564997][T21118] __video_do_ioctl+0x7f1/0xce0 [ 1038.570971][T21124] Node 0 DMA32 free:638640kB min:36232kB low:45288kB high:54344kB active_anon:960628kB inactive_anon:804kB active_file:32652kB inactive_file:161704kB unevictable:0kB writepending:456kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14208kB pagetables:26124kB bounce:0kB free_pcp:1248kB local_pcp:388kB free_cma:0kB [ 1038.575537][T21118] ? v4l_s_fmt+0xab0/0xab0 [ 1038.575561][T21118] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1038.575578][T21118] ? _copy_from_user+0xdd/0x150 [ 1038.575595][T21118] video_usercopy+0x4c5/0x10d0 [ 1038.575612][T21118] ? v4l_s_fmt+0xab0/0xab0 [ 1038.581055][T21124] lowmem_reserve[]: 0 0 2 2 [ 1038.584935][T21118] ? v4l_enumstd+0x70/0x70 [ 1038.584951][T21118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.584968][T21118] ? tomoyo_path_number_perm+0x263/0x520 [ 1038.584987][T21118] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1038.585016][T21118] ? video_usercopy+0x10d0/0x10d0 [ 1038.590220][T21124] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1038.616293][T21118] video_ioctl2+0x2d/0x35 [ 1038.616310][T21118] v4l2_ioctl+0x156/0x1b0 [ 1038.616323][T21118] ? video_devdata+0xa0/0xa0 [ 1038.616342][T21118] do_vfs_ioctl+0xd6e/0x1390 [ 1038.616362][T21118] ? ioctl_preallocate+0x210/0x210 [ 1038.616377][T21118] ? __fget+0x381/0x550 [ 1038.616396][T21118] ? ksys_dup3+0x3e0/0x3e0 [ 1038.616417][T21118] ? nsecs_to_jiffies+0x30/0x30 [ 1038.622059][T21124] lowmem_reserve[]: 0 0 0 0 [ 1038.627217][T21118] ? tomoyo_file_ioctl+0x23/0x30 [ 1038.627234][T21118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.627253][T21118] ? security_file_ioctl+0x93/0xc0 [ 1038.632636][T21124] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1038.637359][T21118] ksys_ioctl+0xab/0xd0 [ 1038.637380][T21118] __x64_sys_ioctl+0x73/0xb0 [ 1038.637397][T21118] do_syscall_64+0x103/0x670 [ 1038.637417][T21118] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1038.643294][T21124] lowmem_reserve[]: 0 0 0 0 [ 1038.647863][T21118] RIP: 0033:0x458c29 [ 1038.647878][T21118] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1038.647887][T21118] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1038.647901][T21118] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1038.647914][T21118] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1038.653074][T21124] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1038.657628][T21118] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1038.657638][T21118] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1038.657647][T21118] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1038.663629][T21126] CPU: 0 PID: 21126 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1038.692803][T21124] Node 0 DMA32: 30*4kB (ME) 135*8kB (UME) 102*16kB (UME) 722*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 3*2048kB (UE) 133*4096kB (UM) = 638544kB [ 1038.695797][T21126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1038.695803][T21126] Call Trace: [ 1038.695829][T21126] dump_stack+0x172/0x1f0 [ 1038.695850][T21126] warn_alloc.cold+0x87/0x17f [ 1038.701158][T21124] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1038.706134][T21126] ? zone_watermark_ok_safe+0x260/0x260 [ 1038.706156][T21126] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1038.706197][T21126] __vmalloc_node_range+0x48a/0x790 [ 1038.706212][T21126] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1038.706233][T21126] ? kmem_cache_alloc_trace+0x354/0x760 [ 1038.713244][T21124] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1038.716417][T21126] ? vb2_vmalloc_alloc+0xca/0x280 [ 1038.716437][T21126] vmalloc_user+0x6b/0x90 [ 1038.716456][T21126] ? vb2_vmalloc_alloc+0xca/0x280 [ 1038.723330][T21124] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1038.728119][T21126] vb2_vmalloc_alloc+0xca/0x280 [ 1038.728132][T21126] ? __vb2_queue_alloc+0xf5/0xf40 [ 1038.728192][T21126] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1038.728209][T21126] __vb2_queue_alloc+0x5a6/0xf40 [ 1038.733735][T21124] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1038.738768][T21126] vb2_core_create_bufs+0x2bc/0x790 [ 1038.738787][T21126] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1038.738803][T21126] ? __vb2_queue_alloc+0xf40/0xf40 [ 1038.743883][T21124] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1038.748307][T21126] ? lock_acquire+0x16f/0x3f0 [ 1038.748326][T21126] ? __video_do_ioctl+0x398/0xce0 [ 1038.748338][T21126] ? __lock_acquire+0x548/0x3fb0 [ 1038.748360][T21126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.779482][T21124] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1038.783386][T21126] vb2_create_bufs+0x472/0x7d0 [ 1038.783406][T21126] ? vb2_request_queue+0x120/0x120 [ 1038.783421][T21126] ? __lock_acquire+0x548/0x3fb0 [ 1038.783438][T21126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.783458][T21126] ? debug_smp_processor_id+0x3c/0x280 [ 1038.790076][T21124] 48883 total pagecache pages [ 1038.794514][T21126] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1038.794533][T21126] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1038.794551][T21126] v4l_create_bufs+0xc0/0x180 [ 1038.794571][T21126] __video_do_ioctl+0x7f1/0xce0 [ 1038.794594][T21126] ? v4l_s_fmt+0xab0/0xab0 [ 1038.799680][T21124] 0 pages in swap cache [ 1038.803735][T21126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1038.803761][T21126] ? _copy_from_user+0xdd/0x150 [ 1038.803782][T21126] video_usercopy+0x4c5/0x10d0 [ 1038.803800][T21126] ? v4l_s_fmt+0xab0/0xab0 [ 1039.353376][T21126] ? v4l_enumstd+0x70/0x70 [ 1039.357789][T21126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.364014][T21126] ? tomoyo_path_number_perm+0x263/0x520 [ 1039.369645][T21126] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1039.375461][T21126] ? video_usercopy+0x10d0/0x10d0 [ 1039.380466][T21126] video_ioctl2+0x2d/0x35 [ 1039.384781][T21126] v4l2_ioctl+0x156/0x1b0 [ 1039.389090][T21126] ? video_devdata+0xa0/0xa0 [ 1039.393682][T21126] do_vfs_ioctl+0xd6e/0x1390 [ 1039.398275][T21126] ? ioctl_preallocate+0x210/0x210 [ 1039.403370][T21126] ? __fget+0x381/0x550 [ 1039.407518][T21126] ? ksys_dup3+0x3e0/0x3e0 [ 1039.411916][T21126] ? nsecs_to_jiffies+0x30/0x30 [ 1039.416754][T21126] ? tomoyo_file_ioctl+0x23/0x30 [ 1039.421675][T21126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.427907][T21126] ? security_file_ioctl+0x93/0xc0 [ 1039.433004][T21126] ksys_ioctl+0xab/0xd0 [ 1039.437156][T21126] __x64_sys_ioctl+0x73/0xb0 [ 1039.441737][T21126] do_syscall_64+0x103/0x670 [ 1039.446314][T21126] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.452187][T21126] RIP: 0033:0x458c29 [ 1039.456091][T21126] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1039.475765][T21126] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1039.484160][T21126] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1039.492115][T21126] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1039.500068][T21126] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1039.508019][T21126] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1039.515977][T21126] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1039.524431][T21124] Swap cache stats: add 0, delete 0, find 0/0 [ 1039.527016][T21118] Mem-Info: [ 1039.537322][T21124] Free swap = 0kB [ 1039.541176][T21124] Total swap = 0kB [ 1039.544786][T21141] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1039.559355][T21124] 1965979 pages RAM [ 1039.563406][T21124] 0 pages HighMem/MovableOnly [ 1039.568215][T21124] 339405 pages reserved [ 1039.569777][T21141] CPU: 1 PID: 21141 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1039.573151][T21124] 0 pages cma reserved [ 1039.581551][T21141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1039.581558][T21141] Call Trace: [ 1039.581586][T21141] dump_stack+0x172/0x1f0 [ 1039.581613][T21141] warn_alloc.cold+0x87/0x17f [ 1039.581629][T21141] ? zone_watermark_ok_safe+0x260/0x260 [ 1039.581648][T21141] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1039.581685][T21141] __vmalloc_node_range+0x48a/0x790 [ 1039.595796][T21141] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1039.595816][T21141] ? kmem_cache_alloc_trace+0x354/0x760 [ 1039.595829][T21141] ? vb2_vmalloc_alloc+0xca/0x280 [ 1039.595846][T21141] vmalloc_user+0x6b/0x90 [ 1039.595859][T21141] ? vb2_vmalloc_alloc+0xca/0x280 [ 1039.595872][T21141] vb2_vmalloc_alloc+0xca/0x280 [ 1039.595882][T21141] ? __vb2_queue_alloc+0xf5/0xf40 [ 1039.595898][T21141] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1039.595908][T21141] __vb2_queue_alloc+0x5a6/0xf40 [ 1039.595937][T21141] vb2_core_create_bufs+0x2bc/0x790 [ 1039.595957][T21141] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1039.603577][T21141] ? __vb2_queue_alloc+0xf40/0xf40 [ 1039.603597][T21141] ? lock_acquire+0x16f/0x3f0 [ 1039.603613][T21141] ? __video_do_ioctl+0x398/0xce0 [ 1039.603625][T21141] ? __lock_acquire+0x548/0x3fb0 [ 1039.603646][T21141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.603666][T21141] vb2_create_bufs+0x472/0x7d0 [ 1039.603687][T21141] ? vb2_request_queue+0x120/0x120 [ 1039.613892][T21141] ? __lock_acquire+0x548/0x3fb0 [ 1039.613916][T21141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.624713][T21141] ? debug_smp_processor_id+0x3c/0x280 [ 1039.624734][T21141] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1039.624751][T21141] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1039.624770][T21141] v4l_create_bufs+0xc0/0x180 [ 1039.624791][T21141] __video_do_ioctl+0x7f1/0xce0 [ 1039.624815][T21141] ? v4l_s_fmt+0xab0/0xab0 [ 1039.635349][T21141] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1039.635366][T21141] ? _copy_from_user+0xdd/0x150 [ 1039.635389][T21141] video_usercopy+0x4c5/0x10d0 [ 1039.635404][T21141] ? v4l_s_fmt+0xab0/0xab0 [ 1039.635425][T21141] ? v4l_enumstd+0x70/0x70 [ 1039.659614][T21141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.659635][T21141] ? tomoyo_path_number_perm+0x263/0x520 [ 1039.670346][T21141] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1039.670379][T21141] ? video_usercopy+0x10d0/0x10d0 [ 1039.682113][T21118] active_anon:240194 inactive_anon:201 isolated_anon:0 [ 1039.682113][T21118] active_file:8197 inactive_file:40435 isolated_file:0 [ 1039.682113][T21118] unevictable:0 dirty:130 writeback:0 unstable:0 [ 1039.682113][T21118] slab_reclaimable:14088 slab_unreclaimable:104276 [ 1039.682113][T21118] mapped:58824 shmem:248 pagetables:6536 bounce:0 [ 1039.682113][T21118] free:1111055 free_pcp:350 free_cma:0 [ 1039.685992][T21141] video_ioctl2+0x2d/0x35 [ 1039.686009][T21141] v4l2_ioctl+0x156/0x1b0 [ 1039.686024][T21141] ? video_devdata+0xa0/0xa0 [ 1039.686041][T21141] do_vfs_ioctl+0xd6e/0x1390 [ 1039.686060][T21141] ? ioctl_preallocate+0x210/0x210 [ 1039.690833][T21118] Node 0 active_anon:960776kB inactive_anon:804kB active_file:32652kB inactive_file:161740kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:520kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 544768kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1039.695727][T21141] ? __fget+0x381/0x550 [ 1039.695750][T21141] ? ksys_dup3+0x3e0/0x3e0 [ 1039.695766][T21141] ? nsecs_to_jiffies+0x30/0x30 [ 1039.695788][T21141] ? tomoyo_file_ioctl+0x23/0x30 [ 1039.695802][T21141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.695817][T21141] ? security_file_ioctl+0x93/0xc0 [ 1039.695837][T21141] ksys_ioctl+0xab/0xd0 [ 1039.695858][T21141] __x64_sys_ioctl+0x73/0xb0 [ 1039.695881][T21141] do_syscall_64+0x103/0x670 [ 1039.713283][T21118] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1039.717910][T21141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.717923][T21141] RIP: 0033:0x458c29 [ 1039.717938][T21141] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1039.717947][T21141] RSP: 002b:00007f92fa780c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1039.717965][T21141] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1039.723113][ T5] Bluetooth: hci0: command 0x1009 tx timeout [ 1039.729108][T21141] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1039.729117][T21141] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1039.729126][T21141] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7816d4 [ 1039.729135][T21141] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1039.734122][T21145] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1039.741950][T21118] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1039.745932][T21145] CPU: 1 PID: 21145 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1039.750076][T21118] lowmem_reserve[]: 0 2553 2555 2555 [ 1039.754772][T21145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1039.754778][T21145] Call Trace: [ 1039.754807][T21145] dump_stack+0x172/0x1f0 [ 1039.754831][T21145] warn_alloc.cold+0x87/0x17f [ 1039.754849][T21145] ? zone_watermark_ok_safe+0x260/0x260 [ 1039.754864][T21145] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1039.754902][T21145] __vmalloc_node_range+0x48a/0x790 [ 1039.754918][T21145] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1039.754937][T21145] ? kmem_cache_alloc_trace+0x354/0x760 [ 1039.754950][T21145] ? vb2_vmalloc_alloc+0xca/0x280 [ 1039.754968][T21145] vmalloc_user+0x6b/0x90 [ 1039.754981][T21145] ? vb2_vmalloc_alloc+0xca/0x280 [ 1039.754998][T21145] vb2_vmalloc_alloc+0xca/0x280 [ 1039.765366][T21118] Node 0 DMA32 free:638096kB min:36232kB low:45288kB high:54344kB active_anon:960776kB inactive_anon:804kB active_file:32652kB inactive_file:161740kB unevictable:0kB writepending:520kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14176kB pagetables:26144kB bounce:0kB free_pcp:1608kB local_pcp:1064kB free_cma:0kB [ 1039.765630][T21145] ? __vb2_queue_alloc+0xf5/0xf40 [ 1039.765652][T21145] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1039.770588][T21118] lowmem_reserve[]: 0 0 2 2 [ 1039.775207][T21145] __vb2_queue_alloc+0x5a6/0xf40 [ 1039.775239][T21145] vb2_core_create_bufs+0x2bc/0x790 [ 1039.775258][T21145] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1039.775271][T21145] ? __vb2_queue_alloc+0xf40/0xf40 [ 1039.775286][T21145] ? lock_acquire+0x16f/0x3f0 [ 1039.775303][T21145] ? __video_do_ioctl+0x398/0xce0 [ 1039.775317][T21145] ? __lock_acquire+0x548/0x3fb0 [ 1039.775341][T21145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.785377][T21118] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1039.790384][T21145] vb2_create_bufs+0x472/0x7d0 [ 1039.790402][T21145] ? vb2_request_queue+0x120/0x120 [ 1039.790418][T21145] ? __lock_acquire+0x548/0x3fb0 [ 1039.790437][T21145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.797058][T21118] lowmem_reserve[]: 0 0 0 0 [ 1039.801820][T21145] ? debug_smp_processor_id+0x3c/0x280 [ 1039.801843][T21145] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1039.801861][T21145] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1039.801879][T21145] v4l_create_bufs+0xc0/0x180 [ 1039.801900][T21145] __video_do_ioctl+0x7f1/0xce0 [ 1039.801924][T21145] ? v4l_s_fmt+0xab0/0xab0 [ 1039.801947][T21145] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1039.801961][T21145] ? _copy_from_user+0xdd/0x150 [ 1039.801980][T21145] video_usercopy+0x4c5/0x10d0 [ 1039.811533][T21118] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1039.844978][T21145] ? v4l_s_fmt+0xab0/0xab0 [ 1039.845000][T21145] ? v4l_enumstd+0x70/0x70 [ 1039.845014][T21145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.845030][T21145] ? tomoyo_path_number_perm+0x263/0x520 [ 1039.845047][T21145] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1039.845076][T21145] ? video_usercopy+0x10d0/0x10d0 [ 1039.845089][T21145] video_ioctl2+0x2d/0x35 [ 1039.845104][T21145] v4l2_ioctl+0x156/0x1b0 [ 1039.845116][T21145] ? video_devdata+0xa0/0xa0 [ 1039.845134][T21145] do_vfs_ioctl+0xd6e/0x1390 [ 1039.845154][T21145] ? ioctl_preallocate+0x210/0x210 [ 1039.845173][T21145] ? __fget+0x381/0x550 [ 1039.855289][T21118] lowmem_reserve[]: 0 0 0 0 [ 1039.858379][T21145] ? ksys_dup3+0x3e0/0x3e0 [ 1039.858398][T21145] ? nsecs_to_jiffies+0x30/0x30 [ 1039.858422][T21145] ? tomoyo_file_ioctl+0x23/0x30 [ 1039.864180][T21118] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1039.868077][T21145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.868095][T21145] ? security_file_ioctl+0x93/0xc0 [ 1039.868117][T21145] ksys_ioctl+0xab/0xd0 [ 1039.868141][T21145] __x64_sys_ioctl+0x73/0xb0 [ 1039.903365][T21118] Node 0 DMA32: 28*4kB (E) 181*8kB (UE) 74*16kB (UME) 710*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 3*2048kB (UE) 133*4096kB (UM) = 638072kB [ 1039.905552][T21145] do_syscall_64+0x103/0x670 [ 1039.905576][T21145] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.905592][T21145] RIP: 0033:0x458c29 [ 1039.910518][T21118] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1039.915351][T21145] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1039.915358][T21145] RSP: 002b:00007fa60ca30c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1039.915369][T21145] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1039.915377][T21145] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1039.915385][T21145] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1039.915392][T21145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca316d4 [ 1039.915400][T21145] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1039.967675][T21118] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1039.997128][T21118] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1040.642693][T21118] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1040.642779][ T5] Bluetooth: hci1: command 0x1003 tx timeout [ 1040.656573][T21118] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1040.658613][T17349] Bluetooth: hci1: sending frame failed (-49) [ 1040.669398][T21118] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1040.684036][T21118] 48904 total pagecache pages [ 1040.688739][T21118] 0 pages in swap cache [ 1040.693813][T21118] Swap cache stats: add 0, delete 0, find 0/0 [ 1040.699992][T21118] Free swap = 0kB [ 1040.703782][T21118] Total swap = 0kB [ 1040.707498][T21118] 1965979 pages RAM [ 1040.711284][T21118] 0 pages HighMem/MovableOnly [ 1040.716010][T21118] 339405 pages reserved [ 1040.720160][T21118] 0 pages cma reserved [ 1041.731593][ T5] Bluetooth: hci2: command 0x1003 tx timeout [ 1041.737782][T17349] Bluetooth: hci2: sending frame failed (-49) [ 1042.681596][ T5] Bluetooth: hci1: command 0x1001 tx timeout [ 1042.687773][T17349] Bluetooth: hci1: sending frame failed (-49) 09:14:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xfffffffe) 09:14:10 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}]}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0x100, 0x0) getsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000240), &(0x7f0000000280)=0x4) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f00000002c0)) 09:14:10 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x40000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:10 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x80000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:10 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x6c00000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1043.773091][T21156] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1043.779226][T21151] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1043.801531][ T7678] Bluetooth: hci2: command 0x1001 tx timeout [ 1043.807672][ T1285] Bluetooth: hci2: sending frame failed (-49) 09:14:10 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1043.811616][T21158] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1043.839689][T21156] CPU: 0 PID: 21156 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1043.848906][T21156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1043.858959][T21156] Call Trace: [ 1043.862256][T21156] dump_stack+0x172/0x1f0 [ 1043.866602][T21156] warn_alloc.cold+0x87/0x17f [ 1043.871297][T21156] ? zone_watermark_ok_safe+0x260/0x260 [ 1043.876853][T21156] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1043.882516][T21156] __vmalloc_node_range+0x48a/0x790 [ 1043.887725][T21156] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1043.892759][T21156] ? kmem_cache_alloc_trace+0x354/0x760 [ 1043.898303][T21156] ? vb2_vmalloc_alloc+0xca/0x280 [ 1043.903333][T21156] vmalloc_user+0x6b/0x90 [ 1043.907660][T21156] ? vb2_vmalloc_alloc+0xca/0x280 [ 1043.912685][T21156] vb2_vmalloc_alloc+0xca/0x280 [ 1043.917619][T21156] ? __vb2_queue_alloc+0xf5/0xf40 [ 1043.922643][T21156] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1043.928455][T21156] __vb2_queue_alloc+0x5a6/0xf40 [ 1043.933411][T21156] vb2_core_create_bufs+0x2bc/0x790 [ 1043.938617][T21156] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1043.943980][T21156] ? __vb2_queue_alloc+0xf40/0xf40 [ 1043.949107][T21156] ? lock_acquire+0x16f/0x3f0 [ 1043.953780][T21156] ? __video_do_ioctl+0x398/0xce0 [ 1043.958797][T21156] ? __lock_acquire+0x548/0x3fb0 [ 1043.963734][T21156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1043.969962][T21156] vb2_create_bufs+0x472/0x7d0 [ 1043.974718][T21156] ? vb2_request_queue+0x120/0x120 [ 1043.979841][T21156] ? __lock_acquire+0x548/0x3fb0 [ 1043.984774][T21156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1043.991002][T21156] ? debug_smp_processor_id+0x3c/0x280 [ 1043.996892][T21156] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1044.001909][T21156] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1044.007446][T21156] v4l_create_bufs+0xc0/0x180 [ 1044.012117][T21156] __video_do_ioctl+0x7f1/0xce0 [ 1044.016967][T21156] ? v4l_s_fmt+0xab0/0xab0 [ 1044.021376][T21156] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1044.027610][T21156] ? _copy_from_user+0xdd/0x150 [ 1044.032476][T21156] video_usercopy+0x4c5/0x10d0 [ 1044.037242][T21156] ? v4l_s_fmt+0xab0/0xab0 [ 1044.041668][T21156] ? v4l_enumstd+0x70/0x70 [ 1044.046072][T21156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.052302][T21156] ? tomoyo_path_number_perm+0x263/0x520 [ 1044.057926][T21156] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1044.063737][T21156] ? video_usercopy+0x10d0/0x10d0 [ 1044.068752][T21156] video_ioctl2+0x2d/0x35 [ 1044.073076][T21156] v4l2_ioctl+0x156/0x1b0 [ 1044.077395][T21156] ? video_devdata+0xa0/0xa0 [ 1044.081993][T21156] do_vfs_ioctl+0xd6e/0x1390 [ 1044.086681][T21156] ? ioctl_preallocate+0x210/0x210 [ 1044.091785][T21156] ? __fget+0x381/0x550 [ 1044.095944][T21156] ? ksys_dup3+0x3e0/0x3e0 [ 1044.100355][T21156] ? nsecs_to_jiffies+0x30/0x30 [ 1044.105225][T21156] ? tomoyo_file_ioctl+0x23/0x30 [ 1044.110160][T21156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.116400][T21156] ? security_file_ioctl+0x93/0xc0 [ 1044.121559][T21156] ksys_ioctl+0xab/0xd0 [ 1044.125718][T21156] __x64_sys_ioctl+0x73/0xb0 [ 1044.130309][T21156] do_syscall_64+0x103/0x670 [ 1044.134908][T21156] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1044.140792][T21156] RIP: 0033:0x458c29 [ 1044.144707][T21156] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1044.164305][T21156] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1044.172714][T21156] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1044.180681][T21156] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1044.188642][T21156] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1044.196607][T21156] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1044.204581][T21156] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1044.213525][T21158] CPU: 0 PID: 21158 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1044.222636][T21158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1044.232686][T21158] Call Trace: [ 1044.235986][T21158] dump_stack+0x172/0x1f0 [ 1044.240320][T21158] warn_alloc.cold+0x87/0x17f [ 1044.244996][T21158] ? zone_watermark_ok_safe+0x260/0x260 [ 1044.250630][T21158] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1044.256288][T21158] __vmalloc_node_range+0x48a/0x790 [ 1044.261546][T21156] warn_alloc_show_mem: 3 callbacks suppressed [ 1044.261554][T21156] Mem-Info: [ 1044.267618][T21158] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1044.267640][T21158] ? kmem_cache_alloc_trace+0x354/0x760 [ 1044.267658][T21158] ? vb2_vmalloc_alloc+0xca/0x280 [ 1044.270875][T21156] active_anon:240701 inactive_anon:201 isolated_anon:0 [ 1044.270875][T21156] active_file:8198 inactive_file:40462 isolated_file:0 [ 1044.270875][T21156] unevictable:0 dirty:152 writeback:0 unstable:0 [ 1044.270875][T21156] slab_reclaimable:14064 slab_unreclaimable:104236 [ 1044.270875][T21156] mapped:58824 shmem:248 pagetables:6558 bounce:0 [ 1044.270875][T21156] free:1110455 free_pcp:408 free_cma:0 [ 1044.275760][T21158] vmalloc_user+0x6b/0x90 [ 1044.275777][T21158] ? vb2_vmalloc_alloc+0xca/0x280 [ 1044.275793][T21158] vb2_vmalloc_alloc+0xca/0x280 [ 1044.275815][T21158] ? __vb2_queue_alloc+0xf5/0xf40 [ 1044.275833][T21158] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1044.275844][T21158] __vb2_queue_alloc+0x5a6/0xf40 [ 1044.275876][T21158] vb2_core_create_bufs+0x2bc/0x790 [ 1044.275895][T21158] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1044.275907][T21158] ? __vb2_queue_alloc+0xf40/0xf40 [ 1044.275921][T21158] ? lock_acquire+0x16f/0x3f0 [ 1044.275941][T21158] ? __video_do_ioctl+0x398/0xce0 [ 1044.299511][T21156] Node 0 active_anon:962804kB inactive_anon:804kB active_file:32656kB inactive_file:161848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:608kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 540672kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1044.324648][T21158] ? __lock_acquire+0x548/0x3fb0 [ 1044.324671][T21158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.324691][T21158] vb2_create_bufs+0x472/0x7d0 [ 1044.324709][T21158] ? vb2_request_queue+0x120/0x120 [ 1044.324723][T21158] ? __lock_acquire+0x548/0x3fb0 [ 1044.324740][T21158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.324755][T21158] ? debug_smp_processor_id+0x3c/0x280 [ 1044.324776][T21158] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1044.324795][T21158] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1044.324816][T21158] v4l_create_bufs+0xc0/0x180 [ 1044.370196][T21156] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1044.370493][T21158] __video_do_ioctl+0x7f1/0xce0 [ 1044.385719][T21156] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1044.409042][T21158] ? v4l_s_fmt+0xab0/0xab0 [ 1044.409067][T21158] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1044.409082][T21158] ? _copy_from_user+0xdd/0x150 [ 1044.409101][T21158] video_usercopy+0x4c5/0x10d0 [ 1044.409116][T21158] ? v4l_s_fmt+0xab0/0xab0 [ 1044.409137][T21158] ? v4l_enumstd+0x70/0x70 [ 1044.409151][T21158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.409165][T21158] ? tomoyo_path_number_perm+0x263/0x520 [ 1044.409182][T21158] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1044.409209][T21158] ? video_usercopy+0x10d0/0x10d0 [ 1044.409222][T21158] video_ioctl2+0x2d/0x35 [ 1044.409235][T21158] v4l2_ioctl+0x156/0x1b0 [ 1044.409247][T21158] ? video_devdata+0xa0/0xa0 [ 1044.409264][T21158] do_vfs_ioctl+0xd6e/0x1390 [ 1044.409281][T21158] ? ioctl_preallocate+0x210/0x210 [ 1044.409296][T21158] ? __fget+0x381/0x550 [ 1044.409316][T21158] ? ksys_dup3+0x3e0/0x3e0 [ 1044.409331][T21158] ? nsecs_to_jiffies+0x30/0x30 [ 1044.409349][T21158] ? tomoyo_file_ioctl+0x23/0x30 [ 1044.409364][T21158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.409379][T21158] ? security_file_ioctl+0x93/0xc0 [ 1044.409410][T21158] ksys_ioctl+0xab/0xd0 [ 1044.409429][T21158] __x64_sys_ioctl+0x73/0xb0 [ 1044.461171][T21156] lowmem_reserve[]: 0 2553 2555 2555 [ 1044.462177][T21158] do_syscall_64+0x103/0x670 [ 1044.462199][T21158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1044.462212][T21158] RIP: 0033:0x458c29 [ 1044.462228][T21158] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1044.462235][T21158] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1044.462248][T21158] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1044.462255][T21158] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1044.462262][T21158] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1044.462270][T21158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1044.462277][T21158] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1044.468454][T21151] CPU: 0 PID: 21151 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1044.492272][T21167] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1044.493630][T21151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1044.530009][T21156] Node 0 DMA32 free:635836kB min:36232kB low:45288kB high:54344kB active_anon:962844kB inactive_anon:804kB active_file:32656kB inactive_file:161860kB unevictable:0kB writepending:624kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14272kB pagetables:26252kB bounce:0kB free_pcp:1580kB local_pcp:1084kB free_cma:0kB [ 1044.532557][T21151] Call Trace: [ 1044.532578][T21151] dump_stack+0x172/0x1f0 [ 1044.532598][T21151] warn_alloc.cold+0x87/0x17f [ 1044.532614][T21151] ? zone_watermark_ok_safe+0x260/0x260 [ 1044.532630][T21151] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1044.532666][T21151] __vmalloc_node_range+0x48a/0x790 [ 1044.532680][T21151] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1044.532702][T21151] ? kmem_cache_alloc_trace+0x354/0x760 [ 1044.546919][T21156] lowmem_reserve[]: 0 0 2 2 [ 1044.551169][T21151] ? vb2_vmalloc_alloc+0xca/0x280 [ 1044.586956][T21156] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1044.586991][T21156] lowmem_reserve[]: 0 0 0 0 [ 1044.591572][T21151] vmalloc_user+0x6b/0x90 [ 1044.591591][T21151] ? vb2_vmalloc_alloc+0xca/0x280 [ 1044.591607][T21151] vb2_vmalloc_alloc+0xca/0x280 [ 1044.591624][T21151] ? __vb2_queue_alloc+0xf5/0xf40 [ 1044.596751][T21156] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1044.600865][T21151] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1044.631541][T21156] lowmem_reserve[]: 0 0 0 0 [ 1044.635029][T21151] __vb2_queue_alloc+0x5a6/0xf40 [ 1044.640280][T21156] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1044.644869][T21151] vb2_core_create_bufs+0x2bc/0x790 [ 1044.644887][T21151] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1044.644900][T21151] ? __vb2_queue_alloc+0xf40/0xf40 [ 1044.644916][T21151] ? lock_acquire+0x16f/0x3f0 [ 1044.644933][T21151] ? __video_do_ioctl+0x398/0xce0 [ 1044.644949][T21151] ? __lock_acquire+0x548/0x3fb0 [ 1044.671546][T21156] Node 0 DMA32: 1*4kB (E) 195*8kB (UE) 76*16kB (UME) 701*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 132*4096kB (UM) = 635772kB [ 1044.674398][T21151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.706993][T21156] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1044.714795][T21151] vb2_create_bufs+0x472/0x7d0 [ 1044.714816][T21151] ? vb2_request_queue+0x120/0x120 [ 1044.714831][T21151] ? __lock_acquire+0x548/0x3fb0 [ 1044.714850][T21151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.768873][ T7678] Bluetooth: hci1: command 0x1009 tx timeout [ 1044.786511][T21151] ? debug_smp_processor_id+0x3c/0x280 [ 1044.786534][T21151] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1044.786551][T21151] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1044.786570][T21151] v4l_create_bufs+0xc0/0x180 [ 1044.786590][T21151] __video_do_ioctl+0x7f1/0xce0 [ 1044.786615][T21151] ? v4l_s_fmt+0xab0/0xab0 [ 1044.786637][T21151] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1044.789944][T21156] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1044.794213][T21151] ? _copy_from_user+0xdd/0x150 [ 1044.794234][T21151] video_usercopy+0x4c5/0x10d0 [ 1044.794247][T21151] ? v4l_s_fmt+0xab0/0xab0 [ 1044.794266][T21151] ? v4l_enumstd+0x70/0x70 [ 1044.794283][T21151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.813368][T21156] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1044.815395][T21151] ? tomoyo_path_number_perm+0x263/0x520 [ 1044.820480][T21156] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1044.826004][T21151] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1044.826036][T21151] ? video_usercopy+0x10d0/0x10d0 [ 1044.826051][T21151] video_ioctl2+0x2d/0x35 [ 1044.826068][T21151] v4l2_ioctl+0x156/0x1b0 [ 1044.826082][T21151] ? video_devdata+0xa0/0xa0 [ 1044.826100][T21151] do_vfs_ioctl+0xd6e/0x1390 [ 1044.826120][T21151] ? ioctl_preallocate+0x210/0x210 [ 1044.856997][T21156] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1044.862154][T21151] ? __fget+0x381/0x550 [ 1044.862178][T21151] ? ksys_dup3+0x3e0/0x3e0 [ 1044.862197][T21151] ? nsecs_to_jiffies+0x30/0x30 [ 1044.896428][T21156] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1044.914091][T21151] ? tomoyo_file_ioctl+0x23/0x30 [ 1044.914106][T21151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.914120][T21151] ? security_file_ioctl+0x93/0xc0 [ 1044.914140][T21151] ksys_ioctl+0xab/0xd0 [ 1044.914160][T21151] __x64_sys_ioctl+0x73/0xb0 [ 1044.914176][T21151] do_syscall_64+0x103/0x670 [ 1044.914193][T21151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1044.945452][T21156] 48908 total pagecache pages [ 1044.948825][T21151] RIP: 0033:0x458c29 [ 1044.972469][T21156] 0 pages in swap cache [ 1044.973952][T21151] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1045.036482][T21156] Swap cache stats: add 0, delete 0, find 0/0 [ 1045.037412][T21151] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1045.056510][T21156] Free swap = 0kB [ 1045.058031][T21151] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1045.076449][T21156] Total swap = 0kB [ 1045.090624][T21151] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1045.090631][T21151] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1045.090639][T21151] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1045.090647][T21151] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1045.110022][T21171] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1045.122786][T21167] CPU: 1 PID: 21167 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1045.358382][T21167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1045.368427][T21167] Call Trace: [ 1045.371720][T21167] dump_stack+0x172/0x1f0 [ 1045.376054][T21167] warn_alloc.cold+0x87/0x17f [ 1045.380730][T21167] ? zone_watermark_ok_safe+0x260/0x260 [ 1045.386276][T21167] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1045.391926][T21167] __vmalloc_node_range+0x48a/0x790 [ 1045.397124][T21167] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1045.402157][T21167] ? kmem_cache_alloc_trace+0x354/0x760 [ 1045.407703][T21167] ? vb2_vmalloc_alloc+0xca/0x280 [ 1045.412741][T21167] vmalloc_user+0x6b/0x90 [ 1045.417071][T21167] ? vb2_vmalloc_alloc+0xca/0x280 [ 1045.422196][T21167] vb2_vmalloc_alloc+0xca/0x280 [ 1045.427043][T21167] ? __vb2_queue_alloc+0xf5/0xf40 [ 1045.432074][T21167] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1045.437893][T21167] __vb2_queue_alloc+0x5a6/0xf40 [ 1045.442859][T21167] vb2_core_create_bufs+0x2bc/0x790 [ 1045.448055][T21167] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1045.453423][T21167] ? __vb2_queue_alloc+0xf40/0xf40 [ 1045.458531][T21167] ? lock_acquire+0x16f/0x3f0 [ 1045.463208][T21167] ? __video_do_ioctl+0x398/0xce0 [ 1045.468239][T21167] ? __lock_acquire+0x548/0x3fb0 [ 1045.473182][T21167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.479427][T21167] vb2_create_bufs+0x472/0x7d0 [ 1045.484193][T21167] ? vb2_request_queue+0x120/0x120 [ 1045.489307][T21167] ? __lock_acquire+0x548/0x3fb0 [ 1045.494344][T21167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.500577][T21167] ? debug_smp_processor_id+0x3c/0x280 [ 1045.506037][T21167] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1045.511073][T21167] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1045.516612][T21167] v4l_create_bufs+0xc0/0x180 [ 1045.521285][T21167] __video_do_ioctl+0x7f1/0xce0 [ 1045.526149][T21167] ? v4l_s_fmt+0xab0/0xab0 [ 1045.530573][T21167] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1045.536997][T21167] ? _copy_from_user+0xdd/0x150 [ 1045.541848][T21167] video_usercopy+0x4c5/0x10d0 [ 1045.546626][T21167] ? v4l_s_fmt+0xab0/0xab0 [ 1045.551134][T21167] ? v4l_enumstd+0x70/0x70 [ 1045.555545][T21167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.561779][T21167] ? tomoyo_path_number_perm+0x263/0x520 [ 1045.567406][T21167] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1045.573253][T21167] ? video_usercopy+0x10d0/0x10d0 [ 1045.578273][T21167] video_ioctl2+0x2d/0x35 [ 1045.582609][T21167] v4l2_ioctl+0x156/0x1b0 [ 1045.586950][T21167] ? video_devdata+0xa0/0xa0 [ 1045.591638][T21167] do_vfs_ioctl+0xd6e/0x1390 [ 1045.596240][T21167] ? ioctl_preallocate+0x210/0x210 [ 1045.601350][T21167] ? __fget+0x381/0x550 [ 1045.605510][T21167] ? ksys_dup3+0x3e0/0x3e0 [ 1045.609923][T21167] ? nsecs_to_jiffies+0x30/0x30 [ 1045.614777][T21167] ? tomoyo_file_ioctl+0x23/0x30 [ 1045.619714][T21167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.626038][T21167] ? security_file_ioctl+0x93/0xc0 [ 1045.639835][T21167] ksys_ioctl+0xab/0xd0 [ 1045.644099][T21167] __x64_sys_ioctl+0x73/0xb0 [ 1045.648694][T21167] do_syscall_64+0x103/0x670 [ 1045.653318][T21167] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1045.659204][T21167] RIP: 0033:0x458c29 [ 1045.663100][T21167] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1045.682702][T21167] RSP: 002b:00007f53a9456c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1045.691109][T21167] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1045.700596][T21167] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1045.708571][T21167] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1045.716548][T21167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94576d4 [ 1045.724517][T21167] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1045.732510][T21171] CPU: 0 PID: 21171 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1045.737926][T21156] 1965979 pages RAM [ 1045.741617][T21171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1045.741622][T21171] Call Trace: [ 1045.741645][T21171] dump_stack+0x172/0x1f0 [ 1045.741666][T21171] warn_alloc.cold+0x87/0x17f [ 1045.741681][T21171] ? zone_watermark_ok_safe+0x260/0x260 [ 1045.741697][T21171] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1045.741740][T21171] __vmalloc_node_range+0x48a/0x790 [ 1045.741755][T21171] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1045.741775][T21171] ? kmem_cache_alloc_trace+0x354/0x760 [ 1045.741789][T21171] ? vb2_vmalloc_alloc+0xca/0x280 [ 1045.741808][T21171] vmalloc_user+0x6b/0x90 [ 1045.741823][T21171] ? vb2_vmalloc_alloc+0xca/0x280 [ 1045.741840][T21171] vb2_vmalloc_alloc+0xca/0x280 [ 1045.745629][T21156] 0 pages HighMem/MovableOnly [ 1045.755665][T21171] ? __vb2_queue_alloc+0xf5/0xf40 [ 1045.755683][T21171] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1045.755695][T21171] __vb2_queue_alloc+0x5a6/0xf40 [ 1045.755728][T21171] vb2_core_create_bufs+0x2bc/0x790 [ 1045.755745][T21171] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1045.755757][T21171] ? __vb2_queue_alloc+0xf40/0xf40 [ 1045.755775][T21171] ? lock_acquire+0x16f/0x3f0 [ 1045.759684][T21156] 339405 pages reserved [ 1045.763347][T21171] ? __video_do_ioctl+0x398/0xce0 [ 1045.763362][T21171] ? __lock_acquire+0x548/0x3fb0 [ 1045.763382][T21171] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.763400][T21171] vb2_create_bufs+0x472/0x7d0 [ 1045.763420][T21171] ? vb2_request_queue+0x120/0x120 [ 1045.763435][T21171] ? __lock_acquire+0x548/0x3fb0 [ 1045.763452][T21171] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.763467][T21171] ? debug_smp_processor_id+0x3c/0x280 [ 1045.763490][T21171] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1045.763507][T21171] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1045.781533][T21156] 0 pages cma reserved [ 1045.784508][T21171] v4l_create_bufs+0xc0/0x180 [ 1045.819816][T21167] warn_alloc_show_mem: 2 callbacks suppressed [ 1045.819822][T21167] Mem-Info: [ 1045.823845][T21171] __video_do_ioctl+0x7f1/0xce0 [ 1045.823869][T21171] ? v4l_s_fmt+0xab0/0xab0 [ 1045.823891][T21171] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1045.829692][T21167] active_anon:240183 inactive_anon:201 isolated_anon:0 [ 1045.829692][T21167] active_file:8198 inactive_file:40483 isolated_file:0 [ 1045.829692][T21167] unevictable:0 dirty:118 writeback:1 unstable:0 [ 1045.829692][T21167] slab_reclaimable:14083 slab_unreclaimable:104254 [ 1045.829692][T21167] mapped:58824 shmem:248 pagetables:6526 bounce:0 [ 1045.829692][T21167] free:1110955 free_pcp:431 free_cma:0 [ 1045.834585][T21171] ? _copy_from_user+0xdd/0x150 [ 1045.834607][T21171] video_usercopy+0x4c5/0x10d0 [ 1045.834621][T21171] ? v4l_s_fmt+0xab0/0xab0 [ 1045.834640][T21171] ? v4l_enumstd+0x70/0x70 [ 1045.834654][T21171] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.834670][T21171] ? tomoyo_path_number_perm+0x263/0x520 [ 1045.834689][T21171] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1045.834724][T21171] ? video_usercopy+0x10d0/0x10d0 [ 1045.841559][T21167] Node 0 active_anon:960732kB inactive_anon:804kB active_file:32656kB inactive_file:161932kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:472kB writeback:4kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 546816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1045.845248][T21171] video_ioctl2+0x2d/0x35 [ 1045.850387][T21167] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1045.855197][T21171] v4l2_ioctl+0x156/0x1b0 [ 1045.855211][T21171] ? video_devdata+0xa0/0xa0 [ 1045.855230][T21171] do_vfs_ioctl+0xd6e/0x1390 [ 1045.855250][T21171] ? ioctl_preallocate+0x210/0x210 [ 1045.855268][T21171] ? __fget+0x381/0x550 [ 1045.865135][T21167] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1045.869330][T21171] ? ksys_dup3+0x3e0/0x3e0 [ 1045.877445][T21167] lowmem_reserve[]: 0 2553 2555 2555 [ 1045.880307][T21171] ? nsecs_to_jiffies+0x30/0x30 [ 1045.885495][ T7678] Bluetooth: hci0: command 0x1003 tx timeout [ 1045.890323][T21171] ? tomoyo_file_ioctl+0x23/0x30 [ 1045.901857][T21167] Node 0 DMA32 free:637828kB min:36232kB low:45288kB high:54344kB active_anon:960732kB inactive_anon:804kB active_file:32656kB inactive_file:161932kB unevictable:0kB writepending:380kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14144kB pagetables:26104kB bounce:0kB free_pcp:1724kB local_pcp:1276kB free_cma:0kB [ 1045.901980][T21171] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.906965][T21167] lowmem_reserve[]: 0 0 2 2 [ 1045.912487][T21171] ? security_file_ioctl+0x93/0xc0 [ 1045.912507][T21171] ksys_ioctl+0xab/0xd0 [ 1045.912527][T21171] __x64_sys_ioctl+0x73/0xb0 [ 1045.912547][T21171] do_syscall_64+0x103/0x670 [ 1045.912566][T21171] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1045.912577][T21171] RIP: 0033:0x458c29 [ 1045.912594][T21171] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1045.921096][T17349] Bluetooth: hci0: sending frame failed (-49) [ 1045.921279][T21171] RSP: 002b:00007fa60ca51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1045.921299][T21171] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1045.921308][T21171] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1045.921321][T21171] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1045.921330][T21171] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca526d4 [ 1045.921338][T21171] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1045.928637][T21167] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1045.940198][T19271] Bluetooth: hci2: command 0x1009 tx timeout [ 1045.949467][T21167] lowmem_reserve[]: 0 0 0 0 [ 1045.995007][T21167] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1046.013885][T21167] lowmem_reserve[]: 0 0 0 0 [ 1046.026081][T21167] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1046.068057][T21167] Node 0 DMA32: 2*4kB (ME) 94*8kB (UE) 60*16kB (UME) 706*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 5*2048kB (UME) 132*4096kB (UM) = 636920kB [ 1046.408543][T21167] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1046.422199][T21167] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1046.439739][T21167] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1046.449403][T21167] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1046.458804][T21167] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1046.468410][T21167] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1046.477715][T21167] 48926 total pagecache pages [ 1046.482443][T21167] 0 pages in swap cache [ 1046.486605][T21167] Swap cache stats: add 0, delete 0, find 0/0 [ 1046.492729][T21167] Free swap = 0kB [ 1046.496451][T21167] Total swap = 0kB [ 1046.500171][T21167] 1965979 pages RAM [ 1046.504033][T21167] 0 pages HighMem/MovableOnly [ 1046.508702][T21167] 339405 pages reserved [ 1046.512887][T21167] 0 pages cma reserved [ 1047.961588][ T7678] Bluetooth: hci0: command 0x1001 tx timeout [ 1047.967688][T17349] Bluetooth: hci0: sending frame failed (-49) [ 1050.041568][T19271] Bluetooth: hci0: command 0x1009 tx timeout 09:14:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5424, &(0x7f0000000080)) 09:14:16 executing program 0: r0 = socket$inet(0x2, 0x1, 0xcf5) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) r1 = syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0x2, 0x101000) write$P9_RRENAME(r1, &(0x7f0000000240)={0x7, 0x15, 0x1}, 0x7) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:14:16 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x100000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:16 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x7400000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:16 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x400c0000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1050.148972][T21178] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1050.173594][T21183] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 09:14:16 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f0000000200)="de", 0x1}], 0x1, 0x0, 0x2eb}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1050.190734][T21178] CPU: 0 PID: 21178 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1050.190948][T21182] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1050.199852][T21178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1050.199857][T21178] Call Trace: [ 1050.199880][T21178] dump_stack+0x172/0x1f0 [ 1050.199901][T21178] warn_alloc.cold+0x87/0x17f [ 1050.199916][T21178] ? zone_watermark_ok_safe+0x260/0x260 [ 1050.199932][T21178] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1050.199967][T21178] __vmalloc_node_range+0x48a/0x790 [ 1050.199981][T21178] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1050.200000][T21178] ? kmem_cache_alloc_trace+0x354/0x760 [ 1050.200025][T21178] ? vb2_vmalloc_alloc+0xca/0x280 [ 1050.268250][T21178] vmalloc_user+0x6b/0x90 [ 1050.272588][T21178] ? vb2_vmalloc_alloc+0xca/0x280 [ 1050.277611][T21178] vb2_vmalloc_alloc+0xca/0x280 [ 1050.282461][T21178] ? __vb2_queue_alloc+0xf5/0xf40 [ 1050.287495][T21178] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1050.293500][T21178] __vb2_queue_alloc+0x5a6/0xf40 [ 1050.298462][T21178] vb2_core_create_bufs+0x2bc/0x790 [ 1050.303662][T21178] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1050.309037][T21178] ? __vb2_queue_alloc+0xf40/0xf40 [ 1050.314146][T21178] ? lock_acquire+0x16f/0x3f0 [ 1050.318822][T21178] ? __video_do_ioctl+0x398/0xce0 [ 1050.323841][T21178] ? __lock_acquire+0x548/0x3fb0 [ 1050.328866][T21178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1050.335103][T21178] vb2_create_bufs+0x472/0x7d0 [ 1050.339880][T21178] ? vb2_request_queue+0x120/0x120 [ 1050.344987][T21178] ? __lock_acquire+0x548/0x3fb0 [ 1050.349928][T21178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1050.356163][T21178] ? debug_smp_processor_id+0x3c/0x280 [ 1050.361623][T21178] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1050.366646][T21178] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1050.372197][T21178] v4l_create_bufs+0xc0/0x180 [ 1050.376874][T21178] __video_do_ioctl+0x7f1/0xce0 [ 1050.381729][T21178] ? v4l_s_fmt+0xab0/0xab0 [ 1050.386153][T21178] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1050.392390][T21178] ? _copy_from_user+0xdd/0x150 [ 1050.397248][T21178] video_usercopy+0x4c5/0x10d0 [ 1050.402019][T21178] ? v4l_s_fmt+0xab0/0xab0 [ 1050.406443][T21178] ? v4l_enumstd+0x70/0x70 [ 1050.410860][T21178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1050.417100][T21178] ? tomoyo_path_number_perm+0x263/0x520 [ 1050.422738][T21178] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1050.428560][T21178] ? video_usercopy+0x10d0/0x10d0 [ 1050.433584][T21178] video_ioctl2+0x2d/0x35 [ 1050.437914][T21178] v4l2_ioctl+0x156/0x1b0 [ 1050.442241][T21178] ? video_devdata+0xa0/0xa0 [ 1050.446836][T21178] do_vfs_ioctl+0xd6e/0x1390 [ 1050.451435][T21178] ? ioctl_preallocate+0x210/0x210 [ 1050.456719][T21178] ? __fget+0x381/0x550 [ 1050.460880][T21178] ? ksys_dup3+0x3e0/0x3e0 [ 1050.465383][T21178] ? nsecs_to_jiffies+0x30/0x30 [ 1050.470242][T21178] ? tomoyo_file_ioctl+0x23/0x30 [ 1050.475181][T21178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1050.481423][T21178] ? security_file_ioctl+0x93/0xc0 [ 1050.486537][T21178] ksys_ioctl+0xab/0xd0 [ 1050.490695][T21178] __x64_sys_ioctl+0x73/0xb0 [ 1050.495283][T21178] do_syscall_64+0x103/0x670 [ 1050.499877][T21178] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1050.505767][T21178] RIP: 0033:0x458c29 [ 1050.509659][T21178] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1050.530780][T21178] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1050.539188][T21178] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1050.547154][T21178] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1050.555118][T21178] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1050.563084][T21178] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1050.571050][T21178] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1050.582719][T21183] CPU: 0 PID: 21183 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1050.591852][T21183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1050.602005][T21183] Call Trace: [ 1050.605297][T21183] dump_stack+0x172/0x1f0 [ 1050.609620][T21183] warn_alloc.cold+0x87/0x17f [ 1050.614282][T21183] ? zone_watermark_ok_safe+0x260/0x260 [ 1050.619815][T21183] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1050.625473][T21183] __vmalloc_node_range+0x48a/0x790 [ 1050.630661][T21183] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1050.635674][T21183] ? kmem_cache_alloc_trace+0x354/0x760 [ 1050.641225][T21183] ? vb2_vmalloc_alloc+0xca/0x280 [ 1050.646239][T21183] vmalloc_user+0x6b/0x90 [ 1050.650552][T21183] ? vb2_vmalloc_alloc+0xca/0x280 [ 1050.655581][T21183] vb2_vmalloc_alloc+0xca/0x280 [ 1050.660415][T21183] ? __vb2_queue_alloc+0xf5/0xf40 [ 1050.665431][T21183] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1050.671240][T21183] __vb2_queue_alloc+0x5a6/0xf40 [ 1050.676173][T21183] vb2_core_create_bufs+0x2bc/0x790 [ 1050.681358][T21183] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1050.686713][T21183] ? __vb2_queue_alloc+0xf40/0xf40 [ 1050.691811][T21183] ? lock_acquire+0x16f/0x3f0 [ 1050.696472][T21183] ? __video_do_ioctl+0x398/0xce0 [ 1050.701496][T21183] ? __lock_acquire+0x548/0x3fb0 [ 1050.706433][T21183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1050.712658][T21183] vb2_create_bufs+0x472/0x7d0 [ 1050.717413][T21183] ? vb2_request_queue+0x120/0x120 [ 1050.722507][T21183] ? __lock_acquire+0x548/0x3fb0 [ 1050.727427][T21183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1050.733651][T21183] ? debug_smp_processor_id+0x3c/0x280 [ 1050.739099][T21183] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1050.744111][T21183] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1050.749647][T21183] v4l_create_bufs+0xc0/0x180 [ 1050.754312][T21183] __video_do_ioctl+0x7f1/0xce0 [ 1050.759154][T21183] ? v4l_s_fmt+0xab0/0xab0 [ 1050.763552][T21183] ? _copy_from_user+0xa3/0x150 [ 1050.768391][T21183] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1050.774613][T21183] ? _copy_from_user+0xdd/0x150 [ 1050.779451][T21183] video_usercopy+0x4c5/0x10d0 [ 1050.784200][T21183] ? v4l_s_fmt+0xab0/0xab0 [ 1050.788602][T21183] ? v4l_enumstd+0x70/0x70 [ 1050.793007][T21183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1050.799239][T21183] ? tomoyo_path_number_perm+0x263/0x520 [ 1050.804858][T21183] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1050.810663][T21183] ? video_usercopy+0x10d0/0x10d0 [ 1050.815669][T21183] video_ioctl2+0x2d/0x35 [ 1050.819991][T21183] v4l2_ioctl+0x156/0x1b0 [ 1050.824306][T21183] ? video_devdata+0xa0/0xa0 [ 1050.828885][T21183] do_vfs_ioctl+0xd6e/0x1390 [ 1050.833463][T21183] ? ioctl_preallocate+0x210/0x210 [ 1050.838558][T21183] ? __fget+0x381/0x550 [ 1050.842709][T21183] ? ksys_dup3+0x3e0/0x3e0 [ 1050.847111][T21183] ? nsecs_to_jiffies+0x30/0x30 [ 1050.851953][T21183] ? tomoyo_file_ioctl+0x23/0x30 [ 1050.856880][T21183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1050.863104][T21183] ? security_file_ioctl+0x93/0xc0 [ 1050.868215][T21183] ksys_ioctl+0xab/0xd0 [ 1050.872360][T21183] __x64_sys_ioctl+0x73/0xb0 [ 1050.876940][T21183] do_syscall_64+0x103/0x670 [ 1050.881528][T21183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1050.887417][T21183] RIP: 0033:0x458c29 [ 1050.891297][T21183] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1050.910893][T21183] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1050.919297][T21183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1050.927339][T21183] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1050.935311][T21183] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1050.943287][T21183] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1050.951260][T21183] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1050.959513][T21182] CPU: 1 PID: 21182 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1050.963252][T21178] warn_alloc_show_mem: 1 callbacks suppressed [ 1050.963257][T21178] Mem-Info: [ 1050.968642][T21182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1050.968649][T21182] Call Trace: [ 1050.968672][T21182] dump_stack+0x172/0x1f0 [ 1050.968694][T21182] warn_alloc.cold+0x87/0x17f [ 1050.968711][T21182] ? zone_watermark_ok_safe+0x260/0x260 [ 1051.005647][T21182] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1051.011283][T21182] __vmalloc_node_range+0x48a/0x790 [ 1051.016479][T21182] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1051.021494][T21182] ? kmem_cache_alloc_trace+0x354/0x760 [ 1051.027022][T21182] ? vb2_vmalloc_alloc+0xca/0x280 [ 1051.032031][T21182] vmalloc_user+0x6b/0x90 [ 1051.036342][T21182] ? vb2_vmalloc_alloc+0xca/0x280 [ 1051.041361][T21182] vb2_vmalloc_alloc+0xca/0x280 [ 1051.046256][T21182] ? __vb2_queue_alloc+0xf5/0xf40 [ 1051.051282][T21182] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1051.057070][T21182] __vb2_queue_alloc+0x5a6/0xf40 [ 1051.062007][T21182] vb2_core_create_bufs+0x2bc/0x790 [ 1051.067194][T21182] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1051.072560][T21182] ? __vb2_queue_alloc+0xf40/0xf40 [ 1051.077652][T21182] ? lock_acquire+0x16f/0x3f0 [ 1051.082315][T21182] ? __video_do_ioctl+0x398/0xce0 [ 1051.087321][T21182] ? __lock_acquire+0x548/0x3fb0 [ 1051.092240][T21182] ? cache_grow_end+0xa4/0x190 [ 1051.097000][T21182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.103224][T21182] vb2_create_bufs+0x472/0x7d0 [ 1051.107978][T21182] ? vb2_request_queue+0x120/0x120 [ 1051.113080][T21182] ? __lock_acquire+0x548/0x3fb0 [ 1051.118000][T21182] ? cache_grow_end+0xa4/0x190 [ 1051.122749][T21182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.128986][T21182] ? debug_smp_processor_id+0x3c/0x280 [ 1051.134436][T21182] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1051.139457][T21182] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1051.144993][T21182] v4l_create_bufs+0xc0/0x180 [ 1051.149656][T21182] __video_do_ioctl+0x7f1/0xce0 [ 1051.154511][T21182] ? v4l_s_fmt+0xab0/0xab0 [ 1051.158917][T21182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1051.165140][T21182] ? _copy_from_user+0xdd/0x150 [ 1051.169982][T21182] video_usercopy+0x4c5/0x10d0 [ 1051.174731][T21182] ? v4l_s_fmt+0xab0/0xab0 [ 1051.179139][T21182] ? v4l_enumstd+0x70/0x70 [ 1051.183536][T21182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.189760][T21182] ? tomoyo_path_number_perm+0x263/0x520 [ 1051.195376][T21182] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1051.201171][T21182] ? video_usercopy+0x10d0/0x10d0 [ 1051.206184][T21182] video_ioctl2+0x2d/0x35 [ 1051.210502][T21182] v4l2_ioctl+0x156/0x1b0 [ 1051.214811][T21182] ? video_devdata+0xa0/0xa0 [ 1051.219387][T21182] do_vfs_ioctl+0xd6e/0x1390 [ 1051.223973][T21182] ? ioctl_preallocate+0x210/0x210 [ 1051.229068][T21182] ? __fget+0x381/0x550 [ 1051.233223][T21182] ? ksys_dup3+0x3e0/0x3e0 [ 1051.237709][T21182] ? nsecs_to_jiffies+0x30/0x30 [ 1051.242549][T21182] ? tomoyo_file_ioctl+0x23/0x30 [ 1051.247469][T21182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.253693][T21182] ? security_file_ioctl+0x93/0xc0 [ 1051.258789][T21182] ksys_ioctl+0xab/0xd0 [ 1051.262932][T21182] __x64_sys_ioctl+0x73/0xb0 [ 1051.267510][T21182] do_syscall_64+0x103/0x670 [ 1051.272084][T21182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1051.278073][T21182] RIP: 0033:0x458c29 [ 1051.281961][T21182] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1051.301558][T21182] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1051.309965][T21182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1051.317920][T21182] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1051.325880][T21182] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1051.333843][T21182] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1051.341800][T21182] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1051.363405][T21178] active_anon:241256 inactive_anon:199 isolated_anon:0 [ 1051.363405][T21178] active_file:8199 inactive_file:40501 isolated_file:0 [ 1051.363405][T21178] unevictable:0 dirty:165 writeback:0 unstable:0 [ 1051.363405][T21178] slab_reclaimable:14081 slab_unreclaimable:104592 [ 1051.363405][T21178] mapped:58824 shmem:248 pagetables:6602 bounce:0 [ 1051.363405][T21178] free:1109516 free_pcp:327 free_cma:0 [ 1051.373873][T21182] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1051.416962][T21182] CPU: 1 PID: 21182 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1051.426094][T21182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1051.430822][T21178] Node 0 active_anon:965072kB inactive_anon:796kB active_file:32660kB inactive_file:162016kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:696kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 548864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1051.436176][T21182] Call Trace: [ 1051.436200][T21182] dump_stack+0x172/0x1f0 [ 1051.436219][T21182] warn_alloc.cold+0x87/0x17f [ 1051.436234][T21182] ? zone_watermark_ok_safe+0x260/0x260 [ 1051.436251][T21182] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1051.436289][T21182] __vmalloc_node_range+0x48a/0x790 [ 1051.436306][T21182] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1051.436322][T21182] ? kmem_cache_alloc_trace+0x354/0x760 [ 1051.436341][T21182] ? vb2_vmalloc_alloc+0xca/0x280 [ 1051.471534][T21178] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1051.472824][T21182] vmalloc_user+0x6b/0x90 [ 1051.472849][T21182] ? vb2_vmalloc_alloc+0xca/0x280 [ 1051.477592][T21178] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1051.483024][T21182] vb2_vmalloc_alloc+0xca/0x280 [ 1051.483037][T21182] ? __vb2_queue_alloc+0xf5/0xf40 [ 1051.483054][T21182] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1051.483068][T21182] __vb2_queue_alloc+0x5a6/0xf40 [ 1051.483098][T21182] vb2_core_create_bufs+0x2bc/0x790 [ 1051.483117][T21182] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1051.483132][T21182] ? __vb2_queue_alloc+0xf40/0xf40 [ 1051.483148][T21182] ? lock_acquire+0x16f/0x3f0 [ 1051.483166][T21182] ? __video_do_ioctl+0x398/0xce0 [ 1051.483177][T21182] ? __lock_acquire+0x548/0x3fb0 [ 1051.483198][T21182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.494734][T21178] lowmem_reserve[]: 0 2553 2555 2555 [ 1051.499036][T21182] vb2_create_bufs+0x472/0x7d0 [ 1051.499061][T21182] ? vb2_request_queue+0x120/0x120 [ 1051.506780][T21178] Node 0 DMA32 free:631696kB min:36232kB low:45288kB high:54344kB active_anon:965072kB inactive_anon:796kB active_file:32660kB inactive_file:162016kB unevictable:0kB writepending:696kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14272kB pagetables:26416kB bounce:0kB free_pcp:1412kB local_pcp:592kB free_cma:0kB [ 1051.509598][T21182] ? __lock_acquire+0x548/0x3fb0 [ 1051.509618][T21182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.509633][T21182] ? debug_smp_processor_id+0x3c/0x280 [ 1051.509654][T21182] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1051.545430][T21182] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1051.582072][T21182] v4l_create_bufs+0xc0/0x180 [ 1051.582091][T21182] __video_do_ioctl+0x7f1/0xce0 [ 1051.582115][T21182] ? v4l_s_fmt+0xab0/0xab0 [ 1051.582140][T21182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1051.582154][T21182] ? _copy_from_user+0xdd/0x150 [ 1051.582173][T21182] video_usercopy+0x4c5/0x10d0 [ 1051.589211][T21178] lowmem_reserve[]: 0 0 2 2 [ 1051.592901][T21182] ? v4l_s_fmt+0xab0/0xab0 [ 1051.592921][T21182] ? v4l_enumstd+0x70/0x70 [ 1051.592945][T21182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.592961][T21182] ? tomoyo_path_number_perm+0x263/0x520 [ 1051.592978][T21182] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1051.593008][T21182] ? video_usercopy+0x10d0/0x10d0 [ 1051.593022][T21182] video_ioctl2+0x2d/0x35 [ 1051.593037][T21182] v4l2_ioctl+0x156/0x1b0 [ 1051.593051][T21182] ? video_devdata+0xa0/0xa0 [ 1051.593070][T21182] do_vfs_ioctl+0xd6e/0x1390 [ 1051.593095][T21182] ? ioctl_preallocate+0x210/0x210 [ 1051.604586][T21178] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1051.608748][T21182] ? __fget+0x381/0x550 [ 1051.608774][T21182] ? ksys_dup3+0x3e0/0x3e0 [ 1051.616838][T21178] lowmem_reserve[]: 0 0 0 0 [ 1051.618443][T21182] ? nsecs_to_jiffies+0x30/0x30 [ 1051.618466][T21182] ? tomoyo_file_ioctl+0x23/0x30 [ 1051.618486][T21182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.626769][T21178] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1051.629641][T21182] ? security_file_ioctl+0x93/0xc0 [ 1051.629663][T21182] ksys_ioctl+0xab/0xd0 [ 1051.629688][T21182] __x64_sys_ioctl+0x73/0xb0 [ 1051.638313][T21178] lowmem_reserve[]: 0 0 0 0 [ 1051.639727][T21182] do_syscall_64+0x103/0x670 [ 1051.639748][T21182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1051.639764][T21182] RIP: 0033:0x458c29 [ 1051.648271][T21178] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1051.675488][T21182] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1051.675496][T21182] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1051.675509][T21182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1051.675516][T21182] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1051.675524][T21182] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1051.675532][T21182] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1051.675541][T21182] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1051.719960][T21178] Node 0 DMA32: 8*4kB (UE) 131*8kB (UE) 78*16kB (UME) 681*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 132*4096kB (UM) = 634680kB [ 1051.731795][T21178] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1052.024855][T21178] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1052.043256][T21178] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1052.053299][T21178] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1052.063168][T21178] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1052.074555][T21178] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1052.084301][T21178] 48957 total pagecache pages [ 1052.089018][T21178] 0 pages in swap cache [ 1052.093527][T21178] Swap cache stats: add 0, delete 0, find 0/0 [ 1052.099613][T21178] Free swap = 0kB [ 1052.103695][T21178] Total swap = 0kB [ 1052.107409][T21178] 1965979 pages RAM [ 1052.111213][T21178] 0 pages HighMem/MovableOnly [ 1052.115946][T21178] 339405 pages reserved [ 1052.120095][T21178] 0 pages cma reserved [ 1053.402053][ T7678] Bluetooth: hci1: command 0x1003 tx timeout [ 1053.408190][T17400] Bluetooth: hci1: sending frame failed (-49) 09:14:20 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1000000000000) 09:14:20 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000240)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f0000000200)="de933cdf9bb517e200", 0x9}], 0x1}, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000400)={0x80000000}, 0x4) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) lsetxattr$security_evm(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000280)=@v1={0x2, "eb3fb48f116343b59cd84bdb"}, 0xd, 0x2) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x8000, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000300)=""/245) 09:14:20 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x48000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:20 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x200000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:20 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x7a00000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1054.009584][T21212] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1054.027751][T21210] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1054.051820][T21212] CPU: 0 PID: 21212 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1054.060964][T21212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.071019][T21212] Call Trace: [ 1054.074337][T21212] dump_stack+0x172/0x1f0 [ 1054.074360][T21212] warn_alloc.cold+0x87/0x17f [ 1054.074377][T21212] ? zone_watermark_ok_safe+0x260/0x260 [ 1054.074397][T21212] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1054.074440][T21212] __vmalloc_node_range+0x48a/0x790 [ 1054.074458][T21212] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1054.100044][T21212] ? kmem_cache_alloc_trace+0x354/0x760 [ 1054.100068][T21212] ? vb2_vmalloc_alloc+0xca/0x280 [ 1054.115644][T21212] vmalloc_user+0x6b/0x90 [ 1054.119974][T21212] ? vb2_vmalloc_alloc+0xca/0x280 [ 1054.119992][T21212] vb2_vmalloc_alloc+0xca/0x280 [ 1054.120009][T21212] ? __vb2_queue_alloc+0xf5/0xf40 [ 1054.134858][T21212] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1054.140664][T21212] __vb2_queue_alloc+0x5a6/0xf40 [ 1054.140691][T21212] vb2_core_create_bufs+0x2bc/0x790 [ 1054.140708][T21212] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1054.156166][T21212] ? __vb2_queue_alloc+0xf40/0xf40 [ 1054.161268][T21212] ? lock_acquire+0x16f/0x3f0 [ 1054.161285][T21212] ? __video_do_ioctl+0x398/0xce0 [ 1054.161297][T21212] ? __lock_acquire+0x548/0x3fb0 [ 1054.161316][T21212] ? cache_grow_end+0xa4/0x190 [ 1054.173650][T21205] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1054.175883][T21212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.200737][T21212] vb2_create_bufs+0x472/0x7d0 [ 1054.205515][T21212] ? vb2_request_queue+0x120/0x120 09:14:20 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000280)='/dev/midi#\x00', 0x3, 0x20000) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000480)={r1, &(0x7f00000002c0)="52e65e666e7cdb1dc8d76337e31f804a275927133d7cfc13428c1c46349d899c58a2679bd1e798c4b58ef6c797ab43b9ccffd369f64859ec4b1b973674fb727039efe0c5dd4b7f92806893dd82c9194fd7a2370dcc840b8992479be40f87c5732e1d351a96aff9bf59a59bfd8b43f3facb8effd0419ce711b0ae56b38d30c812cb2ca1816125cb8736a889923d15836cbceb8bbce31631703ad3c091f16d6b035243db4f1c60979317e36a2192c661d2e68522f1a42929c9a9ea452328d0a7", &(0x7f0000000380)=""/234}, 0x18) socket$vsock_dgram(0x28, 0x2, 0x0) setsockopt$packet_buf(r1, 0x107, 0x6, &(0x7f0000000500)="8327443d8f0a0c432cc3f8c32ee3f529a9981bbe434f7f54b31faf8bf0594a5b1cf19fa06620d13c6e28beff8208f84661f185b85270f6c97fae047d11b8a548408678c9072ef080a181395029fcc6f90c3d97d4925fb0186a3eb9a0241670fddcad041a9102993ca4e37fd9330eda90ebeb76a2be0a96a40a73830dda23185e01dd3a4dbf101568ef793f1fe34bed17dcbe6dcdf168e5ee3036274ab7f48b3a9d245395348e0ebd0e4d2413d75c167dc0a4cb6ac1b9afb7410ced4b7e17e302a1ac7ab2f3a1d4583186fb628c3afae4b7f8c88879930984bce4e827da5f1c7438d69e78fb72beacd71266b3b87b645b3651eceaeec64cf9b0f4d8eeb31cb3c66ae6f8590bb00964e392a40dad53ddfbe76f66f8cca16d50f9c89b439f798244207b4c5a2c3cec1b3c78e6e873637003849961d096d31cbdb839ee3538e2d11014e18649e381c065e94b8f89b8d1dec662f31e92c6db78f8eed1b76931def4d62d3d5a38b0a2a7036e2f7c01fc82cb0d3235c2c46d7860ffaa21bf9da20a7212730b6bc1ca1731aae18670974f673f5f929e67d6a56177b039d61104d47142b5ae87012799f13c4ee578901396d28bc1af9896c4ce236fd49b59ccb6933feff30089bd1b4164f1bc83c51876dec6b3c8112872ede110d6eeeee17fbabc32d6f870faebc3540893d9c558ccfad889b6cf02689eb14328133f0dfcdeeeea6004f6994bd558a7d95208dcc625492986dc44b7d852fcab4f8b58804429382591bdfe8dadd138de51c35ff422f265ed8abfa56cf122a9aa171399eeabf481b11982de05728784963085977d27566bbd6ae702382dfb216154cab399b2370fed264d62eda631ae9cd31ea4bce695e64d27089d6e49fb9d882ff75a221dba6d5b47dde7fed1d529e43eb4cf28682041a69a51d304f8c4bd31c0e1b059e5048150f5af7fe60b676f0596e2193273263b009b6b4ef3465b94864a0aa68d9e19b42a06cf686fb4b328c7685f14b71b3300c56ecfdbde772c7b25d808fb3007d3f39af624b4a54c7631fdf779c5682e016306aa49b2b6ddc7dd2b39f6c40feda383ee63c353f456fdd34052e6228c3110b54a00dec59a65b6971256919315c912a4600c887ef1318a459d80a7bdde7ca7b572207574f755364acce8d58044dd49ccc509fff77c0b691e1b68c3eaac555fadfc1575b830f25d764ae22a358c55150988713051e9308607d16ab8ae453ebfe463cb2135d2539efd4f0a23186c5829345fcf6b2918baa328da754b33d209052dd0cb4b62815fa16bfd01fb6c08169e592478ab65b58a41a73ef226cafce86fbc532fbb1173049d2d4a7d8fd0ebeadd571af471998c4e7f0b372d4d78d50aa01637f513029d317820a027670a3577b8d50b378143e74a38f7935783e982a09f235ad956b6520d231c9375a8b39c7a32d6d54860f73ab80560ce6788db3d9f0039567a2573eb8a1accf7af26827c59e7a4f43af4df4e5780f8fb031215592d40f06a13d49aa7631f6c56746f969e5e3763e84918e56ee2198a535fc19ad811d721557bd801601bbcad462fa8d0e78a44490e010c0f04054a05509ceb06fcb19e3e9065b6e8293b2d32565dc339f36f76e47520c9afe2a38c7d4f136a173a5ebd16bf1f75d71a3b634e3fed0e3adfc78ab74752aa50d509e3389c829978945f825cc30b7ae393b0aca3fc09a6c07d33f85de3a192a8b8a4b23a0069214bb680d02a7f2292dfe288eb073b2e8870959077fb5e15dd11d3735b5d5f55f7907356b85f705c0b853bac076ab87507dccf8622ef1809593cc1b97c28b2758edb26c2b533714097533e964c8babd80e167a57542b3f26e294279eb3e13456c3de9daf5aad12c316d2567bd3a6d003fe421d2c20dae78ec77ae71d941d63cf39d7c49fc23d0e31fccfc336bf44c44924d1877c94c68519cecc585deefc002d513502f7408e49edc6a674ba9c5d5be23000d00f56ff4b19e3a71ab480cbb3fe1ba1b59a25e905eb95c10518ee58652493aef5842a8220be16f1e2845a7fb702d8bb8f3e7487cdbd0bda42327f2e1bc6b825cea9690acdf45d631419b77e0eb4b8ecfe3d185b2805d664fb56a2024423818da3e0b530f9ea4bab9a86b0c67c87615b799bbe48c6a9775e7175df585f5bc2ffa611afddd71bc2c0107d54465cde4004c53e43751fd31acd405fe7c7a5414579c5031acf27e2d924a1bda183b9f850e4201a6e8b20532880c6a0bf54099c61f955568565e49406fd1d8e7267fd54ed81e3bc4f7ab43d451a880a3927920b82d551f77597866e293688c8978eac4d25617188b5ea41aa8cba577329e5ac26afce8fea9c34c93ecc15fef4b397606ef78a2e1100c0131fb48a0b3921d63f2294b900ecfe0d321dd003a31ea341b827bf6cbfcda580fdf8c0760d9f32a1ae60d3c046d3878388d9cc10e08d38d0cb06ccb5d76de8f96f84dd869e414c0edbd1eeab5b75228e7bf2b4b80887d4f115ae3bbbeb60f7744f6fc266e7fed4efb48bc141220352059b71fa4c6755ad7bdaf8d4565f296d73e851ff5571bd20504f039ebd38bd9c2616b17bd372f399e730c78dfcfa962d99f2bac2bcac8dc5ddb24169e6749816cca1fd65fbf421fd1eaa012cd5500eb6f6c1f01942aa24f92add0430bc0805ac67840e7a07d30533ec9d21e6a998072ae7d81ec268ccd4544266ba63a0b8c6b3f511233eb4580b545e3c70054d7de997aff8df102290d29a839b5fb114b64fece84fdb9a9ba8a05685a679fa5959c22a0c3e2fed943a6363678bdcf947e854932b9accc518d4fb9c32ce0095d5b88762d1704f7f40cb7cea93b2fc079dc42d6c3312532cf73b1f0dff0cf672a345815e277911b3bad1f6e03a16a95d313f16e317326661a4eb417d8cf28d47517f978b20c3a74b3c7fe783c842931ea200c8333b6845b4136e293b2e0508ef9dfb5018c42bec15772915f6de0bb15430dcafc627843d655c435c534265149ce28133e1dd76185bd671d3795c7a6c01d3e600ec8d1283b02abffe6b55091d08f6fb4b7acb3b9fdcbb66bbccd92ee39bacadb2d652c9b14263256e580d3bb79e84ba2752d44939a40454185f5efa9e6a5ba3034e7c43ffdd2eb1033997d889e094d106caa02594f522a5e2c8e991294e4c51cf5ab17b6865755cd1f10fb5b13d6ad09e3fd4d526861d8bfde148597dce25bf54bb2c0f3d647e357e144a01a98636aec4ee7f53c6de37315df64d22a1b07390438e91454a1557d875389861d6161cfee596e110f3dd6e441de22cecc64d8e25061b13f98fb72bcab7b74fcf0f48f610e8c1a3bf46cc5355bb3717fff3b34b131ddf94b7e0a51dfffe060c8d476c4091d324169746a44c5b174c07cd2655bfe6d4387c4e7064c32b1e4f54554ec360fc5474d4df11d921e7e04ebb59a7db41b39771917cb7724eae00a3fca0bbdf9542da4cc80c8c6eeff1eb4c0b4fa49d131dd1f3f3d1ae35982651370a5f2673bb6a59fa106c5d428752aa2d169c0846e9997d6e4eafa09bc827d9cf650a78d2e6547bb632d03dd0324ab01458c91851f630849350f813dadf28e05b1eb95eca4c0e5703b40b205ff550cf02b0aab3be3c859bac3d5aed6286d788e29cc61dfb0a35bb50cdc132de4fba3bddc3745a1eff71921030add50bb16ae04fb02c829b051588d88b6379cf83a8b44a6a4bd7ac0c247d1cd4f7eb3e087263ba440d7296f8cc724459a56a9a7714df381db5eb78ac5675ea577cf8eb8f8ed8a33f941578d45771f4fc249aade3aaafe791e773f1c3283090dd1a9425484a220f53c34845d691cc5c9d7d922e9c63a5dfaeaef4ecbb450902d00672e8b14b442db11fec871f46feae6a0b2d85a66c9faeb17660fa5abb56e70c941c870285be003634a5ff41341448a9ed8b5b0284f4b2fd48a6247f992ace80e412a0f6a1a2be4f10689d0c1d8258dd899d182ef7883e56bc23ba6e505dd347b3e94e11f88a67da398b478f434f3bd2d150100868a07173c615694cda8f6ccb3527a73b20ac4b9275b2c5ee9db067e55733f296af4b29a92efba75b5ad1b4e7c8c8f70401bdff4c14d10d5bd112fd709bd5236f6568b0dde5bee5273c5a0389a4bac173ec4c7799f3cb087691ed56fa4a5a672fad71049005e2a49edb7285ee8bdcc6779b62feb6a0306901ace9d34f23e6e77a0382390f46769358f37161137d23af2e9a6ab16df61a357e8e691f9a16abbf43c9984cfbd875ab6ef37f7bfdda70f0b0c4bbf403ff39c1f6ae302bc61e6d3e6fe2d47959de0fe6b2d9a6a5c5615fda0a0327f052b9273b675ae5f3db0c520191e1edae0df4ad7bbbdd11752a8bbe353e802e929e7d2fde24c84a6d3fa4f571a1bc26a004e38074e10cb29deb726d1938e138057ceb99fcbdc790c23c080659f1ec340414abc6a8f673310060f932121b770b69e207f948b5b25e85c00728bd47d4036daa00d20e92f67e4f585efd5bfbf8470576fae0c81be28c28c5bb830a7cafc910ecf411cb7909a21e03d0550bd10ffd213112a1e8b926b3fee8675b5f6e2ce6cd4a8e4d3c8d7ec8beca3b61ee5addbdc64781dd6f5fca37cb077d179ac40ed28866586ec78bf379c09c92013a4e1c6dd8e111504903dfe87ba09788549b60ac4ddc76f0fde9263e0d455a43b58891f2273ca223e5787f354322578ffb3eafe3d59e47a6e381705db6f94df5034dd60f9ecdf97bccc1b98b7b81571065a1de2ee009ff77899a7bb057025c2cf7f75fbc5cd5aae2c2a8f5555c8b77ce709d2c93364e220f1895e89611a64fa8fcfa94aa84157c48d2c678cc0e8afd12610aa3b6612506c167991385a539aa563ab6d13cdea735486252e1325121a86e05c49b6abacc8b642ca3ab4f575dec62be2a28fa5c859eb900682970877636c3ecba1c39a6502db9fd428adb9ac7b05e5f602b2c32e11c9ba80ea07b3959a05fd154c38d9bab066705abbacec16fc23f8a8711856c7b3260e5597949740bf6f931e8bf21fddec4b5ef257665d6067c5d00effe5f63ee0ce0f2a9d3fa8e312c42bdb80acb016eb3357cd8eae149c14607be95a96050ccb97c2471ea90f7cca50d39cde6230a7642a5e9c040358856f147c12a5dd231e043c06d38caa676756f9a9bdacbd8163be490959b4f9a1abdeb51d873c41de6ef765e77737bdc711ef8513adde842b778c2f703afd8eef69a493250e1393654de55e5e630e381c54a2f1bf7f6dc7240c127a9296f047f1ec38ec1a7e7fca1e6a6658721f4346d8c5f644654aa5f2d0e074c47b0739a29d081a849de63c6851bad49766fafa1109ba2ef6ea5346499d633b42b2d9f8cefd39757fb5ac99bc904958ccf83e737e2937df2ccbb39512172608dfddaeefb974c446002ca40e5e0530f7fac6e15d8744d3e61dbcc2cd5cba9f13b486e707291c5ca921b9c9b76d113834b22954710b5e8c7d9e0cbcc6831c7a93a810817ebab2d8acedf5b553abf051bc78ca9c9a9bcd520df45e322d6abafa8d040aa9477d8ebd1b824232dccf315b85fc90914d193bd714de68f87569abc2d9559dfe7d132d5bf13fc9f11ec8610b1f38fb9bd3b53704daaaed42f0f193f5455df8061e03b832176271357b23947eaa3e9521fc4600a9592fe5ed37a32ef09b57e1d0a8a4514dc086041e855e4428b501e0e2840a8b4cd930953821927ab226fb10f8235474945f92a24777042400b7b177d0fd2dd107b065dc0f63455958ff9b9722f378e4080e0b0f6e334ada7101a8e66035f830e83074dbde77a8b3181c87ceff9f1733cfe9cc13cf8", 0x1000) r2 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) write$FUSE_NOTIFY_STORE(r1, &(0x7f00000004c0)={0x2e, 0x4, 0x0, {0x3, 0x58, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) keyctl$update(0x2, r2, 0x0, 0x351) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1054.210628][T21212] ? __lock_acquire+0x548/0x3fb0 [ 1054.215576][T21212] ? cache_grow_end+0xa4/0x190 [ 1054.220345][T21212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.226582][T21212] ? debug_smp_processor_id+0x3c/0x280 [ 1054.232136][T21212] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1054.237181][T21212] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1054.242727][T21212] v4l_create_bufs+0xc0/0x180 [ 1054.247415][T21212] __video_do_ioctl+0x7f1/0xce0 [ 1054.252278][T21212] ? v4l_s_fmt+0xab0/0xab0 [ 1054.256700][T21212] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1054.262940][T21212] ? _copy_from_user+0xdd/0x150 [ 1054.267796][T21212] video_usercopy+0x4c5/0x10d0 [ 1054.272550][T21212] ? v4l_s_fmt+0xab0/0xab0 [ 1054.276980][T21212] ? v4l_enumstd+0x70/0x70 [ 1054.281391][T21212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.287630][T21212] ? tomoyo_path_number_perm+0x263/0x520 [ 1054.293276][T21212] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1054.299098][T21212] ? video_usercopy+0x10d0/0x10d0 [ 1054.304123][T21212] video_ioctl2+0x2d/0x35 [ 1054.308465][T21212] v4l2_ioctl+0x156/0x1b0 [ 1054.312791][T21212] ? video_devdata+0xa0/0xa0 [ 1054.317378][T21212] do_vfs_ioctl+0xd6e/0x1390 [ 1054.321968][T21212] ? ioctl_preallocate+0x210/0x210 [ 1054.327075][T21212] ? __fget+0x381/0x550 [ 1054.331235][T21212] ? ksys_dup3+0x3e0/0x3e0 [ 1054.335644][T21212] ? nsecs_to_jiffies+0x30/0x30 [ 1054.340493][T21212] ? tomoyo_file_ioctl+0x23/0x30 [ 1054.345613][T21212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.351853][T21212] ? security_file_ioctl+0x93/0xc0 [ 1054.356976][T21212] ksys_ioctl+0xab/0xd0 [ 1054.361166][T21212] __x64_sys_ioctl+0x73/0xb0 [ 1054.365768][T21212] do_syscall_64+0x103/0x670 [ 1054.370350][T21212] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1054.376226][T21212] RIP: 0033:0x458c29 [ 1054.380109][T21212] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1054.399701][T21212] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1054.408101][T21212] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1054.416060][T21212] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1054.424045][T21212] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1054.432007][T21212] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1054.439991][T21212] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1054.447982][T21210] CPU: 1 PID: 21210 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1054.450435][T21212] warn_alloc_show_mem: 3 callbacks suppressed [ 1054.450439][T21212] Mem-Info: [ 1054.457133][T21210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.457139][T21210] Call Trace: [ 1054.457162][T21210] dump_stack+0x172/0x1f0 [ 1054.457183][T21210] warn_alloc.cold+0x87/0x17f [ 1054.457199][T21210] ? zone_watermark_ok_safe+0x260/0x260 [ 1054.457215][T21210] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1054.457253][T21210] __vmalloc_node_range+0x48a/0x790 [ 1054.457268][T21210] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1054.457287][T21210] ? kmem_cache_alloc_trace+0x354/0x760 [ 1054.457302][T21210] ? vb2_vmalloc_alloc+0xca/0x280 [ 1054.457319][T21210] vmalloc_user+0x6b/0x90 [ 1054.457334][T21210] ? vb2_vmalloc_alloc+0xca/0x280 [ 1054.457349][T21210] vb2_vmalloc_alloc+0xca/0x280 [ 1054.457361][T21210] ? __vb2_queue_alloc+0xf5/0xf40 [ 1054.457378][T21210] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1054.457390][T21210] __vb2_queue_alloc+0x5a6/0xf40 [ 1054.457420][T21210] vb2_core_create_bufs+0x2bc/0x790 [ 1054.464154][T21212] active_anon:242913 inactive_anon:201 isolated_anon:0 [ 1054.464154][T21212] active_file:8201 inactive_file:40525 isolated_file:0 [ 1054.464154][T21212] unevictable:0 dirty:190 writeback:0 unstable:0 [ 1054.464154][T21212] slab_reclaimable:14089 slab_unreclaimable:104420 [ 1054.464154][T21212] mapped:58824 shmem:248 pagetables:6675 bounce:0 [ 1054.464154][T21212] free:1107884 free_pcp:342 free_cma:0 [ 1054.466557][T21210] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1054.466571][T21210] ? __vb2_queue_alloc+0xf40/0xf40 [ 1054.466586][T21210] ? lock_acquire+0x16f/0x3f0 [ 1054.466602][T21210] ? __video_do_ioctl+0x398/0xce0 [ 1054.466618][T21210] ? __lock_acquire+0x548/0x3fb0 [ 1054.476903][T21212] Node 0 active_anon:971652kB inactive_anon:804kB active_file:32668kB inactive_file:162100kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:760kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 548864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1054.479942][T21210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.479962][T21210] vb2_create_bufs+0x472/0x7d0 [ 1054.479981][T21210] ? vb2_request_queue+0x120/0x120 [ 1054.479995][T21210] ? __lock_acquire+0x548/0x3fb0 [ 1054.480013][T21210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.484532][T21212] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1054.488996][T21210] ? debug_smp_processor_id+0x3c/0x280 [ 1054.489018][T21210] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1054.489034][T21210] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1054.489052][T21210] v4l_create_bufs+0xc0/0x180 [ 1054.489070][T21210] __video_do_ioctl+0x7f1/0xce0 [ 1054.494775][T21212] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1054.500215][T21210] ? v4l_s_fmt+0xab0/0xab0 [ 1054.500236][T21210] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1054.500250][T21210] ? _copy_from_user+0xdd/0x150 [ 1054.500265][T21210] video_usercopy+0x4c5/0x10d0 [ 1054.500281][T21210] ? v4l_s_fmt+0xab0/0xab0 [ 1054.505668][T21212] lowmem_reserve[]: 0 2553 2555 2555 [ 1054.510459][T21210] ? v4l_enumstd+0x70/0x70 [ 1054.510474][T21210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.510491][T21210] ? tomoyo_path_number_perm+0x263/0x520 [ 1054.510511][T21210] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1054.510550][T21210] ? video_usercopy+0x10d0/0x10d0 [ 1054.516241][T21212] Node 0 DMA32 free:625544kB min:36232kB low:45288kB high:54344kB active_anon:971652kB inactive_anon:804kB active_file:32668kB inactive_file:162100kB unevictable:0kB writepending:760kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14432kB pagetables:26700kB bounce:0kB free_pcp:1368kB local_pcp:648kB free_cma:0kB [ 1054.521080][T21210] video_ioctl2+0x2d/0x35 [ 1054.521098][T21210] v4l2_ioctl+0x156/0x1b0 [ 1054.521112][T21210] ? video_devdata+0xa0/0xa0 [ 1054.521132][T21210] do_vfs_ioctl+0xd6e/0x1390 [ 1054.521162][T21210] ? ioctl_preallocate+0x210/0x210 [ 1054.525647][T21212] lowmem_reserve[]: 0 0 2 2 [ 1054.531822][T21210] ? __fget+0x381/0x550 [ 1054.531842][T21210] ? ksys_dup3+0x3e0/0x3e0 [ 1054.531858][T21210] ? nsecs_to_jiffies+0x30/0x30 [ 1054.531879][T21210] ? tomoyo_file_ioctl+0x23/0x30 [ 1054.531894][T21210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.531907][T21210] ? security_file_ioctl+0x93/0xc0 [ 1054.531925][T21210] ksys_ioctl+0xab/0xd0 [ 1054.531942][T21210] __x64_sys_ioctl+0x73/0xb0 [ 1054.537003][T21212] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1054.541787][T21210] do_syscall_64+0x103/0x670 [ 1054.541808][T21210] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1054.541831][T21210] RIP: 0033:0x458c29 [ 1054.541845][T21210] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1054.541852][T21210] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1054.541866][T21210] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1054.541873][T21210] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1054.541885][T21210] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1054.547843][T21212] lowmem_reserve[]: 0 0 0 0 [ 1054.552573][T21210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1054.552582][T21210] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1054.565023][T21205] CPU: 1 PID: 21205 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1054.628877][T21212] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1054.649950][T21205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.649956][T21205] Call Trace: [ 1054.649982][T21205] dump_stack+0x172/0x1f0 [ 1054.650003][T21205] warn_alloc.cold+0x87/0x17f [ 1054.650017][T21205] ? zone_watermark_ok_safe+0x260/0x260 [ 1054.650034][T21205] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1054.650070][T21205] __vmalloc_node_range+0x48a/0x790 [ 1054.650087][T21205] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1054.650108][T21205] ? kmem_cache_alloc_trace+0x354/0x760 [ 1054.656562][T21212] lowmem_reserve[]: 0 0 0 0 [ 1054.661081][T21205] ? vb2_vmalloc_alloc+0xca/0x280 [ 1054.661101][T21205] vmalloc_user+0x6b/0x90 [ 1054.661117][T21205] ? vb2_vmalloc_alloc+0xca/0x280 [ 1054.661134][T21205] vb2_vmalloc_alloc+0xca/0x280 [ 1054.661146][T21205] ? __vb2_queue_alloc+0xf5/0xf40 [ 1054.661166][T21205] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1054.666456][T21212] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1054.671186][T21205] __vb2_queue_alloc+0x5a6/0xf40 [ 1054.671221][T21205] vb2_core_create_bufs+0x2bc/0x790 [ 1054.671240][T21205] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1054.671253][T21205] ? __vb2_queue_alloc+0xf40/0xf40 [ 1054.671272][T21205] ? lock_acquire+0x16f/0x3f0 [ 1054.677684][T21212] Node 0 DMA32: 8*4kB (UE) 157*8kB (UME) 46*16kB (UE) 659*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 5*2048kB (UME) 130*4096kB (UM) = 627528kB [ 1054.704374][T21205] ? __video_do_ioctl+0x398/0xce0 [ 1054.704390][T21205] ? __lock_acquire+0x548/0x3fb0 [ 1054.704414][T21205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.704432][T21205] vb2_create_bufs+0x472/0x7d0 [ 1054.704451][T21205] ? vb2_request_queue+0x120/0x120 [ 1054.704466][T21205] ? __lock_acquire+0x548/0x3fb0 [ 1054.704484][T21205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.710167][T21212] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1054.714928][T21205] ? debug_smp_processor_id+0x3c/0x280 [ 1054.714951][T21205] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1054.714968][T21205] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1054.714986][T21205] v4l_create_bufs+0xc0/0x180 [ 1054.715006][T21205] __video_do_ioctl+0x7f1/0xce0 [ 1054.715029][T21205] ? v4l_s_fmt+0xab0/0xab0 [ 1054.720748][T21212] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1054.725230][T21205] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1054.725246][T21205] ? _copy_from_user+0xdd/0x150 [ 1054.725269][T21205] video_usercopy+0x4c5/0x10d0 [ 1054.725285][T21205] ? v4l_s_fmt+0xab0/0xab0 [ 1054.725308][T21205] ? v4l_enumstd+0x70/0x70 [ 1054.725325][T21205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.730305][T21212] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1054.756952][T21205] ? tomoyo_path_number_perm+0x263/0x520 [ 1054.756972][T21205] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1054.757002][T21205] ? video_usercopy+0x10d0/0x10d0 [ 1054.757018][T21205] video_ioctl2+0x2d/0x35 [ 1054.757037][T21205] v4l2_ioctl+0x156/0x1b0 [ 1054.761670][T21212] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1054.767654][T21205] ? video_devdata+0xa0/0xa0 [ 1054.767673][T21205] do_vfs_ioctl+0xd6e/0x1390 [ 1054.767692][T21205] ? ioctl_preallocate+0x210/0x210 [ 1054.767706][T21205] ? __fget+0x381/0x550 [ 1054.767725][T21205] ? ksys_dup3+0x3e0/0x3e0 [ 1054.772771][T21212] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1054.777299][T21205] ? nsecs_to_jiffies+0x30/0x30 [ 1054.777324][T21205] ? tomoyo_file_ioctl+0x23/0x30 [ 1054.777341][T21205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.777356][T21205] ? security_file_ioctl+0x93/0xc0 [ 1054.777377][T21205] ksys_ioctl+0xab/0xd0 [ 1054.781956][T21212] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1054.787044][T21205] __x64_sys_ioctl+0x73/0xb0 [ 1054.787063][T21205] do_syscall_64+0x103/0x670 [ 1054.787083][T21205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1054.787095][T21205] RIP: 0033:0x458c29 [ 1054.787112][T21205] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1054.791664][T21212] 48974 total pagecache pages [ 1054.797702][T21205] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1054.797716][T21205] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1054.797724][T21205] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1054.797739][T21205] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1054.797748][T21205] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1054.797756][T21205] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1054.821774][T21226] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1054.854459][T21212] 0 pages in swap cache [ 1054.865200][T21212] Swap cache stats: add 0, delete 0, find 0/0 [ 1054.879045][T21212] Free swap = 0kB [ 1054.927218][T21226] CPU: 1 PID: 21226 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1054.944531][T21226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.944538][T21226] Call Trace: [ 1054.944560][T21226] dump_stack+0x172/0x1f0 [ 1054.944583][T21226] warn_alloc.cold+0x87/0x17f [ 1054.944597][T21226] ? zone_watermark_ok_safe+0x260/0x260 [ 1054.944623][T21226] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1054.954433][T21226] __vmalloc_node_range+0x48a/0x790 [ 1054.954452][T21226] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1054.954472][T21226] ? kmem_cache_alloc_trace+0x354/0x760 [ 1054.954485][T21226] ? vb2_vmalloc_alloc+0xca/0x280 [ 1054.954501][T21226] vmalloc_user+0x6b/0x90 [ 1054.954516][T21226] ? vb2_vmalloc_alloc+0xca/0x280 [ 1054.954532][T21226] vb2_vmalloc_alloc+0xca/0x280 [ 1054.954544][T21226] ? __vb2_queue_alloc+0xf5/0xf40 [ 1054.954562][T21226] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1054.954575][T21226] __vb2_queue_alloc+0x5a6/0xf40 [ 1054.954608][T21226] vb2_core_create_bufs+0x2bc/0x790 [ 1054.954632][T21226] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1054.954646][T21226] ? __vb2_queue_alloc+0xf40/0xf40 [ 1054.954662][T21226] ? lock_acquire+0x16f/0x3f0 [ 1054.954680][T21226] ? __video_do_ioctl+0x398/0xce0 [ 1054.954694][T21226] ? __lock_acquire+0x548/0x3fb0 [ 1054.954723][T21226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.954741][T21226] vb2_create_bufs+0x472/0x7d0 [ 1054.954760][T21226] ? vb2_request_queue+0x120/0x120 [ 1054.954774][T21226] ? __lock_acquire+0x548/0x3fb0 [ 1054.954791][T21226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.954806][T21226] ? debug_smp_processor_id+0x3c/0x280 [ 1054.954827][T21226] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1054.954844][T21226] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1054.954862][T21226] v4l_create_bufs+0xc0/0x180 [ 1054.954882][T21226] __video_do_ioctl+0x7f1/0xce0 [ 1054.954908][T21226] ? v4l_s_fmt+0xab0/0xab0 [ 1054.954930][T21226] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1054.954946][T21226] ? _copy_from_user+0xdd/0x150 [ 1054.954966][T21226] video_usercopy+0x4c5/0x10d0 [ 1054.954982][T21226] ? v4l_s_fmt+0xab0/0xab0 [ 1054.955004][T21226] ? v4l_enumstd+0x70/0x70 [ 1054.955018][T21226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.955034][T21226] ? tomoyo_path_number_perm+0x263/0x520 [ 1054.955051][T21226] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1054.955081][T21226] ? video_usercopy+0x10d0/0x10d0 [ 1054.955095][T21226] video_ioctl2+0x2d/0x35 [ 1054.955117][T21226] v4l2_ioctl+0x156/0x1b0 [ 1054.983150][T21226] ? video_devdata+0xa0/0xa0 [ 1054.983170][T21226] do_vfs_ioctl+0xd6e/0x1390 [ 1054.983188][T21226] ? ioctl_preallocate+0x210/0x210 [ 1054.983203][T21226] ? __fget+0x381/0x550 [ 1054.983226][T21226] ? ksys_dup3+0x3e0/0x3e0 [ 1054.983250][T21226] ? nsecs_to_jiffies+0x30/0x30 [ 1054.993032][T21212] Total swap = 0kB [ 1054.999182][T21226] ? tomoyo_file_ioctl+0x23/0x30 [ 1054.999198][T21226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.999214][T21226] ? security_file_ioctl+0x93/0xc0 [ 1054.999237][T21226] ksys_ioctl+0xab/0xd0 [ 1055.012119][T21226] __x64_sys_ioctl+0x73/0xb0 [ 1055.012139][T21226] do_syscall_64+0x103/0x670 [ 1055.012161][T21226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1055.012176][T21226] RIP: 0033:0x458c29 [ 1055.028089][T21226] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1055.028097][T21226] RSP: 002b:00007f92fa7a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1055.028112][T21226] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1055.028120][T21226] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1055.028130][T21226] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1055.028138][T21226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7a26d4 [ 1055.028151][T21226] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1055.037381][T21212] 1965979 pages RAM [ 1055.086050][T21212] 0 pages HighMem/MovableOnly [ 1055.095095][T21231] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1055.100128][T21212] 339405 pages reserved [ 1055.111159][T21231] CPU: 1 PID: 21231 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1055.123493][T21212] 0 pages cma reserved [ 1055.125411][T21231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1055.125418][T21231] Call Trace: [ 1055.125442][T21231] dump_stack+0x172/0x1f0 [ 1055.125465][T21231] warn_alloc.cold+0x87/0x17f [ 1055.150478][T21231] ? zone_watermark_ok_safe+0x260/0x260 [ 1055.150494][T21231] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1055.150530][T21231] __vmalloc_node_range+0x48a/0x790 [ 1055.169658][T21231] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1055.169679][T21231] ? kmem_cache_alloc_trace+0x354/0x760 [ 1055.169696][T21231] ? vb2_vmalloc_alloc+0xca/0x280 [ 1056.033608][T21231] vmalloc_user+0x6b/0x90 [ 1056.037924][T21231] ? vb2_vmalloc_alloc+0xca/0x280 [ 1056.042943][T21231] vb2_vmalloc_alloc+0xca/0x280 [ 1056.047792][T21231] ? __vb2_queue_alloc+0xf5/0xf40 [ 1056.052807][T21231] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1056.058593][T21231] __vb2_queue_alloc+0x5a6/0xf40 [ 1056.063524][T21231] vb2_core_create_bufs+0x2bc/0x790 [ 1056.068757][T21231] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1056.074108][T21231] ? __vb2_queue_alloc+0xf40/0xf40 [ 1056.079198][T21231] ? lock_acquire+0x16f/0x3f0 [ 1056.083958][T21231] ? __video_do_ioctl+0x398/0xce0 [ 1056.088977][T21231] ? __lock_acquire+0x548/0x3fb0 [ 1056.093921][T21231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1056.100144][T21231] vb2_create_bufs+0x472/0x7d0 [ 1056.104892][T21231] ? vb2_request_queue+0x120/0x120 [ 1056.109982][T21231] ? __lock_acquire+0x548/0x3fb0 [ 1056.114907][T21231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1056.121128][T21231] ? debug_smp_processor_id+0x3c/0x280 [ 1056.126663][T21231] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1056.131674][T21231] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1056.137199][T21231] v4l_create_bufs+0xc0/0x180 [ 1056.141872][T21231] __video_do_ioctl+0x7f1/0xce0 [ 1056.146705][T21231] ? v4l_s_fmt+0xab0/0xab0 [ 1056.151124][T21231] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1056.157355][T21231] ? _copy_from_user+0xdd/0x150 [ 1056.162198][T21231] video_usercopy+0x4c5/0x10d0 [ 1056.166947][T21231] ? v4l_s_fmt+0xab0/0xab0 [ 1056.171348][T21231] ? v4l_enumstd+0x70/0x70 [ 1056.175742][T21231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1056.181962][T21231] ? tomoyo_path_number_perm+0x263/0x520 [ 1056.187589][T21231] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1056.193405][T21231] ? video_usercopy+0x10d0/0x10d0 [ 1056.198411][T21231] video_ioctl2+0x2d/0x35 [ 1056.202721][T21231] v4l2_ioctl+0x156/0x1b0 [ 1056.207042][T21231] ? video_devdata+0xa0/0xa0 [ 1056.211620][T21231] do_vfs_ioctl+0xd6e/0x1390 [ 1056.216230][T21231] ? ioctl_preallocate+0x210/0x210 [ 1056.221323][T21231] ? __fget+0x381/0x550 [ 1056.225462][T21231] ? ksys_dup3+0x3e0/0x3e0 [ 1056.229860][T21231] ? nsecs_to_jiffies+0x30/0x30 [ 1056.234704][T21231] ? tomoyo_file_ioctl+0x23/0x30 [ 1056.239620][T21231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1056.245848][T21231] ? security_file_ioctl+0x93/0xc0 [ 1056.250942][T21231] ksys_ioctl+0xab/0xd0 [ 1056.255078][T21231] __x64_sys_ioctl+0x73/0xb0 [ 1056.259654][T21231] do_syscall_64+0x103/0x670 [ 1056.264240][T21231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1056.270109][T21231] RIP: 0033:0x458c29 [ 1056.273984][T21231] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1056.293565][T21231] RSP: 002b:00007f53a9456c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1056.301949][T21231] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1056.309901][T21231] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1056.317868][T21231] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1056.325832][T21231] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94576d4 [ 1056.333790][T21231] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1056.342762][ T7678] Bluetooth: hci1: command 0x1001 tx timeout [ 1056.348828][T17349] Bluetooth: hci1: sending frame failed (-49) [ 1056.351891][T21231] warn_alloc_show_mem: 3 callbacks suppressed [ 1056.351895][T21231] Mem-Info: [ 1056.364346][ T7683] Bluetooth: hci0: command 0x1003 tx timeout [ 1056.371376][T17349] Bluetooth: hci0: sending frame failed (-49) [ 1056.371613][T21231] active_anon:241853 inactive_anon:201 isolated_anon:0 [ 1056.371613][T21231] active_file:8202 inactive_file:40543 isolated_file:0 [ 1056.371613][T21231] unevictable:0 dirty:222 writeback:0 unstable:0 [ 1056.371613][T21231] slab_reclaimable:14101 slab_unreclaimable:104510 [ 1056.371613][T21231] mapped:58824 shmem:248 pagetables:6616 bounce:0 [ 1056.371613][T21231] free:1108817 free_pcp:498 free_cma:0 [ 1056.416283][T21231] Node 0 active_anon:967412kB inactive_anon:804kB active_file:32672kB inactive_file:162172kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:888kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 550912kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1056.449937][T21231] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1056.481591][T21231] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1056.538862][T21231] lowmem_reserve[]: 0 2553 2555 2555 [ 1056.559060][T21231] Node 0 DMA32 free:629276kB min:36232kB low:45288kB high:54344kB active_anon:967412kB inactive_anon:804kB active_file:32672kB inactive_file:162172kB unevictable:0kB writepending:888kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14176kB pagetables:26464kB bounce:0kB free_pcp:1996kB local_pcp:1076kB free_cma:0kB [ 1056.630506][T21231] lowmem_reserve[]: 0 0 2 2 [ 1056.635449][T21231] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1056.672435][T21231] lowmem_reserve[]: 0 0 0 0 [ 1056.677072][T21231] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1056.711571][T21231] lowmem_reserve[]: 0 0 0 0 [ 1056.716182][T21231] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1056.751294][T21231] Node 0 DMA32: 9*4kB (UME) 110*8kB (UME) 60*16kB (UE) 657*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 131*4096kB (UM) = 629364kB [ 1056.781556][T21231] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1056.806311][T21231] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1056.827554][T21231] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1056.837316][T21231] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1056.846726][T21231] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1056.856387][T21231] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1056.865705][T21231] 49004 total pagecache pages [ 1056.870448][T21231] 0 pages in swap cache [ 1056.875413][T21231] Swap cache stats: add 0, delete 0, find 0/0 [ 1056.881534][T21231] Free swap = 0kB [ 1056.885264][T21231] Total swap = 0kB [ 1056.888969][T21231] 1965979 pages RAM [ 1056.892788][T21231] 0 pages HighMem/MovableOnly [ 1056.897457][T21231] 339405 pages reserved [ 1056.901666][T21231] 0 pages cma reserved [ 1057.172203][ T5] Bluetooth: hci2: command 0x1003 tx timeout [ 1057.178342][T17349] Bluetooth: hci2: sending frame failed (-49) [ 1058.361660][ T5] Bluetooth: hci1: command 0x1009 tx timeout [ 1058.451692][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 1058.457833][T17349] Bluetooth: hci0: sending frame failed (-49) [ 1059.241584][ T7683] Bluetooth: hci2: command 0x1001 tx timeout [ 1059.247730][T17349] Bluetooth: hci2: sending frame failed (-49) [ 1060.521739][ T7683] Bluetooth: hci0: command 0x1009 tx timeout [ 1061.321627][ T5] Bluetooth: hci2: command 0x1009 tx timeout 09:14:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5425, &(0x7f0000000080)) 09:14:28 executing program 0: r0 = socket$inet(0x2, 0x80007, 0x1000004) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e22, @multicast2}, 0xfffffffffffffe97) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:14:28 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x8000000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:28 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x300000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:28 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x4c000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1061.677386][T21235] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1061.701262][T21238] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1061.703990][T21235] CPU: 0 PID: 21235 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 09:14:28 executing program 0: r0 = socket$inet(0x2, 0x200000000004, 0x7) r1 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000200)={0x0, 0x81, 0x3, 0x6, 0xfff, 0x80000000, 0x2, 0x7ff, {0x0, @in6={{0xa, 0x4e21, 0x4, @remote, 0xffffffffffffffc1}}, 0x1f, 0x3, 0x80, 0x4, 0xffffffffffffffff}}, &(0x7f00000002c0)=0xb0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000000)={r2, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1061.715833][T21242] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1061.724349][T21235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1061.724355][T21235] Call Trace: [ 1061.724386][T21235] dump_stack+0x172/0x1f0 [ 1061.724418][T21235] warn_alloc.cold+0x87/0x17f [ 1061.748495][T21235] ? zone_watermark_ok_safe+0x260/0x260 [ 1061.748513][T21235] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1061.748551][T21235] __vmalloc_node_range+0x48a/0x790 [ 1061.748572][T21235] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1061.784840][T21235] ? kmem_cache_alloc_trace+0x354/0x760 [ 1061.790404][T21235] ? vb2_vmalloc_alloc+0xca/0x280 [ 1061.795444][T21235] vmalloc_user+0x6b/0x90 [ 1061.799783][T21235] ? vb2_vmalloc_alloc+0xca/0x280 [ 1061.805095][T21235] vb2_vmalloc_alloc+0xca/0x280 [ 1061.810037][T21235] ? __vb2_queue_alloc+0xf5/0xf40 [ 1061.815074][T21235] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1061.820895][T21235] __vb2_queue_alloc+0x5a6/0xf40 [ 1061.825871][T21235] vb2_core_create_bufs+0x2bc/0x790 [ 1061.831081][T21235] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1061.836459][T21235] ? __vb2_queue_alloc+0xf40/0xf40 [ 1061.841580][T21235] ? lock_acquire+0x16f/0x3f0 [ 1061.846271][T21235] ? __video_do_ioctl+0x398/0xce0 [ 1061.851327][T21235] ? __lock_acquire+0x548/0x3fb0 [ 1061.856292][T21235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1061.862553][T21235] vb2_create_bufs+0x472/0x7d0 [ 1061.867338][T21235] ? vb2_request_queue+0x120/0x120 [ 1061.872463][T21235] ? __lock_acquire+0x548/0x3fb0 [ 1061.877409][T21235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1061.883657][T21235] ? debug_smp_processor_id+0x3c/0x280 [ 1061.889137][T21235] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1061.894174][T21235] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1061.899735][T21235] v4l_create_bufs+0xc0/0x180 [ 1061.904429][T21235] __video_do_ioctl+0x7f1/0xce0 [ 1061.909334][T21235] ? v4l_s_fmt+0xab0/0xab0 [ 1061.913771][T21235] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1061.920157][T21235] ? _copy_from_user+0xdd/0x150 [ 1061.920179][T21235] video_usercopy+0x4c5/0x10d0 [ 1061.920198][T21235] ? v4l_s_fmt+0xab0/0xab0 [ 1061.934255][T21235] ? v4l_enumstd+0x70/0x70 [ 1061.938698][T21235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1061.945038][T21235] ? tomoyo_path_number_perm+0x263/0x520 [ 1061.950685][T21235] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1061.956516][T21235] ? video_usercopy+0x10d0/0x10d0 [ 1061.961556][T21235] video_ioctl2+0x2d/0x35 [ 1061.965984][T21235] v4l2_ioctl+0x156/0x1b0 [ 1061.966000][T21235] ? video_devdata+0xa0/0xa0 [ 1061.966025][T21235] do_vfs_ioctl+0xd6e/0x1390 [ 1061.979616][T21235] ? ioctl_preallocate+0x210/0x210 [ 1061.984742][T21235] ? __fget+0x381/0x550 [ 1061.988931][T21235] ? ksys_dup3+0x3e0/0x3e0 [ 1061.993354][T21235] ? nsecs_to_jiffies+0x30/0x30 [ 1061.993380][T21235] ? tomoyo_file_ioctl+0x23/0x30 [ 1061.993394][T21235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1061.993415][T21235] ? security_file_ioctl+0x93/0xc0 [ 1062.014665][T21235] ksys_ioctl+0xab/0xd0 [ 1062.018832][T21235] __x64_sys_ioctl+0x73/0xb0 [ 1062.018853][T21235] do_syscall_64+0x103/0x670 [ 1062.018877][T21235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1062.033978][T21235] RIP: 0033:0x458c29 [ 1062.037879][T21235] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1062.057486][T21235] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.057501][T21235] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1062.057510][T21235] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1062.057519][T21235] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1062.057527][T21235] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1062.057535][T21235] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1062.057955][T21238] CPU: 0 PID: 21238 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1062.098643][T21235] Mem-Info: [ 1062.106169][T21238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1062.106176][T21238] Call Trace: [ 1062.106200][T21238] dump_stack+0x172/0x1f0 [ 1062.106221][T21238] warn_alloc.cold+0x87/0x17f [ 1062.106237][T21238] ? zone_watermark_ok_safe+0x260/0x260 [ 1062.106253][T21238] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1062.106312][T21238] __vmalloc_node_range+0x48a/0x790 [ 1062.106328][T21238] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1062.106349][T21238] ? kmem_cache_alloc_trace+0x354/0x760 [ 1062.153786][T21235] active_anon:242944 inactive_anon:201 isolated_anon:0 [ 1062.153786][T21235] active_file:8202 inactive_file:40558 isolated_file:0 [ 1062.153786][T21235] unevictable:0 dirty:228 writeback:0 unstable:0 [ 1062.153786][T21235] slab_reclaimable:14070 slab_unreclaimable:104425 [ 1062.153786][T21235] mapped:58824 shmem:248 pagetables:6663 bounce:0 [ 1062.153786][T21235] free:1107797 free_pcp:378 free_cma:0 [ 1062.158124][T21238] ? vb2_vmalloc_alloc+0xca/0x280 [ 1062.158144][T21238] vmalloc_user+0x6b/0x90 [ 1062.158162][T21238] ? vb2_vmalloc_alloc+0xca/0x280 [ 1062.180076][T21235] Node 0 active_anon:971776kB inactive_anon:804kB active_file:32672kB inactive_file:162232kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:912kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 548864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1062.206933][T21238] vb2_vmalloc_alloc+0xca/0x280 [ 1062.206950][T21238] ? __vb2_queue_alloc+0xf5/0xf40 [ 1062.206968][T21238] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1062.206980][T21238] __vb2_queue_alloc+0x5a6/0xf40 [ 1062.207009][T21238] vb2_core_create_bufs+0x2bc/0x790 [ 1062.207027][T21238] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1062.207040][T21238] ? __vb2_queue_alloc+0xf40/0xf40 [ 1062.207056][T21238] ? lock_acquire+0x16f/0x3f0 [ 1062.207073][T21238] ? __video_do_ioctl+0x398/0xce0 [ 1062.207086][T21238] ? __lock_acquire+0x548/0x3fb0 [ 1062.207106][T21238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.207121][T21238] vb2_create_bufs+0x472/0x7d0 [ 1062.207139][T21238] ? vb2_request_queue+0x120/0x120 [ 1062.263888][T21235] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1062.266666][T21238] ? __lock_acquire+0x548/0x3fb0 [ 1062.266684][T21238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.266702][T21238] ? debug_smp_processor_id+0x3c/0x280 [ 1062.287941][T21235] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1062.292157][T21238] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1062.292176][T21238] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1062.292196][T21238] v4l_create_bufs+0xc0/0x180 [ 1062.292215][T21238] __video_do_ioctl+0x7f1/0xce0 [ 1062.292240][T21238] ? v4l_s_fmt+0xab0/0xab0 [ 1062.292282][T21238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1062.292296][T21238] ? _copy_from_user+0xdd/0x150 [ 1062.292316][T21238] video_usercopy+0x4c5/0x10d0 [ 1062.308586][T21235] lowmem_reserve[]: 0 2553 2555 2555 [ 1062.313278][T21238] ? v4l_s_fmt+0xab0/0xab0 [ 1062.313303][T21238] ? v4l_enumstd+0x70/0x70 [ 1062.313319][T21238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.313336][T21238] ? tomoyo_path_number_perm+0x263/0x520 [ 1062.313356][T21238] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1062.313387][T21238] ? video_usercopy+0x10d0/0x10d0 [ 1062.313407][T21238] video_ioctl2+0x2d/0x35 [ 1062.330269][T21235] Node 0 DMA32 free:625196kB min:36232kB low:45288kB high:54344kB active_anon:971776kB inactive_anon:804kB active_file:32672kB inactive_file:162232kB unevictable:0kB writepending:912kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14432kB pagetables:26652kB bounce:0kB free_pcp:1496kB local_pcp:596kB free_cma:0kB [ 1062.345029][T21238] v4l2_ioctl+0x156/0x1b0 [ 1062.345046][T21238] ? video_devdata+0xa0/0xa0 [ 1062.345066][T21238] do_vfs_ioctl+0xd6e/0x1390 [ 1062.345087][T21238] ? ioctl_preallocate+0x210/0x210 [ 1062.345103][T21238] ? __fget+0x381/0x550 [ 1062.345127][T21238] ? ksys_dup3+0x3e0/0x3e0 [ 1062.345144][T21238] ? nsecs_to_jiffies+0x30/0x30 [ 1062.345165][T21238] ? tomoyo_file_ioctl+0x23/0x30 [ 1062.345179][T21238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.345192][T21238] ? security_file_ioctl+0x93/0xc0 [ 1062.345211][T21238] ksys_ioctl+0xab/0xd0 [ 1062.379425][T21235] lowmem_reserve[]: 0 0 2 2 [ 1062.388872][T21238] __x64_sys_ioctl+0x73/0xb0 [ 1062.388892][T21238] do_syscall_64+0x103/0x670 [ 1062.388913][T21238] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1062.388924][T21238] RIP: 0033:0x458c29 [ 1062.388939][T21238] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1062.388953][T21238] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.420980][T21235] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1062.425133][T21238] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1062.425142][T21238] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1062.425150][T21238] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1062.425158][T21238] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1062.425167][T21238] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1062.435395][T21242] CPU: 0 PID: 21242 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1062.435404][T21242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1062.435409][T21242] Call Trace: [ 1062.435431][T21242] dump_stack+0x172/0x1f0 [ 1062.435454][T21242] warn_alloc.cold+0x87/0x17f [ 1062.435469][T21242] ? zone_watermark_ok_safe+0x260/0x260 [ 1062.435485][T21242] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1062.435524][T21242] __vmalloc_node_range+0x48a/0x790 [ 1062.435541][T21242] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1062.435560][T21242] ? kmem_cache_alloc_trace+0x354/0x760 [ 1062.435573][T21242] ? vb2_vmalloc_alloc+0xca/0x280 [ 1062.435591][T21242] vmalloc_user+0x6b/0x90 [ 1062.435606][T21242] ? vb2_vmalloc_alloc+0xca/0x280 [ 1062.435622][T21242] vb2_vmalloc_alloc+0xca/0x280 [ 1062.435632][T21242] ? __vb2_queue_alloc+0xf5/0xf40 [ 1062.435658][T21242] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1062.450373][T21235] lowmem_reserve[]: 0 0 0 0 [ 1062.450754][T21242] __vb2_queue_alloc+0x5a6/0xf40 [ 1062.456809][T21235] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1062.462229][T21242] vb2_core_create_bufs+0x2bc/0x790 [ 1062.462263][T21242] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1062.462278][T21242] ? __vb2_queue_alloc+0xf40/0xf40 [ 1062.462294][T21242] ? lock_acquire+0x16f/0x3f0 [ 1062.462310][T21242] ? __video_do_ioctl+0x398/0xce0 [ 1062.462323][T21242] ? __lock_acquire+0x548/0x3fb0 [ 1062.462346][T21242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.462366][T21242] vb2_create_bufs+0x472/0x7d0 [ 1062.471963][T21235] lowmem_reserve[]: 0 0 0 0 [ 1062.502430][T21242] ? vb2_request_queue+0x120/0x120 [ 1062.502448][T21242] ? __lock_acquire+0x548/0x3fb0 [ 1062.502467][T21242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.502480][T21242] ? debug_smp_processor_id+0x3c/0x280 [ 1062.502499][T21242] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1062.502515][T21242] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1062.502534][T21242] v4l_create_bufs+0xc0/0x180 [ 1062.502551][T21242] __video_do_ioctl+0x7f1/0xce0 [ 1062.502574][T21242] ? v4l_s_fmt+0xab0/0xab0 [ 1062.502595][T21242] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1062.502609][T21242] ? _copy_from_user+0xdd/0x150 [ 1062.502629][T21242] video_usercopy+0x4c5/0x10d0 [ 1062.513821][T21235] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1062.516686][T21242] ? v4l_s_fmt+0xab0/0xab0 [ 1062.516707][T21242] ? v4l_enumstd+0x70/0x70 [ 1062.516727][T21242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.524913][T21235] Node 0 DMA32: 9*4kB (UME) 68*8kB (UME) 74*16kB (UE) 651*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 130*4096kB (UM) = 624964kB [ 1062.526006][T21242] ? tomoyo_path_number_perm+0x263/0x520 [ 1062.526028][T21242] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1062.526059][T21242] ? video_usercopy+0x10d0/0x10d0 [ 1062.535311][T21235] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1062.536733][T21242] video_ioctl2+0x2d/0x35 [ 1062.536752][T21242] v4l2_ioctl+0x156/0x1b0 [ 1062.536764][T21242] ? video_devdata+0xa0/0xa0 [ 1062.536784][T21242] do_vfs_ioctl+0xd6e/0x1390 [ 1062.544206][T21235] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1062.547986][T21242] ? ioctl_preallocate+0x210/0x210 [ 1062.548003][T21242] ? __fget+0x381/0x550 [ 1062.548025][T21242] ? ksys_dup3+0x3e0/0x3e0 [ 1062.555617][T21235] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1062.557278][T21242] ? nsecs_to_jiffies+0x30/0x30 [ 1062.557304][T21242] ? tomoyo_file_ioctl+0x23/0x30 [ 1062.557324][T21242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.564345][T21235] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1062.566483][T21242] ? security_file_ioctl+0x93/0xc0 [ 1062.566506][T21242] ksys_ioctl+0xab/0xd0 [ 1062.566530][T21242] __x64_sys_ioctl+0x73/0xb0 [ 1062.571251][T21235] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1062.576996][T21242] do_syscall_64+0x103/0x670 [ 1062.577017][T21242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1062.577029][T21242] RIP: 0033:0x458c29 [ 1062.577046][T21242] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1062.577054][T21242] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.577067][T21242] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1062.577076][T21242] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1062.577084][T21242] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1062.577093][T21242] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1062.577102][T21242] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1062.628532][T21235] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1062.658864][T21235] 49024 total pagecache pages [ 1062.680711][T21235] 0 pages in swap cache [ 1062.712419][T21235] Swap cache stats: add 0, delete 0, find 0/0 [ 1063.218800][T21235] Free swap = 0kB [ 1063.223363][T21235] Total swap = 0kB [ 1063.227121][T21235] 1965979 pages RAM [ 1063.231137][T21235] 0 pages HighMem/MovableOnly [ 1063.236438][T21235] 339405 pages reserved [ 1063.240625][T21235] 0 pages cma reserved [ 1064.121592][ T7678] Bluetooth: hci1: command 0x1003 tx timeout [ 1064.127902][T17349] Bluetooth: hci1: sending frame failed (-49) 09:14:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x100000000000000) 09:14:32 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x1, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000240)) 09:14:32 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x60000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:32 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xfecaedfe00000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:32 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x400000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1065.525381][T21269] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1065.562798][T21275] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1065.570934][T21269] CPU: 0 PID: 21269 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1065.579250][T21267] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1065.585870][T21269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1065.585877][T21269] Call Trace: [ 1065.585906][T21269] dump_stack+0x172/0x1f0 [ 1065.585927][T21269] warn_alloc.cold+0x87/0x17f [ 1065.585949][T21269] ? zone_watermark_ok_safe+0x260/0x260 [ 1065.627669][T21269] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1065.633329][T21269] __vmalloc_node_range+0x48a/0x790 [ 1065.638529][T21269] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1065.643563][T21269] ? kmem_cache_alloc_trace+0x354/0x760 [ 1065.649136][T21269] ? vb2_vmalloc_alloc+0xca/0x280 [ 1065.654254][T21269] vmalloc_user+0x6b/0x90 [ 1065.658603][T21269] ? vb2_vmalloc_alloc+0xca/0x280 [ 1065.663625][T21269] vb2_vmalloc_alloc+0xca/0x280 [ 1065.668473][T21269] ? __vb2_queue_alloc+0xf5/0xf40 [ 1065.673498][T21269] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1065.679302][T21269] __vb2_queue_alloc+0x5a6/0xf40 [ 1065.684261][T21269] vb2_core_create_bufs+0x2bc/0x790 [ 1065.689464][T21269] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1065.696330][T21269] ? __vb2_queue_alloc+0xf40/0xf40 [ 1065.702141][T21269] ? lock_acquire+0x16f/0x3f0 [ 1065.706821][T21269] ? __video_do_ioctl+0x398/0xce0 [ 1065.711844][T21269] ? __lock_acquire+0x548/0x3fb0 [ 1065.716784][T21269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1065.723023][T21269] vb2_create_bufs+0x472/0x7d0 [ 1065.727795][T21269] ? vb2_request_queue+0x120/0x120 [ 1065.732902][T21269] ? __lock_acquire+0x548/0x3fb0 [ 1065.737840][T21269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1065.744111][T21269] ? debug_smp_processor_id+0x3c/0x280 [ 1065.749576][T21269] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1065.755044][T21269] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1065.760588][T21269] v4l_create_bufs+0xc0/0x180 [ 1065.765352][T21269] __video_do_ioctl+0x7f1/0xce0 [ 1065.770207][T21269] ? v4l_s_fmt+0xab0/0xab0 [ 1065.774864][T21269] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1065.781221][T21269] ? _copy_from_user+0xdd/0x150 [ 1065.786098][T21269] video_usercopy+0x4c5/0x10d0 [ 1065.790859][T21269] ? v4l_s_fmt+0xab0/0xab0 [ 1065.795280][T21269] ? v4l_enumstd+0x70/0x70 [ 1065.799697][T21269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1065.806024][T21269] ? tomoyo_path_number_perm+0x263/0x520 [ 1065.811687][T21269] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1065.817510][T21269] ? video_usercopy+0x10d0/0x10d0 [ 1065.822535][T21269] video_ioctl2+0x2d/0x35 [ 1065.826862][T21269] v4l2_ioctl+0x156/0x1b0 [ 1065.831203][T21269] ? video_devdata+0xa0/0xa0 [ 1065.835794][T21269] do_vfs_ioctl+0xd6e/0x1390 [ 1065.840386][T21269] ? ioctl_preallocate+0x210/0x210 [ 1065.845495][T21269] ? __fget+0x381/0x550 [ 1065.849657][T21269] ? ksys_dup3+0x3e0/0x3e0 [ 1065.854073][T21269] ? nsecs_to_jiffies+0x30/0x30 [ 1065.858928][T21269] ? tomoyo_file_ioctl+0x23/0x30 [ 1065.863868][T21269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1065.870117][T21269] ? security_file_ioctl+0x93/0xc0 [ 1065.875234][T21269] ksys_ioctl+0xab/0xd0 [ 1065.879394][T21269] __x64_sys_ioctl+0x73/0xb0 [ 1065.883989][T21269] do_syscall_64+0x103/0x670 [ 1065.888590][T21269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1065.894475][T21269] RIP: 0033:0x458c29 [ 1065.898367][T21269] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1065.917966][T21269] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1065.926375][T21269] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1065.934344][T21269] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1065.942308][T21269] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1065.950282][T21269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1065.958250][T21269] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1065.966243][T21267] CPU: 1 PID: 21267 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1065.975358][T21267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1065.982588][T21269] warn_alloc_show_mem: 2 callbacks suppressed [ 1065.982593][T21269] Mem-Info: [ 1065.985432][T21267] Call Trace: [ 1065.985457][T21267] dump_stack+0x172/0x1f0 [ 1065.985478][T21267] warn_alloc.cold+0x87/0x17f [ 1065.985499][T21267] ? zone_watermark_ok_safe+0x260/0x260 [ 1065.991811][T21269] active_anon:244007 inactive_anon:201 isolated_anon:0 [ 1065.991811][T21269] active_file:8204 inactive_file:40579 isolated_file:0 [ 1065.991811][T21269] unevictable:0 dirty:257 writeback:0 unstable:0 [ 1065.991811][T21269] slab_reclaimable:14078 slab_unreclaimable:104672 [ 1065.991811][T21269] mapped:58824 shmem:248 pagetables:6716 bounce:0 [ 1065.991811][T21269] free:1106287 free_pcp:474 free_cma:0 [ 1065.994694][T21267] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1065.994733][T21267] __vmalloc_node_range+0x48a/0x790 [ 1065.994753][T21267] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1065.998128][T21269] Node 0 active_anon:976028kB inactive_anon:804kB active_file:32680kB inactive_file:162316kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:1028kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 552960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1066.002329][T21267] ? kmem_cache_alloc_trace+0x354/0x760 [ 1066.002345][T21267] ? vb2_vmalloc_alloc+0xca/0x280 [ 1066.002361][T21267] vmalloc_user+0x6b/0x90 [ 1066.002377][T21267] ? vb2_vmalloc_alloc+0xca/0x280 [ 1066.002394][T21267] vb2_vmalloc_alloc+0xca/0x280 [ 1066.002404][T21267] ? __vb2_queue_alloc+0xf5/0xf40 [ 1066.002423][T21267] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1066.007173][T21269] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1066.012597][T21267] __vb2_queue_alloc+0x5a6/0xf40 [ 1066.012631][T21267] vb2_core_create_bufs+0x2bc/0x790 [ 1066.012650][T21267] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1066.012663][T21267] ? __vb2_queue_alloc+0xf40/0xf40 [ 1066.012680][T21267] ? lock_acquire+0x16f/0x3f0 [ 1066.012698][T21267] ? __video_do_ioctl+0x398/0xce0 [ 1066.012715][T21267] ? __lock_acquire+0x548/0x3fb0 [ 1066.051366][T21269] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1066.056324][T21267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.056345][T21267] vb2_create_bufs+0x472/0x7d0 [ 1066.056365][T21267] ? vb2_request_queue+0x120/0x120 [ 1066.056381][T21267] ? __lock_acquire+0x548/0x3fb0 [ 1066.056396][T21267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.056415][T21267] ? debug_smp_processor_id+0x3c/0x280 [ 1066.061739][T21269] lowmem_reserve[]: 0 2553 2555 2555 [ 1066.066603][T21267] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1066.066621][T21267] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1066.066641][T21267] v4l_create_bufs+0xc0/0x180 [ 1066.066661][T21267] __video_do_ioctl+0x7f1/0xce0 [ 1066.157881][T21267] ? v4l_s_fmt+0xab0/0xab0 [ 1066.157904][T21267] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1066.157924][T21267] ? _copy_from_user+0xdd/0x150 [ 1066.157944][T21267] video_usercopy+0x4c5/0x10d0 [ 1066.157958][T21267] ? v4l_s_fmt+0xab0/0xab0 [ 1066.157980][T21267] ? v4l_enumstd+0x70/0x70 [ 1066.157999][T21267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.188226][T21267] ? tomoyo_path_number_perm+0x263/0x520 [ 1066.188248][T21267] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1066.188280][T21267] ? video_usercopy+0x10d0/0x10d0 [ 1066.196578][T21269] Node 0 DMA32 free:621516kB min:36232kB low:45288kB high:54344kB active_anon:973892kB inactive_anon:804kB active_file:32680kB inactive_file:162316kB unevictable:0kB writepending:1028kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14336kB pagetables:26716kB bounce:0kB free_pcp:1892kB local_pcp:1344kB free_cma:0kB [ 1066.219994][T21267] video_ioctl2+0x2d/0x35 [ 1066.220019][T21267] v4l2_ioctl+0x156/0x1b0 [ 1066.220032][T21267] ? video_devdata+0xa0/0xa0 [ 1066.220052][T21267] do_vfs_ioctl+0xd6e/0x1390 [ 1066.220072][T21267] ? ioctl_preallocate+0x210/0x210 [ 1066.220089][T21267] ? __fget+0x381/0x550 [ 1066.220111][T21267] ? ksys_dup3+0x3e0/0x3e0 [ 1066.265811][T21269] lowmem_reserve[]: 0 0 2 2 [ 1066.268942][T21267] ? nsecs_to_jiffies+0x30/0x30 [ 1066.268967][T21267] ? tomoyo_file_ioctl+0x23/0x30 [ 1066.268985][T21267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.282552][T21269] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1066.282883][T21267] ? security_file_ioctl+0x93/0xc0 [ 1066.282910][T21267] ksys_ioctl+0xab/0xd0 [ 1066.303197][T21269] lowmem_reserve[]: 0 0 0 0 [ 1066.307527][T21267] __x64_sys_ioctl+0x73/0xb0 [ 1066.307547][T21267] do_syscall_64+0x103/0x670 [ 1066.307566][T21267] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1066.307581][T21267] RIP: 0033:0x458c29 [ 1066.472448][T21267] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1066.492036][T21267] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1066.500424][T21267] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1066.508370][T21267] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1066.516317][T21267] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 09:14:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf00000000000000) [ 1066.524283][T21267] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1066.533414][T21267] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1066.548382][ T7683] Bluetooth: hci1: command 0x1001 tx timeout [ 1066.558776][T21269] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1066.564766][T21286] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1066.601645][T21275] CPU: 1 PID: 21275 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1066.610753][T21275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1066.610760][T21275] Call Trace: [ 1066.610782][T21275] dump_stack+0x172/0x1f0 [ 1066.610802][T21275] warn_alloc.cold+0x87/0x17f [ 1066.610817][T21275] ? zone_watermark_ok_safe+0x260/0x260 [ 1066.610837][T21275] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1066.621095][T21269] lowmem_reserve[]: 0 0 0 0 [ 1066.624176][T21275] __vmalloc_node_range+0x48a/0x790 [ 1066.624193][T21275] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1066.624208][T21275] ? kmem_cache_alloc_trace+0x354/0x760 [ 1066.624223][T21275] ? vb2_vmalloc_alloc+0xca/0x280 [ 1066.628755][T21269] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1066.633189][T21275] vmalloc_user+0x6b/0x90 [ 1066.633205][T21275] ? vb2_vmalloc_alloc+0xca/0x280 [ 1066.633218][T21275] vb2_vmalloc_alloc+0xca/0x280 [ 1066.633228][T21275] ? __vb2_queue_alloc+0xf5/0xf40 [ 1066.633244][T21275] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1066.633255][T21275] __vb2_queue_alloc+0x5a6/0xf40 [ 1066.633281][T21275] vb2_core_create_bufs+0x2bc/0x790 [ 1066.644432][T21275] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1066.644447][T21275] ? __vb2_queue_alloc+0xf40/0xf40 [ 1066.644459][T21275] ? lock_acquire+0x16f/0x3f0 [ 1066.644478][T21275] ? __video_do_ioctl+0x398/0xce0 [ 1066.649306][T21269] Node 0 DMA32: 24*4kB (UE) 71*8kB (UME) 42*16kB (E) 592*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 129*4096kB (UM) = 618552kB [ 1066.654125][T21275] ? __lock_acquire+0x548/0x3fb0 [ 1066.654148][T21275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.654167][T21275] vb2_create_bufs+0x472/0x7d0 [ 1066.654184][T21275] ? vb2_request_queue+0x120/0x120 [ 1066.654198][T21275] ? __lock_acquire+0x548/0x3fb0 [ 1066.654215][T21275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.654236][T21275] ? debug_smp_processor_id+0x3c/0x280 [ 1066.684005][T21275] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1066.684020][T21275] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1066.684037][T21275] v4l_create_bufs+0xc0/0x180 [ 1066.684052][T21275] __video_do_ioctl+0x7f1/0xce0 [ 1066.684074][T21275] ? v4l_s_fmt+0xab0/0xab0 [ 1066.684091][T21275] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1066.684102][T21275] ? _copy_from_user+0xdd/0x150 [ 1066.684118][T21275] video_usercopy+0x4c5/0x10d0 [ 1066.684132][T21275] ? v4l_s_fmt+0xab0/0xab0 [ 1066.684152][T21275] ? v4l_enumstd+0x70/0x70 [ 1066.690400][T21269] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1066.693489][T21275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.693506][T21275] ? tomoyo_path_number_perm+0x263/0x520 [ 1066.693523][T21275] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1066.693537][T21275] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1066.693551][T21275] ? retint_kernel+0x2b/0x2b [ 1066.693576][T21275] ? video_usercopy+0x10d0/0x10d0 [ 1066.693592][T21275] video_ioctl2+0x2d/0x35 [ 1066.713326][T21269] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1066.714129][T21275] v4l2_ioctl+0x156/0x1b0 [ 1066.714145][T21275] ? video_devdata+0xa0/0xa0 [ 1066.719378][T21269] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1066.724700][T21275] do_vfs_ioctl+0xd6e/0x1390 [ 1066.724719][T21275] ? ioctl_preallocate+0x210/0x210 [ 1066.724733][T21275] ? __fget+0x381/0x550 [ 1066.724753][T21275] ? ksys_dup3+0x3e0/0x3e0 [ 1066.724769][T21275] ? nsecs_to_jiffies+0x30/0x30 [ 1066.724790][T21275] ? tomoyo_file_ioctl+0x23/0x30 [ 1066.724806][T21275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.724823][T21275] ? security_file_ioctl+0x93/0xc0 [ 1066.757618][T21275] ksys_ioctl+0xab/0xd0 [ 1066.757636][T21275] __x64_sys_ioctl+0x73/0xb0 [ 1066.757653][T21275] do_syscall_64+0x103/0x670 [ 1066.757671][T21275] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1066.757681][T21275] RIP: 0033:0x458c29 [ 1066.757693][T21275] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1066.757701][T21275] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1066.757712][T21275] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1066.757719][T21275] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1066.757726][T21275] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1066.757733][T21275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1066.757738][T21275] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1066.758720][T17400] Bluetooth: hci1: sending frame failed (-49) [ 1066.769020][T21286] CPU: 0 PID: 21286 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1066.771300][T21269] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1066.773832][T21286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1066.773837][T21286] Call Trace: [ 1066.773854][T21286] dump_stack+0x172/0x1f0 [ 1066.773873][T21286] warn_alloc.cold+0x87/0x17f [ 1066.773887][T21286] ? zone_watermark_ok_safe+0x260/0x260 [ 1066.773900][T21286] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1066.773931][T21286] __vmalloc_node_range+0x48a/0x790 [ 1066.773946][T21286] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1066.773963][T21286] ? kmem_cache_alloc_trace+0x354/0x760 [ 1066.773983][T21286] ? vb2_vmalloc_alloc+0xca/0x280 [ 1066.773998][T21286] vmalloc_user+0x6b/0x90 [ 1066.774010][T21286] ? vb2_vmalloc_alloc+0xca/0x280 [ 1066.774022][T21286] vb2_vmalloc_alloc+0xca/0x280 [ 1066.774035][T21286] ? __vb2_queue_alloc+0xf5/0xf40 [ 1066.781702][T21269] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1066.784040][T21286] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1066.784056][T21286] __vb2_queue_alloc+0x5a6/0xf40 [ 1066.797446][T21269] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1066.800730][T21286] vb2_core_create_bufs+0x2bc/0x790 [ 1066.806397][T21269] 49043 total pagecache pages [ 1066.810895][T21286] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1066.810908][T21286] ? __vb2_queue_alloc+0xf40/0xf40 [ 1066.810925][T21286] ? lock_acquire+0x16f/0x3f0 [ 1066.815904][T21269] 0 pages in swap cache [ 1066.820146][T21286] ? __video_do_ioctl+0x398/0xce0 [ 1066.820158][T21286] ? __lock_acquire+0x548/0x3fb0 [ 1066.820180][T21286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.826574][T21269] Swap cache stats: add 0, delete 0, find 0/0 [ 1066.831255][T21286] vb2_create_bufs+0x472/0x7d0 [ 1066.831276][T21286] ? vb2_request_queue+0x120/0x120 [ 1066.836150][T21269] Free swap = 0kB [ 1066.840408][T21286] ? __lock_acquire+0x548/0x3fb0 [ 1066.840424][T21286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.840441][T21286] ? debug_smp_processor_id+0x3c/0x280 [ 1066.844987][T21269] Total swap = 0kB [ 1066.857043][T21286] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1066.857060][T21286] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1066.857075][T21286] v4l_create_bufs+0xc0/0x180 [ 1066.857092][T21286] __video_do_ioctl+0x7f1/0xce0 [ 1066.863452][T21269] 1965979 pages RAM [ 1066.868935][T21286] ? v4l_s_fmt+0xab0/0xab0 [ 1066.868956][T21286] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1066.874874][T21269] 0 pages HighMem/MovableOnly [ 1066.880007][T21286] ? _copy_from_user+0xdd/0x150 [ 1066.880033][T21286] video_usercopy+0x4c5/0x10d0 [ 1066.884816][T21269] 339405 pages reserved [ 1066.889684][T21286] ? v4l_s_fmt+0xab0/0xab0 [ 1066.889711][T21286] ? v4l_enumstd+0x70/0x70 [ 1066.894153][T21269] 0 pages cma reserved [ 1066.911169][T21286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.911187][T21286] ? tomoyo_path_number_perm+0x263/0x520 [ 1066.911206][T21286] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1066.911237][T21286] ? video_usercopy+0x10d0/0x10d0 [ 1066.920122][T21286] video_ioctl2+0x2d/0x35 [ 1066.920138][T21286] v4l2_ioctl+0x156/0x1b0 [ 1066.920155][T21286] ? video_devdata+0xa0/0xa0 [ 1066.939638][T21286] do_vfs_ioctl+0xd6e/0x1390 [ 1066.953034][T21286] ? ioctl_preallocate+0x210/0x210 [ 1066.953051][T21286] ? __fget+0x381/0x550 [ 1066.953072][T21286] ? ksys_dup3+0x3e0/0x3e0 [ 1066.953092][T21286] ? nsecs_to_jiffies+0x30/0x30 [ 1066.964339][T21286] ? tomoyo_file_ioctl+0x23/0x30 [ 1066.964358][T21286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.964377][T21286] ? security_file_ioctl+0x93/0xc0 [ 1066.973609][T21286] ksys_ioctl+0xab/0xd0 [ 1066.973630][T21286] __x64_sys_ioctl+0x73/0xb0 [ 1066.973651][T21286] do_syscall_64+0x103/0x670 [ 1066.982797][T21286] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1066.982810][T21286] RIP: 0033:0x458c29 [ 1066.982825][T21286] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1066.982833][T21286] RSP: 002b:00007fa60ca51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1066.982847][T21286] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1066.982864][T21286] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1067.355496][T21286] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1067.355505][T21286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca526d4 [ 1067.355513][T21286] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1067.358261][T21286] warn_alloc_show_mem: 2 callbacks suppressed [ 1067.358265][T21286] Mem-Info: [ 1067.388306][T21286] active_anon:244081 inactive_anon:199 isolated_anon:0 [ 1067.388306][T21286] active_file:8204 inactive_file:40592 isolated_file:0 [ 1067.388306][T21286] unevictable:0 dirty:109 writeback:0 unstable:0 [ 1067.388306][T21286] slab_reclaimable:14098 slab_unreclaimable:104888 [ 1067.388306][T21286] mapped:58849 shmem:248 pagetables:6773 bounce:0 [ 1067.388306][T21286] free:1106016 free_pcp:392 free_cma:0 [ 1067.401802][T21286] Node 0 active_anon:976196kB inactive_anon:804kB active_file:32680kB inactive_file:162388kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:404kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1067.411308][T21286] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1067.421684][T21286] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1067.429400][T21286] lowmem_reserve[]: 0 2553 2555 2555 [ 1067.642665][T21286] Node 0 DMA32 free:617944kB min:36232kB low:45288kB high:54344kB active_anon:976196kB inactive_anon:804kB active_file:32680kB inactive_file:162388kB unevictable:0kB writepending:404kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14368kB pagetables:27040kB bounce:0kB free_pcp:1740kB local_pcp:620kB free_cma:0kB [ 1067.673833][T21286] lowmem_reserve[]: 0 0 2 2 [ 1067.678358][T21286] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1067.705124][T21286] lowmem_reserve[]: 0 0 0 0 [ 1067.709642][T21286] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1067.738173][T21286] lowmem_reserve[]: 0 0 0 0 [ 1067.742798][T21286] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1067.758930][T21286] Node 0 DMA32: 24*4kB (UME) 136*8kB (UME) 45*16kB (UE) 555*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 129*4096kB (UM) = 617936kB [ 1067.778066][T21286] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1067.790496][T21286] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1067.807823][T21286] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1067.817442][T21286] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1067.826894][T21286] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1067.836537][T21286] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1067.845938][T21286] 49049 total pagecache pages [ 1067.850611][T21286] 0 pages in swap cache [ 1067.854840][T21286] Swap cache stats: add 0, delete 0, find 0/0 [ 1067.860929][T21286] Free swap = 0kB [ 1067.864734][T21286] Total swap = 0kB [ 1067.868458][T21286] 1965979 pages RAM [ 1067.872322][T21286] 0 pages HighMem/MovableOnly [ 1067.876993][T21286] 339405 pages reserved [ 1067.881146][T21286] 0 pages cma reserved [ 1068.841876][ T7678] Bluetooth: hci0: command 0x1003 tx timeout [ 1068.847992][ T7678] Bluetooth: hci1: command 0x1009 tx timeout [ 1068.848078][T17349] Bluetooth: hci0: sending frame failed (-49) [ 1069.481668][ T7678] Bluetooth: hci2: command 0x1003 tx timeout [ 1069.487853][T17349] Bluetooth: hci2: sending frame failed (-49) [ 1070.921629][ T12] Bluetooth: hci0: command 0x1001 tx timeout [ 1070.927747][T17349] Bluetooth: hci0: sending frame failed (-49) [ 1071.561717][ T12] Bluetooth: hci2: command 0x1001 tx timeout [ 1071.567859][T17349] Bluetooth: hci2: sending frame failed (-49) 09:14:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5427, &(0x7f0000000080)) 09:14:39 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) setsockopt$inet_dccp_int(r0, 0x21, 0x4, &(0x7f0000000240)=0x1, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x10001, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r1, 0x5380) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r2 = dup2(r0, r0) ioctl$KVM_PPC_GET_PVINFO(r2, 0x4080aea1, &(0x7f0000000200)=""/59) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:14:39 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x68000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:39 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x500000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:39 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xffffffff00000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1072.564593][T21301] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1072.580595][T21296] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1072.593418][T21304] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1072.623131][T21301] CPU: 0 PID: 21301 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1072.632286][T21301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1072.642344][T21301] Call Trace: [ 1072.645649][T21301] dump_stack+0x172/0x1f0 [ 1072.650016][T21301] warn_alloc.cold+0x87/0x17f [ 1072.654699][T21301] ? zone_watermark_ok_safe+0x260/0x260 [ 1072.660249][T21301] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1072.665910][T21301] __vmalloc_node_range+0x48a/0x790 [ 1072.671114][T21301] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1072.676150][T21301] ? kmem_cache_alloc_trace+0x354/0x760 [ 1072.681692][T21301] ? vb2_vmalloc_alloc+0xca/0x280 [ 1072.686723][T21301] vmalloc_user+0x6b/0x90 [ 1072.691084][T21301] ? vb2_vmalloc_alloc+0xca/0x280 [ 1072.696117][T21301] vb2_vmalloc_alloc+0xca/0x280 [ 1072.700983][T21301] ? __vb2_queue_alloc+0xf5/0xf40 [ 1072.706016][T21301] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1072.711818][T21301] __vb2_queue_alloc+0x5a6/0xf40 [ 1072.716776][T21301] vb2_core_create_bufs+0x2bc/0x790 [ 1072.721975][T21301] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1072.727348][T21301] ? __vb2_queue_alloc+0xf40/0xf40 [ 1072.732456][T21301] ? lock_acquire+0x16f/0x3f0 [ 1072.737130][T21301] ? __video_do_ioctl+0x398/0xce0 [ 1072.742150][T21301] ? __lock_acquire+0x548/0x3fb0 [ 1072.747112][T21301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1072.753357][T21301] vb2_create_bufs+0x472/0x7d0 [ 1072.758123][T21301] ? vb2_request_queue+0x120/0x120 [ 1072.763235][T21301] ? __lock_acquire+0x548/0x3fb0 [ 1072.768168][T21301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1072.774405][T21301] ? debug_smp_processor_id+0x3c/0x280 [ 1072.779872][T21301] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1072.784900][T21301] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1072.790447][T21301] v4l_create_bufs+0xc0/0x180 [ 1072.795139][T21301] __video_do_ioctl+0x7f1/0xce0 [ 1072.800004][T21301] ? v4l_s_fmt+0xab0/0xab0 [ 1072.804431][T21301] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1072.810669][T21301] ? _copy_from_user+0xdd/0x150 [ 1072.815527][T21301] video_usercopy+0x4c5/0x10d0 [ 1072.820620][T21301] ? v4l_s_fmt+0xab0/0xab0 [ 1072.825055][T21301] ? v4l_enumstd+0x70/0x70 [ 1072.829470][T21301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1072.835708][T21301] ? tomoyo_path_number_perm+0x263/0x520 [ 1072.841342][T21301] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1072.847163][T21301] ? video_usercopy+0x10d0/0x10d0 [ 1072.852184][T21301] video_ioctl2+0x2d/0x35 [ 1072.856513][T21301] v4l2_ioctl+0x156/0x1b0 [ 1072.860856][T21301] ? video_devdata+0xa0/0xa0 [ 1072.865536][T21301] do_vfs_ioctl+0xd6e/0x1390 [ 1072.870131][T21301] ? ioctl_preallocate+0x210/0x210 [ 1072.875242][T21301] ? __fget+0x381/0x550 [ 1072.879403][T21301] ? ksys_dup3+0x3e0/0x3e0 [ 1072.883812][T21301] ? nsecs_to_jiffies+0x30/0x30 [ 1072.888668][T21301] ? tomoyo_file_ioctl+0x23/0x30 [ 1072.893614][T21301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1072.899857][T21301] ? security_file_ioctl+0x93/0xc0 [ 1072.904971][T21301] ksys_ioctl+0xab/0xd0 [ 1072.909170][T21301] __x64_sys_ioctl+0x73/0xb0 [ 1072.913763][T21301] do_syscall_64+0x103/0x670 [ 1072.918353][T21301] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1072.924239][T21301] RIP: 0033:0x458c29 [ 1072.928131][T21301] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1072.947749][T21301] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1072.956157][T21301] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1072.964159][T21301] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1072.972140][T21301] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1072.980117][T21301] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1072.988082][T21301] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1072.996159][T21296] CPU: 1 PID: 21296 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1073.005269][T21296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1073.015327][T21296] Call Trace: [ 1073.018628][T21296] dump_stack+0x172/0x1f0 [ 1073.022962][T21296] warn_alloc.cold+0x87/0x17f [ 1073.027644][T21296] ? zone_watermark_ok_safe+0x260/0x260 [ 1073.033189][T21296] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1073.038843][T21296] __vmalloc_node_range+0x48a/0x790 [ 1073.044042][T21296] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1073.049078][T21296] ? kmem_cache_alloc_trace+0x354/0x760 [ 1073.054631][T21296] ? vb2_vmalloc_alloc+0xca/0x280 [ 1073.059750][T21296] vmalloc_user+0x6b/0x90 [ 1073.064079][T21296] ? vb2_vmalloc_alloc+0xca/0x280 [ 1073.069194][T21296] vb2_vmalloc_alloc+0xca/0x280 [ 1073.074039][T21296] ? __vb2_queue_alloc+0xf5/0xf40 [ 1073.079064][T21296] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1073.084881][T21296] __vb2_queue_alloc+0x5a6/0xf40 [ 1073.089832][T21296] vb2_core_create_bufs+0x2bc/0x790 [ 1073.095040][T21296] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1073.100411][T21296] ? __vb2_queue_alloc+0xf40/0xf40 [ 1073.105521][T21296] ? lock_acquire+0x16f/0x3f0 [ 1073.110198][T21296] ? __video_do_ioctl+0x398/0xce0 [ 1073.115219][T21296] ? __lock_acquire+0x548/0x3fb0 [ 1073.120164][T21296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.126419][T21296] vb2_create_bufs+0x472/0x7d0 [ 1073.131197][T21296] ? vb2_request_queue+0x120/0x120 [ 1073.136404][T21296] ? __lock_acquire+0x548/0x3fb0 [ 1073.141350][T21296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.147614][T21296] ? debug_smp_processor_id+0x3c/0x280 [ 1073.153103][T21296] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1073.158134][T21296] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 09:14:39 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0x400, 0x8000) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000280)={{0xaf, @multicast2, 0x4e21, 0x1, 'ovf\x00', 0x10, 0x7, 0x42}, {@empty, 0x4e21, 0x10004, 0x100, 0x200, 0x7f}}, 0x44) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000240)={r0, r2}) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000300)={{0x40, 0x7, 0x400}, 'syz1\x00', 0x1b}) prctl$PR_CAPBSET_READ(0x17, 0x21) [ 1073.163688][T21296] v4l_create_bufs+0xc0/0x180 [ 1073.168380][T21296] __video_do_ioctl+0x7f1/0xce0 [ 1073.173245][T21296] ? v4l_s_fmt+0xab0/0xab0 [ 1073.177700][T21296] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1073.183950][T21296] ? _copy_from_user+0xdd/0x150 [ 1073.188818][T21296] video_usercopy+0x4c5/0x10d0 [ 1073.193607][T21296] ? v4l_s_fmt+0xab0/0xab0 [ 1073.198033][T21296] ? v4l_enumstd+0x70/0x70 [ 1073.202455][T21296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.208710][T21296] ? tomoyo_path_number_perm+0x263/0x520 [ 1073.214348][T21296] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1073.220171][T21296] ? video_usercopy+0x10d0/0x10d0 [ 1073.225198][T21296] video_ioctl2+0x2d/0x35 [ 1073.229529][T21296] v4l2_ioctl+0x156/0x1b0 [ 1073.233878][T21296] ? video_devdata+0xa0/0xa0 [ 1073.238479][T21296] do_vfs_ioctl+0xd6e/0x1390 [ 1073.243078][T21296] ? ioctl_preallocate+0x210/0x210 [ 1073.249055][T21296] ? __fget+0x381/0x550 [ 1073.253222][T21296] ? ksys_dup3+0x3e0/0x3e0 [ 1073.257650][T21296] ? nsecs_to_jiffies+0x30/0x30 [ 1073.262518][T21296] ? tomoyo_file_ioctl+0x23/0x30 [ 1073.267476][T21296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.273717][T21296] ? security_file_ioctl+0x93/0xc0 [ 1073.278835][T21296] ksys_ioctl+0xab/0xd0 [ 1073.282999][T21296] __x64_sys_ioctl+0x73/0xb0 [ 1073.287598][T21296] do_syscall_64+0x103/0x670 [ 1073.292195][T21296] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1073.298078][T21296] RIP: 0033:0x458c29 [ 1073.301978][T21296] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1073.321591][T21296] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1073.330006][T21296] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1073.338003][T21296] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1073.341032][T21317] IPVS: set_ctl: invalid protocol: 175 224.0.0.2:20001 [ 1073.345967][T21296] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1073.345975][T21296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1073.345982][T21296] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1073.351566][T21301] Mem-Info: [ 1073.358573][T21304] CPU: 0 PID: 21304 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1073.360917][T21301] active_anon:246134 inactive_anon:201 isolated_anon:0 [ 1073.360917][T21301] active_file:8207 inactive_file:40611 isolated_file:0 [ 1073.360917][T21301] unevictable:0 dirty:117 writeback:0 unstable:0 [ 1073.360917][T21301] slab_reclaimable:14091 slab_unreclaimable:104608 [ 1073.360917][T21301] mapped:58824 shmem:248 pagetables:6832 bounce:0 [ 1073.360917][T21301] free:1104105 free_pcp:321 free_cma:0 [ 1073.368846][T21304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1073.368851][T21304] Call Trace: [ 1073.368873][T21304] dump_stack+0x172/0x1f0 [ 1073.368892][T21304] warn_alloc.cold+0x87/0x17f [ 1073.368910][T21304] ? zone_watermark_ok_safe+0x260/0x260 [ 1073.377055][ T7678] Bluetooth: hci0: command 0x1009 tx timeout [ 1073.379958][T21304] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1073.406864][T21301] Node 0 active_anon:982488kB inactive_anon:804kB active_file:32692kB inactive_file:162444kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:468kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1073.427293][T21304] __vmalloc_node_range+0x48a/0x790 [ 1073.427311][T21304] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1073.427330][T21304] ? kmem_cache_alloc_trace+0x354/0x760 [ 1073.427343][T21304] ? vb2_vmalloc_alloc+0xca/0x280 [ 1073.427361][T21304] vmalloc_user+0x6b/0x90 [ 1073.441190][T21301] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1073.445126][T21304] ? vb2_vmalloc_alloc+0xca/0x280 [ 1073.445139][T21304] vb2_vmalloc_alloc+0xca/0x280 [ 1073.445151][T21304] ? __vb2_queue_alloc+0xf5/0xf40 [ 1073.445165][T21304] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1073.445179][T21304] __vb2_queue_alloc+0x5a6/0xf40 [ 1073.450703][T21301] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1073.455449][T21304] vb2_core_create_bufs+0x2bc/0x790 [ 1073.455468][T21304] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1073.455478][T21304] ? __vb2_queue_alloc+0xf40/0xf40 [ 1073.455496][T21304] ? lock_acquire+0x16f/0x3f0 [ 1073.461860][T21301] lowmem_reserve[]: 0 2553 2555 2555 [ 1073.467087][T21304] ? __video_do_ioctl+0x398/0xce0 [ 1073.467099][T21304] ? __lock_acquire+0x548/0x3fb0 [ 1073.467119][T21304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.501077][T21301] Node 0 DMA32 free:612636kB min:36232kB low:45288kB high:54344kB active_anon:982488kB inactive_anon:804kB active_file:32692kB inactive_file:162444kB unevictable:0kB writepending:468kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14560kB pagetables:27180kB bounce:0kB free_pcp:1476kB local_pcp:580kB free_cma:0kB [ 1073.501254][T21304] vb2_create_bufs+0x472/0x7d0 [ 1073.506580][T21301] lowmem_reserve[]: 0 0 2 2 [ 1073.511878][T21304] ? vb2_request_queue+0x120/0x120 [ 1073.511894][T21304] ? __lock_acquire+0x548/0x3fb0 [ 1073.511910][T21304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.511927][T21304] ? debug_smp_processor_id+0x3c/0x280 09:14:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5428, &(0x7f0000000080)) [ 1073.517826][T21301] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1073.521245][T21304] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1073.521265][T21304] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1073.548082][T21301] lowmem_reserve[]: 0 0 0 0 [ 1073.552730][T21304] v4l_create_bufs+0xc0/0x180 [ 1073.552751][T21304] __video_do_ioctl+0x7f1/0xce0 [ 1073.552780][T21304] ? v4l_s_fmt+0xab0/0xab0 09:14:40 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x2, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1073.558273][T21301] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1073.562615][T21304] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1073.562632][T21304] ? _copy_from_user+0xdd/0x150 [ 1073.562651][T21304] video_usercopy+0x4c5/0x10d0 [ 1073.562670][T21304] ? v4l_s_fmt+0xab0/0xab0 [ 1073.569313][T21301] lowmem_reserve[]: 0 0 0 0 [ 1073.573392][T21304] ? v4l_enumstd+0x70/0x70 [ 1073.573408][T21304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.573431][T21304] ? tomoyo_path_number_perm+0x263/0x520 [ 1073.601152][T21301] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1073.605408][T21304] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1073.605441][T21304] ? video_usercopy+0x10d0/0x10d0 [ 1073.605454][T21304] video_ioctl2+0x2d/0x35 [ 1073.605472][T21304] v4l2_ioctl+0x156/0x1b0 [ 1073.611852][T21301] Node 0 DMA32: 41*4kB (UME) 183*8kB (UE) 91*16kB (UE) 544*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 3*2048kB (UE) 128*4096kB (UM) = 612620kB [ 1073.615923][T21304] ? video_devdata+0xa0/0xa0 [ 1073.615946][T21304] do_vfs_ioctl+0xd6e/0x1390 [ 1073.615967][T21304] ? ioctl_preallocate+0x210/0x210 [ 1073.620665][T21301] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1073.625881][T21304] ? __fget+0x381/0x550 [ 1073.625904][T21304] ? ksys_dup3+0x3e0/0x3e0 [ 1073.625922][T21304] ? nsecs_to_jiffies+0x30/0x30 [ 1073.625951][T21304] ? tomoyo_file_ioctl+0x23/0x30 [ 1073.632575][T21301] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1073.635883][T21304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.635898][T21304] ? security_file_ioctl+0x93/0xc0 [ 1073.635918][T21304] ksys_ioctl+0xab/0xd0 [ 1073.642590][T21301] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1073.673025][T21304] __x64_sys_ioctl+0x73/0xb0 [ 1073.673044][T21304] do_syscall_64+0x103/0x670 [ 1073.673065][T21304] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1073.673076][T21304] RIP: 0033:0x458c29 [ 1073.673093][T21304] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:14:40 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x6c000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:40 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000200)={{0x2, 0x4e22, @rand_addr=0x7}, {0x6, @broadcast}, 0x10, {0x2, 0x4e22, @local}, 'caif0\x00'}) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000280)=0x3) [ 1073.682085][T21319] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1073.682338][T21304] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1073.682353][T21304] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1073.682361][T21304] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1073.682376][T21304] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1073.701584][T21301] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1073.705464][T21304] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1073.705474][T21304] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1073.737314][ T7678] Bluetooth: hci2: command 0x1009 tx timeout [ 1073.777971][T21319] CPU: 1 PID: 21319 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1073.800851][T21319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1073.800858][T21319] Call Trace: [ 1073.800881][T21319] dump_stack+0x172/0x1f0 [ 1073.800902][T21319] warn_alloc.cold+0x87/0x17f [ 1073.814563][T21319] ? zone_watermark_ok_safe+0x260/0x260 [ 1073.814579][T21319] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1073.814616][T21319] __vmalloc_node_range+0x48a/0x790 [ 1073.814634][T21319] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1073.830977][T21319] ? kmem_cache_alloc_trace+0x354/0x760 [ 1073.830998][T21319] ? vb2_vmalloc_alloc+0xca/0x280 [ 1073.850986][T21319] vmalloc_user+0x6b/0x90 [ 1073.851000][T21319] ? vb2_vmalloc_alloc+0xca/0x280 [ 1073.851018][T21319] vb2_vmalloc_alloc+0xca/0x280 [ 1073.864659][T21319] ? __vb2_queue_alloc+0xf5/0xf40 [ 1073.864677][T21319] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1073.864690][T21319] __vb2_queue_alloc+0x5a6/0xf40 [ 1073.864718][T21319] vb2_core_create_bufs+0x2bc/0x790 [ 1073.864735][T21319] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1073.864748][T21319] ? __vb2_queue_alloc+0xf40/0xf40 [ 1073.864761][T21319] ? lock_acquire+0x16f/0x3f0 [ 1073.864780][T21319] ? __video_do_ioctl+0x398/0xce0 [ 1073.884590][T21301] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1073.887471][T21319] ? __lock_acquire+0x548/0x3fb0 [ 1073.887492][T21319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.887510][T21319] vb2_create_bufs+0x472/0x7d0 [ 1073.897183][T21319] ? vb2_request_queue+0x120/0x120 [ 1073.897198][T21319] ? __lock_acquire+0x548/0x3fb0 [ 1073.897214][T21319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.897231][T21319] ? debug_smp_processor_id+0x3c/0x280 [ 1073.909820][T21301] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1073.913482][T21319] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1073.913498][T21319] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1073.913522][T21319] v4l_create_bufs+0xc0/0x180 [ 1073.913538][T21319] __video_do_ioctl+0x7f1/0xce0 [ 1073.913557][T21319] ? v4l_s_fmt+0xab0/0xab0 [ 1073.913577][T21319] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1073.913592][T21319] ? _copy_from_user+0xdd/0x150 [ 1073.913610][T21319] video_usercopy+0x4c5/0x10d0 [ 1073.913626][T21319] ? v4l_s_fmt+0xab0/0xab0 [ 1073.923079][T21301] 49063 total pagecache pages [ 1073.927808][T21319] ? v4l_enumstd+0x70/0x70 [ 1073.927823][T21319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.927840][T21319] ? tomoyo_path_number_perm+0x263/0x520 [ 1073.927861][T21319] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1073.951277][T21319] ? video_usercopy+0x10d0/0x10d0 [ 1073.951293][T21319] video_ioctl2+0x2d/0x35 [ 1073.951310][T21319] v4l2_ioctl+0x156/0x1b0 [ 1073.960545][T21319] ? video_devdata+0xa0/0xa0 [ 1073.960567][T21319] do_vfs_ioctl+0xd6e/0x1390 [ 1073.960595][T21319] ? ioctl_preallocate+0x210/0x210 [ 1073.971540][T21301] 0 pages in swap cache [ 1073.974698][T21319] ? __fget+0x381/0x550 [ 1073.974722][T21319] ? ksys_dup3+0x3e0/0x3e0 [ 1073.974744][T21319] ? nsecs_to_jiffies+0x30/0x30 [ 1073.979436][T21301] Swap cache stats: add 0, delete 0, find 0/0 [ 1073.985211][T21319] ? tomoyo_file_ioctl+0x23/0x30 [ 1073.985226][T21319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1073.985243][T21319] ? security_file_ioctl+0x93/0xc0 [ 1073.985262][T21319] ksys_ioctl+0xab/0xd0 [ 1073.985282][T21319] __x64_sys_ioctl+0x73/0xb0 [ 1073.985299][T21319] do_syscall_64+0x103/0x670 [ 1073.985316][T21319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1073.985326][T21319] RIP: 0033:0x458c29 [ 1073.985343][T21319] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1073.985352][T21319] RSP: 002b:00007f53a9456c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1073.985365][T21319] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1073.985379][T21319] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1073.998072][T21301] Free swap = 0kB [ 1074.008944][T21319] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1074.008953][T21319] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94576d4 [ 1074.008962][T21319] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1074.051068][T21301] Total swap = 0kB [ 1074.088458][T21331] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1074.104209][T21301] 1965979 pages RAM [ 1074.125803][T21301] 0 pages HighMem/MovableOnly [ 1074.137757][T21331] CPU: 1 PID: 21331 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1074.152706][T21301] 339405 pages reserved [ 1074.155864][T21331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1074.155871][T21331] Call Trace: [ 1074.155895][T21331] dump_stack+0x172/0x1f0 [ 1074.155919][T21331] warn_alloc.cold+0x87/0x17f [ 1074.160976][T21301] 0 pages cma reserved [ 1074.165801][T21331] ? zone_watermark_ok_safe+0x260/0x260 [ 1074.165816][T21331] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1074.165854][T21331] __vmalloc_node_range+0x48a/0x790 [ 1074.165870][T21331] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1074.165889][T21331] ? kmem_cache_alloc_trace+0x354/0x760 [ 1074.165904][T21331] ? vb2_vmalloc_alloc+0xca/0x280 [ 1074.165922][T21331] vmalloc_user+0x6b/0x90 [ 1074.165936][T21331] ? vb2_vmalloc_alloc+0xca/0x280 [ 1074.165953][T21331] vb2_vmalloc_alloc+0xca/0x280 [ 1074.165963][T21331] ? __vb2_queue_alloc+0xf5/0xf40 [ 1074.165982][T21331] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1074.620108][T21331] __vb2_queue_alloc+0x5a6/0xf40 [ 1074.625052][T21331] vb2_core_create_bufs+0x2bc/0x790 [ 1074.630403][T21331] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1074.635757][T21331] ? __vb2_queue_alloc+0xf40/0xf40 [ 1074.640858][T21331] ? lock_acquire+0x16f/0x3f0 [ 1074.645540][T21331] ? __video_do_ioctl+0x398/0xce0 [ 1074.650542][T21331] ? __lock_acquire+0x548/0x3fb0 [ 1074.655477][T21331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.661701][T21331] vb2_create_bufs+0x472/0x7d0 [ 1074.666471][T21331] ? vb2_request_queue+0x120/0x120 [ 1074.671567][T21331] ? __lock_acquire+0x548/0x3fb0 [ 1074.676491][T21331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.682705][T21331] ? debug_smp_processor_id+0x3c/0x280 [ 1074.688157][T21331] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1074.693176][T21331] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1074.698725][T21331] v4l_create_bufs+0xc0/0x180 [ 1074.703403][T21331] __video_do_ioctl+0x7f1/0xce0 [ 1074.708246][T21331] ? v4l_s_fmt+0xab0/0xab0 [ 1074.712657][T21331] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1074.718887][T21331] ? _copy_from_user+0xdd/0x150 [ 1074.723720][T21331] video_usercopy+0x4c5/0x10d0 [ 1074.728478][T21331] ? v4l_s_fmt+0xab0/0xab0 [ 1074.732894][T21331] ? v4l_enumstd+0x70/0x70 [ 1074.737320][T21331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.743542][T21331] ? tomoyo_path_number_perm+0x263/0x520 [ 1074.749169][T21331] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1074.754983][T21331] ? video_usercopy+0x10d0/0x10d0 [ 1074.759998][T21331] video_ioctl2+0x2d/0x35 [ 1074.764328][T21331] v4l2_ioctl+0x156/0x1b0 [ 1074.768631][T21331] ? video_devdata+0xa0/0xa0 [ 1074.773212][T21331] do_vfs_ioctl+0xd6e/0x1390 [ 1074.777793][T21331] ? ioctl_preallocate+0x210/0x210 [ 1074.783006][T21331] ? __fget+0x381/0x550 [ 1074.787154][T21331] ? ksys_dup3+0x3e0/0x3e0 [ 1074.791556][T21331] ? nsecs_to_jiffies+0x30/0x30 [ 1074.796412][T21331] ? tomoyo_file_ioctl+0x23/0x30 [ 1074.801371][T21331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.807588][T21331] ? security_file_ioctl+0x93/0xc0 [ 1074.812693][T21331] ksys_ioctl+0xab/0xd0 [ 1074.816841][T21331] __x64_sys_ioctl+0x73/0xb0 [ 1074.821420][T21331] do_syscall_64+0x103/0x670 [ 1074.826001][T21331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1074.831872][T21331] RIP: 0033:0x458c29 [ 1074.835769][T21331] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1074.855384][T21331] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1074.863790][T21331] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 09:14:41 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x600000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1074.871763][T21331] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1074.879719][T21331] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1074.887663][T21331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1074.895624][T21331] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1074.917833][T21331] warn_alloc_show_mem: 3 callbacks suppressed [ 1074.917855][T21331] Mem-Info: [ 1074.936695][T21331] active_anon:246198 inactive_anon:201 isolated_anon:0 [ 1074.936695][T21331] active_file:8208 inactive_file:40630 isolated_file:0 [ 1074.936695][T21331] unevictable:0 dirty:145 writeback:0 unstable:0 [ 1074.936695][T21331] slab_reclaimable:14079 slab_unreclaimable:105061 [ 1074.936695][T21331] mapped:58834 shmem:248 pagetables:6854 bounce:0 [ 1074.936695][T21331] free:1103502 free_pcp:395 free_cma:0 [ 1074.974030][T21345] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1074.975872][T21331] Node 0 active_anon:986912kB inactive_anon:804kB active_file:32696kB inactive_file:162520kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235336kB dirty:580kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1074.995939][T21345] CPU: 0 PID: 21345 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1075.018761][T21331] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1075.027312][T21345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.027319][T21345] Call Trace: [ 1075.027345][T21345] dump_stack+0x172/0x1f0 [ 1075.027367][T21345] warn_alloc.cold+0x87/0x17f [ 1075.027392][T21345] ? zone_watermark_ok_safe+0x260/0x260 [ 1075.054033][T21331] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1075.063973][T21345] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1075.064011][T21345] __vmalloc_node_range+0x48a/0x790 [ 1075.067300][T21331] lowmem_reserve[]: 0 2553 2555 2555 [ 1075.071572][T21345] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1075.071591][T21345] ? kmem_cache_alloc_trace+0x354/0x760 [ 1075.071607][T21345] ? vb2_vmalloc_alloc+0xca/0x280 [ 1075.076279][T21331] Node 0 DMA32 free:606440kB min:36232kB low:45288kB high:54344kB active_anon:986912kB inactive_anon:804kB active_file:32696kB inactive_file:162520kB unevictable:0kB writepending:580kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14656kB pagetables:27416kB bounce:0kB free_pcp:1548kB local_pcp:596kB free_cma:0kB [ 1075.081769][T21345] vmalloc_user+0x6b/0x90 [ 1075.081801][T21345] ? vb2_vmalloc_alloc+0xca/0x280 [ 1075.081813][T21345] vb2_vmalloc_alloc+0xca/0x280 [ 1075.081846][T21345] ? __vb2_queue_alloc+0xf5/0xf40 [ 1075.108846][T21331] lowmem_reserve[]: 0 0 2 2 [ 1075.114404][T21345] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1075.114417][T21345] __vb2_queue_alloc+0x5a6/0xf40 [ 1075.114452][T21345] vb2_core_create_bufs+0x2bc/0x790 [ 1075.119644][T21331] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1075.124962][T21345] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1075.124976][T21345] ? __vb2_queue_alloc+0xf40/0xf40 [ 1075.124987][T21345] ? lock_acquire+0x16f/0x3f0 [ 1075.125006][T21345] ? __video_do_ioctl+0x398/0xce0 [ 1075.130041][T21331] lowmem_reserve[]: 0 0 0 0 [ 1075.135528][T21345] ? __lock_acquire+0x548/0x3fb0 [ 1075.135549][T21345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1075.135567][T21345] vb2_create_bufs+0x472/0x7d0 [ 1075.140688][T21331] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1075.171272][T21345] ? vb2_request_queue+0x120/0x120 [ 1075.171287][T21345] ? __lock_acquire+0x548/0x3fb0 [ 1075.171302][T21345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1075.171320][T21345] ? debug_smp_processor_id+0x3c/0x280 [ 1075.175670][T21331] lowmem_reserve[]: 0 0 0 0 [ 1075.180624][T21345] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1075.180643][T21345] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1075.185510][T21331] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1075.190474][T21345] v4l_create_bufs+0xc0/0x180 [ 1075.190497][T21345] __video_do_ioctl+0x7f1/0xce0 [ 1075.195104][T21331] Node 0 DMA32: 80*4kB (UE) 71*8kB (E) 80*16kB (UE) 506*32kB (UME) 500*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 3*2048kB (UE) 127*4096kB (UM) = 606392kB [ 1075.200855][T21345] ? v4l_s_fmt+0xab0/0xab0 [ 1075.200875][T21345] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1075.205834][T21331] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1075.210960][T21345] ? _copy_from_user+0xdd/0x150 [ 1075.210977][T21345] video_usercopy+0x4c5/0x10d0 [ 1075.210995][T21345] ? v4l_s_fmt+0xab0/0xab0 [ 1075.239671][T21331] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1075.244965][T21345] ? v4l_enumstd+0x70/0x70 [ 1075.244979][T21345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1075.244991][T21345] ? tomoyo_path_number_perm+0x263/0x520 [ 1075.245009][T21345] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1075.250126][T21331] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1075.254751][T21345] ? video_usercopy+0x10d0/0x10d0 [ 1075.254764][T21345] video_ioctl2+0x2d/0x35 [ 1075.254780][T21345] v4l2_ioctl+0x156/0x1b0 [ 1075.259855][T21331] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1075.264283][T21345] ? video_devdata+0xa0/0xa0 [ 1075.264303][T21345] do_vfs_ioctl+0xd6e/0x1390 [ 1075.264325][T21345] ? ioctl_preallocate+0x210/0x210 [ 1075.269267][T21331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1075.275461][T21345] ? __fget+0x381/0x550 [ 1075.275485][T21345] ? ksys_dup3+0x3e0/0x3e0 [ 1075.275504][T21345] ? nsecs_to_jiffies+0x30/0x30 [ 1075.280293][T21331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1075.308528][T21345] ? tomoyo_file_ioctl+0x23/0x30 [ 1075.308544][T21345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1075.308564][T21345] ? security_file_ioctl+0x93/0xc0 [ 1075.313732][T21331] 49083 total pagecache pages [ 1075.318611][T21345] ksys_ioctl+0xab/0xd0 [ 1075.318632][T21345] __x64_sys_ioctl+0x73/0xb0 [ 1075.324912][T21331] 0 pages in swap cache [ 1075.330291][T21345] do_syscall_64+0x103/0x670 [ 1075.330315][T21345] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1075.334952][T21331] Swap cache stats: add 0, delete 0, find 0/0 [ 1075.339888][T21345] RIP: 0033:0x458c29 [ 1075.339903][T21345] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1075.339915][T21345] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1075.345490][T21331] Free swap = 0kB [ 1075.359727][T21345] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1075.359736][T21345] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1075.359744][T21345] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1075.359752][T21345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1075.359759][T21345] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1075.388344][T21331] Total swap = 0kB [ 1075.410587][T21331] 1965979 pages RAM [ 1075.410593][T21331] 0 pages HighMem/MovableOnly [ 1075.410598][T21331] 339405 pages reserved [ 1075.410603][T21331] 0 pages cma reserved [ 1076.051557][ T7678] Bluetooth: hci1: command 0x1003 tx timeout [ 1076.057710][T17349] Bluetooth: hci1: sending frame failed (-49) 09:14:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1d00000000000000) 09:14:44 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x3, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:44 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000440)={0x0, 0xd8, "cd2342193be203e37c9120d579791a6268dd5a0fe8766c728dae3de7942c0b3ce0f40e399c330e6faf98784271897bca7659afda712324387289118d8cca3788c4d3538922ad8d162de53704cfe5ea195a8307153b9f7bd81ff7d2bf1ade79d81ba153779caf5d16e0d7a97e2a018f6c9e10be712013ec8bdf6ace0c354fbdce3a433046bd97585158e14d0b78ebdffe7daaac203ab019c0ff0ef9be5c69cc34007692a315e83bef5bfff0584763ad79f6e4df127c5cb9d5bb71023a348215f06323c3b6151b992d1bcc5d159e5edefe911667a45071a742"}, &(0x7f0000000540)=0xe0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000580)={0x0, 0x7, 0x30}, &(0x7f00000005c0)=0xc) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f00000006c0)=@assoc_id=0x0, &(0x7f0000000700)=0x4) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000740)={r1, @in6={{0xa, 0x4e22, 0x9, @rand_addr="aa31061eeeef53a03fd0a84ce0ba44f0", 0x7}}}, 0x0) 09:14:44 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x700000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:44 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x74000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:44 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x4, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1077.712384][T21361] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1077.712668][T21357] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1077.761729][T21361] CPU: 1 PID: 21361 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1077.770893][T21361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1077.780963][T21361] Call Trace: [ 1077.784287][T21361] dump_stack+0x172/0x1f0 [ 1077.788641][T21361] warn_alloc.cold+0x87/0x17f [ 1077.793416][T21361] ? zone_watermark_ok_safe+0x260/0x260 [ 1077.798993][T21361] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1077.804659][T21361] __vmalloc_node_range+0x48a/0x790 [ 1077.809855][T21361] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1077.814882][T21361] ? kmem_cache_alloc_trace+0x354/0x760 [ 1077.820435][T21361] ? vb2_vmalloc_alloc+0xca/0x280 [ 1077.825726][T21361] vmalloc_user+0x6b/0x90 [ 1077.830054][T21361] ? vb2_vmalloc_alloc+0xca/0x280 [ 1077.835256][T21361] vb2_vmalloc_alloc+0xca/0x280 [ 1077.840110][T21361] ? __vb2_queue_alloc+0xf5/0xf40 [ 1077.845144][T21361] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1077.850948][T21361] __vb2_queue_alloc+0x5a6/0xf40 [ 1077.856077][T21361] vb2_core_create_bufs+0x2bc/0x790 [ 1077.861301][T21361] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1077.866670][T21361] ? __vb2_queue_alloc+0xf40/0xf40 [ 1077.871781][T21361] ? lock_acquire+0x16f/0x3f0 [ 1077.876467][T21361] ? __video_do_ioctl+0x398/0xce0 [ 1077.881496][T21361] ? __lock_acquire+0x548/0x3fb0 [ 1077.886445][T21361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1077.892687][T21361] vb2_create_bufs+0x472/0x7d0 [ 1077.897485][T21361] ? vb2_request_queue+0x120/0x120 [ 1077.902599][T21361] ? __lock_acquire+0x548/0x3fb0 [ 1077.907535][T21361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1077.913769][T21361] ? debug_smp_processor_id+0x3c/0x280 [ 1077.919233][T21361] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1077.924279][T21361] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1077.929828][T21361] v4l_create_bufs+0xc0/0x180 [ 1077.934519][T21361] __video_do_ioctl+0x7f1/0xce0 [ 1077.939378][T21361] ? v4l_s_fmt+0xab0/0xab0 [ 1077.943817][T21361] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1077.950057][T21361] ? _copy_from_user+0xdd/0x150 [ 1077.954925][T21361] video_usercopy+0x4c5/0x10d0 [ 1077.959686][T21361] ? v4l_s_fmt+0xab0/0xab0 [ 1077.964106][T21361] ? v4l_enumstd+0x70/0x70 [ 1077.968520][T21361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1077.974757][T21361] ? tomoyo_path_number_perm+0x263/0x520 [ 1077.980396][T21361] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1077.986216][T21361] ? video_usercopy+0x10d0/0x10d0 [ 1077.991239][T21361] video_ioctl2+0x2d/0x35 [ 1077.995573][T21361] v4l2_ioctl+0x156/0x1b0 [ 1077.999900][T21361] ? video_devdata+0xa0/0xa0 [ 1078.004504][T21361] do_vfs_ioctl+0xd6e/0x1390 [ 1078.009107][T21361] ? ioctl_preallocate+0x210/0x210 [ 1078.014213][T21361] ? __fget+0x381/0x550 [ 1078.018371][T21361] ? ksys_dup3+0x3e0/0x3e0 [ 1078.022785][T21361] ? nsecs_to_jiffies+0x30/0x30 [ 1078.027641][T21361] ? tomoyo_file_ioctl+0x23/0x30 [ 1078.032570][T21361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.038814][T21361] ? security_file_ioctl+0x93/0xc0 [ 1078.043923][T21361] ksys_ioctl+0xab/0xd0 [ 1078.048097][T21361] __x64_sys_ioctl+0x73/0xb0 [ 1078.052689][T21361] do_syscall_64+0x103/0x670 [ 1078.057282][T21361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1078.063169][T21361] RIP: 0033:0x458c29 [ 1078.067059][T21361] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1078.086686][T21361] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1078.095094][T21361] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1078.103173][T21361] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1078.111138][T21361] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1078.119293][T21361] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1078.127263][T21361] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1078.135256][T21357] CPU: 0 PID: 21357 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1078.137627][ T7678] Bluetooth: hci1: command 0x1001 tx timeout [ 1078.144356][T21357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1078.144362][T21357] Call Trace: 09:14:44 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xa00000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1078.144383][T21357] dump_stack+0x172/0x1f0 [ 1078.144402][T21357] warn_alloc.cold+0x87/0x17f [ 1078.144420][T21357] ? zone_watermark_ok_safe+0x260/0x260 [ 1078.160469][ T1285] Bluetooth: hci1: sending frame failed (-49) [ 1078.163729][T21357] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1078.163767][T21357] __vmalloc_node_range+0x48a/0x790 [ 1078.163784][T21357] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1078.163803][T21357] ? kmem_cache_alloc_trace+0x354/0x760 [ 1078.163818][T21357] ? vb2_vmalloc_alloc+0xca/0x280 [ 1078.163835][T21357] vmalloc_user+0x6b/0x90 [ 1078.163850][T21357] ? vb2_vmalloc_alloc+0xca/0x280 [ 1078.163865][T21357] vb2_vmalloc_alloc+0xca/0x280 [ 1078.163878][T21357] ? __vb2_queue_alloc+0xf5/0xf40 [ 1078.163896][T21357] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1078.163908][T21357] __vb2_queue_alloc+0x5a6/0xf40 [ 1078.163939][T21357] vb2_core_create_bufs+0x2bc/0x790 [ 1078.163956][T21357] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1078.163969][T21357] ? __vb2_queue_alloc+0xf40/0xf40 [ 1078.163983][T21357] ? lock_acquire+0x16f/0x3f0 [ 1078.163999][T21357] ? __video_do_ioctl+0x398/0xce0 [ 1078.164012][T21357] ? __lock_acquire+0x548/0x3fb0 [ 1078.164034][T21357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.164052][T21357] vb2_create_bufs+0x472/0x7d0 [ 1078.164070][T21357] ? vb2_request_queue+0x120/0x120 [ 1078.164084][T21357] ? __lock_acquire+0x548/0x3fb0 [ 1078.164101][T21357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.164117][T21357] ? debug_smp_processor_id+0x3c/0x280 [ 1078.164138][T21357] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1078.164155][T21357] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1078.164171][T21357] v4l_create_bufs+0xc0/0x180 [ 1078.164190][T21357] __video_do_ioctl+0x7f1/0xce0 [ 1078.164214][T21357] ? v4l_s_fmt+0xab0/0xab0 [ 1078.164235][T21357] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1078.164258][T21357] ? _copy_from_user+0xdd/0x150 [ 1078.164277][T21357] video_usercopy+0x4c5/0x10d0 [ 1078.164292][T21357] ? v4l_s_fmt+0xab0/0xab0 [ 1078.164312][T21357] ? v4l_enumstd+0x70/0x70 [ 1078.164325][T21357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.164340][T21357] ? tomoyo_path_number_perm+0x263/0x520 [ 1078.164359][T21357] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1078.164388][T21357] ? video_usercopy+0x10d0/0x10d0 [ 1078.164402][T21357] video_ioctl2+0x2d/0x35 [ 1078.164417][T21357] v4l2_ioctl+0x156/0x1b0 [ 1078.164429][T21357] ? video_devdata+0xa0/0xa0 [ 1078.164446][T21357] do_vfs_ioctl+0xd6e/0x1390 [ 1078.164466][T21357] ? ioctl_preallocate+0x210/0x210 [ 1078.164481][T21357] ? __fget+0x381/0x550 [ 1078.164503][T21357] ? ksys_dup3+0x3e0/0x3e0 [ 1078.164518][T21357] ? nsecs_to_jiffies+0x30/0x30 [ 1078.164539][T21357] ? tomoyo_file_ioctl+0x23/0x30 [ 1078.164552][T21357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.164567][T21357] ? security_file_ioctl+0x93/0xc0 [ 1078.164585][T21357] ksys_ioctl+0xab/0xd0 [ 1078.164604][T21357] __x64_sys_ioctl+0x73/0xb0 [ 1078.164622][T21357] do_syscall_64+0x103/0x670 [ 1078.164640][T21357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1078.164656][T21357] RIP: 0033:0x458c29 [ 1078.164670][T21357] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1078.164677][T21357] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1078.164692][T21357] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1078.164700][T21357] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1078.164708][T21357] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1078.164716][T21357] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1078.164725][T21357] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1078.182751][T21361] warn_alloc_show_mem: 1 callbacks suppressed [ 1078.182756][T21361] Mem-Info: [ 1078.207846][T21361] active_anon:247275 inactive_anon:201 isolated_anon:0 [ 1078.207846][T21361] active_file:8212 inactive_file:40650 isolated_file:0 [ 1078.207846][T21361] unevictable:0 dirty:125 writeback:0 unstable:0 [ 1078.207846][T21361] slab_reclaimable:14081 slab_unreclaimable:105173 [ 1078.207846][T21361] mapped:58824 shmem:248 pagetables:6964 bounce:0 [ 1078.207846][T21361] free:1101695 free_pcp:310 free_cma:0 [ 1078.234993][T21380] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1078.264883][T21361] Node 0 active_anon:991220kB inactive_anon:804kB active_file:32712kB inactive_file:162600kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:500kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 569344kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1078.278427][T21361] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1078.306307][T21361] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1078.312683][T21361] lowmem_reserve[]: 0 2553 2555 2555 [ 1078.318096][T21380] CPU: 1 PID: 21380 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1078.322964][T21361] Node 0 DMA32 free:601276kB min:36232kB low:45288kB high:54344kB active_anon:991220kB inactive_anon:804kB active_file:32712kB inactive_file:162600kB unevictable:0kB writepending:548kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14592kB pagetables:27708kB bounce:0kB free_pcp:1596kB local_pcp:1056kB free_cma:0kB [ 1078.326491][T21380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1078.326496][T21380] Call Trace: [ 1078.326517][T21380] dump_stack+0x172/0x1f0 [ 1078.326537][T21380] warn_alloc.cold+0x87/0x17f [ 1078.326554][T21380] ? zone_watermark_ok_safe+0x260/0x260 [ 1078.331030][T21361] lowmem_reserve[]: 0 0 2 2 [ 1078.337159][T21380] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1078.337195][T21380] __vmalloc_node_range+0x48a/0x790 [ 1078.337212][T21380] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1078.337237][T21380] ? kmem_cache_alloc_trace+0x354/0x760 [ 1078.337257][T21380] ? vb2_vmalloc_alloc+0xca/0x280 [ 1078.342625][T21361] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1078.346821][T21380] vmalloc_user+0x6b/0x90 [ 1078.346838][T21380] ? vb2_vmalloc_alloc+0xca/0x280 [ 1078.346853][T21380] vb2_vmalloc_alloc+0xca/0x280 [ 1078.346865][T21380] ? __vb2_queue_alloc+0xf5/0xf40 [ 1078.346882][T21380] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1078.351353][T21361] lowmem_reserve[]: 0 0 0 0 [ 1078.355669][T21380] __vb2_queue_alloc+0x5a6/0xf40 [ 1078.355699][T21380] vb2_core_create_bufs+0x2bc/0x790 [ 1078.355717][T21380] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1078.355730][T21380] ? __vb2_queue_alloc+0xf40/0xf40 [ 1078.355745][T21380] ? lock_acquire+0x16f/0x3f0 [ 1078.355763][T21380] ? __video_do_ioctl+0x398/0xce0 [ 1078.362576][T21361] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1078.367574][T21380] ? __lock_acquire+0x548/0x3fb0 [ 1078.367594][T21380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.367612][T21380] vb2_create_bufs+0x472/0x7d0 [ 1078.367629][T21380] ? vb2_request_queue+0x120/0x120 [ 1078.373821][T21361] lowmem_reserve[]: 0 0 0 0 [ 1078.378430][T21380] ? __lock_acquire+0x548/0x3fb0 [ 1078.378446][T21380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.378460][T21380] ? debug_smp_processor_id+0x3c/0x280 [ 1078.378477][T21380] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1078.378492][T21380] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1078.383136][T21361] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1078.387109][T21380] v4l_create_bufs+0xc0/0x180 [ 1078.387128][T21380] __video_do_ioctl+0x7f1/0xce0 [ 1078.387164][T21380] ? v4l_s_fmt+0xab0/0xab0 [ 1078.387183][T21380] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1078.392040][T21361] Node 0 DMA32: 61*4kB (UE) 107*8kB (UME) 102*16kB (UE) 479*32kB (UME) 489*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 3*2048kB (UE) 126*4096kB (UM) = 601292kB [ 1078.396305][T21380] ? _copy_from_user+0xdd/0x150 [ 1078.396326][T21380] video_usercopy+0x4c5/0x10d0 [ 1078.396340][T21380] ? v4l_s_fmt+0xab0/0xab0 [ 1078.396359][T21380] ? v4l_enumstd+0x70/0x70 [ 1078.401834][T21361] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1078.405624][T21380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.405639][T21380] ? tomoyo_path_number_perm+0x263/0x520 [ 1078.405656][T21380] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1078.405686][T21380] ? video_usercopy+0x10d0/0x10d0 [ 1078.410176][T21361] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1078.414922][T21380] video_ioctl2+0x2d/0x35 [ 1078.414938][T21380] v4l2_ioctl+0x156/0x1b0 [ 1078.414949][T21380] ? video_devdata+0xa0/0xa0 [ 1078.414966][T21380] do_vfs_ioctl+0xd6e/0x1390 [ 1078.414985][T21380] ? ioctl_preallocate+0x210/0x210 [ 1078.415001][T21380] ? __fget+0x381/0x550 [ 1078.421753][T21361] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1078.426145][T21380] ? ksys_dup3+0x3e0/0x3e0 [ 1078.426161][T21380] ? nsecs_to_jiffies+0x30/0x30 [ 1078.426180][T21380] ? tomoyo_file_ioctl+0x23/0x30 [ 1078.426196][T21380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.431362][T21361] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1078.435423][T21380] ? security_file_ioctl+0x93/0xc0 [ 1078.435441][T21380] ksys_ioctl+0xab/0xd0 [ 1078.435459][T21380] __x64_sys_ioctl+0x73/0xb0 [ 1078.435476][T21380] do_syscall_64+0x103/0x670 [ 1078.435492][T21380] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1078.435505][T21380] RIP: 0033:0x458c29 [ 1078.441922][T21361] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1078.444626][T21380] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1078.444634][T21380] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1078.444648][T21380] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1078.444656][T21380] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1078.444664][T21380] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1078.444672][T21380] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1078.444684][T21380] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1078.450646][T21361] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1078.481716][T21361] 49130 total pagecache pages [ 1078.493587][T21361] 0 pages in swap cache [ 1078.521067][T21387] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1078.579503][T21361] Swap cache stats: add 0, delete 0, find 0/0 [ 1078.593421][T21387] CPU: 1 PID: 21387 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1078.623602][T21361] Free swap = 0kB [ 1078.641311][T21387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1078.641316][T21387] Call Trace: [ 1078.641338][T21387] dump_stack+0x172/0x1f0 [ 1078.641357][T21387] warn_alloc.cold+0x87/0x17f [ 1078.641371][T21387] ? zone_watermark_ok_safe+0x260/0x260 [ 1078.641384][T21387] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1078.641416][T21387] __vmalloc_node_range+0x48a/0x790 [ 1078.668792][T21361] Total swap = 0kB [ 1078.673482][T21387] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1078.673501][T21387] ? kmem_cache_alloc_trace+0x354/0x760 [ 1078.673515][T21387] ? vb2_vmalloc_alloc+0xca/0x280 [ 1078.673533][T21387] vmalloc_user+0x6b/0x90 [ 1078.673545][T21387] ? vb2_vmalloc_alloc+0xca/0x280 [ 1078.673563][T21387] vb2_vmalloc_alloc+0xca/0x280 [ 1078.683035][T21361] 1965979 pages RAM [ 1078.713789][T21387] ? __vb2_queue_alloc+0xf5/0xf40 [ 1078.713806][T21387] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1078.713817][T21387] __vb2_queue_alloc+0x5a6/0xf40 [ 1078.713845][T21387] vb2_core_create_bufs+0x2bc/0x790 [ 1078.713860][T21387] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1078.713875][T21387] ? __vb2_queue_alloc+0xf40/0xf40 [ 1078.724364][T21361] 0 pages HighMem/MovableOnly [ 1078.727265][T21387] ? lock_acquire+0x16f/0x3f0 [ 1078.727281][T21387] ? __video_do_ioctl+0x398/0xce0 [ 1078.727297][T21387] ? __lock_acquire+0x548/0x3fb0 [ 1078.731993][T21361] 339405 pages reserved [ 1078.736266][T21387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.736291][T21387] vb2_create_bufs+0x472/0x7d0 [ 1078.742102][T21361] 0 pages cma reserved [ 1078.746310][T21387] ? vb2_request_queue+0x120/0x120 [ 1078.746326][T21387] ? __lock_acquire+0x548/0x3fb0 [ 1078.746345][T21387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1079.447529][T21387] ? debug_smp_processor_id+0x3c/0x280 [ 1079.452968][T21387] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1079.457977][T21387] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1079.463498][T21387] v4l_create_bufs+0xc0/0x180 [ 1079.468152][T21387] __video_do_ioctl+0x7f1/0xce0 [ 1079.473002][T21387] ? v4l_s_fmt+0xab0/0xab0 [ 1079.477407][T21387] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1079.483638][T21387] ? _copy_from_user+0xdd/0x150 [ 1079.488466][T21387] video_usercopy+0x4c5/0x10d0 [ 1079.493223][T21387] ? v4l_s_fmt+0xab0/0xab0 [ 1079.497625][T21387] ? v4l_enumstd+0x70/0x70 [ 1079.502017][T21387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1079.508235][T21387] ? tomoyo_path_number_perm+0x263/0x520 [ 1079.513860][T21387] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1079.519651][T21387] ? video_usercopy+0x10d0/0x10d0 [ 1079.524648][T21387] video_ioctl2+0x2d/0x35 [ 1079.528953][T21387] v4l2_ioctl+0x156/0x1b0 [ 1079.533253][T21387] ? video_devdata+0xa0/0xa0 [ 1079.537815][T21387] do_vfs_ioctl+0xd6e/0x1390 [ 1079.542382][T21387] ? ioctl_preallocate+0x210/0x210 [ 1079.547481][T21387] ? __fget+0x381/0x550 [ 1079.551614][T21387] ? ksys_dup3+0x3e0/0x3e0 [ 1079.556004][T21387] ? nsecs_to_jiffies+0x30/0x30 [ 1079.560847][T21387] ? tomoyo_file_ioctl+0x23/0x30 [ 1079.565763][T21387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1079.571983][T21387] ? security_file_ioctl+0x93/0xc0 [ 1079.577080][T21387] ksys_ioctl+0xab/0xd0 [ 1079.581229][T21387] __x64_sys_ioctl+0x73/0xb0 [ 1079.585794][T21387] do_syscall_64+0x103/0x670 [ 1079.590360][T21387] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1079.596308][T21387] RIP: 0033:0x458c29 [ 1079.600190][T21387] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1079.619775][T21387] RSP: 002b:00007f53a9435c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1079.628210][T21387] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1079.636163][T21387] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1079.644111][T21387] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1079.652144][T21387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94366d4 [ 1079.660118][T21387] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1079.672319][T21387] warn_alloc_show_mem: 2 callbacks suppressed [ 1079.672323][T21387] Mem-Info: [ 1079.681722][T21387] active_anon:247797 inactive_anon:201 isolated_anon:0 [ 1079.681722][T21387] active_file:8214 inactive_file:40674 isolated_file:0 [ 1079.681722][T21387] unevictable:0 dirty:163 writeback:0 unstable:0 [ 1079.681722][T21387] slab_reclaimable:14103 slab_unreclaimable:105357 [ 1079.681722][T21387] mapped:58824 shmem:248 pagetables:6906 bounce:0 [ 1079.681722][T21387] free:1101545 free_pcp:379 free_cma:0 [ 1079.721635][T21387] Node 0 active_anon:991188kB inactive_anon:804kB active_file:32720kB inactive_file:162696kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:652kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 573440kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1079.750621][T21387] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1079.777146][T21387] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1079.804717][T21387] lowmem_reserve[]: 0 2553 2555 2555 [ 1079.810024][T21387] Node 0 DMA32 free:600188kB min:36232kB low:45288kB high:54344kB active_anon:991188kB inactive_anon:804kB active_file:32720kB inactive_file:162696kB unevictable:0kB writepending:652kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14496kB pagetables:27624kB bounce:0kB free_pcp:1512kB local_pcp:572kB free_cma:0kB [ 1079.840765][T21387] lowmem_reserve[]: 0 0 2 2 [ 1079.845450][T21387] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1079.872102][T21387] lowmem_reserve[]: 0 0 0 0 [ 1079.876620][T21387] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1079.905140][T21387] lowmem_reserve[]: 0 0 0 0 [ 1079.909695][T21387] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1079.924222][T21387] Node 0 DMA32: 61*4kB (UE) 163*8kB (UME) 47*16kB (UE) 482*32kB (UME) 489*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 3*2048kB (UE) 126*4096kB (UM) = 600956kB [ 1079.943297][T21387] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1079.955570][T21387] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1079.972866][T21387] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1079.982482][T21387] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1079.991804][T21387] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1080.001323][T21387] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1080.010719][T21387] 49136 total pagecache pages [ 1080.015451][T21387] 0 pages in swap cache [ 1080.019593][T21387] Swap cache stats: add 0, delete 0, find 0/0 [ 1080.025770][T21387] Free swap = 0kB [ 1080.029488][T21387] Total swap = 0kB [ 1080.033318][T21387] 1965979 pages RAM [ 1080.037113][T21387] 0 pages HighMem/MovableOnly [ 1080.041864][T21387] 339405 pages reserved [ 1080.046020][T21387] 0 pages cma reserved [ 1080.201549][ T7678] Bluetooth: hci1: command 0x1009 tx timeout 09:14:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5437, &(0x7f0000000080)) 09:14:50 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x5, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:50 executing program 0: r0 = socket$inet(0x2, 0x100002, 0x80) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000340)='/dev/null\x00', 0x80001, 0x0) ioctl$BLKTRACESTART(r1, 0x1274, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0xfffffffffffffecc) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000880)='/dev/dlm_plock\x00', 0x400, 0x0) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000300)={0x3, 0xffffffffffffff9c}) ioctl$RTC_WIE_ON(r2, 0x700f) r3 = dup2(r0, r0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0xfffffffe000, 0x8, 0x0, 0x7, 0x3f, 0x6, 0x5, 0xffffffffffffffff, 0x401, 0x80000001, 0x397, 0x8, 0x1b18, 0x5, 0x3, 0x3], 0xf000, 0x40001}) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) recvmsg$kcm(r3, &(0x7f00000007c0)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000440)}, {&(0x7f0000000480)=""/62, 0x3e}, {&(0x7f00000002c0)=""/18, 0x12}, {&(0x7f00000008c0)=""/212, 0xd4}, {&(0x7f0000000600)=""/8, 0x8}, {&(0x7f0000000640)=""/144, 0x90}], 0x6, &(0x7f0000000780)=""/7, 0x7}, 0x20) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) faccessat(r3, &(0x7f0000000380)='./file0\x00', 0x2, 0x300) 09:14:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3f00000000000000) 09:14:50 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x2000000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:50 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x7a000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:14:50 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x6, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1084.087255][T21395] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1084.107252][T21392] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1084.160318][T21392] CPU: 0 PID: 21392 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1084.169478][T21392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1084.179546][T21392] Call Trace: [ 1084.179577][T21392] dump_stack+0x172/0x1f0 [ 1084.179602][T21392] warn_alloc.cold+0x87/0x17f [ 1084.179620][T21392] ? zone_watermark_ok_safe+0x260/0x260 [ 1084.179643][T21392] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1084.203095][T21392] __vmalloc_node_range+0x48a/0x790 [ 1084.208293][T21392] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1084.208314][T21392] ? kmem_cache_alloc_trace+0x354/0x760 [ 1084.208327][T21392] ? vb2_vmalloc_alloc+0xca/0x280 [ 1084.208344][T21392] vmalloc_user+0x6b/0x90 [ 1084.228464][T21392] ? vb2_vmalloc_alloc+0xca/0x280 [ 1084.228480][T21392] vb2_vmalloc_alloc+0xca/0x280 [ 1084.228491][T21392] ? __vb2_queue_alloc+0xf5/0xf40 [ 1084.228505][T21392] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1084.228519][T21392] __vb2_queue_alloc+0x5a6/0xf40 [ 1084.243372][T21392] vb2_core_create_bufs+0x2bc/0x790 [ 1084.243392][T21392] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1084.243404][T21392] ? __vb2_queue_alloc+0xf40/0xf40 [ 1084.243419][T21392] ? lock_acquire+0x16f/0x3f0 [ 1084.243433][T21392] ? __video_do_ioctl+0x398/0xce0 [ 1084.243448][T21392] ? __lock_acquire+0x548/0x3fb0 [ 1084.259343][T21392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.259362][T21392] vb2_create_bufs+0x472/0x7d0 [ 1084.259377][T21392] ? vb2_request_queue+0x120/0x120 [ 1084.259393][T21392] ? __lock_acquire+0x548/0x3fb0 [ 1084.279517][T21392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.279534][T21392] ? debug_smp_processor_id+0x3c/0x280 [ 1084.279557][T21392] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1084.279574][T21392] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1084.279593][T21392] v4l_create_bufs+0xc0/0x180 [ 1084.332356][T21392] __video_do_ioctl+0x7f1/0xce0 [ 1084.337211][T21392] ? v4l_s_fmt+0xab0/0xab0 [ 1084.341624][T21392] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1084.347886][T21392] ? _copy_from_user+0xdd/0x150 [ 1084.352754][T21392] video_usercopy+0x4c5/0x10d0 [ 1084.357511][T21392] ? v4l_s_fmt+0xab0/0xab0 [ 1084.361924][T21392] ? v4l_enumstd+0x70/0x70 [ 1084.366335][T21392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.372576][T21392] ? tomoyo_path_number_perm+0x263/0x520 [ 1084.378392][T21392] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1084.384221][T21392] ? video_usercopy+0x10d0/0x10d0 [ 1084.389258][T21392] video_ioctl2+0x2d/0x35 [ 1084.393588][T21392] v4l2_ioctl+0x156/0x1b0 [ 1084.397912][T21392] ? video_devdata+0xa0/0xa0 [ 1084.402501][T21392] do_vfs_ioctl+0xd6e/0x1390 [ 1084.407093][T21392] ? ioctl_preallocate+0x210/0x210 [ 1084.412202][T21392] ? __fget+0x381/0x550 [ 1084.416478][T21392] ? ksys_dup3+0x3e0/0x3e0 [ 1084.420896][T21392] ? nsecs_to_jiffies+0x30/0x30 [ 1084.425770][T21392] ? tomoyo_file_ioctl+0x23/0x30 [ 1084.430719][T21392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.436966][T21392] ? security_file_ioctl+0x93/0xc0 [ 1084.442081][T21392] ksys_ioctl+0xab/0xd0 [ 1084.446239][T21392] __x64_sys_ioctl+0x73/0xb0 [ 1084.450838][T21392] do_syscall_64+0x103/0x670 [ 1084.455439][T21392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1084.461328][T21392] RIP: 0033:0x458c29 [ 1084.465220][T21392] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1084.484832][T21392] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1084.493258][T21392] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1084.501352][T21392] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1084.509327][T21392] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1084.517324][T21392] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1084.525567][T21392] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1084.536905][T21395] CPU: 1 PID: 21395 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1084.546044][T21395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1084.546051][T21395] Call Trace: 09:14:50 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x80, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000280)={0x0, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, {0x2, 0x4e22, @broadcast}, {0x2, 0x4e20, @empty}, 0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)='veth0\x00', 0x0, 0x11419fb1, 0x2}) r1 = socket$inet(0x2, 0x1, 0x84) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmmsg$nfc_llcp(r0, &(0x7f0000003c00)=[{&(0x7f0000000300)={0x27, 0x0, 0x2, 0x2, 0x8094, 0xfff, "8538625123c809fb56d5e4bd62364294db64bf958ac31c0c0d6ab3fc68ba6f83dcd58afe68cf2f0719875ef15ae95c3cdc615210f7bf3c031a7a1272d760d4", 0x35}, 0x60, &(0x7f0000001480)=[{&(0x7f0000000380)="3c410b72c15d8612e0f78e3998bb107f", 0x10}, {&(0x7f00000003c0)="c8eea7d3a8e77bb34d67e685d45b55976a5710f9ede17385316493793f3c381aecfa900430c44c58f4342ea5a400b8f8239b80ebfc6d1ccfd3daf939c48005373591f41ed1553204adf60d625fd081746cb49afc9229f17187dbc6007ba9eab2b33c6edb10a71b41bf6e065cd36fa37711292f4f5008e97e217c040084629e937e93f241ee1dc7374e0872ae2fffe1ca72b5d004704142cc0a470e7d51c4e17a69ae84ca606e06ee1e3219cfd011d0b56a05feabcefa6b12d7cf076572b482821686a8fb0caa0166eca5ae78e50748655d6eb24ea5f6e8a32e12fda70a8669f862347859f12ff1a14fc02395e7bcd989a2336f52d428879fa8703b52586177d50c84ddf1654fda889b33bf675aec1cbec43dfbac7f14387e20122b26a2d2839399de6976a2c1403d8e9c9324121d973f3471c52387e0b626545861f9a9706e990b6b92e1b5dd6c4a7d5d48231977441009243a30687e84abfbdf2a2ae74deef8ca21b05361481c718301a2dfef79e1940b1a2585b38093145c1aa19d54c045029234e7af78d7ce7d8a7947923370760e33e5053924b4b03383ed4b58ec64e36384d6b548900b305a5d9856a093248b5035d72c99fe6f49aed011c6effbc22d47a171c54f39dcf62af95401ced6d85520f8ea09e231697de92acf2adb6682e035449b1857010320af35c475331f98688480540a13ce3afa0abd1297edafcaff990edb96c1759d3282f67d55f8b48fa40bb07144727c286ce69606e7bccf145b9f9a99c8f9154f444098a8701d808c2fbf6ffb317a6d62fe435709af06fc73f2359162f37754e69b7e93a0797135ea7ce05a69f2a5c1ad6ca5e3386ec8f72fe80cffb0f8e318e332d212e265fe863ce4584fda1a9e35d5ce4dd6177be21b2794cd8e9c1e554a00d888488ac0459d0cb8699e131fe41c94a6a25884b30c1238a7aba02704d68e57b85d2a914fab296ed850171fd34871817db8362398d14a7dd63e8da4b33d4119b0081cd66e995e9e393e70d1c11558225a17a6fd558631746bd3b4ea2cf7fff8a0ccf29c7e59da484c52eb14a0899844cf2af74341c6f80112d233041f6b81d529193dd6e267ff807f6a9e0d8665bbe1af0a52fde3c8ad3711ba92596c501c7d8f598b457eccc31879b90e4de76df0fef3725295507ba4ea8592f3e85422a95e044d037b9e96c2d5fc946901b4c79fdb8543eecef2d1d2adc08965375a57f59b3508d9a2a0c8b414edac49fa5c77f7516253e53e0908d109d07e36b950bd6075135dea6a3c8effb366c83f54c0a63500262de0a98469b60ca5c4d531f5d4c288df23ffa1a7cc835649b1d0db586c551302b43d54bb37f81866a271c87335908ef300b9d903884b2b11e259b22966bdd42e0c22bd73c25aa4a1cc72578039ec279fe591ee9088f6a7839fb9b92450acaf2c23b93ef56abdbeabd129a15d3094c99e2cc34de4d5eb835248a95f9e1ddaca84f92a03c6de2a2cc721db635cbf41b20ca95e54ccb9a1035709a59b3c9eb99a67b929b520e54ea34ebe5526a4e97110ad2937c8c86f130c6f05e7fefb235ca469c15f9a684e61c26e0a6fffc22a65d25e7bc044c7a66077b870fba9aad6806182cc0ec05e70dd10b4884612f472c73b91fbfb555b8a9400c940796834be205eb86a6699703801f2e8f82b32cb148cd17eb9cd591aba5433ed002dc7d6b6812e2ec25c6e699ffc6b634961c8be715087e51497a2534274dd70b67d8c66a80a5edbc91834bb1fafdff9a07e78077466965d7797e20310ce130d3fdf923c9dce93c9f86945faa2c19e5323c6bd90b2a8640d56b509e91fd8960ec3f1fde9cfb21181d5505b1f2f52c2c1dfec5c9ddf378bd3a0cf989c247c636a38f29c79b5e19ccab3a6b4dbfd2d0dd60cf4d1933c9759675956a70ffa2d9bf63ad3f5af3d2d403ba56d798fc07126dfa20a06697df986bda698420267cee12c0d18f6647e0b15dcb179a40d75dd71324bca68f9c7540fba0e118d8d218857c9c2d62e80e470bbaee4904bd0ff741993bd28cd8add1d24abbbe50530330efd8751f9dffa6bef12146d87bf2aed6714bd5237881fcb52b7360865fc371eb4ea18ad44be40b5c2b3daca53a0aa254b445ba770ce4ac61d1dbbc53354c2bbd216a838f43e1e3d758dc33d201b4cba1c74d7e271d567fe26adb6c99910117df90b4f23fe1f2ae5c5aa194aab7040e2373f39808b6432795da6123aae53e46a5b64a41b9116c35ab46697f55e425af6c81e30dc9073d666dc81825ca1373dd2a5b0ac90c618223febc47d20974c12cdb9d96c20db31264406cc6cfef2524e7a43c36e8901a82444477d7fe8aa5e202c939603087074b5a63017be3b05465dae78357bd7e60606b261bbc9e3c43172dcc5d7151ee97b17f1f41ee4e5ad59bbe40ce31f7abb24f1e78287e60b564d5391f57c08f751bb0a5f3d4e8ed5b24f658b652085b8fbe15e9f2dd58344c9c46c142e68725ebf383007f154aed620ae2a3f261584d50fa48d6a25d688225fa48dc4adbb0ed36bbf52ab0ef44690973bd5a1ee097404aa478be92c5570133703b00ee95d54b1ebbd907b6cabbfb0ecffb3b5bfa7f6b60df20d3dd8396f2b6f6a73934a54042393998a2af111dd2fd861532909d65e0f6fcc11a4f9a579eba19bd9fe70f8d4734d56cbcaa3f91b322a806beb63c89c5d1dc400d95588a1bc591281a03d05a35be59f875ccf1a1d4f8146829d90fecef5a5ea2a9643fbca65f0e1448bbb4f426fa979429e0cc814208bd32ca077bb11e81499b845312fc3525e3c1a2c0bec85298125a2ea6d402d7e4e58b52273228a20edb53915741aff0879c0c443fc976b4f20f4a8b2afe8e395d157e6f56bf72b498c3f1ca0c39f393f21f1ae9e59b9d2ada29982aa8fd1916d278fd89bc1340d07b3662b42be2361ce4fc2293db6ab5bab8cc913dea0635dd50f6f2164f8020a986f2b73532e477612509724fff91b4f668558b92b5b94ffa380322545a9f38df961b2d6ffb7b44ffe4a251c709de1b8cfe4d6ca3852b06e13fcb319d30ac01bd392783c9175bd43c6a36b63a32a9c4928c24f3e5e7f68c250103d7cdd05e1213571a9f93bc367107b92dc3d4bbbc0db5f697b500617c5576c9c2db3e93c68df0888ccb82e6289e9ac6c9da0e579e4dbec193bddbf129e2db6a4acb75df07a7587d1a56aea67ec28d7dd6e8549b8762afa95a25b6a2d3256054ed76f3c79776f515627a60a6e79cca7c64433abcd811614c4a43111bea884e698ddd6bb8278338ed29481043176dde8bb7b20ce18ca2b5ec2bdc568904cf8141db54d8e5d3c63578deb6940b324a727997c834fcc6b60cad1a03364a8dd1d97c17ad74a147ef05e0b13c2df01e3b65e470df6d201b7c7f9b8b45de5f3fd45e63920c70a7a12e5621670bff78dc2c3a616acc103305f71069023f3a93c346d30c55620234b2153561ad08c1698ee9332ba83d1c7320904b4cefcd3eb4da096e9dde505472219d04a2b7b204aac91b0f808752b23e110db2d5f53965c277dbc142dd88804ad1642f8b11a143347b35b87c8264df46394d55b2659023905853baa1e600b1547876ccfe5bf389e65f89846e692622b8bbbe718cb98c5b2d3829a577bf2e4ab66de6a2aae7cea624182fae323b20ae1a708a2b4b4747eee455ff52b40719e93f0a2eb1813fcd33a83905472d5e1f84a26c88b844b369e192997b9797e7f72ef47f8b4ed0aee40f603e21c3f8870193103e72b93f88dbd52b09351deed1fa9b8070ebe7a5fe4f71b0855cc94a9635d7db6d6be722c2a4f5f5aeb97d2153810b9053bf8e032037722f0b346bdc8ea55193e9a87d9aed4fce7aa97921365dfc97bbbbf026667a5fc8b9f9c9ee10efa56a329dbe8b520f6b372fa1ba4acab214836e4fce36ea59be40b196b445f7f907bb3a1f63e0447ef79939b0a046bc5450353d685c947042095c5a11501ce865cacc7d523e6d54b36c65064bc653473997b9f936bc46fe484c6273cbd2e07f51cd75e9041cb84658b3bfc006f389e8fda10fa5c1c90745a1e5ee6db6d37d29ac6ba560a1b9d80ba6f66016dda95a349441d71c2951ae1abf2410c93f53e80beb22a3f715d0d78923bffff9e88c8b51c5e2b9caa3775fd287992efc98d7c0c590eedc283326c8138254d8868016ae94af6f1bbb91a2d4b5d956b02840212304f9988dd246605c981666820000e4a08389f3469982ff992ec71b3fdcb61f5d9215cb2ca3282b9bb1bc48bf089e583d802d504d1b50e3dff25dfed4034bdc2bb586c2478955503749299442140879b0ab6a0b3c6d4f44d59d5d40511822f3dbeef970c365cdb3a9744d80ce26637ffdeb38ca4cee0a56d12506b8073e114b56da99fbd5daf6f9823c37be1eea4f9d15bdf7d208575d23a7c9f79bf83af5bf700c5ddcf748e3277b7cd5d58636c17185632a5db02de76eb8240f30eccfa05217b36ac6fa92da9ade67a70a5148f2d4cb973a35d911ddb87bbf47c9e4181996bec672640d3a54ceb2972a668d74fbeb9bd7df7a2de656e4b807d0c5fd018bd733fca43411883459e7882fbaf94993e7c91b0c189cfd5d85310b7c15d6b021c4dd37852d03851c3c3f120aac463911c3fe2f9ca15bad9f1fd189f13e0944655792c3c6053baa773806a2a743f472ccb90d7f469252ab38d36367809bb35d4874463f40bb9f2615ccefb2ed1bcb0a91443a29eb812c8f65f42a13d4063ab7f05180ed90a30cda9c95b8d0804de7a8e86c1608ff2d6a15a93dd3ebfa787fb59e95950ec5b31c17bb3d7826b180c5b8db3c7bd45c830a5f958797cd76322f9796de59eb3de6db125c54c36b9074472895f399515b24b0314f119926a4198e1d2be3442d64b02edd2e960ec4630789eb1ba37fbc778219cef35c04648d18d434487915383384eacf902ee06f0e40dcdabae60bd84e8b403ad9e27496bc4084289d8bf3a43da00fa2ce251e64cb7c1fcf4cbd26a32a3ee7a6fc6c1eb6bb29a8ef10d2999f1e78d98ec4672353dec9b4995b03ec4232e1b0dd4d4bfdeff9577c4493ffce0717c464a90b956b79ce029bb431f8f7d03297552215aefba6de1cf87129eee64fe5083444aaf1b5e66c830ec9103dd1ae4dddbe5dce7c9806df5441238504219cdb46b6bf65e076fd703c9c782f5f30ff09f2206b6c80dac56712a8f8aca72b65452ff8d8133f0bd54e3468930794c992b57ad4e5792d79da2397a26873ecce335d20ffb72ad15dd0d4c2f3cdba31914bff6d077c00d65ff6606b427faa9bafdd996ecb0ce67ec8ea3a035fa5a5ddec4f95e3a2d22e4852ffaffb107d3cc2a976af491e2ad5a84a1ba10d9976fd69232dda06c1ed6b39d4562eaf943955fb73a91727693c75bf03492d389e94cabcba79193c5f20638c7f0429dbdb40609f0090765469f52734d42daae291102c5d0aca1fb4b1b23e4ca0e79fa4c2bd890f307cfd461c615e54c0f64324561a35181e72f130a5d3647c7ba71465c76410a2f197a379883595c51f3f5ad3d71dec9283683f3de1ef92d957f7993399e4ec759e71baa91836384c43b7e1322d3a3cd6d106f671af5ecc3d42dfeb78fc58e498725a35b255618b220e0a180b409ad489f5bd50b736a8e4febd4849447892534f40670f1b84c2b978fd017736141dbc16600c6093ce60848e4c4f1c699af673ffb91a366105ff26e1b3e363f723b660c623f49b6f7a6d3c6ecefe352f2ab55a418687ddf8e3e0736a0e476da89aafdcd5a7eb2b20f66c988a138052017ce71defe4edfe03fbff5f53eb8", 0x1000}, {&(0x7f00000013c0)="696267c675f2bc68f33d7abdb906e2f1b3e9c1001387a2f578fe74ca16c53bf640f6aafb25abbe4fd18dd7d0b7c2ffc0376fcdeb72cfbcabf7a3a87d05a70c90f22780ce534796446d58183b51896d7187b0daa99ab2c93d6fd850e4325fa24e7cbdde445c1091fcb3de52", 0x6b}, {&(0x7f0000001440)="4d9a347191326c61f3ac65a408213af62ea420c86b636b037f40013ee1", 0x1d}], 0x4, &(0x7f0000003c80)=ANY=[@ANYBLOB="880000000000000000000000000000206ac896bfc2d84e5bca7e1944e5a593f86f143844e5424102eb0c4e78bb52c597bd19f90638a7384fc928b4d926e950b567f2ca0bbd78b165fa7a33f0971158b16953e9a4f93b138fcd4e6fb9d85e4e574f4b6c3607ea2a028353b7ca33149f63ddceb51644d83a1a722b4fa2f8ad190d62a47a2439b78600057d8dad3cab024c60391e8fee48436a6144c31e803daf7a"], 0x88, 0x810}, {&(0x7f0000001580)={0x27, 0x1, 0x2, 0x5, 0x8, 0x3ff, "e48c972252172c7e0b638b4be90de23a747c0695aeb2306a99bfa365c096fb1889d6b88d3597e0a55b1500b37e734d80874b95fee56153a25e5e2cabce270d", 0x14}, 0x60, &(0x7f0000003b00)=[{&(0x7f0000001600)="6462ae3e86f379617f6c50e2ac6cc2928152a5e52bf885dea39c029a5e8fd5293b135770b58225e660ee5f70975d15385511ecaa91d8005f8f37175bf4d974c3f86414a5b97a5fe7226dba8481ee2604f037fddd13afda7c820ea7cd1a13abad3e2cba1342198fc5a285c340b93ebd288e829cb502427529c9179a82e7db3d4d7a4b6cde45bab8903d51856c26b279080b72e982b227e1455fbd7900d0bfb95b7829c1be", 0xa4}, {&(0x7f00000016c0)="47e7602a72dc3ab1ffcabb8acf05a1e371be4332c803cc8030078a697b58fa2c973fa7891b9fcdb61083a3195aebe188535c4555a3a76f226e0f0ece22fdc18d7b92218173119e5f61f7f16667354d930fed8b76e3d51eb9249922ebc5d208d691d28143e5e969e225a325991d0b7165481d2b64f48b2a726a9f1144cc65fa4ccd74e80a5ab399e05f96ac9a074b5f1cd8af9d5d38c07c9075dba48daa88d63411f18cebf5ae330b921093988637ebe6c0daced25e8ca2291c329458c649761bddfcc210e5af4da18193d1", 0xcb}, {&(0x7f00000017c0)="a586", 0x2}, {&(0x7f0000001800)="f08bd679019577e94d1bce46271bbdc287afbb2cc1808f7d37", 0x19}, {&(0x7f0000001840)="750a55d50f9f652ceb21405a3c12368b4eca9514256bcbdc7d310cde233bf13b2fdda098ca7d5b8034ed125989d93fbe7a42bf15927e3539d46a5b090dbd33222e4136a28457d0b5128f4b9d1545aa8dd9356d6aa7f91ecca8daf5664d04affbf2f6ff3037cf352d1528417151f0e2292c4803ae57a27f8f4abae317ad8b73b7946eb425987064f5cc6d708c327c587fee6bdeccde945f24ea15d05fa83fe4efd0055baa7feb000eaee0121420e887d3aab1d695feb1db1edabc21aacc9b5b6deb6684499f841f11d870f4bfd11e79b04d662d2bb07fca4f35ab6fd77a84bfcf55be79fe5d6e748577dc94ea42ce96288be68d668a88e9ecb157a76393def3cfa6b753d41d7b8830efbae4a423f1f38ba498770f59908e8c30db593e384fc11008d0d93de1407e7689bc5dc7f166558101d26363d984bb18a9c270af0f8b1bb5e8445a5a977a5973874fb6c7e75278ebb26b92bc0fab0a4abe1d01351fc76c8bd338f3e66b78b9d7272004b625989c7b43d95729a21409e72cdfe4cc415792c69aea8b36775b6f00c052444d930685a04ed3153d40373d1a064f118ae71d5de0d34ab1336f85038293fa249f82a501716b6226dc1d91895f70a6d1797c55361be2973c4c79d4cf944373de0d6f9ea331ffbee7c72f89ed01367b958edddd90dff96a92911f3ca93dbad4bdb4a4e07f0b9dcaa68359100855e40d892ff18d2db3003b84eb9e4a0479618dfb340d1bb528e097443fc9ccaf94c2004d7d2a5addda4c7f66496ee533b8a86370b20582c6dced0493e922908d20f71c8d76dbf30cdb2007ec53efaffdbdae20acbdcaddd243d1a506e10953a61af317ccee411410edf60841a15c75d7f56cff783d475652ba55694c19523654370934fe28f217d3cc58e37221a7fe953ed43e396da581150c095aff1eb4ad94436b1b5b520bc728b4e185769a9511ed50aa52ed26cf91ab371640b5592c8e51ac5c886172a332a1f4686a935eab53bf9e87b11823695f7f6264e54694eef9641a4e278b8c98e355389fb4e37f38937eb96fa608c70b355c7e4bd83770267e6094528a3465f489cf4f11f874266e591eb736f722a9187960d764d6d0839c7969df368238c7cf6889a08f64e1e3c3e9dd8705b7c01f9ba40b2a4079ab17c839356863183bea36c4511b9b6703f058971505fc8c07cf44711b97c2ae6d76dbd99baf145584409cbeac78fb2479245c928395d4d7bbefdf359fb5866e179a31eb0108d0c53db08d09665a8a2ea62e59d1addef366fbf08e4798d49ebb474ba663173e0145ee48f9c136fd5063b497980e201c9221e342a583b3db20734286459f5bab6dac870ced3c1c7e700a2720d1e66579cc603e860a40ade4cdbf943672b53beb7e6b7e597afb251a4cef1cbeef5df9246c93751e921e83a30cb5f123b775ae85098031efe569162fc9fd0ba7f52a00f38e7729b70bf5fb3ab238d592b8f7b88f5d08709fff4e95436fa1224a576c0dac52148fa865739a895e762c116db0eb13039a459dfc2c830595d20bca537276ef3d21cce0cab5d0eee641eb5c0060ecfa1385bcf95d71241cd3469a0cc0e053fd3c0f8a915c52e78d103f6342f00c2645962255e549bc0feb34ecb7868065a3aa6c4077423253e6545f1e18c8bee7f1a5fb80dcd6e39b23b9dc8a0f36fba320c55fad02b926cb0507a25644beeb3f2914335e102557b571a9e361159ffb1d95c7aae6eacf623ff772e8bc237957261d6fadcb89319dde0c06c840e13b3407f3102ab8d923da90072e754c0ed16b84a16440c7e580e6bbd26429834f8734a4c659d7f6a7018191a02c707e56383547d65d7bf0e9cceaadea63a5469681e577964041752bd9fe7eb0f929b6351043bb865cd4dea1288bbbab3a3d42f664a4eb6a5bba0c6251d358aacfddcc433149b407c9797287c0699a05e1e75a685ab51f1722f1352fd572be4989f2a4ca36852abf897f75d75afae5f276f2f223262ccd932bfc5641f18a55e75065df0480bfb5ce07c2a82bad07846e81bc620e705fd4eced3202502148ff32e6684a01eb109752341be4ee9f77d244002c1b7ba1506fd4feebee4ef05af66af717fbfb478afc26658de89677d8c99a82a18eeb7c4a040410d5a8bb187836b3abc20f8b879e4b46f5551800d2e5118d58922ae4a6df8ca13386240a8a049996f2d86b099527905034055e03943e9e101037979f271f9bc0a2bdba76f40d9791b823397c0836206315acbfcfa6d52499fde94574256e3de0f3ef49fd34470f5fb8ef2f65adda537173dcecfb48bae98873cce973395c49a79641a22a92b664d4b819bced20526eae752a61d42f230801b82b14ee21a393d7119e0f1d3dcd946f51ed1f0390d717e197c642f33d1d0d5a7c2370aa57f335a40b298e88f663d77255c3a7be0ed14cceff73effbad926d1b062c0256c2cb63948f44a5764af15f60553f905e6bad76b46b2041d498ac6ae29ee4cf817cac2ea693a6042ac9cabe1df9a0b956aa643caa0091b27e9fb39cf08f36d146872bbe10a6a258d1269eea1830afd6e8cfe509a0d4929649613f75437a54ee0b04b2bc58fb1aef2e65d43510f8cd5a10f74e3c0a6d6e47eb14d31a9d5af80474b0102a318ecd85e3aa37dc530e49f716e0a90fa120bad5c9e3ef1974883b3eb69a51a0ac486983ed7dd95a16f8f22222a88032a623862b6f143fa0c779feb03dd398e9afefea563bd3aed3022a6e602532dd29f0abf03f38a8f879ceac93e484a87c41729ca32893c796c7dd384866a2f30cfbff1d7eb04ff29069b959af2b02742ee86ebf35a3c46e6bdbf70eaaf639dcec8aec14041b007030e3d6534763b78b3941a2b1c162325eed93bb477ee85041317a35683bd2b2324d393fd95cae29b67e502adc02e2d3c79fe68258da37bd561e7df22c8a91f749f9e2ea444c2a78383eba078cc3e086a458a96d5b7550359501d922e5e3b067062e6fb7b186b9d75bfc534ddf15295f644b86c55f69848c12fb561f86a7ce58c8bbc435e5382e9ef66c4a432845c55fcd7d860c4cf444d4de2ba2d5b1a66c172b1be96b4d8f914a414341d564defd1f7cacd158ebb37ab974f3fbfe5bafbafd10f747d0eb70e386946fbd1ce0f4ed737fb85731bedcf9915efbedb44e889f714eb11f3aa922bba0fe3db49140c0a94205566521d3169d4c54e3dd5d99210ad2e7766d9422239818dc70c39c8a242159cd059f35c4724bf48ea21bd868f4b5a04f6c480fdfb829404476d5865ef7c4c8160ac08e03811bbdfb024d509dcbfe8f6634bbecaf5b30f988b9b30d37d200dbe8a95a372ad5aa9525aff32528cd9779330f3b48512af7cce1c3a76cc8ea0e7a31c54c69576bdd633b97a653df9294c812003b16fb31af0bb7d00cfcc2de79f4f6b3d4f5e4bc20fe84ff0c1fd6bf8e279e43c000613bff48869a839defa1d4d2ec612be139a8a088987e4dae43abc912f297492b51ef272ac99f258acce1926434ed4a551ae386c32fa310ded7b5bed063982ce06cfd9394e3ffa8351ed2761c4aa8c7182ccc44632031e4d7186b30bd82a61edf20845370e53e92cd48ef5cdd80bb7997028248caf606606e8cca5cca5247d44cc9a8f6f370cf15b77c91887c3717498058465a1c4c3f76f3050e46b6587fc3193e2f848febe3710d85408f6cfb412bc996a6950de613a5c81253d2710bcc7fad7e8d8c36cf6652a5e78bfff666c7ca82c73a7b38fd5cf910a89a9c40c76b0426c5069593e28cc18355c1655b67f88394f033ee052a35c3388753d5c3eed89d19410e34593d3f0798e2b746338048b11b76b170944a60bc6980a008db015b18dd68f27ffc85ebcc2dc46d0b2e5d795ca995d57c39261fbeab319a3a5b20f922308e48817c2f7ae739239d148b4de9a579d4b1d171bf85d459dc8be9a237341415a8be1686a7620649b5168bac6954ff0a929a3dc864e13ced7c03ec6dd5c88c6408e508dd39b4234163793ddb82aa799328c33955ef5e8464401b03d62d5751f3a213e6595a00d1b6b3ae514c0dbda19730db7bd873c8410a2f8f1377e369d64dec2fbf727da9b030ec33aca077ab01441fc9811ad8ea3fbb999c2b4f63aed7aa3bf07bbfafd3e358076c62b24a87f908a7e0c390962fdc5f4e5451cb9023e533ef212d76bfde42fa0a872fbd6c4810c8eeeca45909316530667a307a42bb9102466e7d5258f1cc85538f1a3aa04dc470494555bb942b3eabbf59361d2f988f58da45e1330a321c818aaa8f300ef4ee06ecaf46057c3c9abdf8b2c5b3cf0eea06b4d4fa580b4322c4fbb15dd60463164ebd4947ae04f5114af57f287d44b38050f9b9c50667896b08cf0f68215a201da6478ea938804a92faf6214aa174ae8ae690bb571d559794a336b7384e7ff56f7ebfe777078a3ed8e921e36cd4f22c9dc11b844c601605968afa8b6d93335c01d9d035fab578de183dfa49fefee74cf7cbec16bdf2eaeea2bb4d21196366ad2f2ff0950dc8fe25c7e8674e23bb320ea138372b70af74073d61a0dec04d0dbcec7cd9852e138a65a6544ddcf93a89ecf58e567a2273c05bd64cbb667096410d3e593dc2a67bae51017420f0cfe2a6a5748a76ded8384755ae946c25b59e16b22d808bc84b0b68ce6ba4d55f6d7d09ac0d2f152008834483d57c743ee545fc802a61b7246944b8c8ada364048d5f311c417e403d45cc9ad023d5b700ae86f7a05c152576f3eb2626349ca3096b881a7c50acefc90bd9b36884b6970aad988a1a285f97612d17a22af1712e205a6f82930a183dd66d1e6991878e00ac90d628f2362f5b584cb04153f3128ee7f8435cbfc109bed91234699b1f7bb7382580a961df208e266bac516f53e2d750f747bab8a0d143d6ef67c9d0dc7b96b99a3179d3a5d114b204e378b6116cf1b356a4b6e30ad9ab99f7acbd3a959388fa7c70e68b301558d895fb5dff1670e9e7b5d44419b77949b981564f92aa09e182a31a69a0ad1b6a396e6f6723b5fde9bef146c1fbe61ca1b83f0aeaabc9762c041ddac61975fb1bb97912b5a9b43bf7a4b827008d8371cf3577c135844d00327e3f2dadf68d8ac396f8d9f8d97ce22fed1ddd1f86f8365b06a9fe1e43a7be47323a797d08833d5b36ce87154e257c695dbe7ca67421dc3391b9385bc5eeec238cf75ed398e2c861848472147adb7c0e282ad489a84230e9205fb339ad5cc221f60853637a6608976812937ffc96159c01d9992f33476fdce643c043e5128a9a0f9e763d2a3760b9bade7aa5a2bafe5f038d8d5e1694c15560131be80e400cf85e478901b7bcdb0ea54e708ad67890dd86f964bcde561d2b15ca7fe9ffbb6492034b1c817449a70f5782807c167a1157053ed5280bd8e447dae9e376a58555dca90bff02ad78c0a1d0ccc96f90ff1652253fa7c7bba8cb763d2d3a6d8bf66fa2683afa343fe6c13376b0261337f96df00261e5d3218003689cce402fa76ee908e48c34904c0784fea61212cc89e77d1eb5af43268b38995d64ba130bebca99bb4ea2bafdd0d6d8019dd67101086952f1b0eb297b14172206a6511f433750937cbcae2175e5be68a6dc0c85da6e4affcc8c7f22d0b42655d2a241c6fb03b32e204a9964b35793ded009fde5ea345740abf47f210a4842743627d9470b2d30baabf0d9b67f9545f01aa210556fdc20cef3f1a2a349c2c07bb421dab80caa512fc90207a2c59cfee54396c21cef3de292b48a4a05d421458d7efebf4b51589111caf136b7a9ceddec974cbe619988117609324ec1e30c872359", 0x1000}, {&(0x7f0000002840)="0405248711cf962632f7d101a30b398b3984fbdf57573c7f14ecb8307ab5cdffb8bd40dbf0941cca85803ceb3dd70b3664e4a457a7f92a4d307668a93d3eb0fcbd95ff13823b90755d9b875352d7766fbdbf27c23e7476a3478041a50e785e0cf64f089cd130de981f089edbb9fe8049f8c01a80819a99cda86d1c196e50da2bc9812d91310606fc2b54", 0x8a}, {&(0x7f0000002900)="a0295714217f1c8bdec640d9d434c7708a4258abd8217acca25252baec10a3f9bb9aedc2e7aa3fe2d5c5625fc2c62e1179564a02cb9e42c5fb44051dafcb57e4c7b559b5a2bfee31a39b37d60c0bdbcb8657050101c87ca1530188300c81ff485d7865ed0b56f114587f95cd3d8f334dab68a76fd9940ad551bc4f789fe795c9a80907607c95010e0a3453048915fc176e8b238bf5e88ee2a274bdf35e94c787fd35491632cf98e02e6945d65d6584c626ba82dce93a8001b2f82dfba8360a790908208dbdac5239c1e257310566fd918011e4fab32fc92a786fabe22e41751cbe9e7243f0bcf99e3215b1b9a00b0777883faff067a922650dce2a19aff21bbf8163a7b4b0ff4c47e1492d8863ed4fe646b43442dfba3b6b2e99c311afad356446fc4361142b122bb7cbcd66d10f164a4adade24137a26fb91f73a481d2a6c0b1dff30b94dcb6bcf441e15ba44059dfa258eb05c68d1e038cb074f8e6aebdce4c96c413a5942737120740cd07280b72621a484921ec501e1ee0efe2a132daad55e00d78390a888fb77f50512381b9cb7a36015b1b1ac5f0415adfaef036e5893d98a7a606d879d182da849de39eb12c5464887a1a7449a8917e61213b34afcd18487530aed6043b34f73db3a82cc8fa3f6930c25b144bd22cfe7154f02070a09cb0b4b68f692862166f884979a5fbc2ae9be563084cbad8dbbfd9a32f68b48de83bfa39495be501c8f5affa082582f59707d203db4c48187d757a7c90fb740275db571f469a1f9b0e1d1e1445355bcadc352f2926ab0fd420950ebd505acc915cb94d39e3e93fcc1955fa0a8643798bde648c8b2e7defd71d6414969acc6913e247ca2d2dc855cbfff0be124c3315c662722171a5cd30e16c3732ef8e1167a72c00f676b3c5ea8d7a6506dc1f0423e232ba803a322d26d83407d12b5de9000646cfc15b771a0de029f4c8407fbde3adeeadf8c7c28ea29f019b6d8556038336f3eab3692f89859f209acb450a3e697a7392bf72d9ff836956f9fec7b22179538acfdf389bbb353c85623ec9e64fe1e7895ee9641518475299523ece22b62e7b96033d489ff1cabdcf700d3f8987a516f99069b8dce16bf0315bd55a7d78dd23961900adde907fd426a2e88ac2f0d49c03941b0242332cb711f8cb30f86c8727a4b3596e34f644f2f57bb098be10d2451557b853a4761f80990c079509a80f71a208dfd78b13325dfbb03c9ac56fcacd8f258be818d17f08a58c31d90d2f896a2636b832c466efec6e191da0008f861c44d9e347ae663593acfe1998beb5d4d5c225c62506f8da2b2a2553857bb7b8a25f21d597e8851d9a90aefdbeef2d7c3034a2c1ae5be9c5b4a6525864bd6185f5514c23e5558f97a470108d7c77e4dbcf6a810af87d627f3ae8a75b12497bfcf3998c2afa5361ab769755012ef0dbc91f7020f4e04c9ef9da3d2de0226ce3e272d02e7d47ccd9aa6c3c20a148742944bd6f6ed1189ed12c90f76f1f7d7736731c8cc6eb6bc22a729cc2a807e8bb3391614cb84aaa7b7aa54316aa3244e6e43f35c39a2651aaefcf10a2df2eeff172aeca810f80f1af9987e88648f60fca9cad9679741cab23c32bbfd3662ccd9649623098e634d282386c8d25b390770e68ea559f556fdeddc43b10816cd67e0acd10e2c59203d720de224ef996f8afec3841b33a5ea0e492f6cff78f3ebbee41d4dbaaea294ef3503e510d8b5eb149e204e3eeb25624676b9ccb21fbd931e6861508a20647c2d7ab300d121986ec9c70abd70e79eacb4d15a44ab332c9d2a90b497233b35ae7a2146141d57b6f9580dce479b7cd78e8b77eef2e0b759ab34625f02ae66d9397acc15268caf6f775ab76dda3c8502ee1ab08124a839ae626d19ef099fdec6c0f87170766f80ef171ee28ad2b2ab0261c6fb2c2cd3e95557864fb055fc548f0d2b65375ad9e90b01ea867a699985aeac85de31b89b9345ba3638897b033bf8a21fb4b93a75262cbf0ffce6ad565c4b3e87705beef8e75f0f488d395809f18e8c394d512c7309c41f5848edd12363a7de5b84d406ecb4af13c0257eba9e3bc1a263bf7c554bba7cbd9815e0ca25ac0760167c4df36f699cd27be797b6f1a156a88e8de4b79394b098942661c215d8bf99f614de0d3aa00231fab4255719934301fd235ffcf64d8864f4e50b3fbd16598e2c02721fbd274792e84ae5924ae5a8f1744a144a3d45dce0f60a7abe57c229188fd2c68f6e8db7463fd90529d0e595b175f1d874d232ae608705d9be4237a076662e8c27dfe5d102062c9f1ccab4bb51658febc9d0a6c8577d548ed883ff3b638af9ffdd1d9bf41f882d1bc63f9072bf3573f1fac811843d92aa9fba44d0a9af5e415be206a0a6aa4ac336fdc122e1f5e53f1aaf20628b835eb7d02cb44394f4a6e84a4336a1fbb21f7072d979345bb7f9541c528e5143100f69ef5822357d8b54a0f13852821d4996fcac04d4b3105489390215c6cba2a34262763d0fe7f754966bd095c0a961177840f86fef6ef9fc0c04f602fcd4108c30bd38408bbe7e524a2d8f5e75ea3947491233c6ed5fab49c42fe883f873135c310899237d7048ef672d17c769fbd9fb49585b05debc3f569342d298b006fc800e499675116f924983cf3584a8fecfd8f03c9dfcfa78e61a97ac42aa7f95df2910d5733a98a14347c85482cb802951fcbadc563c3e5d39b5309f1f8c8d8d134fd6f608574b427e8d6fb69799337674f25781b33f980b90a220ceb7cb63f6b7c48dd495e8a8c383a7f1126bee9875b911d30e0dcd804351bf5ade42232d41a2e63999d90c5f27e0e1962a0db7e6d40b7a4898e5f2931bd79c3f0eda675e7f412d467caa02601ff298c4e428fafc25dbea317cba7f2f9e7331a1e797449e85c9ba6065121cd3964d5480e00ae3b6ace7d0b1ae78d67c4c61e111c782db19f2a8d25c29dc5872f4c0c1c5112358ec94458e43c8be8bc5d318d67c4ce5aa5b19936d22aa1b70dd9d55366b71500d38b338f73534a0af0955708f6ce3cc2cd23063c4befc7b5a125407121d0acc00d1c727c774f567be204192b791dd9fbf105d0a4707349aaeff6775c887f72e8d1a44d45228db20d83de0f4f47e482b6acce1d7fcf73040f5773881f7d0adf697b034f9bdf02cf15f9d6415e936dcdb3c9461cd366661e690cdbca7dbb95abb60bf21602b13545f199dd2e615548825d5c96b119e24e8522ac23dca36de9bf1e10704298cf07d796b254115d8d7de93485d88a839a202a86ec3c3921a19eb2bcee59a37e82ad33f8b502f4e47a99d339934fabcf63aa1079a0cf9d7b6810300d55d363c3ecf082db10c834849fbc826e9248f3888f0b905cd72bd27af414de1a554bd310bae1a1a0adfd69a613a62734de2494068b46d742c6e87a7bbbcfc4141160b77acd6f1c368babe9dcb41058ec473e42358d00d18e42e6830f9e4a8a408bbe95853a0623a796a3ebe080b5a8fdf9417c5e39bbe513248cf2a78c3b4ccd3699cbac838942d3b6d5d5319a31257762c905e099264678901e0abdd3eb8a85c66e55d8713bd9d25ee0671d77ad8e649edd27037211bacab5b1b6056ccec21584c3e5d6820d727eb3553dfeb04966654d8bec9b7618665222fa8e906ea43cd2bbe179a7b48afd029b21483edf85c0f580f8880718204df9eb33010e471b655196d4074058f1f939ab6e39617c45c6a5e549f6482bb790b8ed1fe1b0d2d23c3230eff7a6a04ab39346be6eec997d992802a1d789171c037eda12c2b1a4245452af9ca1af1172d44f178cf69b9833fd85b34beded4d6b34a355d7a7f63dd655d7b59b87366208e98ddb8473ead46c953ff224e577bfdbbd31817c0742a7a5b68c892cc0efb173c6e5b87b95f975b90e09e03cc6079c5b4ef3f8f756f70236f13293d5358d2fefa2387cb93973dbbdd78b8ba702d65bcad6b9d8d64cff9cea966018dc224981341f4e98c5010de9ff756ee3a233a559860cd9e24b74ab098fb2d1689d17cbae352e6028744921fe3c67f618c8b4e00dd2f409de559ef3c47b4bcce7a70b393c5e21d7c709a46656d968b1e847ede98ede24956d8801a74b2b53d71637e2b54ff35e430d0e6d6f2ecc16c21acb7391c6cad1afcf8fe0007b5c2a7771b6206a364b04b871cef73d4b875de7a24b6c154931ec750ea5085ebbd8314359270fdaddd046556b9a6c47b2b034f810a91416420265c0b9be0f680fb286fa7bd535a059517c5b2eeb122af8ceda84a11d234c2688b68dce22f751c949cd1f7aa7b78376b881ca9fe2d40b175b234860e61ac28df17de51effb8d7be65fe633a213c3cdc7f627d6db4c6cda545d88fb1853a5c05765733db9b6c8d4936bcac08af5ec73e9c59c3bfb77d1edc3ef7159a7e7db0e1e4bdce7e33322d1d88b23e547ea1261bd7b552ea4573069152efdaaa1eaa8d4af728d7898d0f112528eefd75de1e7fe7015cd7fa9b86b1e0a190915302c368cda655714d9b9edc136b9ec2a38463382cc3cd6cc107bebf964c41bb6009bd489a7444fffb82dd4e58a0d8e4cbb98bb507427b97e348168494727e269d4f6f2b826e9923655d4b3f19fef275e8184fb4610595bc8f189a98e598da899c536e5ccc6cd0566df19cc64f5d118a2152bc44cefad7ce0ac4ce9f85b6cf706b688504febb5be7a237d901d17d32d8d3f81c8cdb778f596992ea9d344395f0881fa8ec1899a0e3e965076e736bc251ac7264ebcfcc5c0fbf6194e2364730ace8ceb6eb127d8052cb06be7f45dd619afadffb9d90841d2a77a7a70ddae5044dd55744fcf0f2818e2927351ff127b2f8b6dc683bb16a45b19c9a8af9009a97d2afb9836805f3db3f237f468041a373093e7ace61adec068de596cd9d187b51a79b5864610b10cdabb2500b833ad20939527b32f996bc4c1bf99fe93427c152c12ca9a31a933be7d91ff4ef51aff859945e8ff4af2ed0a1a621d2cc79fb20b10d315bba168f32a5654c7f2915f500005c4fccbd94a7d1254215653ee84d9d34c3c58d680576ab7fd67313137a67c70a28a76b3352d53500c7720e7f9bb216654371e80e6e8f31384907690afa4fbb4e01c5cdcff24d94e4dfdefb8ff02d5de0737edfce9b74865a1a32b6b35e2c0366bb44a0523d93a44820359f01c5da7915d2711592899f1e793c2a308f6563c9483e7f0194217c536fef42fff4ea55d9b7647df1286da2089e115d0917c42fcd369071fe70b2045fc78af6908e22bf48c91d77ac2bb0565baa74b127b3db15dab9b6164c8e8048b073a7e12566acd61abcb3580cf87df0bf93d59908a10e5d06ced89f4b198a1be013d274a6b6d0034089bca721e8c2557451ff31c0aedfd599f364819483d6da4c9f767cfb3ecf5246cb70560d154808ecc110c4f2b387892681f08d51427f47e233632e8997b7fce5fd97680696c5b17e687614cd3d998ab48c4d6bc1ac7f6424fdc751a201e0832a44ea55242a8c6f1deb52c17bc1df4d4ed801c63b248d864c5464eef1564904eb83c213d9a540e8ff8bfa581e90e3330d41e9ca9d926df12e67e2df14cdb3b909c9d05e17edbcbb2d4759544a6e6846283b63e6e2dcf839fe085d72e1eb4e1b607a2f6f28d9933f94b29291b51fd3f020d3b3ed6349cc347376122c58259ec01a288f1d6b497f72da3eacdf263567c49903638fb038b9e8367120602401a198e4e96e8212a31f8df72f3751bb26f8738649b827658386ae6bf247860f5dc75b37319ebcf6059ef797f851c6787e69916b701dfb98f6ac045508baa0ae2", 0x1000}, {&(0x7f0000003900)="be7beaa206bd5ab2fcb43580deb47a0468a4c276cb5b59663149a48d14738ca4bb1cd9915d82ba2198a3a368ab7f6f0938684a712c8c25d845000c7f0540f7c82129d9f3e309b390622d777f27bbe100f042b2d572c8a85f9b70df8d7ba5309a850b3d1d8fc21af39677f4bda0f1d7ef71b8f9e2e1a2b41affd2654d44a8bb6269bba33a57e518e94184b1436300", 0x8e}, {&(0x7f00000039c0)="bbecfb1567d3787b4f821a38afa4d15f344d98fecd8dabdbf9052abcd99681858978", 0x22}, {&(0x7f0000003a00)="5d2e2c9719cd4009b318c0d8154b82ddac28647de3987f8317edf855b5d02d4b77f557225d7dfdde6414c93b1645315e9d258e0a36f39ea639204ed57eb4b765e4f6b4fd9773d1544745e1ed82af406f76b983a91c341bc83e217b476f9c3aa87c5bf023fea0eedfe883a03216e102f1b39f852465ae7b12cc2cda033622cfca278418ff735654a1a3dbc13dc81bc6ad1bf2e9515038b87ed25fe829ffed1ad788d6c6941611fba68a40da67c21b41cedf8ee6fdbdb3671450795e5bc758e486046acf0c9115dca9247b3d", 0xcb}], 0xa, &(0x7f0000003bc0)=ANY=[@ANYBLOB="38000000000000000000000002000000dd2f8f73c6a7f44f2c5344f9865024f6cc3720d16c2800000000000000"], 0x38, 0x4}], 0x2, 0x20000000) sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x100001c6}, 0x20000011) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1084.546072][T21395] dump_stack+0x172/0x1f0 [ 1084.546093][T21395] warn_alloc.cold+0x87/0x17f [ 1084.546112][T21395] ? zone_watermark_ok_safe+0x260/0x260 [ 1084.573918][T21395] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1084.573971][T21395] __vmalloc_node_range+0x48a/0x790 [ 1084.573988][T21395] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1084.574008][T21395] ? kmem_cache_alloc_trace+0x354/0x760 [ 1084.574020][T21395] ? vb2_vmalloc_alloc+0xca/0x280 [ 1084.574040][T21395] vmalloc_user+0x6b/0x90 [ 1084.584875][T21395] ? vb2_vmalloc_alloc+0xca/0x280 [ 1084.584890][T21395] vb2_vmalloc_alloc+0xca/0x280 [ 1084.584901][T21395] ? __vb2_queue_alloc+0xf5/0xf40 [ 1084.584918][T21395] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1084.584929][T21395] __vb2_queue_alloc+0x5a6/0xf40 [ 1084.584959][T21395] vb2_core_create_bufs+0x2bc/0x790 [ 1084.584977][T21395] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1084.584991][T21395] ? __vb2_queue_alloc+0xf40/0xf40 [ 1084.585007][T21395] ? lock_acquire+0x16f/0x3f0 [ 1084.585026][T21395] ? __video_do_ioctl+0x398/0xce0 [ 1084.604959][T21395] ? __lock_acquire+0x548/0x3fb0 [ 1084.604977][T21395] ? kmem_cache_alloc_node_trace+0x5a3/0x720 [ 1084.604997][T21395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.614839][T21395] vb2_create_bufs+0x472/0x7d0 [ 1084.614859][T21395] ? vb2_request_queue+0x120/0x120 [ 1084.614871][T21395] ? __lock_acquire+0x548/0x3fb0 [ 1084.614886][T21395] ? kmem_cache_alloc_node_trace+0x5a3/0x720 [ 1084.614901][T21395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.614915][T21395] ? debug_smp_processor_id+0x3c/0x280 [ 1084.614936][T21395] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1084.614952][T21395] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1084.614971][T21395] v4l_create_bufs+0xc0/0x180 [ 1084.614991][T21395] __video_do_ioctl+0x7f1/0xce0 [ 1084.615015][T21395] ? v4l_s_fmt+0xab0/0xab0 [ 1084.615035][T21395] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1084.736466][T21395] ? _copy_from_user+0xdd/0x150 [ 1084.741317][T21395] video_usercopy+0x4c5/0x10d0 [ 1084.746064][T21395] ? v4l_s_fmt+0xab0/0xab0 [ 1084.750469][T21395] ? v4l_enumstd+0x70/0x70 [ 1084.754904][T21395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.761212][T21395] ? tomoyo_path_number_perm+0x263/0x520 [ 1084.766846][T21395] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1084.772643][T21395] ? video_usercopy+0x10d0/0x10d0 [ 1084.777655][T21395] video_ioctl2+0x2d/0x35 [ 1084.781968][T21395] v4l2_ioctl+0x156/0x1b0 [ 1084.786281][T21395] ? video_devdata+0xa0/0xa0 [ 1084.790858][T21395] do_vfs_ioctl+0xd6e/0x1390 [ 1084.795608][T21395] ? ioctl_preallocate+0x210/0x210 [ 1084.800709][T21395] ? __fget+0x381/0x550 [ 1084.804858][T21395] ? ksys_dup3+0x3e0/0x3e0 [ 1084.809260][T21395] ? nsecs_to_jiffies+0x30/0x30 [ 1084.814108][T21395] ? tomoyo_file_ioctl+0x23/0x30 [ 1084.819028][T21395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.825263][T21395] ? security_file_ioctl+0x93/0xc0 [ 1084.830359][T21395] ksys_ioctl+0xab/0xd0 [ 1084.834512][T21395] __x64_sys_ioctl+0x73/0xb0 [ 1084.839085][T21395] do_syscall_64+0x103/0x670 [ 1084.843658][T21395] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1084.849525][T21395] RIP: 0033:0x458c29 [ 1084.853402][T21395] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1084.872991][T21395] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1084.881394][T21395] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1084.889348][T21395] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1084.897399][T21395] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1084.905363][T21395] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 09:14:50 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x5) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:14:50 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffff9c, 0x84, 0x66, &(0x7f0000000200)={0x0, 0x9}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={r1, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:14:50 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000004, 0x10, r1, 0x0) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e24, @multicast1}}}, 0x0) 09:14:51 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x7, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1084.913323][T21395] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1085.010799][T21428] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1085.020473][T21395] Mem-Info: [ 1085.028127][T21395] active_anon:248897 inactive_anon:201 isolated_anon:0 [ 1085.028127][T21395] active_file:8215 inactive_file:40689 isolated_file:0 [ 1085.028127][T21395] unevictable:0 dirty:197 writeback:0 unstable:0 [ 1085.028127][T21395] slab_reclaimable:14105 slab_unreclaimable:105404 [ 1085.028127][T21395] mapped:58824 shmem:248 pagetables:6972 bounce:0 [ 1085.028127][T21395] free:1100200 free_pcp:356 free_cma:0 [ 1085.040466][T21428] CPU: 0 PID: 21428 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1085.066838][T21395] Node 0 active_anon:995588kB inactive_anon:804kB active_file:32724kB inactive_file:162756kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:788kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 577536kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1085.075228][T21428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1085.075233][T21428] Call Trace: [ 1085.075257][T21428] dump_stack+0x172/0x1f0 [ 1085.075276][T21428] warn_alloc.cold+0x87/0x17f [ 1085.075295][T21428] ? zone_watermark_ok_safe+0x260/0x260 [ 1085.104505][T21395] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1085.114398][T21428] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1085.114435][T21428] __vmalloc_node_range+0x48a/0x790 [ 1085.114448][T21428] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1085.114467][T21428] ? kmem_cache_alloc_trace+0x354/0x760 [ 1085.117836][T21395] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1085.122040][T21428] ? vb2_vmalloc_alloc+0xca/0x280 [ 1085.122057][T21428] vmalloc_user+0x6b/0x90 [ 1085.122071][T21428] ? vb2_vmalloc_alloc+0xca/0x280 [ 1085.122084][T21428] vb2_vmalloc_alloc+0xca/0x280 [ 1085.122097][T21428] ? __vb2_queue_alloc+0xf5/0xf40 [ 1085.127259][T21395] lowmem_reserve[]: 0 2553 2555 2555 [ 1085.132709][T21428] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1085.132720][T21428] __vb2_queue_alloc+0x5a6/0xf40 [ 1085.132749][T21428] vb2_core_create_bufs+0x2bc/0x790 [ 1085.132763][T21428] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1085.132778][T21428] ? __vb2_queue_alloc+0xf40/0xf40 [ 1085.159344][T21395] Node 0 DMA32 free:594392kB min:36232kB low:45288kB high:54344kB active_anon:995588kB inactive_anon:804kB active_file:32724kB inactive_file:162756kB unevictable:0kB writepending:788kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14880kB pagetables:27888kB bounce:0kB free_pcp:1544kB local_pcp:712kB free_cma:0kB [ 1085.164916][T21428] ? lock_acquire+0x16f/0x3f0 [ 1085.164935][T21428] ? __video_do_ioctl+0x398/0xce0 [ 1085.164949][T21428] ? __lock_acquire+0x548/0x3fb0 [ 1085.164977][T21428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.170230][T21395] lowmem_reserve[]: 0 0 2 2 [ 1085.175148][T21428] vb2_create_bufs+0x472/0x7d0 [ 1085.175167][T21428] ? vb2_request_queue+0x120/0x120 [ 1085.175182][T21428] ? __lock_acquire+0x548/0x3fb0 [ 1085.175196][T21428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.175215][T21428] ? debug_smp_processor_id+0x3c/0x280 [ 1085.180818][T21395] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1085.207530][T21428] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1085.207547][T21428] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1085.207566][T21428] v4l_create_bufs+0xc0/0x180 [ 1085.207585][T21428] __video_do_ioctl+0x7f1/0xce0 [ 1085.207607][T21428] ? v4l_s_fmt+0xab0/0xab0 [ 1085.207627][T21428] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1085.213620][T21395] lowmem_reserve[]: 0 0 0 0 [ 1085.216962][T21428] ? _copy_from_user+0xdd/0x150 [ 1085.216986][T21428] video_usercopy+0x4c5/0x10d0 [ 1085.217002][T21428] ? v4l_s_fmt+0xab0/0xab0 [ 1085.217023][T21428] ? v4l_enumstd+0x70/0x70 [ 1085.223351][T21395] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1085.226858][T21428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.226875][T21428] ? tomoyo_path_number_perm+0x263/0x520 [ 1085.226892][T21428] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1085.226920][T21428] ? video_usercopy+0x10d0/0x10d0 [ 1085.232064][T21395] lowmem_reserve[]: 0 0 0 0 [ 1085.237198][T21428] video_ioctl2+0x2d/0x35 [ 1085.237217][T21428] v4l2_ioctl+0x156/0x1b0 [ 1085.237230][T21428] ? video_devdata+0xa0/0xa0 [ 1085.237250][T21428] do_vfs_ioctl+0xd6e/0x1390 [ 1085.243163][T21395] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1085.248053][T21428] ? ioctl_preallocate+0x210/0x210 [ 1085.248069][T21428] ? __fget+0x381/0x550 [ 1085.248094][T21428] ? ksys_dup3+0x3e0/0x3e0 [ 1085.253408][T21395] Node 0 DMA32: 2*4kB (UE) 70*8kB (ME) 75*16kB (UE) 475*32kB (UME) 463*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 5*2048kB (UME) 124*4096kB (UM) = 594440kB [ 1085.258653][T21428] ? nsecs_to_jiffies+0x30/0x30 [ 1085.258677][T21428] ? tomoyo_file_ioctl+0x23/0x30 [ 1085.258690][T21428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.258712][T21428] ? security_file_ioctl+0x93/0xc0 [ 1085.263925][T21395] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1085.294423][T21428] ksys_ioctl+0xab/0xd0 [ 1085.294446][T21428] __x64_sys_ioctl+0x73/0xb0 [ 1085.294466][T21428] do_syscall_64+0x103/0x670 [ 1085.294490][T21428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1085.299254][T21395] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1085.305107][T21428] RIP: 0033:0x458c29 [ 1085.305124][T21428] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1085.305132][T21428] RSP: 002b:00007f92fa7a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1085.305147][T21428] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1085.305156][T21428] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1085.305163][T21428] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1085.305176][T21428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7a26d4 [ 1085.310196][T21395] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1085.316309][T21428] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1085.376065][T21395] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1085.394875][T21395] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1085.719986][T21395] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1085.731158][T21395] 49164 total pagecache pages [ 1085.736639][T21395] 0 pages in swap cache [ 1085.740879][T21395] Swap cache stats: add 0, delete 0, find 0/0 [ 1085.747054][T21395] Free swap = 0kB [ 1085.750805][T21395] Total swap = 0kB [ 1085.754631][T21395] 1965979 pages RAM [ 1085.758452][T21395] 0 pages HighMem/MovableOnly [ 1085.763947][T21395] 339405 pages reserved [ 1085.768093][T21395] 0 pages cma reserved [ 1086.201557][ T7678] Bluetooth: hci0: command 0x1003 tx timeout [ 1086.207785][ T9599] Bluetooth: hci0: sending frame failed (-49) [ 1087.001762][ T7678] Bluetooth: hci2: command 0x1003 tx timeout [ 1087.007909][ T9599] Bluetooth: hci2: sending frame failed (-49) [ 1087.014574][ T7678] Bluetooth: hci3: command 0x1003 tx timeout [ 1087.020635][ T7678] Bluetooth: hci1: command 0x1003 tx timeout [ 1087.020715][ T9599] Bluetooth: hci3: sending frame failed (-49) [ 1087.033352][ T9599] Bluetooth: hci1: sending frame failed (-49) [ 1088.281586][ T7678] Bluetooth: hci0: command 0x1001 tx timeout [ 1088.287710][ T9599] Bluetooth: hci0: sending frame failed (-49) [ 1089.081688][ T12] Bluetooth: hci1: command 0x1001 tx timeout [ 1089.081710][ T7678] Bluetooth: hci2: command 0x1001 tx timeout [ 1089.089503][ T9599] Bluetooth: hci1: sending frame failed (-49) [ 1089.094264][T21443] Bluetooth: hci2: sending frame failed (-49) [ 1089.099946][ T12] Bluetooth: hci3: command 0x1001 tx timeout [ 1089.112025][T21443] Bluetooth: hci3: sending frame failed (-49) [ 1090.361610][ T12] Bluetooth: hci0: command 0x1009 tx timeout [ 1091.161746][ T12] Bluetooth: hci1: command 0x1009 tx timeout [ 1091.161771][ T7678] Bluetooth: hci3: command 0x1009 tx timeout [ 1091.174268][ T7678] Bluetooth: hci2: command 0x1009 tx timeout 09:15:02 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5441, &(0x7f0000000080)) 09:15:02 executing program 0: r0 = socket$inet(0x2, 0x0, 0x80000001) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:15:02 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x8, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:02 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xfecaedfe, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:02 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x200a000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x4000000000000000) [ 1095.657959][T21458] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1095.666563][T21453] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1095.704379][T21458] CPU: 0 PID: 21458 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1095.713620][T21458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1095.723685][T21458] Call Trace: [ 1095.726996][T21458] dump_stack+0x172/0x1f0 [ 1095.731348][T21458] warn_alloc.cold+0x87/0x17f [ 1095.736139][T21458] ? zone_watermark_ok_safe+0x260/0x260 [ 1095.742062][T21458] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1095.747737][T21458] __vmalloc_node_range+0x48a/0x790 [ 1095.752964][T21458] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1095.758012][T21458] ? kmem_cache_alloc_trace+0x354/0x760 [ 1095.763576][T21458] ? vb2_vmalloc_alloc+0xca/0x280 [ 1095.768603][T21458] vmalloc_user+0x6b/0x90 [ 1095.773013][T21458] ? vb2_vmalloc_alloc+0xca/0x280 [ 1095.773027][T21458] vb2_vmalloc_alloc+0xca/0x280 [ 1095.773038][T21458] ? __vb2_queue_alloc+0xf5/0xf40 [ 1095.773054][T21458] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1095.773066][T21458] __vb2_queue_alloc+0x5a6/0xf40 [ 1095.773095][T21458] vb2_core_create_bufs+0x2bc/0x790 09:15:02 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x9, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:02 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@nl=@kern={0x10, 0x0, 0x0, 0x8}, 0x80, &(0x7f0000000000), 0x1000000000000233, 0x0, 0xffffffffffffff3f}, 0x20000000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000380)={0x0, 0x94, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6={0xa, 0x4e20, 0x400, @rand_addr="fea9dcbf20fa4f30057e665eb091656a", 0x80000000}, @in={0x2, 0x4e22, @multicast2}, @in6={0xa, 0x4e24, 0xe00000000000000, @remote, 0x10000}, @in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e22, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}]}, &(0x7f00000003c0)=0x10) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f00000004c0)={0x0, 0x1000, "bcef0323c09d81cac9de38277399ada44fe4e4a3692be415656d35c1eac8d2aa94d9e80d874020b80a410ccacfa731215b3a2e876a8ffaca156163d164c04c86fef4ed44a1827e33a334675824f2f654f8f42d2ecfaaee297b59e5180b5b10c7bdce73101e4e8425270352eecaa0d3023a82a10a11e0e40dc3e13e97fe3c85c35feff8e4ca89badde184fc162bb8cf1931a97cdb8081fdb903f570b5345cf6d47f70e073b49307b16f8c1985b23e2baf9ff8290946604f5b5d7a71e6dae89a804ad0738c19174eb23eaea9a0b954c2f7c6388fe9957a959d7386ed5bafb331e58a16badb0c00c2f618ac527246ed42e43d3936171fe0e83bac7aebf9186ecf6b974e569dfeb8ba98c4f6a935665ae363d67a32a92cf5047c07b89593051490052bd6d74f21fe8717bbd37ac69cbd93d85608646d988356157e80ed00af6c86bf98f76f3f5ff51accf1091a6f679cad71619d9b8a5214f7bbc7efe7c33dac7b2e1da97407c2ab57de8bdd5b84ebc8d51227f38e1f1bc65e1fa7b0f8925dd0ba3f5133063348298e31201ce7a31c2b56f2ac39c06ed1e8504521be6bd70144261cb3cba8fae088911d21721d46a7a69594feb25f9f84131316b43004755f2e28895addd2e91ce7fbc5b97c88b28d7789ab99ba71f45ca5f3db4522bad704db9f88f56f154f0a8fc9c6a2f1ed4b0c40189c48701d1136bc23eed680cfa254b322d9c98262162acbc225cc2104cc814ed7aa394fe0bd1af7a9de998907be4b2bd46d60362f2a4ece9e3dcc8beb2fdc6564c8cd28164e65bbc7ff12a062029fe62d9a877ed9de16222059ea2b7a3926abea673ec23229749c2f20afe629ad8033f76a6064c15b27d3dec09900165b5dea51ca13014dde32a7c1bc4bc09f454cbd7369eb0f00165f3b7e6861b37ac83a8ff1167a80bb71c343f4a49384ee4c6368b155e6997d61f14f1bf37a881790caf8991e10e1fa77a5ceb20c77078b29a1b86e536271c27eee09383a1a071ecf163331630cfbe8e3ca01f5bea7f71486ee123ae89b919e3b7e1683d5604138e690d4f4d031714a95d00749ccbc13a621a80315980c29e4d2a53e6e927bef0582e07f63c1d2f38ca9767926209f3d07deb51ccf217baddcfad569aae88c4329c0130e229aa5ef20c5a5e36b11c4bae79be20d4aeedf8703224e27b2e0ac6512a8f0e2ca6ad4bd96f8befe5ecdd4d52593a8f51782b5955f31e22f35f417591b90076396cde4930eed512c50e6792f931c70eeef7ca0ea516edcbabe7c8fc6873b03e096c972507d999ab551fce94eb32a34c14e890de9bf1a66de0fe6adadf455e911da13f28223cf76e80ae3e2624c543d4526b7c885e8bc23fcad3ee9d28c77f277ca9546f190dd444c29dfeb139a7b9fd0738396122f300d593316db8f9a30b24505e7215b007024ce5ca494cc193a2bb6f1a79cda6c2b1d62246b3fd9594ec83e97134a6cc869e6b85523c27f6565b00809bd9ea4dda890713fe09c28ef95563ec768dbeca1389fc845ef0a471b2e9cb296180abb3f2a546ea90d02b106f3dbfba9925ffc993adf721689607b07675c12bc94ed36d4c0c381232aeed8a2a7e27fa051d196527a298b0dce7d1e1766bbdcd0f60414be5dbbef691c71655f7081d4b6bda4b738b72aa4b9d11df2c92722307a1d484b2e93bcba0f3b286387dad61e288d4b401333b795febfccd65b7489e07b3a77b3de4ba355a9a4e3f9bda93e8e1039b815641a64e4b8f8ff8817d93465e0b6a44708f019c3b58a9366dbd50a90e6ed035184f37301fdc69ac9dbfe99649aeb809ebdf1bf40c2d72dac5ce332c4d50289965211f9d06e9b72ca03fb073691fa840deab7731ff36f2ae14f7b99e26b15b98688a7a98630e6d7b0afdea7912662fa7a281f4f239ea531432eab039083c88a545010319e3a6521a9d3aef6f193b6bc43cf3e784d05917866fde7e7bfd38e8879df4a3ae9a1c368f5b758c3b1a01cfead9028e3d3749a12a7df2a75dd7775e625d9634027002ed65800417dcbc29544a8da87dedd846636309bb90aed9b4edbdf43ed921a87e3114ef72fd0eda0de23ab71f563ec891618e76662d71fae60ce86a12f78f33b22d477162e972e0bb1240a8440d5226148bf86c41bb9ca2f530622e1a2a56bc09ed847911096591af4d6c26cead183e7aa738f1fc41073788d6ea46e34daca23a43979009a29597b9d877153750da70e586eff41f572d1cbd8ec14ea2e039cffde83c55cee4b0c650228e9b79500dc9d0c7572e16224ac7848befaeb4deeabc732714a7e5962f43820a3f6806e7256097a3f7af89ced8e04dd2285adb6f6cd70c711decbaef0f07d7233662270bc79ca3eeb588a0d968b1a7c08a0e630f128c37fe22dd57bdd0cf68130254f2ed1ea3403e0dd4bdc3c275e2192dee2b9f9f466e4e13d98f7cbc7828885afa0066fb64576bcb4f5d9ae703f727576259a8171bb07342f4e223fa716b3758ce35d1ee110ac8833e797024decaf695cc1afe48ef37e3a88aee64c34e8789e35b59d5db5a7e8025f21672ebee76535eaf62380d042b381ce03a8a58baeef404cef1189836f079ef7233f283a9234b3ec8cb85ac6a00de186d8765b53887020f40404f1b82693455f9a677f32f96954acdd2b96fea338d550717ac6be98f8e67cecaa8db082f5dfce2eb01e37f6c1b7f5077a3ee1f27c454375ffd27e8889ea0d3c20d5e93d9ba9605964915c0537f9bb0dcbf7ed60a1ef9a36329ebdee14f731c035538fcef4c210d9d80c60d480d6813680cc0c5055adb38b42cdd0de1a65621c5b07fe86df4bdf257fb79f560a0265fadbf01179ad6b730cb98a4f8c3e20069e096ef50bceae135ac300b61dfcd84fef23841f10e60588756563c4e3315843e4a08c69f42aafd641b8d3e783c458e12348b7e599b937f98ff155cf9d0a10a7df5a100ae65a9be831dbc754ec7c76e27b6705c4a6447fb525bb6e34ecb73f372c61dabb0f5f94a5a191418aa68f920197aa6fb257ffdad66f31c19927cf2cc097aeae7ea916c7f41581ee3f4b069c55b0c675b155bc6fdf68580a9ad47e320b6b15214c39607b8738e8d19e56749dd53b3fbcd5c8c061064fa570f65f2d20b0500ea894f9d514d0fc5ade1605ac0fe27faee11bc2403f406a3bcd4481777656efa8d7d68790d0a54f78d0d2ad019f1218132978c698bd168e166f3412897024d6b655ba4f6506f680a245a4cc95de06368f313174edfb838f37cff6384e22277dc10eb923f0c35164b28dc1e6750f3bfcde95f34ed66747cd0c8055700873f9e892fefd5b556d2dd23e6294411280364161cbcc111b8ae90a7182de076108593f994915712e77674c27095ae4551300e611efce3a4ae7428bedc62a0344c5489ef460179b595ffc3e9df0a8ff5cba23e4177ff0322ae5cb9cbb0d9c2f8c528c673a4ae5b9f4b3921f91939cce876abec3c5dbc15a1ae653fd933c5a0e7769a2d92df8e3680e1ffc6dced86a60b3dafddbe70d4cccce26854bc319770fec29fc8d0c5f6410a10e6ef18872c406386d7ed02d8ac952ccd346a422f7595b980edb33eefd661470f8177b1f72756b0b447ef0cda4b55c3fff3c281f6033b9c3c79f3c8a1f002637fed55c9b98a4760fcf59a84ace5e0fd0a44f9332826bdc4bd72b9604dd1bd299b58dc684acd660726d6ed4d8a377abc7c979e65d8defd261181e3fb056d69ac02fe4ad0a28a0dbe0b0f87dc3b95afc76b7edccafecec8b3c98f8a0737be4f8e92028fb5fd449ee5b26e89056daf9d0d253eeee936d8db20f039a7df522664bcd1317a6640ff919a56ecef46cfff12938a9d94d8ec57f540dbf971f9d81eb20efc087e53f1ee2e9a178004d49e04fe243e58e2d2f67ff3a8c7471ac8a65b66294c33c073902657dac42d9c203beb4207f8177c7fb2247433843d893f17ac329cd530b2e76c04ecef96d4a1bf0c3c527757647bdec16d2a28cbc948d99629d8b700ffc97073666e0c8a6464e1ea5e1406578681029e0191ced65bf017f2055eedf76f3c86304306d7b5ef03fbf7ca4b390b043a336b9be5fd19743252a93f3dcb1bd4a1c2b025a84b1684fad71e2cbc49544bf1b7c0060eefd082eba8b7ddc4ac0c71b9f5a71d2619a7795d63566c9bb6030ed357bb5455162540e7b8e53364f3dff262c5028aea0324645fb48c13482d5b71d882942175b22feae673e81701fa19ff60156e8aad4670ea6a90f6cbc3507324b75ac692127afe916f5ad607ba84140232c1ed7665bf4b058892c7a98e1485f60f814d631f1d039a9140de877a9d412a1085a98f1ceadf7069e6fb3d5de0f21509f6bd0cfc5379b477813d42cd44671e416955776857d89987c9ae52f6cb2f65bbfb07f455209c43353ad82b6834ed469f083ede651896b36ed8b497321c2251b16c0bc5fc87b5791de3c269014aca82b6316ab24c9a4508811c9dfef32dceee6697c5fbb1d4c50a5d9cd710802c26ba05ab321776fbe56b07989ea8cadee0f5b4d22c54d1e39c60e99b351386271eef772e15215b8bfd028e71f06fefd19b6e684ba3ffb10b85186f5521f5bf4b1b96428b0c91df70c1a7b7221987de7d68e6ca5ed4274e66d60af1925f465a555302dab4af5587d4e977a6cd0a7304dfc302eb799ab8a765e8e2d4dab92c566f45f06c4070eefd6609e2e1513fe12b052ad5f2fced9ecff8e4517a4205ad3c59e970790be4eb9703e38e9905862b670b9d59f137d949103f9ee3622e25048c32feffe95c215fcf294e387361162a23605c69b6512ca301e9561fe28684f724174cd5491d60e8a5836c57382a2024d058af4651879e94eb08638dd2173666b6042d885eea0e23f84c4929ec37faeb26e7b2a7bca3acc3d64d57d58309aded96b23e2d8be525232c97c2905ce165705c912b5922d2b9fb1e74f03f5527a13e3afbb63d2128614c4ac7808fff7d81ee3f13870d4e12910b81b003ad507effee33eaff22ec617c0a40f5e0236e57feeb0c5d64365a9608f46bad15c1308c006f76d4d225c7fe0484cbdbda48a760fdf159a1e12e82f071f6911d50f066c97841eb35048afb61778ae540d34ef2711dc8fdbf7ea0cb3f9df76685a542d97f1d30bf8b0dd02bdebe4f085b35277629c7a32902390e7126bf407cd2b3ef7941f880b7748a6cff5fe0399de169c006edb3d2d8263c56dbf61a6d4c2f47d3d8656cfd694776e0afb6fef6ecb3a1eb47806a3d31e579e98366de6354949f7e64b4536320042e41afeb8211ec6cf0c6be47a0d009b913ff8987bb11aae210e0841f4a66bb1713e18a9d84f695537d714bf326a46bf9ea1cd4f71423110fc1ee1cc69e021a65cd9cb8802a0807772b0b45ef27cabd14e0a40508c65deded56c9cea36b85121b3ceb546fb7647068bfa44330fbe03102433a616bfdb58040e4399dc966ad3c653823b98f92516752c51812805156bf442bcee9cf98c5f1bb4bd4e141c7682e40b259556a9525cc400d4c1fe3e21210729de959c69755b4f14e1a022f562e126f02954ef215bca686c5a530a9331395e25a8d59dcfea0227242e4120c8ae03cc196a562b0e1b1712fade0d96e90d3f906a1681888f00f268b9704097c94e66030e55335a4c69d8ca2cd02ef7aee86c37c6de4a2dc9e940b328ce34d334ec4e7569e5d0cfa7060a50749490ab4342acf6a5d75791922600ef8e15f988259ecb8898238f6d31b0c6f6a39be1617b1b4f9cd0d8a40654400556f5cbe14e3dcbe7cfb426c992a3bf2e5a08db3ab2413c8264d645fbe0e6ad5d9709"}, &(0x7f0000001500)=0x1008) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000001540)={0x0, 0x8}, &(0x7f0000001580)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000001740)={0x0, 0x4, 0x1000000000000}, &(0x7f0000001780)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f00000017c0)={0x0, @in={{0x2, 0x4e22, @loopback}}, [0x8d, 0xff, 0x9, 0x1, 0x8, 0x7, 0x0, 0x1, 0x10001, 0x4, 0x101, 0xc5d, 0x3a9b, 0x80000000, 0x6]}, &(0x7f00000018c0)=0x100) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000001b40)=@assoc_value={0x0, 0x4}, &(0x7f0000001b80)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000001a80)={r1, @in6={{0xa, 0x4e22, 0x6, @local, 0x89f}}}, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x5d, @mcast1, 0x401}, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e23, 0xffffffffffff7fff, @remote, 0xcf}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @rand_addr=0x9}], 0x68) 09:15:02 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xa, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1095.773114][T21458] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1095.773137][T21458] ? __vb2_queue_alloc+0xf40/0xf40 [ 1095.773157][T21458] ? lock_acquire+0x16f/0x3f0 [ 1095.819193][T21458] ? __video_do_ioctl+0x398/0xce0 [ 1095.824243][T21458] ? __lock_acquire+0x548/0x3fb0 [ 1095.829207][T21458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1095.835723][T21458] vb2_create_bufs+0x472/0x7d0 [ 1095.840518][T21458] ? vb2_request_queue+0x120/0x120 [ 1095.840547][T21458] ? __lock_acquire+0x548/0x3fb0 [ 1095.850601][T21458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1095.856865][T21458] ? debug_smp_processor_id+0x3c/0x280 [ 1095.862349][T21458] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1095.867426][T21458] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1095.872990][T21458] v4l_create_bufs+0xc0/0x180 [ 1095.873013][T21458] __video_do_ioctl+0x7f1/0xce0 [ 1095.873036][T21458] ? v4l_s_fmt+0xab0/0xab0 [ 1095.873058][T21458] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1095.873073][T21458] ? _copy_from_user+0xdd/0x150 [ 1095.873091][T21458] video_usercopy+0x4c5/0x10d0 [ 1095.873105][T21458] ? v4l_s_fmt+0xab0/0xab0 [ 1095.873137][T21458] ? v4l_enumstd+0x70/0x70 [ 1095.882747][T21458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1095.882766][T21458] ? tomoyo_path_number_perm+0x263/0x520 [ 1095.882786][T21458] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1095.882815][T21458] ? video_usercopy+0x10d0/0x10d0 [ 1095.882829][T21458] video_ioctl2+0x2d/0x35 [ 1095.882844][T21458] v4l2_ioctl+0x156/0x1b0 [ 1095.882857][T21458] ? video_devdata+0xa0/0xa0 [ 1095.882877][T21458] do_vfs_ioctl+0xd6e/0x1390 [ 1095.882897][T21458] ? ioctl_preallocate+0x210/0x210 [ 1095.882912][T21458] ? __fget+0x381/0x550 [ 1095.882934][T21458] ? ksys_dup3+0x3e0/0x3e0 [ 1095.896695][T21458] ? nsecs_to_jiffies+0x30/0x30 [ 1095.896717][T21458] ? tomoyo_file_ioctl+0x23/0x30 [ 1095.896732][T21458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1095.896748][T21458] ? security_file_ioctl+0x93/0xc0 [ 1095.896766][T21458] ksys_ioctl+0xab/0xd0 [ 1095.896785][T21458] __x64_sys_ioctl+0x73/0xb0 [ 1095.927026][T21458] do_syscall_64+0x103/0x670 [ 1095.927048][T21458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1095.927067][T21458] RIP: 0033:0x458c29 [ 1096.013923][T21458] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1096.033508][T21458] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1096.041905][T21458] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1096.049858][T21458] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1096.057820][T21458] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1096.065774][T21458] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1096.073729][T21458] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1096.104449][T21453] CPU: 1 PID: 21453 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1096.108791][T21458] warn_alloc_show_mem: 2 callbacks suppressed [ 1096.108796][T21458] Mem-Info: [ 1096.113702][T21453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1096.113708][T21453] Call Trace: [ 1096.113732][T21453] dump_stack+0x172/0x1f0 [ 1096.113754][T21453] warn_alloc.cold+0x87/0x17f [ 1096.113769][T21453] ? zone_watermark_ok_safe+0x260/0x260 [ 1096.113784][T21453] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1096.113821][T21453] __vmalloc_node_range+0x48a/0x790 [ 1096.113838][T21453] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1096.113858][T21453] ? kmem_cache_alloc_trace+0x354/0x760 [ 1096.113873][T21453] ? vb2_vmalloc_alloc+0xca/0x280 [ 1096.113891][T21453] vmalloc_user+0x6b/0x90 [ 1096.113906][T21453] ? vb2_vmalloc_alloc+0xca/0x280 [ 1096.113920][T21453] vb2_vmalloc_alloc+0xca/0x280 [ 1096.113932][T21453] ? __vb2_queue_alloc+0xf5/0xf40 [ 1096.113950][T21453] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 09:15:02 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xb, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1096.113961][T21453] __vb2_queue_alloc+0x5a6/0xf40 [ 1096.113996][T21453] vb2_core_create_bufs+0x2bc/0x790 [ 1096.120319][T21458] active_anon:250013 inactive_anon:201 isolated_anon:0 [ 1096.120319][T21458] active_file:8216 inactive_file:40705 isolated_file:0 [ 1096.120319][T21458] unevictable:0 dirty:198 writeback:0 unstable:0 [ 1096.120319][T21458] slab_reclaimable:14075 slab_unreclaimable:105583 [ 1096.120319][T21458] mapped:58824 shmem:248 pagetables:7069 bounce:0 [ 1096.120319][T21458] free:1098570 free_pcp:505 free_cma:0 09:15:02 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xc, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1096.123189][T21453] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1096.123204][T21453] ? __vb2_queue_alloc+0xf40/0xf40 [ 1096.123221][T21453] ? lock_acquire+0x16f/0x3f0 [ 1096.123237][T21453] ? __video_do_ioctl+0x398/0xce0 [ 1096.123251][T21453] ? __lock_acquire+0x548/0x3fb0 [ 1096.123274][T21453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1096.123292][T21453] vb2_create_bufs+0x472/0x7d0 09:15:02 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0xbe77aeee2aff2105) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000780)=0x10000, 0x4) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) writev(r0, &(0x7f0000000700)=[{&(0x7f0000000200)="f89bccfffaa62845957158797699f4cdaa2972c87e3c951f4c7cc7a2684884462826b4208afc2ece03083de2c8cf9b875b53c83ef322d0b3e8e489fa1abca45e5c2ff980b917855eb333a333348aed85904905bf142e881c9103b34d8d8dc2dddc4804f3b9aa403be63862c87368abac4dda574e92fccb785a8ca7662c3226e01c81950f04e5e370cb18a04667262fa39733e448aab2d15fdf7c664b4f0ee1e5f9bc617106a393cbfb7f80fa313f92a968a6661ff5154b30f0af77683553381fd04f56bfa2b8f1918a0905a70a801e7fa9b29d16d5a16ec7efb965cf9a96854c646d171509b9c33522bd9d78c9c5ff1976", 0xf1}, {&(0x7f0000000300)="afc7bbaae8fec7a1d80ec75096ff766877e20979e6d91a04c23cb19a496ac1b453168d99c99bcef71533b7df70792c3e04d76405ef4163b7af97699924aa2beaaff926b42c79edf215e1c239df0a56d33bf25ba80d44f21466ba33172546beaa6542be59bda04a217244e601dbe3455d480ee4ae3ae10e37d1fef4eb53dbb2f9f9a918ad0f53a5e24e1a23dc7f2aec522e1c8fc0e1f9dbfb9e313a4b456b014f6fb9c279441349020ebe7658e0a84446b75ceea80411f1e1134edd9400e0367b472a08439dc20081ec6c4cd53768d25fdc183c7c8bec02df624541c206f7e704", 0xe0}, {&(0x7f0000000400)="dc69e73178aee0e37e2f050edb7e4eb01b8634fd233ceaff966a94c6c402fd5cb124f6eeed7c5d341e59f64e1b92bb28fdf09f6d24365dfeb5", 0x39}, {&(0x7f0000000440)="928930c90c294ede442d760415fa9457936ff43cb45bd8070a74865d72b44900812cf4fe41bcbaad91ad47bfcee112ea3331639bf85149ca2aac573c4fb5ce252ca58c74d01a5fc61815ffab2cb2f146b950", 0x52}, {&(0x7f00000004c0)="cb161ac0ba6612912a4dabc49add2e302b0284778055451d1107fb3cf628771cb64c366eb1e9a27e304869df75fed078a56af3f5b84290967a3eebbb66f41776ace7467d8dfc4307a1e567587440787facb85e7e", 0x54}, {&(0x7f0000000540)="b9dc05d4f0268865ee7cff8a74ea97189ab08eb6645ca791960833532f1189255e449c07ebe9bfa504f5092e", 0x2c}, {&(0x7f0000000580)="837bb1134eb88d50ad8f97ed7f4d321ed0f952cb05cd6896c85731a5f11f2c0e079dc4c0154331deec18ac6708a3776e7ccf0581faf44b7ac153162ef5e9c54bf6adc898ab2c34debc2b6ec1a7a1a1f9d3c2e0cb5f093aef2a20ff5a327656ad6035f270f299fbed0d84f618eaa33873a8d34e2c379c0fae055ba934648954c699f59674a69acfdd2751f0990d2ff47246820a578cb09cffe31d728fb9330ee9ef6ac73cf1ab361ddca396a33f4c4f73238289861ba5d2d1a7ddbd987f5aafec59b5dd39e951fd254dd516f708b8c273fd1eeae743b06759efb361bbf0", 0xdd}, {&(0x7f0000000680)="c17f948effcd993f36754222e2d98e0d7498c59de1e581eb687290e32ff1604cd46ac945eb76a5ac38ea173f0c3d5615356423f65905147bf9b2a089ce939b0fb3d1da88474df770d965193127de8c79e43f05961ff15b6d5a7805ae476be8b83183c7", 0x63}], 0x8) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000007c0)={0x0, 0x3871}, &(0x7f0000000800)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={r1, @in={{0x2, 0x4e23, @multicast1}}}, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000840)='/dev/full\x00', 0x4000, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000880)=@bpq0='bpq0\x00', 0x10) [ 1096.133637][T21458] Node 0 active_anon:1000052kB inactive_anon:804kB active_file:32728kB inactive_file:162820kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:792kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 577536kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1096.136692][T21453] ? vb2_request_queue+0x120/0x120 [ 1096.136708][T21453] ? __lock_acquire+0x548/0x3fb0 [ 1096.136726][T21453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1096.136742][T21453] ? debug_smp_processor_id+0x3c/0x280 [ 1096.136764][T21453] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1096.141259][T21458] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1096.145750][T21453] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1096.145770][T21453] v4l_create_bufs+0xc0/0x180 [ 1096.145792][T21453] __video_do_ioctl+0x7f1/0xce0 [ 1096.145818][T21453] ? v4l_s_fmt+0xab0/0xab0 [ 1096.145838][T21453] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1096.145857][T21453] ? _copy_from_user+0xdd/0x150 [ 1096.151537][T21458] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1096.156991][T21453] video_usercopy+0x4c5/0x10d0 [ 1096.157014][T21453] ? v4l_s_fmt+0xab0/0xab0 [ 1096.157036][T21453] ? v4l_enumstd+0x70/0x70 [ 1096.157051][T21453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1096.157071][T21453] ? tomoyo_path_number_perm+0x263/0x520 [ 1096.162475][T21458] lowmem_reserve[]: 0 2553 2555 2555 [ 1096.167356][T21453] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1096.167388][T21453] ? video_usercopy+0x10d0/0x10d0 [ 1096.167404][T21453] video_ioctl2+0x2d/0x35 [ 1096.167420][T21453] v4l2_ioctl+0x156/0x1b0 [ 1096.167437][T21453] ? video_devdata+0xa0/0xa0 [ 1096.173110][T21458] Node 0 DMA32 free:588288kB min:36232kB low:45288kB high:54344kB active_anon:1000052kB inactive_anon:804kB active_file:32728kB inactive_file:162820kB unevictable:0kB writepending:792kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15040kB pagetables:28276kB bounce:0kB free_pcp:2020kB local_pcp:1464kB free_cma:0kB [ 1096.177958][T21453] do_vfs_ioctl+0xd6e/0x1390 [ 1096.177982][T21453] ? ioctl_preallocate+0x210/0x210 [ 1096.177998][T21453] ? __fget+0x381/0x550 [ 1096.178025][T21453] ? ksys_dup3+0x3e0/0x3e0 [ 1096.178042][T21453] ? nsecs_to_jiffies+0x30/0x30 [ 1096.182485][T21458] lowmem_reserve[]: 0 0 2 2 [ 1096.187353][T21453] ? tomoyo_file_ioctl+0x23/0x30 [ 1096.187369][T21453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1096.187386][T21453] ? security_file_ioctl+0x93/0xc0 [ 1096.187407][T21453] ksys_ioctl+0xab/0xd0 [ 1096.187428][T21453] __x64_sys_ioctl+0x73/0xb0 [ 1096.192403][T21458] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1096.197462][T21453] do_syscall_64+0x103/0x670 [ 1096.197484][T21453] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1096.197497][T21453] RIP: 0033:0x458c29 [ 1096.197512][T21453] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1096.197521][T21453] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1096.197535][T21453] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1096.197543][T21453] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1096.197550][T21453] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1096.197563][T21453] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1096.203539][T21458] lowmem_reserve[]: 0 0 0 0 [ 1096.208289][T21453] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1096.362231][ T7914] Bluetooth: Error in BCSP hdr checksum [ 1096.521090][T21458] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1096.540318][T21458] lowmem_reserve[]: 0 0 0 0 [ 1096.604359][T21458] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1096.610678][T21458] Node 0 DMA32: 19*4kB (UME) 90*8kB (UME) 53*16kB (UME) 450*32kB (UME) 443*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 5*2048kB (UME) 123*4096kB (UM) = 588140kB [ 1096.647029][T21458] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1096.767129][T21458] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1096.785107][T21458] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1096.794887][T21458] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1096.804289][T21458] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1096.813883][T21458] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1096.823208][T21458] 49186 total pagecache pages [ 1096.827892][T21458] 0 pages in swap cache [ 1096.832113][T21458] Swap cache stats: add 0, delete 0, find 0/0 [ 1096.838173][T21458] Free swap = 0kB [ 1096.842004][T21458] Total swap = 0kB [ 1096.845901][T21458] 1965979 pages RAM [ 1096.849703][T21458] 0 pages HighMem/MovableOnly [ 1096.854454][T21458] 339405 pages reserved [ 1096.858601][T21458] 0 pages cma reserved [ 1097.721674][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 1097.727916][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1098.121588][T21445] Bluetooth: hci1: command 0x1003 tx timeout [ 1098.127821][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1098.691617][T21445] Bluetooth: hci2: command 0x1003 tx timeout [ 1098.697771][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1099.801586][T21445] Bluetooth: hci0: command 0x1001 tx timeout [ 1099.807695][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1100.211596][T21445] Bluetooth: hci1: command 0x1001 tx timeout [ 1100.217741][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1100.761576][T21445] Bluetooth: hci2: command 0x1001 tx timeout [ 1100.767684][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1101.881609][ T5] Bluetooth: hci0: command 0x1009 tx timeout [ 1102.281564][ T5] Bluetooth: hci1: command 0x1009 tx timeout [ 1102.841627][ T5] Bluetooth: hci2: command 0x1009 tx timeout 09:15:12 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xd, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5450, &(0x7f0000000080)) 09:15:12 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x4000000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:12 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e1f, @empty}, 0x344) sendmsg(r0, &(0x7f0000000280)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f00000002c0)}, 0xfffffffffffffffe) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000500)='/dev/full\x00', 0x0, 0x0) sendmsg$tipc(r1, &(0x7f0000001bc0)={&(0x7f0000000540)=@name={0x1e, 0x2, 0x1, {{0x43, 0x4}, 0x3}}, 0x10, &(0x7f0000001a80)=[{&(0x7f0000000580)="41a6365ab6b149719306a47c73da141aff735425b62d756b50a96c68d23408051be79aeda21b2e269a33df2abeba4145ac97f06cc100cd1cdae0bf8e91ba681905433be8a61cb97b9f5f9520ed8e986c28b625e60bc66c6c578e1aaa491ed32e41ba6c01e09630ebccf5a28ffb1a7a6f83f8043e891f6db2c447189b2a664cd36f320e5d3787da9d87644d", 0x8b}, {&(0x7f0000000640)="0262567a15001b61241b59afece21d118b1dcad7930f1145acfa809c4ad32800a0535fec696cc9c003c4ddbd0696ca4c6da557f038e2ec9b4ee57bcce485f2d07e69959e3654125f239d696bc94cb24ff64292cbb24a22feceede9cc722208f9941a08db4264ac8e1e08b00785cecc103b191dc17f3087182294bc5dae3b3eb58bfd47dbdfd0778c", 0x88}, {&(0x7f0000000700)="614c3278184412223ddd1cee460423e4bd7fc9c7289aadaa2d5c3f0138e9ea2216cccc2e20659a23058cfe8337209bf449768f16ddeed1f94ac4890d2155ba0ba0dabd937ebf78253eba8181edd0c8e05087e9991d12dc3cb578482a7011716f8959e4cb9180a67737888145b8737648ce82a7c7fcc4ec45ae0f0463dcb310b8c3589904aaccd4fb9cf69e15e128502f6c57bb9d5e0b96b540ec6f14bc861c47ecad672933467757664cb5cbdbc68a0fa02c3d3916420eb25c4b2b339b1b9ca4", 0xc0}, {&(0x7f00000007c0)="5d5d8277c942d49cac23df1ae4b1473a00aff9665bd32527796a0f4628ebdf44d6fa8a95dfe8e12917c1b81bddff3010feedb797f8a5950dd648a1b49abcd566cd77926614c7e816887e4a890f76898173d578a040a9de09644b64db9ff6698c9c68a0e22bdf4d467dda6a998c9e7ece2ac3663fe463a9557763f32bdf72654649b668307830a57a3a5793e8c1b01d4d98a799bfec7a6471aef65820724cb8591da2222ec3d7a21a635897aba54fb3179e0cd72c3e67a4498112d44e56085c13612f15c92f8196b6211d5753704de346289c17f48b20830165824d80df4a17a1d9708d4d502142cd0544a85212e97ba881a3a3ca6f5ca4d5d5388e8ad2273b57a386e9b141c1ba82b30e39a301f20a8e735fc0d9f2df43f0fdd13e38cad093654c8ccdc33eefe3376c25658fe273be0745764ee9824855abea1a8596d8e396fa5d6b920e88318881a8252e1c817f41c7364be127044b1bfb75ab1bb4f4d9c23bd16a170b6bf3f3000732384ea7111972853182a8bd6e43f9d49be31aa1126d4adf66dd84016493306e9af8af888eada4fbd4b4b00b57001c07362b534a0ee29665ddbabcfcc99752b7b31a3ddef2168081b84fcd5c2016a3524c43bac2711be23804a6fb32ca662881a2aec997cd9773f14f010f14f30aa4d876d863f44a0b77c4e7153d3346a204ee354b2ed06633b1bfec4dca02c9696d3e16b618db6ccd463a024a1a01f8dde98d48afd65954ce035467722f5f51c61d5f661ff166598b0e393f34bc76e87d58d226216ea5228c31c3582282042b5ff7f4f241ac7c8fdbe83b8beea64fcffe2087b0a595370520d010a07a456bd35cbc1dc4c1d25965699f25b9c3ab6ad9e7c81e55c600653c14c2eacad172df911a6d6b167961398756ef6d0fc662919f975bba8db6c01ad1236b3896fed52997716a790f4e936c5ef47b1c8d3ac877f46e889b51c03bc9d38f556bde7dfa65dad2fb9d1c8eba34477eb2e8219a7baca967937ebde6d059414046a59e438b5edb1fde8b74cd8e3bfd13e1295980793fba6d45fb6b5f99131297a31f5ea701b798b751fb4756bd7b89bf5153e11b10a1a5e3ccc5d5c25b688f836c53112f8882a6415ffc629705dfb6682f336a31a2b1f608e73bb6ba8f3f4aa0b4ab5034bfddf9e9e3da1fa601b8bcc465a251a573a347f8643c9c455395f8385d8bde565e02f4a4d359153a77bd735dc457fa51bb0625560fca5668c3c563f4ddffe593b58aadcae5995d8d91d1f9a2604eb88e0f62c2c88692d0a65cd4f78f9b66bbf949aae74a827640248fa4b1cc80d6cba58607b2191a8fa72cd012ad252bc7feb53f1493efe434b706b5158c0f60c082e9e8ed59dbda2ed66a36cb4dba04e46bca57eaf0a23b2e61d887e2c68c1fad832245eff10c8d788324561ce9a10eb5de0a8bd13fd7747c27bfa9a8f6a8fd80d91aa3cb4fea6f04158534b091094009a3ae7730b7483619099085cd8471bc70f90c6152e9cec201ab2b2ed27729597f35794595bb9ae15e131aaeda4bc1659bc08d67067ffdd819254e7767eb6e8352ef1ba83c0db4367bf2b521bf623e725fd6f95756e0de321c08eb94cc8b76b12cca2ab10dcc43b576e947cf1d51722d1c33a1099d07069c0bbbcb33b35d2b66b8713a933ac1babc79d37d23ecafe0cb2754624919a908d1321bd65b94c482dd205011115a636e36df517a85357c4d4ae48aa92018fb5c0e39fab76cf2294ef92b91f5c87908c646f1a737a3bd223d2713abcd5cf7814b5dc9e522f3580532c4b6ab594cdc615b859dc71790b41164be9cf0a7828040c872c63c63887d374c13dbfdd47f7e9e4b888b92cfb97c2e44f262a41f5a21974bc7f4ffd9e9c60dca175bb4846a3c72c75a36cf39662ce55853b3ffaeb8ff0200964cbeac2dc171eee0c343c245ffbdd0f9206fe3c901273cc1646d00bc4d20d9790c3e4e1db043ce91838e5e7cfe983fdb94b30ecb4a34bbaa1b5d6cdba815b47e6c31798719bd051e7d50f37e0287ebe1bcb2bc83f078c3ceb75ee5deda3326f659bf27121b240d6caa7db3643dbe7c61e76d9293cef288d9d8720c1736b173398d471440e929594c30783f33cde2e1f56bc78b886594899db2baa0588b428f581798030c9b4dbda3e20df478434104c19eee74c6a4258608905b3160fff67beb2dc997293dda3c2bbc512fbb167024fc29cdf178148c980c96c4e6c2d95978795ef5c89b073632285e2cfc094bc4d37a29cd87bcaf532d779a7ef9745b48003fde5a265650cef40e31bd8b80f8d7777cbe0c675424696f6fbadde68d94ea2cd40fa5a3935a0a67466513e430749657f3839cc31ba121003f8b90efb165cd5b4086c0e2e042738e3bdf94a3019742f6129186df53d2da22a1df0bb8f9fe005f04070a2a246f5efb15bed30722eb8e6aa1e90ee0e77559966c42a3d509441cf0996ad3015f1f45a3b4a302231ae47a66ea22d51631915b577680d281dd3bd47fecb137fa3fe691fa420fec4ddb1945fe082c94bbefbc7b18e4f845560d214b1337dd754a098b2602a659a16c8bc46e2d5b3ca84fcda68b2521b6657148b6727e5df6e139e4a16386c49d8c8d60ca9fa06a21969886bd445d46d32c88f38b96219d5f4bc0e0c2e118e323f3cad6d5b7ce9d06f5ebda67b58c90fed8400cc0c0493eb92195e58c707d4a6d8e5d642be073b767de5e1fc29efdcaea846e05c7bf5e4cf25d868a296c385bf310fa2c232c279210c0270ec69ac7413b8e4da30498d943d03eb4a1c5c1bbe5e4a151b8b7cef97f73ead32b4bab206082be8f5442c50876e0372b902a44eb1afaa020d3a184f7854c789e4b93daf0bf1210decb3099f9d31b9b5c2fef9679d5c77350846426b53b9f6dbaebb7a960b2a1f4cb280e3f3c57c753a7d614c9e7c262aba994cb9eadfaa4700818fc1400db1966b9a33c37a7baa251e838f700d75599f6993f2b9768ea25826a9e782b01387e3ee419a359f8b80325a233d37be84053c8a4cc348f58c08bd412650548eaa83f5454cacc51a2fc679e1f28b5a4e148e12e93567ce5bc720bab9aaa72257c140f545036bea459d2ac2f7a6556f4c75cf6e68eb9c99b398719791935dd56e4d3d9ec845675246c05ed361677dcbaa9f8ffc70f467a7c1597503893d80a343075c3ca2fe6a2e3a30824177e2e36b3f2857467ef04eb9ab88c13a352ccb12a8377aaea5285a1fdc47e452e59e0bf2116cf53b512750e26ab8b5afbee2e0a113859e17f6d4f84c42bbc45c9912949b3be1e85a816b6b779e12565a83b1d30ab35296637b5eeb0bc3718cda6cf285e9fc9a4dd3d819e1ea322ca8fb88379934e7657281ad3d413aa84192220c25030736e1025cc1afe5fa162244cbe155eafec5fe185aad6c61748c63635d5de9e8c08ef4449ace01838faacdfa4b66bc6b3dac597ae52764ac8fb43b353448f3c0df8e91aa09db51bd55e0f7b6845b637aab33b9a887fd91950eb3899d3da59dc17f53a07c6a4c35a0d43c173fbd8117e2c694aa7d13fd3d006c3bbceb9e51d2048887f9e04202f5ac6159b0ae7833740cc337ddc0ae26db7c349e6abe9992e7b38ea867787a51676b2c88fd53e6c3d1f7b8663515ea158170ee86a7cc90e9cb4efc5f71cfa3237251e7e439ea718f4ddd56a1441dd15fc597cc0efc25d913865611cc630ca860b5772a84284906cf262034e5edbb4bc09b13717773d65ece772100d243ecb789f38fbc9e52486dc0b7af990250f05f0f4293e9bf92a78f495292796afc18c2f3ea265c5436ba63eeedab28ce308ab03501c50dfb44e318cee63c68b305e8d4791a2e230e56836bde307670f31675984b65874cd1612a00b7989b392f48e632d4c0ea8a9acc36de53f5f24029e795b1b6e90abb04028111a01c6220db12bd665954fb5c336c679538f8f45c59c8ff35556edfe20e8483a62e98d35948f74c3989b3752fdd0002403cf0bd21cbd5f640bfb8b9a1fce7c0b55e419d9247f63186de7d393237fbab45de7a7e8203bbae72919da09c18768b526462a90c8f088a8cc19e8f4344c0366b05dea90e593701a1d0cac54372687b2ea4cb284191eb290c73217d8e3a2d139541bf284486605bd39c824fc26852aed1806552db8aeabb71ca6aca220c15fd2b311c6d45dc015f9421dee5e9cdd111275664c7a7b30c1452ca16ec072a94407b50682b23de35879611ca54c66490789f90e147ad5205633738315fad7f263d1b56928761274793839f363576fdfe2994c84cb671447e8263b33a78a5890e4df7de0b5a1e7a5607e4caf5e4af8778a0b098f9d882ee03c2ca8702b4c0d9b508df09a9341702f18f49db2ec238a96a4da7edfe7010c238404276609cf5c92c9541cd3108224cc50a3eb3dee964ff139a0d27e2f2f68bf3fda1684dff0a4cc6fecec66135e0da5fa6a1583dd32dbdf369d942b96d4175c1b163093bf75e30c65f4ef09c838e86a7d54e9de4000425f6cdfd5080bb87b656137f45ee6a240c52d43e2f5dcbf41f98cc0b475226c92e21ef10a1973e29a8d8b9c04999097a1206e7d04d8699bd957e57d4eddd98537b00f31ef28178fd67baed1189a186e318bd0e4947308a4a0e42546289cc1b1f3016b5766de91bf25d400a876db58289bdb8521872636574a1cf3eb765883863fa7c271cde0a740d24633a710ef918f3060ae48ef10f7acb99639c1e300e5f963203b5b067a4d2635ff924540ab5b95cf4e038a19dd04ea9f867f9f72b811b90f84a4e356e3f61e344fa2b5393bf2b1cd156b8d2f62c3f5cbf7b294300483ffd8ec06d1d57a9ca8ee826893064cd5da02db04396da0feb39276c02711bb2dde436018bad809e3ecb84b83ea3cbd726380fd14c9c67cf12cf3364c8b50cf67a82aa87b538a0d86a4afc9a258da9c6957b99548ce4ef5aa59760ba7a8a8b1edc7bd29d358cab65d83ba8ce7acaf66b5bc2708e9644ce1ac5ff6db39e79a3c963ff45c79e8ebeaa0c0534b9b41edd53ee17253d31e692cb3ef803bce43c6653af506acedfb88d4a1b2880b62208de419f63084ae77774f92e4232bbf94c4b53bf8d838e9a756038bcdcc10caac44f8fabcecc7f1f0c52ff0609aae38cb39a303ca75b2e74f0ee544183287acbbd319436a4af36421c40b85dec394ceef659785ea295721751dccebf2d508245b055c51909b297af66c69bb0cd706760545f2706070a7b5831955a10bd6167ae88d1a8a89700db5358de98c07b908ef6f282a54c155b99de747f6ac59eb3311630f30bf0b749a9468ba9e6c9449aa34b7dbb7ce4537ef33dcfae5c9c1b69121d73b6726d1d4221dc36192ef45ee37e0d18bf066f81c93e8be6d579a28c558122e4580dfd60421a05bdec7a9e2b9df0c4fb71041d0c39144de38dc0f4e7c0bd7d2dc57fcdb157429f2d3f16f7a096d88b1fd666950a640b59d9f8edf6860d2fdd72fdd236d84a91d7e1a5ea82cb1f256f34805aaeebd571f57cf57ee15349b57afa792cc9ea6fbd36f76453d8f352573231457a082110c6431026b4b5724f63cdedef726b64bd7a011851479a5880ec9075bea56b4b0d6858170b990f00b694cb6b1a0883faf7431cf601d3f419156b6eda09fd49a0e15f10b188407c1575bbe28aa1bdc21d7c146cd4a0bec78509ec84168923097f87b6c6ae256465a16b13e3a04b192d1203b29a07cf9985b3876b8339369466a32ecddf6cc447fa79171221c8ffd54e6f6305daf3b5e838d5e11e363fdad29097f80752a69646b59ac5b37e6ec2167fa660b6093d3e235855a24b4", 0x1000}, {&(0x7f00000017c0)="1fba04e9ccf4a930752a06f11a3817b32391588fa4017f4beed64499ba9713c51c18cafd920868bb1ffc784d3344c887e71c419176888483466e5103de1e14e287d34a93f65c4317f7c59a984500072d4dd106c084dc8195506f83e38b019419f0ffee357ef61511e146b553ba0e0056a6427ca2c74ab061192a9f4335855ab56bfdf297c43fb5a53672c93e118907e4091f8d7236b5169e62ca55254a23bf30060579f936649935fdc18074f9cd9eb923cbc07372d8d39d631d618cb7832d74120278d6be42f61e046f", 0xca}, {&(0x7f00000018c0)="464e1ef2b777e7226adf594c38b080e04a46e3beaaa09318a4a6e8b76fc16f75f394bcb99da314e830c9d6f8b404e013139ebb669eea9ae85b789da4eb177cfbf0e8a99bf3dd22ac2e8698766361e7c3a5287eac4024414e12591974b32e56", 0x5f}, {&(0x7f0000001940)="f29c213a6a5870cf129dd9db849dea540958aaae8670ae", 0x17}, {&(0x7f0000001980)="c37a28d5bb7511bd9d477486c94db392013323494367717df312bc5e246b61feb04180bbbadeb88774a80bb49855bd3e93380b460314aa4464999bf997a29e774ec6f6f2dc17275311f8c6063b84f2356b983c6125e0a7661b2cf2a4392062f686c09204291ae6e651dc190abc7813da86d04a7c55b8f46ed4a245f4e291638e6e86ad436924b6b4c277a9a61f5f365f96c528a000e523b801cc68f23aefe61aa3936ea88b662204956ce76162b09260080e8ab1dd86c454b2180f7ecb870f300f66421b18c5308d86da133b655411f9dc", 0xd1}], 0x8, &(0x7f0000001b00)="592e14cee0ba187973054007d4830352a27d65a27182f08a70dda7d2c512bac4ad41fc1ca1b095c2d53b6c4a34136b890cbb04bfb60e1a44919a192ce72ea9598594cbc28614682ffac3dd98f34d5c61f78b02d683b6bede6f5937424afb17ce7ffad051713a131d5474b9b6e16b4f0e8afbc786f60f237d1ae90dc851a51407bf9ffa9ea5ef224a537cb8d003dd3d", 0x8f, 0x20004040}, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x8, 0x1, 0xfffffffffffffff9, 0x8}]}, 0x10) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000200)={0x0, 0x41, "84bc63423b96652c07b48f7c062f5408950a3a8e2cd15e9f723edcf606a42c351a3bf44b370043d299457b8915c5c72c1413a8cfbb40fa0a977615db04aa40704c"}, &(0x7f00000002c0)=0x49) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000003c0)=@assoc_id=0x0, &(0x7f0000000400)=0x4) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={r2, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) sendto$x25(r1, &(0x7f0000001c00)="8b587cab5e37ea766a90a544aa8e2db2bc329e1f8fb4a7593be95bc595a829d4d7b2a7e4ee434673031d09d951b170c8de9268bb6c287d8fa24bfa97ad54e07c07585097aa9014258ae75169ea2c929c1ec5498cd733065d9955318358806b8fc216fead4be68bb50225f8d3bf3ef088b5ce4a356127053689269672274d69423b064f8166dea0308ae05f98ceef702a48270945725aef599e6992e1358630a8e31e91032188a8e43343efc871263f7fb6f385dfa3cb2717d1c918f7e40d669911fc2fc11c1c0bbccaabe32ff14d953b7e56a418e3a5750c66", 0xd9, 0x4010, &(0x7f0000000300)={0x9, @remote={[], 0x2}}, 0x12) 09:15:12 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xfeedcafe, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1106.486663][T21508] sctp: [Deprecated]: syz-executor.0 (pid 21508) Use of int in maxseg socket option. [ 1106.486663][T21508] Use struct sctp_assoc_value instead [ 1106.501719][T21511] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1106.518808][T21509] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1106.540271][T21509] CPU: 0 PID: 21509 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1106.549406][T21509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1106.559470][T21509] Call Trace: [ 1106.562768][T21509] dump_stack+0x172/0x1f0 [ 1106.567103][T21509] warn_alloc.cold+0x87/0x17f [ 1106.571790][T21509] ? zone_watermark_ok_safe+0x260/0x260 [ 1106.577346][T21509] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1106.583091][T21509] __vmalloc_node_range+0x48a/0x790 [ 1106.588293][T21509] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1106.593322][T21509] ? kmem_cache_alloc_trace+0x354/0x760 [ 1106.593337][T21509] ? vb2_vmalloc_alloc+0xca/0x280 [ 1106.593353][T21509] vmalloc_user+0x6b/0x90 [ 1106.593367][T21509] ? vb2_vmalloc_alloc+0xca/0x280 [ 1106.593380][T21509] vb2_vmalloc_alloc+0xca/0x280 [ 1106.593398][T21509] ? __vb2_queue_alloc+0xf5/0xf40 [ 1106.613236][T21509] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1106.613247][T21509] __vb2_queue_alloc+0x5a6/0xf40 [ 1106.613272][T21509] vb2_core_create_bufs+0x2bc/0x790 [ 1106.623089][T21509] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1106.623103][T21509] ? __vb2_queue_alloc+0xf40/0xf40 [ 1106.623118][T21509] ? lock_acquire+0x16f/0x3f0 [ 1106.623133][T21509] ? __video_do_ioctl+0x398/0xce0 [ 1106.623149][T21509] ? __lock_acquire+0x548/0x3fb0 [ 1106.649491][T21509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1106.664102][T21509] vb2_create_bufs+0x472/0x7d0 [ 1106.664121][T21509] ? vb2_request_queue+0x120/0x120 [ 1106.664140][T21509] ? __lock_acquire+0x548/0x3fb0 [ 1106.685163][T21509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1106.691395][T21509] ? debug_smp_processor_id+0x3c/0x280 [ 1106.696881][T21509] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1106.701917][T21509] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1106.707494][T21509] v4l_create_bufs+0xc0/0x180 [ 1106.712171][T21509] __video_do_ioctl+0x7f1/0xce0 [ 1106.717108][T21509] ? v4l_s_fmt+0xab0/0xab0 [ 1106.721546][T21509] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1106.721563][T21509] ? _copy_from_user+0xdd/0x150 [ 1106.721579][T21509] video_usercopy+0x4c5/0x10d0 [ 1106.721591][T21509] ? v4l_s_fmt+0xab0/0xab0 [ 1106.721608][T21509] ? v4l_enumstd+0x70/0x70 [ 1106.721621][T21509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1106.721634][T21509] ? tomoyo_path_number_perm+0x263/0x520 [ 1106.721650][T21509] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1106.764048][T21509] ? video_usercopy+0x10d0/0x10d0 [ 1106.769062][T21509] video_ioctl2+0x2d/0x35 [ 1106.773388][T21509] v4l2_ioctl+0x156/0x1b0 [ 1106.777713][T21509] ? video_devdata+0xa0/0xa0 [ 1106.782305][T21509] do_vfs_ioctl+0xd6e/0x1390 [ 1106.786898][T21509] ? ioctl_preallocate+0x210/0x210 [ 1106.792004][T21509] ? __fget+0x381/0x550 [ 1106.796166][T21509] ? ksys_dup3+0x3e0/0x3e0 [ 1106.800585][T21509] ? nsecs_to_jiffies+0x30/0x30 [ 1106.805452][T21509] ? tomoyo_file_ioctl+0x23/0x30 [ 1106.810404][T21509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1106.816654][T21509] ? security_file_ioctl+0x93/0xc0 [ 1106.821859][T21509] ksys_ioctl+0xab/0xd0 [ 1106.826030][T21509] __x64_sys_ioctl+0x73/0xb0 [ 1106.830614][T21509] do_syscall_64+0x103/0x670 [ 1106.835204][T21509] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1106.841091][T21509] RIP: 0033:0x458c29 [ 1106.844983][T21509] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1106.864575][T21509] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1106.872977][T21509] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1106.880939][T21509] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1106.888900][T21509] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1106.896864][T21509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1106.904830][T21509] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1106.918071][T21511] CPU: 1 PID: 21511 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1106.922518][T21509] warn_alloc_show_mem: 1 callbacks suppressed [ 1106.922522][T21509] Mem-Info: [ 1106.927185][T21511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1106.927191][T21511] Call Trace: [ 1106.927212][T21511] dump_stack+0x172/0x1f0 [ 1106.927233][T21511] warn_alloc.cold+0x87/0x17f [ 1106.927250][T21511] ? zone_watermark_ok_safe+0x260/0x260 [ 1106.933470][T21509] active_anon:247577 inactive_anon:201 isolated_anon:0 [ 1106.933470][T21509] active_file:8218 inactive_file:40727 isolated_file:0 [ 1106.933470][T21509] unevictable:0 dirty:100 writeback:0 unstable:0 [ 1106.933470][T21509] slab_reclaimable:14098 slab_unreclaimable:105578 [ 1106.933470][T21509] mapped:58824 shmem:248 pagetables:7078 bounce:0 [ 1106.933470][T21509] free:1100286 free_pcp:505 free_cma:0 [ 1106.936398][T21511] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1106.936461][T21511] __vmalloc_node_range+0x48a/0x790 [ 1106.936479][T21511] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1106.946620][T21509] Node 0 active_anon:990308kB inactive_anon:804kB active_file:32736kB inactive_file:162908kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:400kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 567296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1106.949768][T21511] ? kmem_cache_alloc_trace+0x354/0x760 [ 1106.949784][T21511] ? vb2_vmalloc_alloc+0xca/0x280 [ 1106.949801][T21511] vmalloc_user+0x6b/0x90 [ 1106.949820][T21511] ? vb2_vmalloc_alloc+0xca/0x280 [ 1106.954263][T21509] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1106.958801][T21511] vb2_vmalloc_alloc+0xca/0x280 [ 1106.958813][T21511] ? __vb2_queue_alloc+0xf5/0xf40 [ 1106.958830][T21511] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1106.958842][T21511] __vb2_queue_alloc+0x5a6/0xf40 [ 1106.958869][T21511] vb2_core_create_bufs+0x2bc/0x790 [ 1106.964476][T21509] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1107.002382][T21511] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1107.002397][T21511] ? __vb2_queue_alloc+0xf40/0xf40 [ 1107.002421][T21511] ? lock_acquire+0x16f/0x3f0 [ 1107.002438][T21511] ? __video_do_ioctl+0x398/0xce0 [ 1107.002452][T21511] ? __lock_acquire+0x548/0x3fb0 [ 1107.002473][T21511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.008193][T21509] lowmem_reserve[]: 0 2553 2555 2555 [ 1107.013262][T21511] vb2_create_bufs+0x472/0x7d0 [ 1107.013281][T21511] ? vb2_request_queue+0x120/0x120 [ 1107.013295][T21511] ? __lock_acquire+0x548/0x3fb0 [ 1107.013313][T21511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.013326][T21511] ? debug_smp_processor_id+0x3c/0x280 [ 1107.013346][T21511] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1107.018453][T21509] Node 0 DMA32 free:595152kB min:36232kB low:45288kB high:54344kB active_anon:990308kB inactive_anon:804kB active_file:32736kB inactive_file:162908kB unevictable:0kB writepending:400kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14880kB pagetables:28312kB bounce:0kB free_pcp:2020kB local_pcp:1112kB free_cma:0kB [ 1107.047240][T21511] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1107.047259][T21511] v4l_create_bufs+0xc0/0x180 [ 1107.047279][T21511] __video_do_ioctl+0x7f1/0xce0 [ 1107.047306][T21511] ? v4l_s_fmt+0xab0/0xab0 [ 1107.047327][T21511] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1107.052981][T21509] lowmem_reserve[]: 0 0 2 2 [ 1107.057879][T21511] ? _copy_from_user+0xdd/0x150 [ 1107.057900][T21511] video_usercopy+0x4c5/0x10d0 [ 1107.057915][T21511] ? v4l_s_fmt+0xab0/0xab0 [ 1107.057935][T21511] ? v4l_enumstd+0x70/0x70 [ 1107.057952][T21511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.062357][T21509] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1107.067257][T21511] ? tomoyo_path_number_perm+0x263/0x520 [ 1107.067276][T21511] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1107.067305][T21511] ? video_usercopy+0x10d0/0x10d0 [ 1107.067322][T21511] video_ioctl2+0x2d/0x35 [ 1107.094003][T21509] lowmem_reserve[]: 0 0 0 0 [ 1107.098698][T21511] v4l2_ioctl+0x156/0x1b0 [ 1107.098714][T21511] ? video_devdata+0xa0/0xa0 [ 1107.098734][T21511] do_vfs_ioctl+0xd6e/0x1390 [ 1107.098757][T21511] ? ioctl_preallocate+0x210/0x210 [ 1107.103884][T21509] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1107.109555][T21511] ? __fget+0x381/0x550 [ 1107.109579][T21511] ? ksys_dup3+0x3e0/0x3e0 [ 1107.109596][T21511] ? nsecs_to_jiffies+0x30/0x30 [ 1107.109618][T21511] ? tomoyo_file_ioctl+0x23/0x30 [ 1107.114629][T21509] lowmem_reserve[]: 0 0 0 0 [ 1107.119790][T21511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.119807][T21511] ? security_file_ioctl+0x93/0xc0 [ 1107.119828][T21511] ksys_ioctl+0xab/0xd0 09:15:13 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xfeffffff00000000) 09:15:13 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) uname(&(0x7f0000000540)=""/104) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm-monitor\x00', 0x200002, 0x0) ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x12aa) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000017c0)=0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001800)={{{@in6=@ipv4={[], [], @local}, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000001900)=0xe8) fstat(r0, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getpgid(0x0) r6 = getuid() r7 = getegid() sendmsg$unix(r1, &(0x7f0000001a40)={&(0x7f0000000600)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000680)="96664ab734774560a7b82e1e67020db08376086f7cf0f69debbfb22443240c6f727da77ab4e8f3e6995f7e4a100cc31d46d7a7ea64acc0b511b11665905e2bb0f199fca095b88636379283847db2ac634b44b038a4ea3d8298ffbe519b5b7a75788fedc46dd856ce58c687172447a1aa175620c3a6a2a56b87f57f7633f901b091ce3ff72a4a7bc6d09ecd614208f90d80a3570f4f5e68489bb1254f0e0c66cad0af4dd5ba0cfcfaeeb98b85a85bc177d52c8308a68d24f7996b2225591bfe282dd68ebbfd05bf750b001029a026a77c0b41b5a2882dd9ba73d7883a272cfe4e548f47fc0d64821f9f31ff09cad975715bc2c6d52601247155ffa9af68f3bf523f487b21e153e321f542c5d6cf514267c308b71536c25780540c963b0df99d2d3ef09df8324d76669e1e036d1d9848b109bd43191b6155535d07ae7a4c5072fa1bd926f2f5d4e5d8f24f1ce63d0262f8b89ee79f5e9b4f2095fba0f5b9a2dda6c05b89b6b7d84457f011b4b5ab4f9b5afd628f2f5d18885a870d2d6a056bdbd06d1278871059964da99bd46dd9055832f1c53b79efbd3612b1a7c7a0909efced260eb72d28470e169d021fee2d64bfad2bbde920ceef0f90feac5d6697915b19ea4dec9af80ff022a350602b9e54de8131c3d9d20139afc7d144f6afe073a0fb53b5b273db46e82b47f4f52476a9d5a456b7ef649f69e8a9c9ef542a225e900ff242e1aa15ea58a0cc0933852dda2d1000587a58c88595cb3a39d685e43b61545b4974da32268a4bd99ce62dfeddf7895c58588c6eec2e1f55ba3b54f16892815e61a6032b61fee5ff27f1b545516f159a6c99efabdbf4ee17fcfe5a2f7fc0f85e03561b16a4fbf6d8c41a08f7c752601cc9cb05a6ae753017a235f7dab7bf0ed8a4dc441751fe21b906583d77c98922a814fddd34d10fa7fec00165cc05b54accee65d13276f46da4352c45533d014731d6465c1766c9a6165b54bb4aa7d9373d198157f924be685785c382ad383c73700b11933d9e7a771723c793249f056f4f71bb031c7d007f659ea539b8d981209eabc501d1438e84dd6c430431dd74a654a48caa719b64d6635574fd85e3d6663b764b873739e1f10bef2e8ca02b025ae78f14775e88fba0cc4a6276ab8cb76d9511ecfd070be1fe2362d70d59fd2b4b18a35566f0f10bcd5155c3052e66daee442536cd044fd354e5a8d65aa905a3ae5e158d7a428efde930ddd3ceac71e7840116188cde6d2450036fff270195f59150bac2fd531d15144f1a0f538f2368c8cb1bbef7a66da55b286880a48ee9c3a4fbcf07f2b119aa01f71ba63f672efe6de8b38ec46c81968a69452ae6e730e4c1a3ba8cfe345cbebab8cb11ff0ae601d799cd48df6f817f457684f0c9ee8909aa85e89222ecd3eb2313ec91a1997dd2f7348beaabc1538fb1272d3e36d7b4c6a82f55d8ed48e05a2c87fd5b7068f08aa0633ec55a9a802c6283c1bc0b8fe1fdc0b428114496275b85426c1acde17fad341ec06215b10d4fcce5c2fa43ea4c870b234784c744f03728f319864db62fa282020808f4cfd99ad5bca57fe664bf75cc3025cf4bb75defa05d182e0434d616a407d86e5600d85a37230662b8090ec542ce76f14bb369b9feede99cfe04f91e51e9a94630ea813c6acf8b6f01bb22a5c729711ee959a453a4831a1ec6f5fdff5e1194beb2cea608c1fef676d5be28275d713ecfa46868786f4e834d22ad3a91008b6ec033acaa8cd55cedc2ecb6c9f4d97c761160306da3384ccec2679377abb1be82c6c6f4fc7be9e315515ea74ec79ee69a5d1c21b5c034e654729274d8fcf87e75b1f05312867188dcb8a6184227c8b9e595be7f58e983e846446a44cb546dccc5bb4ee2119f73a90a003f6ce6eefda5d9c47f92b18db56b8bfbb31c6c6d25b6e849560ad3741494371db82a2bd6f6268fb2798f34b0fd2b31a305c93a25b1427bad0785994ffb8f8ca5ce2f3731fd331b50ccdefc792682867d0e44c17c5b53ba73f8569467dd60c4f6f5fc2f4436f53e0f3721f54f8ebf93919d679610eaec603f23392df8384c5a74c7cb99ac5d749e0f0141cb90389ed1c42247a6ac28748acbae128db87bde4daa4fb7a2cbe2ba4d6c1450c1bedbef6c4152101f91bff53b6eb7ced5c9cca1cd735151571ca781c57577e09efe73058a54b98da5bcb052745eca9eb73f2a7a113a5ac2589a9fb30b73e64d12cd3e3c99dbc38c191ac19502c40440fe9e5f07d80f32f44d75da565fe8a822cd34b3603bac99bc3fdd2289908586d22263b4e2aac1d267e3149c7a8fd5923665fffc11f0a786a8b5cb3a34ecea4cfabb9733bee83d32e7c6fbdada54c0442fe11e9168aa59864ddd6c4fbe953101da2ec95fe97cc9685acbcd9fa2d881b8e98dbc5af6e711ad259eb2473ffd33de10bccb0b343f79f55ddd634010bcacf68029cd56517a5ea99ee13db436e2f510da9c02b33f018ace310ce87b9e65d57e17cc8ba5647a4caf48d6f4b58b017e56958d2c8d675e6efd74b5e7bb311325c75c21794ce6bf93694f50b52d3b3f78431ee860fc697b6013e1b4032eee2218c73216268eadc834e7945459250e743f1f90d9e7292cff86928c81f39638a763f571e337ea2dca40a3a9a0ff345d1c25dca59eb718c8b29953e884dec4bde6ada63b93574a09553c35ab63db93112c8029a4bdd787d8ca96c0c9d07d851fc9aa6aa5e33e7f79025381fe3b34c79f96a2a255cf55c89c68e9c66d3cda12298214c4b367e334eae52fe6d4c8f18387ec2e8c8b5ea25192149f3cd9fb94d9d7f177c213c0b9f73cd7454230838fa6bcbdc43290cf255de2f7498ee1cfdf71cf86afd40c53c3843abc10ce90ad683c35125d2b137ea9ec695b7048df8d0ce9f49a389f4ce41bec20f8fcd593849fd41c71365ef5545ac6a75b865f02fcae29cc4b40ba0eae21ffce2d9ea7b98edd77b8b9d02a54eb9104dc5817eb8a5f3713737b8890e14eb5d7966e5196b21e41e8d1a65e31ca3bafd8b8a11c91fac64780fad294067ba311bca31d6b27f9a53430381bb14b5d7bbdd25b44b0ff8e45038e9f8512cd3b71fc1321b38d23dae3921388e4cdea6843434658893447cf73168b26883ec56f8982b6034802a6064b5e63a2ae08e7e7161cc6dfabb797c9e8646c135d7e65f28b5ab442399a48f1a435c9c5c13e727eaaf478df7a092c092b5d69fa7c01f413ae618d073c7e976b4e1f9d0701888902d5b3ac0104246b9a5d4c0a15b7cb47b9d0d9a0d37b0895e691d54ce72779495b18f0502b99ed59b3f7c5af91c868b787c2aaac410504244140b0e50cc25b1a561161600158fccfb4a2097cdc8d38e7f7e091f67f280860c17e15c214f1d11e1d0ddb1d36046bc64c99da73fcf66dbb53438895974c0a6be2aff383c07215b2efdb9f7a3703314ddcfcd3225350e3e46184096a9a902b4454e76b1203dea4a2a7239b2913a8461aa4cd7acabaebd93fcda02e7111982cdee7cfa873a74c64e36326a24b689d9cea2ae40f1c4a4f55447a3e60251c1ce162fba57b759893862322c913327fd8fa64196f2a55926f2be455bd2a6e7a32fb08673ef3fdff9c1f56c36976fdf6f103ebd3456049201bc53bf1e60a9d9131eaf8338be0d3f7434356a55c226bb572b8e1917b6aac3e5eea8d0a150f2d2770dc1edc439d826d55faf886ad1f8da38b93e6f420b1806bbb96686e19959c1d11278c7c1cdf3f8f39b94b66a0ccfb51ef71e7edce67095d4d911e0239f9fc1532daff4bec6ef6e43255630fae0a2ff11eab0c6790d9c0ce002d246011da6ea8d5aaeadcb9738bdc237b37cff389e5c3b17bb6a48bfbde8d8b6e86f15dfa3297653ff839e5b64b70191da37a7d79e7122d2a27a52e50a2453c53df8774e24669d4c496905f144737fb9bb3bf3710bc69cc1c70a8fe341afbab61c2941edd34e60cfbd447ab82b239605a9427990482f8af7acb7b7dc91a853e628ee0461f7a46f897093632a903f82803ac510dacea4849c9b3e197f8f43075a836e1001064a54fbba986c644306d7cd16837fe8defa7319de6493aac97ff6e4a0ea6e73a27c92122ff3413beb981f445993e21c597a0427cc2e9c927f4f65a81731b40419f765a855879c21b4f30d696ec37f38a2596038c8ef6119cffbf4ce9dd25ba5a4b34f642ec4d1775e5822a1b8335c271dbc6a4a55f8de6364f19140b731861e9080ecb123d34b94d0fd05fa98c93cd7a3037032b8b921358b242ded471e7021311331c990cd699b210155bee43ba26ef1a499a22a092638268981adffc37c9a2aa4c95107057131037f89f4e08e53047f0dd2d279fa1c1763c9e129f2834560a151b258e629a24f17167e922c5b583928817e3e3c2ee464ef3534d6d7debb233c8062aacc4585c0d9088b798cbfff4338f3ca0b3d419b11cd7a099602726616c0822a33904253c37ac341ec50d771de53118cd0cf645955cded54730367f49be57c98a3baf4eca9c1e383ab127cf3eacf6122f3c16d3e46f59ae1b63a0024620b296732169d194930955b944708a4547fed6c8dc360dff98e1a11992899ccb5e8fedee31217b6d25c689d2607113e45c3bf87fb2000c9cc3ab5d617dacc68cca8f6312027778010a3ce59741e320f131042fde29009db0598011427f4f54959498f0f485fe5a06ef5e8b1452aff0c1af665cc84bb5fb52f29ec267263f66e063df551c266185580de656bcb61aa5ad3d1c43454c3391ebc636adbac9a93a98c9fc5cdb797422028e86eeee002db5fc6e9d94229a55c38c76083ce97a2de9dd291a9c3774fb809b645538fa2d88c02ae464b79c6eb582ee57bcea97ada55497972c2ab0d74329ee985506d8f481442c3307a1923e1c4746becd93e1719327e0a25146ced9c2dd1814dcd67f849b9e8f36c8e3335a6aa37e2c93789fc8eb58c56d111ff9c7114acbb819d6e7b2d0ab6263ffd169b01aeaa2611c200b457cb25584d3957dd82cc228ebf381f34eb4a050b26093f0a0f9881401c988cf75679d7a3c66fa72cb77181395dbaa2cc5b511c5715b3d955312e49156087396876a10dacabd316f06806e4862c2fd6cf4b90de0119be281a7b974dd0a50c52a2e9d1db9bf7039dc5222cd43fbdc929cfd84d02ab213967f7c0cd8a46b26a1ceeb38f658a7ba33a593f268d4c46fa88af25f5d31cd0647c4d716bdf6d80368d82362deca3fff8946fe09da7360bea60c5c6229e71fae0f0e73c58978e2eba27455df3478f53a324d56977855d647852cac71885b70def1faa3f274f9f0b47636a6aafd0b97586b1d377fa7da2a60b23dad40083ef685de2cef0ca6a7a98d61061e32196aba2c8a0c19fee487c19a57d23215ba5e4c9702d194ab1031819a0fe59450fbc10248d4b459728d1c1e5682cd3fffade579122ed7a9d976b0f537f53db6628070545e4a6eb7cf800a57dfdbd4089b4f6c15c23de46f131c31f4bf247b19bb46d77074ade4f820ba7e1aefe8070e4e8f4ebdee4f63ddefd226c30d1e11eb521a65c2a2071b7dd712c703f63bf47ddbf9a6be04837f5a8e455b7287d7ceca5840c11123236e255c6ecbdd2ec01ef3c8101ce78344d57990f4a1aa0d796fb697faf2e37c8a898295c817ffd0daa3a10bdca215895dcda21924ef5e1331ff59964eb2750d1666f6238ed84f29afa3bf66d4e16f4ff5dad3ba6dff9714f75fe302d79f6a2036b57019fb3ffcb0665588625f4d715bbec8286145a355557bc8655af55caf9365db9472c4250e5719938133df3189e67b2e1ffdf0b9af96", 0x1000}, {&(0x7f0000001680)="97c41af6980cf6e9f3a52fcacb1ea70d62c5e36f26c8fb89a272e12778ea2051baf1d440ab401510313b082575b37230b90cf83703644ede8134bb47a3be5d6eacc9cbb5b8601adaf50368026e39e4c6fc188bc0ff385b2e626868d0778dc25f8db6c364ef7389ffc9d7a71e6ff3cc88d738515cf3a4cb279a3a781ba359eebc1082cf8c205f97f847d3f07d3ca977f486c1ad0579fb07955a3a333ea19fc5db9763835d482ff0bf0bede85e069d235fb7c81cb9bdd1ee7c", 0xb8}, {&(0x7f0000001740)="dbb701d2069e3114e1f995f4e4ad2ecdbd3d2154c10ce9f74e7a2ea97afa92dd2b9e24bc35bcda5487a4a91460a0b61bebdb81283aedb5653ba18d08ce086cb5da848ec03d7e3e778af504b3adc7d81a1a61d4a48bc0d6baa0d5c5fb038f9a4fbd2bd13dda27cc", 0x67}], 0x3, &(0x7f00000019c0)=[@rights={0x20, 0x1, 0x1, [r0, r0, r1]}, @rights={0x20, 0x1, 0x1, [r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r2, r3, r4}, @cred={0x20, 0x1, 0x2, r5, r6, r7}], 0x80, 0x4081}, 0x20000080) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x600}, 0xc, &(0x7f0000000400)={&(0x7f0000001a80)=ANY=[@ANYBLOB='\x00'/13, @ANYRES16=r8, @ANYBLOB="08012abd7000fedbdf251000000020000700080002007f0000000c000300000000000000000008000200020000001400060008000100070000000400020004000200040002007c000100380004001400010002004e22ac1414aa0000000000000000200002000a004e2200000004000000000000000000000000000000010100000038000400200001000a004e200000000800000000000000000000000000000001000000501400020002004e2300000000000000000000000008000300000100006800010038000400200001000a004e2000000007ff010000000000000000000000000001faffffff1400020002004e240000000000000000000000002c0004001400010002004e24ac1414aa00000000000000001400020002004e20ac1414230000000000000000"], 0x130}, 0x1, 0x0, 0x0, 0x80}, 0x800) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000480)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f00000004c0)) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ashmem\x00', 0x10000, 0x0) 09:15:13 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xe, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:13 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x10000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1107.119847][T21511] __x64_sys_ioctl+0x73/0xb0 [ 1107.146885][T21509] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1107.152094][T21511] do_syscall_64+0x103/0x670 [ 1107.152115][T21511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1107.152128][T21511] RIP: 0033:0x458c29 [ 1107.152145][T21511] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1107.152151][T21511] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1107.157349][T21509] Node 0 DMA32: 32*4kB (U) 55*8kB (UE) 86*16kB (UME) 438*32kB (UME) 394*64kB (UME) 92*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 126*4096kB (UM) = 595160kB [ 1107.161912][T21511] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1107.161921][T21511] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1107.161930][T21511] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1107.161939][T21511] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1107.161948][T21511] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1107.178741][T21509] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1107.194512][T21509] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1107.194612][T21509] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1107.194623][T21509] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1107.194635][T21509] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1107.194647][T21509] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1107.194653][T21509] 49191 total pagecache pages 09:15:14 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) r1 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x40, 0x101000) ioctl$KVM_GET_XSAVE(r1, 0x9000aea4, &(0x7f0000000240)) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e24, @multicast2}}}, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) [ 1107.194670][T21509] 0 pages in swap cache [ 1107.194680][T21509] Swap cache stats: add 0, delete 0, find 0/0 [ 1107.194685][T21509] Free swap = 0kB [ 1107.194692][T21509] Total swap = 0kB [ 1107.194699][T21509] 1965979 pages RAM [ 1107.194705][T21509] 0 pages HighMem/MovableOnly [ 1107.194716][T21509] 339405 pages reserved [ 1107.216774][T21509] 0 pages cma reserved [ 1107.261892][T21523] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 09:15:14 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x10, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1107.271004][T21523] CPU: 0 PID: 21523 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1107.278028][T21523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1107.278040][T21523] Call Trace: [ 1107.292040][T21523] dump_stack+0x172/0x1f0 [ 1107.292064][T21523] warn_alloc.cold+0x87/0x17f [ 1107.292081][T21523] ? zone_watermark_ok_safe+0x260/0x260 [ 1107.292098][T21523] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1107.292135][T21523] __vmalloc_node_range+0x48a/0x790 [ 1107.329385][T21523] ? vb2_vmalloc_alloc+0x8c/0x280 09:15:14 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x25, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1107.329413][T21523] ? kmem_cache_alloc_trace+0x354/0x760 [ 1107.329426][T21523] ? vb2_vmalloc_alloc+0xca/0x280 [ 1107.329443][T21523] vmalloc_user+0x6b/0x90 [ 1107.329457][T21523] ? vb2_vmalloc_alloc+0xca/0x280 [ 1107.329472][T21523] vb2_vmalloc_alloc+0xca/0x280 [ 1107.329484][T21523] ? __vb2_queue_alloc+0xf5/0xf40 [ 1107.329502][T21523] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1107.329515][T21523] __vb2_queue_alloc+0x5a6/0xf40 [ 1107.329545][T21523] vb2_core_create_bufs+0x2bc/0x790 09:15:14 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x63, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1107.329562][T21523] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1107.329579][T21523] ? __vb2_queue_alloc+0xf40/0xf40 [ 1107.346107][T21523] ? lock_acquire+0x16f/0x3f0 [ 1107.368461][T21523] ? __video_do_ioctl+0x398/0xce0 [ 1107.401918][T21523] ? __lock_acquire+0x548/0x3fb0 [ 1107.401939][T21523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.401957][T21523] vb2_create_bufs+0x472/0x7d0 [ 1107.401976][T21523] ? vb2_request_queue+0x120/0x120 [ 1107.401989][T21523] ? __lock_acquire+0x548/0x3fb0 [ 1107.402003][T21523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 09:15:14 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x400c000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1107.402019][T21523] ? debug_smp_processor_id+0x3c/0x280 [ 1107.402041][T21523] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1107.402057][T21523] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1107.402075][T21523] v4l_create_bufs+0xc0/0x180 [ 1107.402093][T21523] __video_do_ioctl+0x7f1/0xce0 [ 1107.402115][T21523] ? v4l_s_fmt+0xab0/0xab0 [ 1107.402135][T21523] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1107.415608][T21523] ? _copy_from_user+0xdd/0x150 [ 1107.493437][T21523] video_usercopy+0x4c5/0x10d0 [ 1107.493455][T21523] ? v4l_s_fmt+0xab0/0xab0 [ 1107.493476][T21523] ? v4l_enumstd+0x70/0x70 [ 1107.493490][T21523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.493503][T21523] ? tomoyo_path_number_perm+0x263/0x520 [ 1107.493522][T21523] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1107.521482][T21523] ? video_usercopy+0x10d0/0x10d0 [ 1107.521497][T21523] video_ioctl2+0x2d/0x35 [ 1107.521514][T21523] v4l2_ioctl+0x156/0x1b0 [ 1107.521526][T21523] ? video_devdata+0xa0/0xa0 [ 1107.521546][T21523] do_vfs_ioctl+0xd6e/0x1390 [ 1107.521568][T21523] ? ioctl_preallocate+0x210/0x210 [ 1107.521583][T21523] ? __fget+0x381/0x550 [ 1107.521604][T21523] ? ksys_dup3+0x3e0/0x3e0 [ 1107.521626][T21523] ? nsecs_to_jiffies+0x30/0x30 [ 1107.537560][T21523] ? tomoyo_file_ioctl+0x23/0x30 [ 1107.537578][T21523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.537599][T21523] ? security_file_ioctl+0x93/0xc0 [ 1107.553543][T21523] ksys_ioctl+0xab/0xd0 [ 1107.553565][T21523] __x64_sys_ioctl+0x73/0xb0 [ 1107.553584][T21523] do_syscall_64+0x103/0x670 [ 1107.553604][T21523] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1107.553615][T21523] RIP: 0033:0x458c29 [ 1107.553631][T21523] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1107.553639][T21523] RSP: 002b:00007f92fa7a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1107.553654][T21523] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1107.553662][T21523] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1107.553670][T21523] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1107.553683][T21523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7a26d4 [ 1107.573771][T21523] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1107.586134][T21533] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1107.645582][T21533] CPU: 0 PID: 21533 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1107.671415][T21533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1107.671421][T21533] Call Trace: [ 1107.671443][T21533] dump_stack+0x172/0x1f0 [ 1107.671465][T21533] warn_alloc.cold+0x87/0x17f [ 1107.671479][T21533] ? zone_watermark_ok_safe+0x260/0x260 [ 1107.671495][T21533] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1107.671529][T21533] __vmalloc_node_range+0x48a/0x790 [ 1107.671544][T21533] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1107.671563][T21533] ? kmem_cache_alloc_trace+0x354/0x760 [ 1107.671574][T21533] ? vb2_vmalloc_alloc+0xca/0x280 [ 1107.671590][T21533] vmalloc_user+0x6b/0x90 [ 1107.695145][T21533] ? vb2_vmalloc_alloc+0xca/0x280 [ 1107.695163][T21533] vb2_vmalloc_alloc+0xca/0x280 [ 1107.695177][T21533] ? __vb2_queue_alloc+0xf5/0xf40 [ 1107.695194][T21533] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1107.695206][T21533] __vb2_queue_alloc+0x5a6/0xf40 [ 1107.695237][T21533] vb2_core_create_bufs+0x2bc/0x790 [ 1107.695255][T21533] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1107.695269][T21533] ? __vb2_queue_alloc+0xf40/0xf40 [ 1107.695284][T21533] ? lock_acquire+0x16f/0x3f0 [ 1107.695299][T21533] ? __video_do_ioctl+0x398/0xce0 [ 1107.695316][T21533] ? __lock_acquire+0x548/0x3fb0 [ 1107.732244][T21533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.732265][T21533] vb2_create_bufs+0x472/0x7d0 [ 1107.732282][T21533] ? vb2_request_queue+0x120/0x120 [ 1107.732296][T21533] ? __lock_acquire+0x548/0x3fb0 [ 1107.732313][T21533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.743130][T21533] ? debug_smp_processor_id+0x3c/0x280 [ 1107.743150][T21533] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1107.743166][T21533] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1107.743184][T21533] v4l_create_bufs+0xc0/0x180 [ 1107.743202][T21533] __video_do_ioctl+0x7f1/0xce0 [ 1107.743224][T21533] ? v4l_s_fmt+0xab0/0xab0 [ 1107.743244][T21533] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1107.900913][T21533] ? _copy_from_user+0xdd/0x150 [ 1107.900938][T21533] video_usercopy+0x4c5/0x10d0 [ 1107.900953][T21533] ? v4l_s_fmt+0xab0/0xab0 [ 1107.900973][T21533] ? v4l_enumstd+0x70/0x70 [ 1107.923617][T21533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.923637][T21533] ? tomoyo_path_number_perm+0x263/0x520 [ 1107.923657][T21533] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1107.923687][T21533] ? video_usercopy+0x10d0/0x10d0 [ 1107.957643][T21555] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1107.959927][T21533] video_ioctl2+0x2d/0x35 [ 1107.959946][T21533] v4l2_ioctl+0x156/0x1b0 [ 1107.959960][T21533] ? video_devdata+0xa0/0xa0 [ 1107.959980][T21533] do_vfs_ioctl+0xd6e/0x1390 [ 1107.960001][T21533] ? ioctl_preallocate+0x210/0x210 [ 1108.346336][T21533] ? __fget+0x381/0x550 [ 1108.350506][T21533] ? ksys_dup3+0x3e0/0x3e0 [ 1108.354923][T21533] ? nsecs_to_jiffies+0x30/0x30 [ 1108.359832][T21533] ? tomoyo_file_ioctl+0x23/0x30 [ 1108.364808][T21533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1108.371058][T21533] ? security_file_ioctl+0x93/0xc0 [ 1108.376177][T21533] ksys_ioctl+0xab/0xd0 [ 1108.380353][T21533] __x64_sys_ioctl+0x73/0xb0 [ 1108.384950][T21533] do_syscall_64+0x103/0x670 [ 1108.389545][T21533] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1108.395438][T21533] RIP: 0033:0x458c29 [ 1108.399356][T21533] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1108.418965][T21533] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1108.427395][T21533] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1108.435365][T21533] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1108.443343][T21533] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1108.451333][T21533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1108.459292][T21533] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1108.467284][T21555] CPU: 1 PID: 21555 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1108.473096][T21533] warn_alloc_show_mem: 2 callbacks suppressed [ 1108.473100][T21533] Mem-Info: [ 1108.476389][T21555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1108.476394][T21555] Call Trace: [ 1108.476415][T21555] dump_stack+0x172/0x1f0 [ 1108.476435][T21555] warn_alloc.cold+0x87/0x17f [ 1108.476452][T21555] ? zone_watermark_ok_safe+0x260/0x260 [ 1108.483346][T21533] active_anon:248737 inactive_anon:199 isolated_anon:0 [ 1108.483346][T21533] active_file:8221 inactive_file:40754 isolated_file:0 [ 1108.483346][T21533] unevictable:0 dirty:105 writeback:0 unstable:0 [ 1108.483346][T21533] slab_reclaimable:14142 slab_unreclaimable:106106 [ 1108.483346][T21533] mapped:58824 shmem:248 pagetables:7112 bounce:0 [ 1108.483346][T21533] free:1098352 free_pcp:572 free_cma:0 [ 1108.485583][T21555] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1108.485620][T21555] __vmalloc_node_range+0x48a/0x790 [ 1108.495760][T21533] Node 0 active_anon:994948kB inactive_anon:796kB active_file:32748kB inactive_file:163016kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:420kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 575488kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1108.498918][T21555] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1108.498935][T21555] ? kmem_cache_alloc_trace+0x354/0x760 [ 1108.498951][T21555] ? vb2_vmalloc_alloc+0xca/0x280 [ 1108.503341][T21533] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1108.508089][T21555] vmalloc_user+0x6b/0x90 [ 1108.508104][T21555] ? vb2_vmalloc_alloc+0xca/0x280 [ 1108.508119][T21555] vb2_vmalloc_alloc+0xca/0x280 [ 1108.508134][T21555] ? __vb2_queue_alloc+0xf5/0xf40 [ 1108.513721][T21533] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1108.551639][T21555] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1108.551651][T21555] __vb2_queue_alloc+0x5a6/0xf40 [ 1108.551679][T21555] vb2_core_create_bufs+0x2bc/0x790 [ 1108.551698][T21555] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1108.557356][T21533] lowmem_reserve[]: 0 2553 2555 2555 [ 1108.562483][T21555] ? __vb2_queue_alloc+0xf40/0xf40 [ 1108.562499][T21555] ? lock_acquire+0x16f/0x3f0 [ 1108.562515][T21555] ? __video_do_ioctl+0x398/0xce0 [ 1108.562528][T21555] ? __lock_acquire+0x548/0x3fb0 [ 1108.562550][T21555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1108.591501][T21533] Node 0 DMA32 free:587416kB min:36232kB low:45288kB high:54344kB active_anon:994948kB inactive_anon:796kB active_file:32748kB inactive_file:163016kB unevictable:0kB writepending:420kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15072kB pagetables:28448kB bounce:0kB free_pcp:2288kB local_pcp:1272kB free_cma:0kB [ 1108.596428][T21555] vb2_create_bufs+0x472/0x7d0 [ 1108.596447][T21555] ? vb2_request_queue+0x120/0x120 [ 1108.596459][T21555] ? __lock_acquire+0x548/0x3fb0 [ 1108.596476][T21555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1108.602050][T21533] lowmem_reserve[]: 0 0 2 2 [ 1108.606987][T21555] ? debug_smp_processor_id+0x3c/0x280 [ 1108.607008][T21555] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1108.607021][T21555] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1108.607040][T21555] v4l_create_bufs+0xc0/0x180 [ 1108.633598][T21533] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1108.637798][T21555] __video_do_ioctl+0x7f1/0xce0 [ 1108.637821][T21555] ? v4l_s_fmt+0xab0/0xab0 [ 1108.637842][T21555] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1108.642891][T21533] lowmem_reserve[]: 0 0 0 0 [ 1108.647655][T21555] ? _copy_from_user+0xdd/0x150 [ 1108.647673][T21555] video_usercopy+0x4c5/0x10d0 [ 1108.647685][T21555] ? v4l_s_fmt+0xab0/0xab0 [ 1108.647702][T21555] ? v4l_enumstd+0x70/0x70 [ 1108.652750][T21533] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1108.679488][T21555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1108.679517][T21555] ? tomoyo_path_number_perm+0x263/0x520 [ 1108.679536][T21555] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1108.679564][T21555] ? video_usercopy+0x10d0/0x10d0 [ 1108.685418][T21533] lowmem_reserve[]: 0 0 0 0 [ 1108.690270][T21555] video_ioctl2+0x2d/0x35 [ 1108.690286][T21555] v4l2_ioctl+0x156/0x1b0 [ 1108.690298][T21555] ? video_devdata+0xa0/0xa0 [ 1108.690323][T21555] do_vfs_ioctl+0xd6e/0x1390 [ 1108.695555][T21533] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1108.700843][T21555] ? ioctl_preallocate+0x210/0x210 [ 1108.700860][T21555] ? __fget+0x381/0x550 [ 1108.700882][T21555] ? ksys_dup3+0x3e0/0x3e0 [ 1108.706195][T21533] Node 0 DMA32: 2*4kB (UM) 44*8kB (UME) 44*16kB (UME) 414*32kB (UME) 378*64kB (ME) 85*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 125*4096kB (UM) = 587496kB [ 1108.711218][T21555] ? nsecs_to_jiffies+0x30/0x30 [ 1108.711240][T21555] ? tomoyo_file_ioctl+0x23/0x30 [ 1108.711263][T21555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1108.715971][T21533] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1108.720921][T21555] ? security_file_ioctl+0x93/0xc0 [ 1108.720941][T21555] ksys_ioctl+0xab/0xd0 [ 1108.720964][T21555] __x64_sys_ioctl+0x73/0xb0 [ 1108.725957][T21533] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1108.732112][T21555] do_syscall_64+0x103/0x670 [ 1108.732133][T21555] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1108.732145][T21555] RIP: 0033:0x458c29 [ 1108.732161][T21555] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1108.732174][T21555] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1108.762956][T21533] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1108.767618][T21555] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1108.767627][T21555] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1108.767635][T21555] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1108.767644][T21555] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1108.767653][T21555] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1108.773170][ T7678] Bluetooth: hci0: command 0x1003 tx timeout [ 1108.788346][T21533] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1108.805076][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1108.819690][T21533] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1108.862771][T21533] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1109.187626][T21533] 49220 total pagecache pages [ 1109.194835][T21533] 0 pages in swap cache [ 1109.200790][T21533] Swap cache stats: add 0, delete 0, find 0/0 [ 1109.206968][T21533] Free swap = 0kB [ 1109.210688][T21533] Total swap = 0kB [ 1109.214464][T21533] 1965979 pages RAM [ 1109.218260][T21533] 0 pages HighMem/MovableOnly [ 1109.222989][T21533] 339405 pages reserved [ 1109.227138][T21533] 0 pages cma reserved [ 1109.731553][ T7678] Bluetooth: hci1: command 0x1003 tx timeout [ 1109.737702][ T1285] Bluetooth: hci1: sending frame failed (-49) [ 1110.841868][ T7678] Bluetooth: hci0: command 0x1001 tx timeout [ 1110.847993][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1111.801559][ T7678] Bluetooth: hci1: command 0x1001 tx timeout [ 1111.807828][ T1285] Bluetooth: hci1: sending frame failed (-49) [ 1112.921646][ T12] Bluetooth: hci0: command 0x1009 tx timeout [ 1113.881611][ T12] Bluetooth: hci1: command 0x1009 tx timeout 09:15:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5451, &(0x7f0000000080)) 09:15:23 executing program 0: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:15:23 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x4800000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1117.355464][T21571] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1117.378770][T21571] CPU: 0 PID: 21571 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1117.387923][T21571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1117.397987][T21571] Call Trace: [ 1117.401332][T21571] dump_stack+0x172/0x1f0 [ 1117.405784][T21571] warn_alloc.cold+0x87/0x17f [ 1117.410470][T21571] ? zone_watermark_ok_safe+0x260/0x260 [ 1117.416027][T21571] ? kmem_cache_alloc_trace+0x5a4/0x760 [ 1117.416071][T21571] __vmalloc_node_range+0x48a/0x790 [ 1117.416103][T21571] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1117.416127][T21571] ? kmem_cache_alloc_trace+0x354/0x760 [ 1117.426877][T21571] ? vb2_vmalloc_alloc+0xca/0x280 [ 1117.437408][T21571] vmalloc_user+0x6b/0x90 [ 1117.446822][T21571] ? vb2_vmalloc_alloc+0xca/0x280 [ 1117.451839][T21571] vb2_vmalloc_alloc+0xca/0x280 [ 1117.451851][T21571] ? __vb2_queue_alloc+0xf5/0xf40 [ 1117.451867][T21571] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1117.451878][T21571] __vb2_queue_alloc+0x5a6/0xf40 [ 1117.451908][T21571] vb2_core_create_bufs+0x2bc/0x790 [ 1117.477655][T21571] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1117.483023][T21571] ? __vb2_queue_alloc+0xf40/0xf40 [ 1117.488114][T21571] ? lock_acquire+0x16f/0x3f0 [ 1117.492783][T21571] ? __video_do_ioctl+0x398/0xce0 [ 1117.497786][T21571] ? __lock_acquire+0x548/0x3fb0 [ 1117.502737][T21571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1117.508968][T21571] vb2_create_bufs+0x472/0x7d0 [ 1117.513720][T21571] ? vb2_request_queue+0x120/0x120 [ 1117.518813][T21571] ? __lock_acquire+0x548/0x3fb0 [ 1117.523757][T21571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1117.529986][T21571] ? debug_smp_processor_id+0x3c/0x280 [ 1117.535429][T21571] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1117.540451][T21571] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1117.545981][T21571] v4l_create_bufs+0xc0/0x180 [ 1117.550640][T21571] __video_do_ioctl+0x7f1/0xce0 [ 1117.555475][T21571] ? v4l_s_fmt+0xab0/0xab0 [ 1117.559884][T21571] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1117.566103][T21571] ? _copy_from_user+0xdd/0x150 [ 1117.570934][T21571] video_usercopy+0x4c5/0x10d0 [ 1117.575676][T21571] ? v4l_s_fmt+0xab0/0xab0 [ 1117.580072][T21571] ? v4l_enumstd+0x70/0x70 [ 1117.584473][T21571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1117.605752][T21571] ? tomoyo_path_number_perm+0x263/0x520 [ 1117.611383][T21571] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1117.617181][T21571] ? video_usercopy+0x10d0/0x10d0 [ 1117.622184][T21571] video_ioctl2+0x2d/0x35 [ 1117.626494][T21571] v4l2_ioctl+0x156/0x1b0 [ 1117.630802][T21571] ? video_devdata+0xa0/0xa0 [ 1117.635391][T21571] do_vfs_ioctl+0xd6e/0x1390 [ 1117.639963][T21571] ? ioctl_preallocate+0x210/0x210 [ 1117.645080][T21571] ? __fget+0x381/0x550 [ 1117.649219][T21571] ? ksys_dup3+0x3e0/0x3e0 [ 1117.653616][T21571] ? nsecs_to_jiffies+0x30/0x30 [ 1117.658459][T21571] ? tomoyo_file_ioctl+0x23/0x30 [ 1117.663373][T21571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1117.669597][T21571] ? security_file_ioctl+0x93/0xc0 [ 1117.674685][T21571] ksys_ioctl+0xab/0xd0 [ 1117.680579][T21571] __x64_sys_ioctl+0x73/0xb0 [ 1117.685177][T21571] do_syscall_64+0x103/0x670 [ 1117.689763][T21571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1117.695631][T21571] RIP: 0033:0x458c29 [ 1117.699512][T21571] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1117.719106][T21571] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1117.727770][T21571] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1117.735720][T21571] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1117.743689][T21571] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1117.751652][T21571] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1117.759600][T21571] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1117.768599][T21571] warn_alloc_show_mem: 1 callbacks suppressed [ 1117.768604][T21571] Mem-Info: [ 1117.778130][T21571] active_anon:248732 inactive_anon:201 isolated_anon:0 [ 1117.778130][T21571] active_file:8221 inactive_file:40769 isolated_file:0 [ 1117.778130][T21571] unevictable:0 dirty:127 writeback:0 unstable:0 [ 1117.778130][T21571] slab_reclaimable:14131 slab_unreclaimable:106036 [ 1117.778130][T21571] mapped:58824 shmem:248 pagetables:7110 bounce:0 [ 1117.778130][T21571] free:1098515 free_pcp:573 free_cma:0 [ 1117.816573][T21571] Node 0 active_anon:994928kB inactive_anon:804kB active_file:32748kB inactive_file:163076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:508kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 575488kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1117.846070][T21571] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1117.872656][T21571] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1117.899795][T21571] lowmem_reserve[]: 0 2553 2555 2555 [ 1117.905234][T21571] Node 0 DMA32 free:588068kB min:36232kB low:45288kB high:54344kB active_anon:994928kB inactive_anon:804kB active_file:32748kB inactive_file:163076kB unevictable:0kB writepending:508kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14912kB pagetables:28440kB bounce:0kB free_pcp:2308kB local_pcp:1076kB free_cma:0kB [ 1117.936155][T21571] lowmem_reserve[]: 0 0 2 2 [ 1117.940772][T21571] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1117.968955][T21571] lowmem_reserve[]: 0 0 0 0 [ 1117.973578][T21571] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1118.002061][T21571] lowmem_reserve[]: 0 0 0 0 [ 1118.006628][T21571] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1118.021063][T21571] Node 0 DMA32: 25*4kB (UE) 77*8kB (UE) 44*16kB (UME) 423*32kB (UME) 378*64kB (ME) 85*128kB (UME) 24*256kB (UME) 7*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 125*4096kB (UM) = 588140kB [ 1118.039655][T21571] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1118.052294][T21571] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1118.069953][T21571] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1118.079920][T21571] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1118.089681][T21571] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1118.099684][T21571] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 09:15:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x14) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 09:15:24 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x9d, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:24 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x40000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:24 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1118.125692][T21571] 49238 total pagecache pages [ 1118.135949][T21582] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1118.141823][T21571] 0 pages in swap cache [ 1118.161848][T21571] Swap cache stats: add 0, delete 0, find 0/0 [ 1118.171624][T21571] Free swap = 0kB [ 1118.191613][T21571] Total swap = 0kB [ 1118.198009][T21571] 1965979 pages RAM [ 1118.218299][T21571] 0 pages HighMem/MovableOnly [ 1118.231686][T21582] CPU: 0 PID: 21582 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1118.234206][T21571] 339405 pages reserved [ 1118.240841][T21582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1118.240848][T21582] Call Trace: [ 1118.240876][T21582] dump_stack+0x172/0x1f0 [ 1118.240900][T21582] warn_alloc.cold+0x87/0x17f [ 1118.255942][T21571] 0 pages cma reserved [ 1118.258375][T21582] ? zone_watermark_ok_safe+0x260/0x260 [ 1118.258397][T21582] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1118.258437][T21582] __vmalloc_node_range+0x48a/0x790 [ 1118.287932][T21582] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1118.292978][T21582] ? kmem_cache_alloc_trace+0x354/0x760 [ 1118.298540][T21582] ? vb2_vmalloc_alloc+0xca/0x280 [ 1118.303581][T21582] vmalloc_user+0x6b/0x90 [ 1118.308010][T21582] ? vb2_vmalloc_alloc+0xca/0x280 [ 1118.313053][T21582] vb2_vmalloc_alloc+0xca/0x280 [ 1118.317916][T21582] ? __vb2_queue_alloc+0xf5/0xf40 [ 1118.323041][T21582] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1118.328859][T21582] __vb2_queue_alloc+0x5a6/0xf40 [ 1118.333823][T21582] vb2_core_create_bufs+0x2bc/0x790 [ 1118.339034][T21582] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1118.344704][T21582] ? __vb2_queue_alloc+0xf40/0xf40 [ 1118.349838][T21582] ? lock_acquire+0x16f/0x3f0 [ 1118.354527][T21582] ? __video_do_ioctl+0x398/0xce0 [ 1118.359560][T21582] ? __lock_acquire+0x548/0x3fb0 [ 1118.364686][T21582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1118.370944][T21582] vb2_create_bufs+0x472/0x7d0 [ 1118.375752][T21582] ? vb2_request_queue+0x120/0x120 [ 1118.380965][T21582] ? __lock_acquire+0x548/0x3fb0 [ 1118.385929][T21582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1118.392181][T21582] ? debug_smp_processor_id+0x3c/0x280 [ 1118.397663][T21582] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1118.404186][T21582] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1118.409749][T21582] v4l_create_bufs+0xc0/0x180 [ 1118.414448][T21582] __video_do_ioctl+0x7f1/0xce0 [ 1118.419322][T21582] ? v4l_s_fmt+0xab0/0xab0 [ 1118.423767][T21582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1118.430021][T21582] ? _copy_from_user+0xdd/0x150 [ 1118.434885][T21582] video_usercopy+0x4c5/0x10d0 [ 1118.439682][T21582] ? v4l_s_fmt+0xab0/0xab0 [ 1118.444131][T21582] ? v4l_enumstd+0x70/0x70 [ 1118.448566][T21582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1118.454819][T21582] ? tomoyo_path_number_perm+0x263/0x520 [ 1118.460468][T21582] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1118.466386][T21582] ? video_usercopy+0x10d0/0x10d0 [ 1118.471420][T21582] video_ioctl2+0x2d/0x35 [ 1118.475765][T21582] v4l2_ioctl+0x156/0x1b0 [ 1118.480106][T21582] ? video_devdata+0xa0/0xa0 [ 1118.484721][T21582] do_vfs_ioctl+0xd6e/0x1390 [ 1118.489326][T21582] ? ioctl_preallocate+0x210/0x210 [ 1118.494447][T21582] ? __fget+0x381/0x550 [ 1118.498624][T21582] ? ksys_dup3+0x3e0/0x3e0 [ 1118.503053][T21582] ? nsecs_to_jiffies+0x30/0x30 [ 1118.507931][T21582] ? tomoyo_file_ioctl+0x23/0x30 [ 1118.512881][T21582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1118.519311][T21582] ? security_file_ioctl+0x93/0xc0 [ 1118.524441][T21582] ksys_ioctl+0xab/0xd0 [ 1118.528614][T21582] __x64_sys_ioctl+0x73/0xb0 [ 1118.533219][T21582] do_syscall_64+0x103/0x670 [ 1118.537825][T21582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1118.543734][T21582] RIP: 0033:0x458c29 [ 1118.547639][T21582] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1118.567435][T21582] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1118.575866][T21582] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1118.583849][T21582] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 09:15:25 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x4c00000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:25 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x300, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:25 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) getsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000200)={@multicast1, @dev}, &(0x7f0000000240)=0x8) [ 1118.591840][T21582] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1118.599828][T21582] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1118.607815][T21582] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff 09:15:25 executing program 5: lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_default\x00', &(0x7f0000000140)=""/143, 0x8f) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) [ 1118.739404][T21621] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 09:15:25 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x38e, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1118.801628][T21621] CPU: 0 PID: 21621 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1118.810912][T21621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1118.820975][T21621] Call Trace: [ 1118.824283][T21621] dump_stack+0x172/0x1f0 [ 1118.828644][T21621] warn_alloc.cold+0x87/0x17f [ 1118.833356][T21621] ? zone_watermark_ok_safe+0x260/0x260 [ 1118.838925][T21621] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1118.844599][T21621] __vmalloc_node_range+0x48a/0x790 [ 1118.849810][T21621] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1118.854855][T21621] ? kmem_cache_alloc_trace+0x354/0x760 [ 1118.860413][T21621] ? vb2_vmalloc_alloc+0xca/0x280 [ 1118.865454][T21621] vmalloc_user+0x6b/0x90 [ 1118.869799][T21621] ? vb2_vmalloc_alloc+0xca/0x280 [ 1118.874832][T21621] vb2_vmalloc_alloc+0xca/0x280 [ 1118.879699][T21621] ? __vb2_queue_alloc+0xf5/0xf40 [ 1118.884738][T21621] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1118.890553][T21621] __vb2_queue_alloc+0x5a6/0xf40 [ 1118.895539][T21621] vb2_core_create_bufs+0x2bc/0x790 [ 1118.900758][T21621] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1118.906141][T21621] ? __vb2_queue_alloc+0xf40/0xf40 [ 1118.911259][T21621] ? lock_acquire+0x16f/0x3f0 [ 1118.915966][T21621] ? __video_do_ioctl+0x398/0xce0 [ 1118.921004][T21621] ? __lock_acquire+0x548/0x3fb0 [ 1118.921550][T21635] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1118.926917][T21621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1118.926938][T21621] vb2_create_bufs+0x472/0x7d0 [ 1118.926956][T21621] ? vb2_request_queue+0x120/0x120 [ 1118.926975][T21621] ? __lock_acquire+0x548/0x3fb0 [ 1118.961854][T21621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1118.968123][T21621] ? debug_smp_processor_id+0x3c/0x280 [ 1118.973607][T21621] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1118.980040][T21621] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1118.985606][T21621] v4l_create_bufs+0xc0/0x180 [ 1118.990305][T21621] __video_do_ioctl+0x7f1/0xce0 [ 1118.995182][T21621] ? v4l_s_fmt+0xab0/0xab0 [ 1118.999622][T21621] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1119.005885][T21621] ? _copy_from_user+0xdd/0x150 [ 1119.010756][T21621] video_usercopy+0x4c5/0x10d0 [ 1119.015537][T21621] ? v4l_s_fmt+0xab0/0xab0 [ 1119.019972][T21621] ? v4l_enumstd+0x70/0x70 [ 1119.024397][T21621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1119.030660][T21621] ? tomoyo_path_number_perm+0x263/0x520 [ 1119.036311][T21621] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1119.042152][T21621] ? video_usercopy+0x10d0/0x10d0 [ 1119.047194][T21621] video_ioctl2+0x2d/0x35 [ 1119.051538][T21621] v4l2_ioctl+0x156/0x1b0 [ 1119.055875][T21621] ? video_devdata+0xa0/0xa0 [ 1119.060477][T21621] do_vfs_ioctl+0xd6e/0x1390 [ 1119.065081][T21621] ? ioctl_preallocate+0x210/0x210 [ 1119.070206][T21621] ? __fget+0x381/0x550 [ 1119.074399][T21621] ? ksys_dup3+0x3e0/0x3e0 [ 1119.078823][T21621] ? nsecs_to_jiffies+0x30/0x30 [ 1119.083696][T21621] ? tomoyo_file_ioctl+0x23/0x30 [ 1119.088815][T21621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1119.095063][T21621] ? security_file_ioctl+0x93/0xc0 [ 1119.100199][T21621] ksys_ioctl+0xab/0xd0 [ 1119.104368][T21621] __x64_sys_ioctl+0x73/0xb0 [ 1119.108971][T21621] do_syscall_64+0x103/0x670 [ 1119.113577][T21621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1119.119469][T21621] RIP: 0033:0x458c29 [ 1119.123371][T21621] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1119.142979][T21621] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1119.151396][T21621] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1119.159373][T21621] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1119.167353][T21621] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1119.175331][T21621] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1119.183424][T21621] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1119.204037][T21635] CPU: 1 PID: 21635 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1119.213194][T21635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1119.223250][T21635] Call Trace: [ 1119.223272][T21635] dump_stack+0x172/0x1f0 [ 1119.223293][T21635] warn_alloc.cold+0x87/0x17f [ 1119.223307][T21635] ? zone_watermark_ok_safe+0x260/0x260 [ 1119.223323][T21635] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1119.223363][T21635] __vmalloc_node_range+0x48a/0x790 [ 1119.223386][T21635] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1119.230996][T21635] ? kmem_cache_alloc_trace+0x354/0x760 [ 1119.241185][T21635] ? vb2_vmalloc_alloc+0xca/0x280 [ 1119.241206][T21635] vmalloc_user+0x6b/0x90 [ 1119.241225][T21635] ? vb2_vmalloc_alloc+0xca/0x280 [ 1119.257041][T21635] vb2_vmalloc_alloc+0xca/0x280 [ 1119.257056][T21635] ? __vb2_queue_alloc+0xf5/0xf40 [ 1119.257071][T21635] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1119.257088][T21635] __vb2_queue_alloc+0x5a6/0xf40 [ 1119.267910][T21635] vb2_core_create_bufs+0x2bc/0x790 [ 1119.267932][T21635] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1119.267944][T21635] ? __vb2_queue_alloc+0xf40/0xf40 [ 1119.267962][T21635] ? lock_acquire+0x16f/0x3f0 [ 1119.277311][T21635] ? __video_do_ioctl+0x398/0xce0 [ 1119.277328][T21635] ? __lock_acquire+0x548/0x3fb0 [ 1119.277353][T21635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1119.286412][T21621] Mem-Info: [ 1119.287200][T21635] vb2_create_bufs+0x472/0x7d0 [ 1119.293538][T21621] active_anon:250226 inactive_anon:201 isolated_anon:0 [ 1119.293538][T21621] active_file:8221 inactive_file:40769 isolated_file:0 [ 1119.293538][T21621] unevictable:0 dirty:127 writeback:0 unstable:0 [ 1119.293538][T21621] slab_reclaimable:14556 slab_unreclaimable:110092 [ 1119.293538][T21621] mapped:58949 shmem:248 pagetables:7295 bounce:0 [ 1119.293538][T21621] free:1092247 free_pcp:484 free_cma:0 [ 1119.297913][T21635] ? vb2_request_queue+0x120/0x120 [ 1119.297932][T21635] ? __lock_acquire+0x548/0x3fb0 [ 1119.297955][T21635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1119.303821][T21621] Node 0 active_anon:1000904kB inactive_anon:804kB active_file:32748kB inactive_file:163076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235796kB dirty:508kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 575488kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1119.308670][T21635] ? debug_smp_processor_id+0x3c/0x280 [ 1119.308694][T21635] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1119.308710][T21635] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1119.308731][T21635] v4l_create_bufs+0xc0/0x180 [ 1119.314278][T21621] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1119.318480][T21635] __video_do_ioctl+0x7f1/0xce0 [ 1119.318505][T21635] ? v4l_s_fmt+0xab0/0xab0 [ 1119.318527][T21635] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1119.318547][T21635] ? _copy_from_user+0xdd/0x150 [ 1119.345200][T21621] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1119.381168][T21635] video_usercopy+0x4c5/0x10d0 [ 1119.381185][T21635] ? v4l_s_fmt+0xab0/0xab0 [ 1119.381205][T21635] ? v4l_enumstd+0x70/0x70 [ 1119.381221][T21635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1119.381236][T21635] ? tomoyo_path_number_perm+0x263/0x520 [ 1119.381253][T21635] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1119.381280][T21635] ? video_usercopy+0x10d0/0x10d0 [ 1119.381294][T21635] video_ioctl2+0x2d/0x35 [ 1119.381308][T21635] v4l2_ioctl+0x156/0x1b0 [ 1119.381321][T21635] ? video_devdata+0xa0/0xa0 [ 1119.381344][T21635] do_vfs_ioctl+0xd6e/0x1390 [ 1119.532471][T21621] lowmem_reserve[]: 0 2553 2555 2555 [ 1119.532544][T21635] ? ioctl_preallocate+0x210/0x210 [ 1119.563646][T21621] Node 0 DMA32 free:556316kB min:36232kB low:45288kB high:54344kB active_anon:1000864kB inactive_anon:804kB active_file:32748kB inactive_file:163132kB unevictable:0kB writepending:588kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15424kB pagetables:29128kB bounce:0kB free_pcp:2072kB local_pcp:676kB free_cma:0kB [ 1119.564003][T21635] ? __fget+0x381/0x550 [ 1119.591727][T21621] lowmem_reserve[]: 0 0 2 2 [ 1119.618838][T21635] ? ksys_dup3+0x3e0/0x3e0 [ 1119.618854][T21635] ? nsecs_to_jiffies+0x30/0x30 [ 1119.618876][T21635] ? tomoyo_file_ioctl+0x23/0x30 [ 1119.618892][T21635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1119.618908][T21635] ? security_file_ioctl+0x93/0xc0 [ 1119.618925][T21635] ksys_ioctl+0xab/0xd0 [ 1119.618945][T21635] __x64_sys_ioctl+0x73/0xb0 [ 1119.618964][T21635] do_syscall_64+0x103/0x670 [ 1119.618981][T21635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1119.618997][T21635] RIP: 0033:0x458c29 [ 1119.678718][T21635] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1119.698330][T21635] RSP: 002b:00007f53a9435c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1119.706777][T21635] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1119.714800][T21635] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1119.722791][T21635] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1119.730777][T21635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94366d4 [ 1119.738763][T21635] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1119.750133][T21621] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1119.777010][T21445] Bluetooth: hci0: command 0x1003 tx timeout [ 1119.784119][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1119.841669][T21621] lowmem_reserve[]: 0 0 0 0 [ 1119.857499][T21621] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1119.928020][T21621] lowmem_reserve[]: 0 0 0 0 [ 1119.937390][T21621] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1119.969092][T21621] Node 0 DMA32: 97*4kB (UME) 99*8kB (UM) 5*16kB (UM) 337*32kB (UM) 379*64kB (UME) 20*128kB (UME) 4*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 4*2048kB (UME) 122*4096kB (UM) = 551884kB [ 1120.009129][T21621] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1120.036877][T21621] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1120.073244][T21621] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1120.086744][T21621] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1120.096400][T21621] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1120.106839][T21621] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1120.133175][T21621] 49270 total pagecache pages [ 1120.138321][T21621] 0 pages in swap cache [ 1120.142865][T21621] Swap cache stats: add 0, delete 0, find 0/0 [ 1120.149171][T21621] Free swap = 0kB [ 1120.153565][T21621] Total swap = 0kB [ 1120.161723][T21621] 1965979 pages RAM [ 1120.170280][T21621] 0 pages HighMem/MovableOnly [ 1120.181037][T21621] 339405 pages reserved [ 1120.190001][T21621] 0 pages cma reserved [ 1121.721585][ T12] Bluetooth: hci1: command 0x1003 tx timeout [ 1121.727762][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1121.801579][ T12] Bluetooth: hci0: command 0x1001 tx timeout [ 1121.807665][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1122.041615][T21445] Bluetooth: hci2: command 0x1003 tx timeout [ 1122.047759][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1123.801562][T21445] Bluetooth: hci1: command 0x1001 tx timeout [ 1123.807684][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1123.881558][T21445] Bluetooth: hci0: command 0x1009 tx timeout [ 1124.121611][ T12] Bluetooth: hci2: command 0x1001 tx timeout [ 1124.127725][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1125.881616][ T12] Bluetooth: hci1: command 0x1009 tx timeout [ 1126.201563][T21445] Bluetooth: hci2: command 0x1009 tx timeout 09:15:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5452, &(0x7f0000000080)) 09:15:34 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x0, 0x0) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000040)=0x80000001, &(0x7f0000000080)=0x1) getsockopt$sock_buf(r0, 0x1, 0x37, &(0x7f00000002c0)=""/253, &(0x7f00000003c0)=0xfd) mq_timedreceive(r1, &(0x7f0000000440)=""/20, 0x14, 0x14000000, &(0x7f0000000480)={0x77359400}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000400)=0x2, 0x4) 09:15:34 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x7ffffff2, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:34 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x2000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:34 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x6000000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:34 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x7ffffff8, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1127.622945][T21660] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1127.654384][T21663] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1127.700219][T21660] CPU: 0 PID: 21660 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1127.709387][T21660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1127.719449][T21660] Call Trace: [ 1127.722765][T21660] dump_stack+0x172/0x1f0 [ 1127.727123][T21660] warn_alloc.cold+0x87/0x17f [ 1127.731817][T21660] ? zone_watermark_ok_safe+0x260/0x260 [ 1127.737372][T21660] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1127.743049][T21660] __vmalloc_node_range+0x48a/0x790 [ 1127.748264][T21660] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1127.753304][T21660] ? kmem_cache_alloc_trace+0x354/0x760 [ 1127.758861][T21660] ? vb2_vmalloc_alloc+0xca/0x280 [ 1127.763906][T21660] vmalloc_user+0x6b/0x90 [ 1127.768334][T21660] ? vb2_vmalloc_alloc+0xca/0x280 [ 1127.773366][T21660] vb2_vmalloc_alloc+0xca/0x280 [ 1127.778231][T21660] ? __vb2_queue_alloc+0xf5/0xf40 [ 1127.783265][T21660] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1127.789080][T21660] __vb2_queue_alloc+0x5a6/0xf40 [ 1127.794044][T21660] vb2_core_create_bufs+0x2bc/0x790 [ 1127.799243][T21660] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1127.804615][T21660] ? __vb2_queue_alloc+0xf40/0xf40 [ 1127.809727][T21660] ? lock_acquire+0x16f/0x3f0 [ 1127.814407][T21660] ? __video_do_ioctl+0x398/0xce0 [ 1127.819434][T21660] ? __lock_acquire+0x548/0x3fb0 [ 1127.824383][T21660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1127.830735][T21660] vb2_create_bufs+0x472/0x7d0 [ 1127.835509][T21660] ? vb2_request_queue+0x120/0x120 [ 1127.840636][T21660] ? __lock_acquire+0x548/0x3fb0 [ 1127.845750][T21660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1127.851993][T21660] ? debug_smp_processor_id+0x3c/0x280 [ 1127.857459][T21660] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1127.862661][T21660] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1127.868212][T21660] v4l_create_bufs+0xc0/0x180 [ 1127.873068][T21660] __video_do_ioctl+0x7f1/0xce0 [ 1127.877934][T21660] ? v4l_s_fmt+0xab0/0xab0 [ 1127.882376][T21660] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1127.888651][T21660] ? _copy_from_user+0xdd/0x150 [ 1127.893508][T21660] video_usercopy+0x4c5/0x10d0 [ 1127.898281][T21660] ? v4l_s_fmt+0xab0/0xab0 [ 1127.902716][T21660] ? v4l_enumstd+0x70/0x70 [ 1127.907129][T21660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1127.913368][T21660] ? tomoyo_path_number_perm+0x263/0x520 [ 1127.919009][T21660] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1127.924835][T21660] ? video_usercopy+0x10d0/0x10d0 [ 1127.929864][T21660] video_ioctl2+0x2d/0x35 [ 1127.934198][T21660] v4l2_ioctl+0x156/0x1b0 [ 1127.938524][T21660] ? video_devdata+0xa0/0xa0 [ 1127.943137][T21660] do_vfs_ioctl+0xd6e/0x1390 [ 1127.947736][T21660] ? ioctl_preallocate+0x210/0x210 [ 1127.952850][T21660] ? __fget+0x381/0x550 [ 1127.957016][T21660] ? ksys_dup3+0x3e0/0x3e0 [ 1127.961430][T21660] ? nsecs_to_jiffies+0x30/0x30 [ 1127.966339][T21660] ? tomoyo_file_ioctl+0x23/0x30 [ 1127.971276][T21660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1127.977512][T21660] ? security_file_ioctl+0x93/0xc0 [ 1127.982643][T21660] ksys_ioctl+0xab/0xd0 [ 1127.986890][T21660] __x64_sys_ioctl+0x73/0xb0 [ 1127.991480][T21660] do_syscall_64+0x103/0x670 [ 1127.996073][T21660] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1128.001968][T21660] RIP: 0033:0x458c29 [ 1128.005860][T21660] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1128.025460][T21660] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1128.033871][T21660] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1128.041841][T21660] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1128.049812][T21660] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1128.057789][T21660] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1128.065758][T21660] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1128.073830][T21663] CPU: 1 PID: 21663 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1128.082973][T21663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1128.093123][T21663] Call Trace: [ 1128.096426][T21663] dump_stack+0x172/0x1f0 [ 1128.100562][T21660] warn_alloc_show_mem: 2 callbacks suppressed [ 1128.100566][T21660] Mem-Info: [ 1128.100770][T21663] warn_alloc.cold+0x87/0x17f [ 1128.107518][T21660] active_anon:249874 inactive_anon:201 isolated_anon:0 [ 1128.107518][T21660] active_file:8223 inactive_file:40804 isolated_file:0 [ 1128.107518][T21660] unevictable:0 dirty:152 writeback:0 unstable:0 [ 1128.107518][T21660] slab_reclaimable:14340 slab_unreclaimable:115852 [ 1128.107518][T21660] mapped:58824 shmem:248 pagetables:7184 bounce:0 [ 1128.107518][T21660] free:1087231 free_pcp:452 free_cma:0 [ 1128.110185][T21663] ? zone_watermark_ok_safe+0x260/0x260 [ 1128.110204][T21663] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1128.110243][T21663] __vmalloc_node_range+0x48a/0x790 [ 1128.115498][T21660] Node 0 active_anon:999496kB inactive_anon:804kB active_file:32756kB inactive_file:163216kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:608kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 575488kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1128.152976][T21663] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1128.152996][T21663] ? kmem_cache_alloc_trace+0x354/0x760 [ 1128.153009][T21663] ? vb2_vmalloc_alloc+0xca/0x280 [ 1128.153031][T21663] vmalloc_user+0x6b/0x90 [ 1128.153045][T21663] ? vb2_vmalloc_alloc+0xca/0x280 [ 1128.153059][T21663] vb2_vmalloc_alloc+0xca/0x280 [ 1128.153081][T21663] ? __vb2_queue_alloc+0xf5/0xf40 [ 1128.153100][T21663] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1128.153111][T21663] __vb2_queue_alloc+0x5a6/0xf40 [ 1128.153139][T21663] vb2_core_create_bufs+0x2bc/0x790 [ 1128.161452][T21660] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1128.164297][T21663] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1128.164313][T21663] ? __vb2_queue_alloc+0xf40/0xf40 [ 1128.164327][T21663] ? lock_acquire+0x16f/0x3f0 [ 1128.164348][T21663] ? __video_do_ioctl+0x398/0xce0 09:15:34 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x7ffffff9, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:34 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xffffff1f, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1128.169626][T21660] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1128.198404][T21663] ? __lock_acquire+0x548/0x3fb0 [ 1128.198427][T21663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.198445][T21663] vb2_create_bufs+0x472/0x7d0 [ 1128.198463][T21663] ? vb2_request_queue+0x120/0x120 [ 1128.198477][T21663] ? __lock_acquire+0x548/0x3fb0 09:15:34 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x1) ioctl$VIDIOC_S_AUDOUT(r1, 0x40345632, &(0x7f0000000240)={0x7, "ac838869c4db4610f2b5b73cf5aa5798a211fb6ac75255ac85cf63025e3fb4f1", 0x2, 0x200000000000000}) [ 1128.198494][T21663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.198508][T21663] ? debug_smp_processor_id+0x3c/0x280 [ 1128.198529][T21663] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1128.204218][T21660] lowmem_reserve[]: 0 2553 2555 2555 [ 1128.209079][T21663] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1128.209100][T21663] v4l_create_bufs+0xc0/0x180 [ 1128.209121][T21663] __video_do_ioctl+0x7f1/0xce0 [ 1128.209148][T21663] ? v4l_s_fmt+0xab0/0xab0 09:15:34 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1128.214592][T21660] Node 0 DMA32 free:540964kB min:36232kB low:45288kB high:54344kB active_anon:1001508kB inactive_anon:804kB active_file:32756kB inactive_file:163216kB unevictable:0kB writepending:608kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15104kB pagetables:28736kB bounce:0kB free_pcp:1744kB local_pcp:972kB free_cma:0kB [ 1128.218470][T21663] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1128.218487][T21663] ? _copy_from_user+0xdd/0x150 [ 1128.218511][T21663] video_usercopy+0x4c5/0x10d0 [ 1128.218525][T21663] ? v4l_s_fmt+0xab0/0xab0 [ 1128.218546][T21663] ? v4l_enumstd+0x70/0x70 [ 1128.224144][T21660] lowmem_reserve[]: 0 0 2 2 [ 1128.228377][T21663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.228395][T21663] ? tomoyo_path_number_perm+0x263/0x520 [ 1128.228415][T21663] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1128.228445][T21663] ? video_usercopy+0x10d0/0x10d0 [ 1128.228464][T21663] video_ioctl2+0x2d/0x35 [ 1128.233936][T21660] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1128.239252][T21663] v4l2_ioctl+0x156/0x1b0 [ 1128.239268][T21663] ? video_devdata+0xa0/0xa0 [ 1128.239288][T21663] do_vfs_ioctl+0xd6e/0x1390 [ 1128.239307][T21663] ? ioctl_preallocate+0x210/0x210 [ 1128.239327][T21663] ? __fget+0x381/0x550 [ 1128.244722][T21660] lowmem_reserve[]: 0 0 0 0 [ 1128.249424][T21663] ? ksys_dup3+0x3e0/0x3e0 [ 1128.249441][T21663] ? nsecs_to_jiffies+0x30/0x30 [ 1128.249466][T21663] ? tomoyo_file_ioctl+0x23/0x30 [ 1128.249486][T21663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.276514][T21660] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1128.281457][T21663] ? security_file_ioctl+0x93/0xc0 [ 1128.281479][T21663] ksys_ioctl+0xab/0xd0 [ 1128.281499][T21663] __x64_sys_ioctl+0x73/0xb0 [ 1128.281517][T21663] do_syscall_64+0x103/0x670 [ 1128.281538][T21663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1128.281550][T21663] RIP: 0033:0x458c29 [ 1128.281566][T21663] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1128.287138][T21660] lowmem_reserve[]: 0 0 0 0 [ 1128.291298][T21663] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1128.291314][T21663] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1128.291323][T21663] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1128.291332][T21663] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1128.291341][T21663] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1128.291350][T21663] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1128.412360][T21690] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1128.446242][T21660] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1128.485367][T21697] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1128.515828][T21690] CPU: 1 PID: 21690 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1128.532543][T21690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1128.532549][T21690] Call Trace: [ 1128.532569][T21690] dump_stack+0x172/0x1f0 [ 1128.532590][T21690] warn_alloc.cold+0x87/0x17f [ 1128.532604][T21690] ? zone_watermark_ok_safe+0x260/0x260 [ 1128.532622][T21690] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1128.537410][T21660] Node 0 DMA32: 550*4kB (UME) 153*8kB (UME) 115*16kB (UM) 353*32kB (UME) 377*64kB (ME) 20*128kB (UME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 3*2048kB (UME) 118*4096kB (UM) = 538096kB [ 1128.541858][T21690] __vmalloc_node_range+0x48a/0x790 [ 1128.541874][T21690] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1128.541892][T21690] ? kmem_cache_alloc_trace+0x354/0x760 [ 1128.546808][T21660] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1128.553007][T21690] ? vb2_vmalloc_alloc+0xca/0x280 [ 1128.553023][T21690] vmalloc_user+0x6b/0x90 [ 1128.553036][T21690] ? vb2_vmalloc_alloc+0xca/0x280 [ 1128.553058][T21690] vb2_vmalloc_alloc+0xca/0x280 [ 1128.581346][T21660] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1128.586394][T21690] ? __vb2_queue_alloc+0xf5/0xf40 [ 1128.586410][T21690] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1128.586422][T21690] __vb2_queue_alloc+0x5a6/0xf40 [ 1128.586448][T21690] vb2_core_create_bufs+0x2bc/0x790 [ 1128.590612][T21660] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1128.595158][T21690] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1128.595172][T21690] ? __vb2_queue_alloc+0xf40/0xf40 [ 1128.595186][T21690] ? lock_acquire+0x16f/0x3f0 [ 1128.595204][T21690] ? __video_do_ioctl+0x398/0xce0 [ 1128.599781][T21660] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1128.605620][T21690] ? __lock_acquire+0x548/0x3fb0 [ 1128.605641][T21690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.605657][T21690] vb2_create_bufs+0x472/0x7d0 [ 1128.605674][T21690] ? vb2_request_queue+0x120/0x120 [ 1128.609558][T21660] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1128.629113][T21690] ? __lock_acquire+0x548/0x3fb0 [ 1128.629129][T21690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.629142][T21690] ? debug_smp_processor_id+0x3c/0x280 [ 1128.629160][T21690] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1128.633669][T21660] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1128.642018][T21690] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1128.642036][T21690] v4l_create_bufs+0xc0/0x180 [ 1128.642059][T21690] __video_do_ioctl+0x7f1/0xce0 [ 1128.642081][T21690] ? v4l_s_fmt+0xab0/0xab0 [ 1128.650043][T21660] 49285 total pagecache pages [ 1128.657998][T21690] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1128.658013][T21690] ? _copy_from_user+0xdd/0x150 [ 1128.658034][T21690] video_usercopy+0x4c5/0x10d0 [ 1128.666016][T21660] 0 pages in swap cache [ 1128.674432][T21690] ? v4l_s_fmt+0xab0/0xab0 [ 1128.674454][T21690] ? v4l_enumstd+0x70/0x70 [ 1128.674467][T21690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.674487][T21690] ? tomoyo_path_number_perm+0x263/0x520 [ 1128.682467][T21660] Swap cache stats: add 0, delete 0, find 0/0 [ 1128.696296][T21690] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1128.696326][T21690] ? video_usercopy+0x10d0/0x10d0 [ 1128.696339][T21690] video_ioctl2+0x2d/0x35 [ 1128.696356][T21690] v4l2_ioctl+0x156/0x1b0 [ 1128.710591][T21660] Free swap = 0kB [ 1128.724411][T21690] ? video_devdata+0xa0/0xa0 [ 1128.724431][T21690] do_vfs_ioctl+0xd6e/0x1390 [ 1128.724451][T21690] ? ioctl_preallocate+0x210/0x210 [ 1128.724468][T21690] ? __fget+0x381/0x550 [ 1128.733580][T21660] Total swap = 0kB [ 1128.743585][T21690] ? ksys_dup3+0x3e0/0x3e0 [ 1128.743600][T21690] ? nsecs_to_jiffies+0x30/0x30 [ 1128.743623][T21690] ? tomoyo_file_ioctl+0x23/0x30 [ 1128.746889][T21660] 1965979 pages RAM [ 1128.751177][T21690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.751191][T21690] ? security_file_ioctl+0x93/0xc0 [ 1128.751208][T21690] ksys_ioctl+0xab/0xd0 [ 1128.755886][T21660] 0 pages HighMem/MovableOnly [ 1128.761375][T21690] __x64_sys_ioctl+0x73/0xb0 [ 1128.761389][T21690] do_syscall_64+0x103/0x670 [ 1128.761407][T21690] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1128.767044][T21660] 339405 pages reserved [ 1128.785203][T21690] RIP: 0033:0x458c29 [ 1128.785219][T21690] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1128.785228][T21690] RSP: 002b:00007f92fa780c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1128.785242][T21690] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1128.785255][T21690] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1128.790438][T21660] 0 pages cma reserved [ 1128.795410][T21690] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1128.795419][T21690] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7816d4 [ 1128.795427][T21690] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1128.831946][T21697] CPU: 1 PID: 21697 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1129.228084][T21697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1129.238115][T21697] Call Trace: [ 1129.241393][T21697] dump_stack+0x172/0x1f0 [ 1129.245701][T21697] warn_alloc.cold+0x87/0x17f [ 1129.250351][T21697] ? zone_watermark_ok_safe+0x260/0x260 [ 1129.255874][T21697] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1129.261500][T21697] __vmalloc_node_range+0x48a/0x790 [ 1129.266684][T21697] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1129.271698][T21697] ? kmem_cache_alloc_trace+0x354/0x760 [ 1129.277223][T21697] ? vb2_vmalloc_alloc+0xca/0x280 [ 1129.282224][T21697] vmalloc_user+0x6b/0x90 [ 1129.286533][T21697] ? vb2_vmalloc_alloc+0xca/0x280 [ 1129.291637][T21697] vb2_vmalloc_alloc+0xca/0x280 [ 1129.296473][T21697] ? __vb2_queue_alloc+0xf5/0xf40 [ 1129.301493][T21697] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1129.307277][T21697] __vb2_queue_alloc+0x5a6/0xf40 [ 1129.312235][T21697] vb2_core_create_bufs+0x2bc/0x790 [ 1129.317424][T21697] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1129.322777][T21697] ? __vb2_queue_alloc+0xf40/0xf40 [ 1129.327886][T21697] ? lock_acquire+0x16f/0x3f0 [ 1129.332557][T21697] ? __video_do_ioctl+0x398/0xce0 [ 1129.337564][T21697] ? __lock_acquire+0x548/0x3fb0 [ 1129.342489][T21697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1129.348707][T21697] vb2_create_bufs+0x472/0x7d0 [ 1129.353458][T21697] ? vb2_request_queue+0x120/0x120 [ 1129.358548][T21697] ? __lock_acquire+0x548/0x3fb0 [ 1129.363488][T21697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1129.369727][T21697] ? debug_smp_processor_id+0x3c/0x280 [ 1129.375171][T21697] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1129.380267][T21697] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1129.385795][T21697] v4l_create_bufs+0xc0/0x180 [ 1129.390465][T21697] __video_do_ioctl+0x7f1/0xce0 [ 1129.395305][T21697] ? v4l_s_fmt+0xab0/0xab0 [ 1129.399723][T21697] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1129.405961][T21697] ? _copy_from_user+0xdd/0x150 [ 1129.410800][T21697] video_usercopy+0x4c5/0x10d0 [ 1129.415546][T21697] ? v4l_s_fmt+0xab0/0xab0 [ 1129.419961][T21697] ? v4l_enumstd+0x70/0x70 [ 1129.424366][T21697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1129.430590][T21697] ? tomoyo_path_number_perm+0x263/0x520 [ 1129.436227][T21697] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1129.442113][T21697] ? video_usercopy+0x10d0/0x10d0 [ 1129.447208][T21697] video_ioctl2+0x2d/0x35 [ 1129.451528][T21697] v4l2_ioctl+0x156/0x1b0 [ 1129.455850][T21697] ? video_devdata+0xa0/0xa0 [ 1129.460432][T21697] do_vfs_ioctl+0xd6e/0x1390 [ 1129.465023][T21697] ? ioctl_preallocate+0x210/0x210 [ 1129.470116][T21697] ? __fget+0x381/0x550 [ 1129.474270][T21697] ? ksys_dup3+0x3e0/0x3e0 [ 1129.478680][T21697] ? nsecs_to_jiffies+0x30/0x30 [ 1129.483524][T21697] ? tomoyo_file_ioctl+0x23/0x30 [ 1129.488443][T21697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1129.494679][T21697] ? security_file_ioctl+0x93/0xc0 [ 1129.499774][T21697] ksys_ioctl+0xab/0xd0 [ 1129.503922][T21697] __x64_sys_ioctl+0x73/0xb0 [ 1129.510046][T21697] do_syscall_64+0x103/0x670 [ 1129.514626][T21697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1129.520507][T21697] RIP: 0033:0x458c29 [ 1129.524385][T21697] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1129.543966][T21697] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1129.552467][T21697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1129.560412][T21697] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1129.568446][T21697] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1129.576393][T21697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1129.584530][T21697] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1129.600162][T21690] warn_alloc_show_mem: 1 callbacks suppressed [ 1129.600171][T21690] Mem-Info: [ 1129.630745][T21690] active_anon:250484 inactive_anon:201 isolated_anon:0 [ 1129.630745][T21690] active_file:8223 inactive_file:40819 isolated_file:0 [ 1129.630745][T21690] unevictable:0 dirty:192 writeback:0 unstable:0 [ 1129.630745][T21690] slab_reclaimable:14336 slab_unreclaimable:115966 [ 1129.630745][T21690] mapped:58824 shmem:248 pagetables:7255 bounce:0 [ 1129.630745][T21690] free:1086497 free_pcp:403 free_cma:0 [ 1129.672244][T21690] Node 0 active_anon:1001836kB inactive_anon:804kB active_file:32756kB inactive_file:163276kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:768kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 583680kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1129.709083][T21690] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1129.735854][ T12] Bluetooth: hci0: command 0x1003 tx timeout [ 1129.740915][T21690] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1129.747923][T17349] Bluetooth: hci0: sending frame failed (-49) [ 1129.770735][T21690] lowmem_reserve[]: 0 2553 2555 2555 [ 1129.782950][T21690] Node 0 DMA32 free:540100kB min:36232kB low:45288kB high:54344kB active_anon:1001936kB inactive_anon:804kB active_file:32756kB inactive_file:163276kB unevictable:0kB writepending:768kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14976kB pagetables:28872kB bounce:0kB free_pcp:1904kB local_pcp:1044kB free_cma:0kB [ 1129.814060][T21690] lowmem_reserve[]: 0 0 2 2 [ 1129.818732][T21690] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1129.845530][T21690] lowmem_reserve[]: 0 0 0 0 [ 1129.850051][T21690] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1129.881431][T21690] lowmem_reserve[]: 0 0 0 0 [ 1129.886294][T21690] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1129.900981][T21690] Node 0 DMA32: 545*4kB (UME) 231*8kB (UME) 134*16kB (UM) 359*32kB (UME) 377*64kB (ME) 20*128kB (UME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 4*2048kB (UME) 118*4096kB (UM) = 541244kB [ 1129.919546][T21690] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1129.931785][T21690] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1129.949265][T21690] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1129.958855][T21690] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1129.968175][T21690] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1129.977879][T21690] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1129.987285][T21690] 49290 total pagecache pages [ 1129.992011][T21690] 0 pages in swap cache [ 1129.996148][T21690] Swap cache stats: add 0, delete 0, find 0/0 [ 1130.003107][T21690] Free swap = 0kB [ 1130.006834][T21690] Total swap = 0kB [ 1130.010551][T21690] 1965979 pages RAM [ 1130.014429][T21690] 0 pages HighMem/MovableOnly [ 1130.019094][T21690] 339405 pages reserved [ 1130.023289][T21690] 0 pages cma reserved 09:15:36 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x540b, 0x7) ioctl$TIOCLINUX7(r0, 0x541c, &(0x7f0000000000)) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 09:15:36 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x8000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1130.181124][T17349] Bluetooth: hci1: sending frame failed (-49) [ 1130.188603][T21707] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1130.203727][T21707] CPU: 0 PID: 21707 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1130.212838][T21707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1130.222883][T21707] Call Trace: [ 1130.226163][T21707] dump_stack+0x172/0x1f0 [ 1130.230506][T21707] warn_alloc.cold+0x87/0x17f [ 1130.235176][T21707] ? zone_watermark_ok_safe+0x260/0x260 [ 1130.240702][T21707] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1130.246343][T21707] __vmalloc_node_range+0x48a/0x790 [ 1130.251555][T21707] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1130.256590][T21707] ? kmem_cache_alloc_trace+0x354/0x760 [ 1130.262128][T21707] ? vb2_vmalloc_alloc+0xca/0x280 [ 1130.267140][T21707] vmalloc_user+0x6b/0x90 [ 1130.271470][T21707] ? vb2_vmalloc_alloc+0xca/0x280 [ 1130.276664][T21707] vb2_vmalloc_alloc+0xca/0x280 [ 1130.281673][T21707] ? __vb2_queue_alloc+0xf5/0xf40 [ 1130.286712][T21707] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1130.292510][T21707] __vb2_queue_alloc+0x5a6/0xf40 [ 1130.297481][T21707] vb2_core_create_bufs+0x2bc/0x790 [ 1130.302672][T21707] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1130.308033][T21707] ? __vb2_queue_alloc+0xf40/0xf40 [ 1130.313140][T21707] ? lock_acquire+0x16f/0x3f0 [ 1130.317810][T21707] ? __video_do_ioctl+0x398/0xce0 [ 1130.322993][T21707] ? __lock_acquire+0x548/0x3fb0 [ 1130.327938][T21707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1130.334173][T21707] vb2_create_bufs+0x472/0x7d0 [ 1130.338927][T21707] ? vb2_request_queue+0x120/0x120 [ 1130.344038][T21707] ? __lock_acquire+0x548/0x3fb0 [ 1130.348961][T21707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1130.355186][T21707] ? debug_smp_processor_id+0x3c/0x280 [ 1130.360659][T21707] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1130.365688][T21707] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1130.371255][T21707] v4l_create_bufs+0xc0/0x180 [ 1130.375920][T21707] __video_do_ioctl+0x7f1/0xce0 [ 1130.380781][T21707] ? v4l_s_fmt+0xab0/0xab0 [ 1130.385461][T21707] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1130.391702][T21707] ? _copy_from_user+0xdd/0x150 [ 1130.396543][T21707] video_usercopy+0x4c5/0x10d0 [ 1130.401296][T21707] ? v4l_s_fmt+0xab0/0xab0 [ 1130.405725][T21707] ? v4l_enumstd+0x70/0x70 [ 1130.410154][T21707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1130.416390][T21707] ? tomoyo_path_number_perm+0x263/0x520 [ 1130.422028][T21707] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1130.427840][T21707] ? video_usercopy+0x10d0/0x10d0 [ 1130.432861][T21707] video_ioctl2+0x2d/0x35 [ 1130.450132][T21707] v4l2_ioctl+0x156/0x1b0 [ 1130.454466][T21707] ? video_devdata+0xa0/0xa0 [ 1130.459079][T21707] do_vfs_ioctl+0xd6e/0x1390 [ 1130.463685][T21707] ? ioctl_preallocate+0x210/0x210 [ 1130.468801][T21707] ? __fget+0x381/0x550 [ 1130.472967][T21707] ? ksys_dup3+0x3e0/0x3e0 [ 1130.477394][T21707] ? nsecs_to_jiffies+0x30/0x30 [ 1130.482251][T21707] ? tomoyo_file_ioctl+0x23/0x30 [ 1130.487181][T21707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1130.493423][T21707] ? security_file_ioctl+0x93/0xc0 [ 1130.498552][T21707] ksys_ioctl+0xab/0xd0 [ 1130.502805][T21707] __x64_sys_ioctl+0x73/0xb0 [ 1130.507412][T21707] do_syscall_64+0x103/0x670 [ 1130.512016][T21707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1130.517902][T21707] RIP: 0033:0x458c29 [ 1130.521791][T21707] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1130.542178][T21707] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1130.550605][T21707] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1130.558582][T21707] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1130.566550][T21707] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1130.574737][T21707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1130.582715][T21707] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1130.596302][T21713] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1130.610346][T21713] CPU: 0 PID: 21713 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1130.619435][T21713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1130.629472][T21713] Call Trace: [ 1130.632752][T21713] dump_stack+0x172/0x1f0 [ 1130.637082][T21713] warn_alloc.cold+0x87/0x17f [ 1130.641754][T21713] ? zone_watermark_ok_safe+0x260/0x260 [ 1130.647293][T21713] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1130.652922][T21713] __vmalloc_node_range+0x48a/0x790 [ 1130.658119][T21713] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1130.663149][T21713] ? kmem_cache_alloc_trace+0x354/0x760 [ 1130.668686][T21713] ? vb2_vmalloc_alloc+0xca/0x280 [ 1130.673695][T21713] vmalloc_user+0x6b/0x90 [ 1130.678011][T21713] ? vb2_vmalloc_alloc+0xca/0x280 [ 1130.683070][T21713] vb2_vmalloc_alloc+0xca/0x280 [ 1130.687942][T21713] ? __vb2_queue_alloc+0xf5/0xf40 [ 1130.692958][T21713] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1130.698758][T21713] __vb2_queue_alloc+0x5a6/0xf40 [ 1130.703713][T21713] vb2_core_create_bufs+0x2bc/0x790 [ 1130.708903][T21713] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1130.714282][T21713] ? __vb2_queue_alloc+0xf40/0xf40 [ 1130.719387][T21713] ? lock_acquire+0x16f/0x3f0 [ 1130.724068][T21713] ? __video_do_ioctl+0x398/0xce0 [ 1130.729085][T21713] ? __lock_acquire+0x548/0x3fb0 [ 1130.734108][T21713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1130.740335][T21713] vb2_create_bufs+0x472/0x7d0 [ 1130.745085][T21713] ? vb2_request_queue+0x120/0x120 [ 1130.750183][T21713] ? __lock_acquire+0x548/0x3fb0 [ 1130.755105][T21713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1130.761325][T21713] ? debug_smp_processor_id+0x3c/0x280 [ 1130.766770][T21713] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1130.771773][T21713] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1130.777342][T21713] v4l_create_bufs+0xc0/0x180 [ 1130.782053][T21713] __video_do_ioctl+0x7f1/0xce0 [ 1130.786923][T21713] ? v4l_s_fmt+0xab0/0xab0 [ 1130.791341][T21713] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1130.797571][T21713] ? _copy_from_user+0xdd/0x150 [ 1130.802414][T21713] video_usercopy+0x4c5/0x10d0 [ 1130.807166][T21713] ? v4l_s_fmt+0xab0/0xab0 [ 1130.811571][T21713] ? v4l_enumstd+0x70/0x70 [ 1130.815968][T21713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1130.822203][T21713] ? tomoyo_path_number_perm+0x263/0x520 [ 1130.827851][T21713] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1130.833664][T21713] ? video_usercopy+0x10d0/0x10d0 [ 1130.838670][T21713] video_ioctl2+0x2d/0x35 [ 1130.842997][T21713] v4l2_ioctl+0x156/0x1b0 [ 1130.847318][T21713] ? video_devdata+0xa0/0xa0 [ 1130.851895][T21713] do_vfs_ioctl+0xd6e/0x1390 [ 1130.856490][T21713] ? ioctl_preallocate+0x210/0x210 [ 1130.861605][T21713] ? __fget+0x381/0x550 [ 1130.865754][T21713] ? ksys_dup3+0x3e0/0x3e0 [ 1130.870170][T21713] ? nsecs_to_jiffies+0x30/0x30 [ 1130.875097][T21713] ? tomoyo_file_ioctl+0x23/0x30 [ 1130.880025][T21713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1130.886246][T21713] ? security_file_ioctl+0x93/0xc0 [ 1130.891337][T21713] ksys_ioctl+0xab/0xd0 [ 1130.895480][T21713] __x64_sys_ioctl+0x73/0xb0 [ 1130.900053][T21713] do_syscall_64+0x103/0x670 [ 1130.904639][T21713] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1130.910521][T21713] RIP: 0033:0x458c29 [ 1130.914392][T21713] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1130.933990][T21713] RSP: 002b:00007f53a9456c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1130.942384][T21713] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1130.950354][T21713] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1130.958309][T21713] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1130.966260][T21713] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94576d4 [ 1130.974221][T21713] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1130.984814][T21713] warn_alloc_show_mem: 2 callbacks suppressed [ 1130.984818][T21713] Mem-Info: [ 1130.990971][T21713] active_anon:250455 inactive_anon:201 isolated_anon:0 [ 1130.990971][T21713] active_file:8224 inactive_file:40834 isolated_file:0 [ 1130.990971][T21713] unevictable:0 dirty:211 writeback:0 unstable:0 [ 1130.990971][T21713] slab_reclaimable:14307 slab_unreclaimable:115810 [ 1130.990971][T21713] mapped:58824 shmem:248 pagetables:7205 bounce:0 [ 1130.990971][T21713] free:1086673 free_pcp:503 free_cma:0 [ 1131.032959][T21713] Node 0 active_anon:1001820kB inactive_anon:804kB active_file:32760kB inactive_file:163336kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:844kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 581632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1131.062616][T21713] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1131.089329][T21713] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1131.116316][T21713] lowmem_reserve[]: 0 2553 2555 2555 [ 1131.121726][T21713] Node 0 DMA32 free:540804kB min:36232kB low:45288kB high:54344kB active_anon:1001820kB inactive_anon:804kB active_file:32760kB inactive_file:163336kB unevictable:0kB writepending:844kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:14976kB pagetables:28820kB bounce:0kB free_pcp:2012kB local_pcp:816kB free_cma:0kB [ 1131.152542][T21713] lowmem_reserve[]: 0 0 2 2 [ 1131.157049][T21713] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1131.183739][T21713] lowmem_reserve[]: 0 0 0 0 [ 1131.188263][T21713] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1131.216735][T21713] lowmem_reserve[]: 0 0 0 0 [ 1131.221257][T21713] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1131.235640][T21713] Node 0 DMA32: 545*4kB (UME) 166*8kB (UME) 140*16kB (UM) 357*32kB (UME) 378*64kB (UME) 20*128kB (UME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 4*2048kB (UME) 118*4096kB (UM) = 540820kB [ 1131.254105][T21713] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1131.266357][T21713] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1131.283660][T21713] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1131.293243][T21713] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1131.302592][T21713] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1131.312180][T21713] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1131.321605][T21713] 49308 total pagecache pages [ 1131.326294][T21713] 0 pages in swap cache [ 1131.330439][T21713] Swap cache stats: add 0, delete 0, find 0/0 [ 1131.336531][T21713] Free swap = 0kB [ 1131.340254][T21713] Total swap = 0kB [ 1131.344039][T21713] 1965979 pages RAM [ 1131.347858][T21713] 0 pages HighMem/MovableOnly [ 1131.352602][T21713] 339405 pages reserved [ 1131.356774][T21713] 0 pages cma reserved [ 1131.801559][ T12] Bluetooth: hci0: command 0x1001 tx timeout [ 1131.807679][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1132.211530][ T12] Bluetooth: hci1: command 0x1003 tx timeout [ 1132.217657][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1133.091595][ T7678] Bluetooth: hci2: command 0x1003 tx timeout [ 1133.097744][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1133.881594][ T7678] Bluetooth: hci0: command 0x1009 tx timeout [ 1134.281570][ T7678] Bluetooth: hci1: command 0x1001 tx timeout [ 1134.287667][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1135.161619][ T7678] Bluetooth: hci2: command 0x1001 tx timeout [ 1135.167716][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1136.361693][ T12] Bluetooth: hci1: command 0x1009 tx timeout [ 1137.241687][ T12] Bluetooth: hci2: command 0x1009 tx timeout 09:15:44 executing program 0: r0 = socket$inet(0x2, 0x1, 0x140000086) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @remote}, 0x10) 09:15:44 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:44 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x6800000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x545d, &(0x7f0000000080)) 09:15:44 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xc000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1137.846290][T21725] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1137.871886][T21719] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1137.883025][T21725] CPU: 0 PID: 21725 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1137.894947][T21725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1137.905007][T21725] Call Trace: [ 1137.905037][T21725] dump_stack+0x172/0x1f0 [ 1137.905059][T21725] warn_alloc.cold+0x87/0x17f [ 1137.905079][T21725] ? zone_watermark_ok_safe+0x260/0x260 [ 1137.912780][T21725] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1137.912826][T21725] __vmalloc_node_range+0x48a/0x790 [ 1137.912846][T21725] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1137.928660][T21725] ? kmem_cache_alloc_trace+0x354/0x760 [ 1137.928683][T21725] ? vb2_vmalloc_alloc+0xca/0x280 [ 1137.944494][T21725] vmalloc_user+0x6b/0x90 [ 1137.944515][T21725] ? vb2_vmalloc_alloc+0xca/0x280 [ 1137.944528][T21725] vb2_vmalloc_alloc+0xca/0x280 [ 1137.944544][T21725] ? __vb2_queue_alloc+0xf5/0xf40 [ 1137.958890][T21725] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1137.958910][T21725] __vb2_queue_alloc+0x5a6/0xf40 [ 1137.958946][T21725] vb2_core_create_bufs+0x2bc/0x790 [ 1137.974567][T21725] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1137.974582][T21725] ? __vb2_queue_alloc+0xf40/0xf40 [ 1137.974599][T21725] ? lock_acquire+0x16f/0x3f0 [ 1137.974617][T21725] ? __video_do_ioctl+0x398/0xce0 [ 1137.974631][T21725] ? __lock_acquire+0x548/0x3fb0 [ 1137.974652][T21725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1137.974669][T21725] vb2_create_bufs+0x472/0x7d0 [ 1138.020766][T21725] ? vb2_request_queue+0x120/0x120 [ 1138.025878][T21725] ? __lock_acquire+0x548/0x3fb0 [ 1138.030818][T21725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.037059][T21725] ? debug_smp_processor_id+0x3c/0x280 [ 1138.042527][T21725] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1138.047552][T21725] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1138.053094][T21725] v4l_create_bufs+0xc0/0x180 [ 1138.057774][T21725] __video_do_ioctl+0x7f1/0xce0 [ 1138.062806][T21725] ? v4l_s_fmt+0xab0/0xab0 [ 1138.067226][T21725] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1138.073471][T21725] ? _copy_from_user+0xdd/0x150 [ 1138.078433][T21725] video_usercopy+0x4c5/0x10d0 [ 1138.083212][T21725] ? v4l_s_fmt+0xab0/0xab0 [ 1138.087629][T21725] ? v4l_enumstd+0x70/0x70 [ 1138.092130][T21725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.098368][T21725] ? tomoyo_path_number_perm+0x263/0x520 [ 1138.104003][T21725] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1138.109825][T21725] ? video_usercopy+0x10d0/0x10d0 [ 1138.114842][T21725] video_ioctl2+0x2d/0x35 [ 1138.119166][T21725] v4l2_ioctl+0x156/0x1b0 [ 1138.123493][T21725] ? video_devdata+0xa0/0xa0 [ 1138.128084][T21725] do_vfs_ioctl+0xd6e/0x1390 [ 1138.132672][T21725] ? ioctl_preallocate+0x210/0x210 [ 1138.137779][T21725] ? __fget+0x381/0x550 [ 1138.141947][T21725] ? ksys_dup3+0x3e0/0x3e0 [ 1138.146356][T21725] ? nsecs_to_jiffies+0x30/0x30 [ 1138.151233][T21725] ? tomoyo_file_ioctl+0x23/0x30 [ 1138.156167][T21725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.162404][T21725] ? security_file_ioctl+0x93/0xc0 [ 1138.167525][T21725] ksys_ioctl+0xab/0xd0 [ 1138.171683][T21725] __x64_sys_ioctl+0x73/0xb0 [ 1138.176272][T21725] do_syscall_64+0x103/0x670 [ 1138.180864][T21725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1138.186753][T21725] RIP: 0033:0x458c29 [ 1138.190643][T21725] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1138.210327][T21725] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1138.218735][T21725] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1138.226701][T21725] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1138.234671][T21725] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1138.242652][T21725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1138.250711][T21725] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1138.258701][T21719] CPU: 1 PID: 21719 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1138.259475][T21724] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1138.267807][T21719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1138.267813][T21719] Call Trace: [ 1138.267837][T21719] dump_stack+0x172/0x1f0 [ 1138.267857][T21719] warn_alloc.cold+0x87/0x17f [ 1138.267871][T21719] ? zone_watermark_ok_safe+0x260/0x260 [ 1138.267887][T21719] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1138.267925][T21719] __vmalloc_node_range+0x48a/0x790 [ 1138.267941][T21719] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1138.267959][T21719] ? kmem_cache_alloc_trace+0x354/0x760 [ 1138.267978][T21719] ? vb2_vmalloc_alloc+0xca/0x280 [ 1138.336009][T21719] vmalloc_user+0x6b/0x90 [ 1138.340339][T21719] ? vb2_vmalloc_alloc+0xca/0x280 [ 1138.345368][T21719] vb2_vmalloc_alloc+0xca/0x280 [ 1138.350219][T21719] ? __vb2_queue_alloc+0xf5/0xf40 [ 1138.355245][T21719] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1138.361051][T21719] __vb2_queue_alloc+0x5a6/0xf40 [ 1138.366005][T21719] vb2_core_create_bufs+0x2bc/0x790 [ 1138.371205][T21719] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1138.376576][T21719] ? __vb2_queue_alloc+0xf40/0xf40 [ 1138.381696][T21719] ? lock_acquire+0x16f/0x3f0 [ 1138.386377][T21719] ? __video_do_ioctl+0x398/0xce0 [ 1138.391402][T21719] ? __lock_acquire+0x548/0x3fb0 [ 1138.396351][T21719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.402595][T21719] vb2_create_bufs+0x472/0x7d0 [ 1138.407359][T21719] ? vb2_request_queue+0x120/0x120 [ 1138.412469][T21719] ? __lock_acquire+0x548/0x3fb0 [ 1138.417412][T21719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.423655][T21719] ? debug_smp_processor_id+0x3c/0x280 [ 1138.429117][T21719] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1138.434143][T21719] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1138.439687][T21719] v4l_create_bufs+0xc0/0x180 [ 1138.444378][T21719] __video_do_ioctl+0x7f1/0xce0 [ 1138.449255][T21719] ? v4l_s_fmt+0xab0/0xab0 [ 1138.453675][T21719] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1138.459908][T21719] ? _copy_from_user+0xdd/0x150 [ 1138.464762][T21719] video_usercopy+0x4c5/0x10d0 [ 1138.469526][T21719] ? v4l_s_fmt+0xab0/0xab0 [ 1138.473946][T21719] ? v4l_enumstd+0x70/0x70 [ 1138.478380][T21719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.484624][T21719] ? tomoyo_path_number_perm+0x263/0x520 [ 1138.490255][T21719] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1138.496070][T21719] ? video_usercopy+0x10d0/0x10d0 [ 1138.501086][T21719] video_ioctl2+0x2d/0x35 [ 1138.505445][T21719] v4l2_ioctl+0x156/0x1b0 [ 1138.509763][T21719] ? video_devdata+0xa0/0xa0 [ 1138.514352][T21719] do_vfs_ioctl+0xd6e/0x1390 [ 1138.518955][T21719] ? ioctl_preallocate+0x210/0x210 [ 1138.524058][T21719] ? __fget+0x381/0x550 [ 1138.528215][T21719] ? ksys_dup3+0x3e0/0x3e0 [ 1138.532621][T21719] ? nsecs_to_jiffies+0x30/0x30 [ 1138.537551][T21719] ? tomoyo_file_ioctl+0x23/0x30 [ 1138.542653][T21719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.548882][T21719] ? security_file_ioctl+0x93/0xc0 [ 1138.553984][T21719] ksys_ioctl+0xab/0xd0 [ 1138.558140][T21719] __x64_sys_ioctl+0x73/0xb0 [ 1138.562729][T21719] do_syscall_64+0x103/0x670 [ 1138.567319][T21719] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1138.573206][T21719] RIP: 0033:0x458c29 [ 1138.577091][T21719] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1138.596689][T21719] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1138.605096][T21719] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1138.613085][T21719] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1138.621049][T21719] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1138.629013][T21719] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1138.636981][T21719] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1138.651660][T21724] CPU: 0 PID: 21724 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1138.660781][T21724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1138.670818][T21724] Call Trace: [ 1138.674099][T21724] dump_stack+0x172/0x1f0 [ 1138.678423][T21724] warn_alloc.cold+0x87/0x17f [ 1138.683083][T21724] ? zone_watermark_ok_safe+0x260/0x260 [ 1138.688610][T21724] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1138.694326][T21724] __vmalloc_node_range+0x48a/0x790 [ 1138.699510][T21724] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1138.704521][T21724] ? kmem_cache_alloc_trace+0x354/0x760 [ 1138.710064][T21724] ? vb2_vmalloc_alloc+0xca/0x280 [ 1138.715069][T21724] vmalloc_user+0x6b/0x90 [ 1138.719405][T21724] ? vb2_vmalloc_alloc+0xca/0x280 [ 1138.724426][T21724] vb2_vmalloc_alloc+0xca/0x280 [ 1138.729255][T21724] ? __vb2_queue_alloc+0xf5/0xf40 [ 1138.734261][T21724] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1138.740060][T21724] __vb2_queue_alloc+0x5a6/0xf40 [ 1138.744994][T21724] vb2_core_create_bufs+0x2bc/0x790 [ 1138.750174][T21724] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1138.755529][T21724] ? __vb2_queue_alloc+0xf40/0xf40 [ 1138.760621][T21724] ? lock_acquire+0x16f/0x3f0 [ 1138.765292][T21724] ? __video_do_ioctl+0x398/0xce0 [ 1138.770295][T21724] ? __lock_acquire+0x548/0x3fb0 [ 1138.775218][T21724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.781448][T21724] vb2_create_bufs+0x472/0x7d0 [ 1138.786201][T21724] ? vb2_request_queue+0x120/0x120 [ 1138.791294][T21724] ? __lock_acquire+0x548/0x3fb0 [ 1138.796212][T21724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.802443][T21724] ? debug_smp_processor_id+0x3c/0x280 [ 1138.807892][T21724] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1138.812900][T21724] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1138.818426][T21724] v4l_create_bufs+0xc0/0x180 [ 1138.823086][T21724] __video_do_ioctl+0x7f1/0xce0 [ 1138.827922][T21724] ? v4l_s_fmt+0xab0/0xab0 [ 1138.832322][T21724] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1138.838542][T21724] ? _copy_from_user+0xdd/0x150 [ 1138.843372][T21724] video_usercopy+0x4c5/0x10d0 [ 1138.848118][T21724] ? v4l_s_fmt+0xab0/0xab0 [ 1138.852516][T21724] ? v4l_enumstd+0x70/0x70 [ 1138.856907][T21724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.863212][T21724] ? tomoyo_path_number_perm+0x263/0x520 [ 1138.868822][T21724] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1138.874621][T21724] ? video_usercopy+0x10d0/0x10d0 [ 1138.879622][T21724] video_ioctl2+0x2d/0x35 [ 1138.883936][T21724] v4l2_ioctl+0x156/0x1b0 [ 1138.888255][T21724] ? video_devdata+0xa0/0xa0 [ 1138.892830][T21724] do_vfs_ioctl+0xd6e/0x1390 [ 1138.897410][T21724] ? ioctl_preallocate+0x210/0x210 [ 1138.902511][T21724] ? __fget+0x381/0x550 [ 1138.906648][T21724] ? ksys_dup3+0x3e0/0x3e0 [ 1138.911157][T21724] ? nsecs_to_jiffies+0x30/0x30 [ 1138.915994][T21724] ? tomoyo_file_ioctl+0x23/0x30 [ 1138.920913][T21724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.927126][T21724] ? security_file_ioctl+0x93/0xc0 [ 1138.932213][T21724] ksys_ioctl+0xab/0xd0 [ 1138.936346][T21724] __x64_sys_ioctl+0x73/0xb0 [ 1138.940911][T21724] do_syscall_64+0x103/0x670 [ 1138.945481][T21724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1138.951349][T21724] RIP: 0033:0x458c29 [ 1138.955219][T21724] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1138.974793][T21724] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1138.983176][T21724] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1138.991123][T21724] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1138.999066][T21724] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1139.007012][T21724] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1139.014963][T21724] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1139.033202][T21725] Mem-Info: [ 1139.034652][T21735] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1139.036691][T21725] active_anon:251515 inactive_anon:201 isolated_anon:0 [ 1139.036691][T21725] active_file:8224 inactive_file:40855 isolated_file:0 [ 1139.036691][T21725] unevictable:0 dirty:78 writeback:0 unstable:0 [ 1139.036691][T21725] slab_reclaimable:14167 slab_unreclaimable:115648 [ 1139.036691][T21725] mapped:58824 shmem:248 pagetables:7269 bounce:0 [ 1139.036691][T21725] free:1085841 free_pcp:438 free_cma:0 [ 1139.056874][T21735] CPU: 0 PID: 21735 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1139.094993][T21725] Node 0 active_anon:1006060kB inactive_anon:804kB active_file:32760kB inactive_file:163420kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:312kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 587776kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1139.097362][T21735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1139.097367][T21735] Call Trace: [ 1139.097395][T21735] dump_stack+0x172/0x1f0 [ 1139.097414][T21735] warn_alloc.cold+0x87/0x17f [ 1139.127029][T21725] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1139.136427][T21735] ? zone_watermark_ok_safe+0x260/0x260 [ 1139.136443][T21735] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1139.136477][T21735] __vmalloc_node_range+0x48a/0x790 [ 1139.136495][T21735] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1139.140111][T21725] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1139.144072][T21735] ? kmem_cache_alloc_trace+0x354/0x760 [ 1139.144087][T21735] ? vb2_vmalloc_alloc+0xca/0x280 [ 1139.144104][T21735] vmalloc_user+0x6b/0x90 [ 1139.144115][T21735] ? vb2_vmalloc_alloc+0xca/0x280 [ 1139.144131][T21735] vb2_vmalloc_alloc+0xca/0x280 [ 1139.149077][T21725] lowmem_reserve[]: 0 2553 2555 2555 [ 1139.175218][T21735] ? __vb2_queue_alloc+0xf5/0xf40 [ 1139.175236][T21735] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1139.175247][T21735] __vb2_queue_alloc+0x5a6/0xf40 [ 1139.175275][T21735] vb2_core_create_bufs+0x2bc/0x790 [ 1139.175292][T21735] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1139.181122][T21725] Node 0 DMA32 free:537372kB min:36232kB low:45288kB high:54344kB active_anon:1006060kB inactive_anon:804kB active_file:32760kB inactive_file:163420kB unevictable:0kB writepending:312kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15232kB pagetables:28928kB bounce:0kB free_pcp:1964kB local_pcp:1148kB free_cma:0kB [ 1139.186412][T21735] ? __vb2_queue_alloc+0xf40/0xf40 [ 1139.186428][T21735] ? lock_acquire+0x16f/0x3f0 [ 1139.186443][T21735] ? __video_do_ioctl+0x398/0xce0 [ 1139.186455][T21735] ? __lock_acquire+0x548/0x3fb0 [ 1139.186473][T21735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.191980][T21725] lowmem_reserve[]: 0 0 2 2 [ 1139.196652][T21735] vb2_create_bufs+0x472/0x7d0 [ 1139.196669][T21735] ? vb2_request_queue+0x120/0x120 [ 1139.196685][T21735] ? __lock_acquire+0x548/0x3fb0 [ 1139.223856][T21725] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1139.229000][T21735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.229014][T21735] ? debug_smp_processor_id+0x3c/0x280 [ 1139.229033][T21735] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1139.234467][T21725] lowmem_reserve[]: 0 0 0 0 09:15:45 executing program 0: r0 = socket$inet(0x2, 0x6, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000280)={&(0x7f00000002c0)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x20000) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1139.238328][T21735] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1139.238347][T21735] v4l_create_bufs+0xc0/0x180 [ 1139.238373][T21735] __video_do_ioctl+0x7f1/0xce0 [ 1139.243660][T21725] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1139.248206][T21735] ? v4l_s_fmt+0xab0/0xab0 09:15:45 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1139.248233][T21735] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1139.253765][T21725] lowmem_reserve[]: 0 0 0 0 [ 1139.258490][T21735] ? _copy_from_user+0xdd/0x150 [ 1139.258511][T21735] video_usercopy+0x4c5/0x10d0 [ 1139.258529][T21735] ? v4l_s_fmt+0xab0/0xab0 [ 1139.264616][T21725] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1139.269234][T21735] ? v4l_enumstd+0x70/0x70 [ 1139.269248][T21735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.269266][T21735] ? tomoyo_path_number_perm+0x263/0x520 [ 1139.274773][T21725] Node 0 DMA32: 609*4kB (UME) 226*8kB (UME) 149*16kB (UM) 351*32kB (UME) 377*64kB (ME) 20*128kB (UME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 4*2048kB (UME) 117*4096kB (UM) = 537348kB [ 1139.279825][T21735] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1139.279857][T21735] ? video_usercopy+0x10d0/0x10d0 [ 1139.310963][T21725] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1139.315713][T21735] video_ioctl2+0x2d/0x35 [ 1139.315730][T21735] v4l2_ioctl+0x156/0x1b0 [ 1139.315744][T21735] ? video_devdata+0xa0/0xa0 [ 1139.315763][T21735] do_vfs_ioctl+0xd6e/0x1390 [ 1139.315783][T21735] ? ioctl_preallocate+0x210/0x210 [ 1139.321539][T21725] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1139.325430][T21735] ? __fget+0x381/0x550 [ 1139.325450][T21735] ? ksys_dup3+0x3e0/0x3e0 [ 1139.325468][T21735] ? nsecs_to_jiffies+0x30/0x30 09:15:46 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x6c00000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1139.330455][T21725] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1139.336628][T21735] ? tomoyo_file_ioctl+0x23/0x30 [ 1139.336645][T21735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.336662][T21735] ? security_file_ioctl+0x93/0xc0 [ 1139.336686][T21735] ksys_ioctl+0xab/0xd0 [ 1139.342732][T21725] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1139.345902][T21735] __x64_sys_ioctl+0x73/0xb0 [ 1139.345920][T21735] do_syscall_64+0x103/0x670 [ 1139.345940][T21735] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1139.351084][T21725] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1139.355925][T21735] RIP: 0033:0x458c29 [ 1139.355940][T21735] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1139.355948][T21735] RSP: 002b:00007fa60ca51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1139.355962][T21735] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1139.355971][T21735] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1139.355978][T21735] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1139.355991][T21735] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca526d4 [ 1139.383196][T21725] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1139.388724][T21735] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1139.399753][T21739] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1139.414981][T21725] 49324 total pagecache pages [ 1139.438197][T21739] CPU: 0 PID: 21739 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1139.451994][T21739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1139.452000][T21739] Call Trace: [ 1139.452032][T21739] dump_stack+0x172/0x1f0 [ 1139.452050][T21739] warn_alloc.cold+0x87/0x17f [ 1139.452067][T21739] ? zone_watermark_ok_safe+0x260/0x260 [ 1139.462769][T21739] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1139.462817][T21739] __vmalloc_node_range+0x48a/0x790 [ 1139.462833][T21739] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1139.462854][T21739] ? kmem_cache_alloc_trace+0x354/0x760 [ 1139.473434][T21725] 0 pages in swap cache [ 1139.476839][T21739] ? vb2_vmalloc_alloc+0xca/0x280 [ 1139.476859][T21739] vmalloc_user+0x6b/0x90 [ 1139.476873][T21739] ? vb2_vmalloc_alloc+0xca/0x280 [ 1139.476887][T21739] vb2_vmalloc_alloc+0xca/0x280 [ 1139.476904][T21739] ? __vb2_queue_alloc+0xf5/0xf40 [ 1139.491256][T21725] Swap cache stats: add 0, delete 0, find 0/0 [ 1139.495493][T21739] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1139.495505][T21739] __vb2_queue_alloc+0x5a6/0xf40 [ 1139.495532][T21739] vb2_core_create_bufs+0x2bc/0x790 [ 1139.495549][T21739] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1139.501866][T21725] Free swap = 0kB [ 1139.508867][T21739] ? __vb2_queue_alloc+0xf40/0xf40 [ 1139.508883][T21739] ? lock_acquire+0x16f/0x3f0 [ 1139.508900][T21739] ? __video_do_ioctl+0x398/0xce0 [ 1139.508912][T21739] ? __lock_acquire+0x548/0x3fb0 [ 1139.508933][T21739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.528162][T21725] Total swap = 0kB [ 1139.532906][T21739] vb2_create_bufs+0x472/0x7d0 [ 1139.532925][T21739] ? vb2_request_queue+0x120/0x120 [ 1139.532940][T21739] ? __lock_acquire+0x548/0x3fb0 [ 1139.532955][T21739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.532967][T21739] ? debug_smp_processor_id+0x3c/0x280 [ 1139.532986][T21739] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1139.538115][T21725] 1965979 pages RAM [ 1139.550099][T21739] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1139.550129][T21739] v4l_create_bufs+0xc0/0x180 [ 1139.550164][T21739] __video_do_ioctl+0x7f1/0xce0 [ 1139.550203][T21739] ? v4l_s_fmt+0xab0/0xab0 [ 1139.554621][T21725] 0 pages HighMem/MovableOnly [ 1139.558811][T21739] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1139.558825][T21739] ? _copy_from_user+0xdd/0x150 [ 1139.558841][T21739] video_usercopy+0x4c5/0x10d0 [ 1139.558857][T21739] ? v4l_s_fmt+0xab0/0xab0 [ 1139.563521][T21725] 339405 pages reserved [ 1139.567977][T21739] ? v4l_enumstd+0x70/0x70 [ 1139.567989][T21739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.568003][T21739] ? tomoyo_path_number_perm+0x263/0x520 [ 1139.568020][T21739] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1139.573201][T21725] 0 pages cma reserved [ 1139.590257][T21739] ? video_usercopy+0x10d0/0x10d0 [ 1139.590271][T21739] video_ioctl2+0x2d/0x35 [ 1139.590287][T21739] v4l2_ioctl+0x156/0x1b0 [ 1139.590299][T21739] ? video_devdata+0xa0/0xa0 [ 1139.590318][T21739] do_vfs_ioctl+0xd6e/0x1390 [ 1139.603946][T21739] ? ioctl_preallocate+0x210/0x210 [ 1139.624324][T21747] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1139.624683][T21739] ? __fget+0x381/0x550 [ 1139.624706][T21739] ? ksys_dup3+0x3e0/0x3e0 [ 1139.624720][T21739] ? nsecs_to_jiffies+0x30/0x30 [ 1139.624741][T21739] ? tomoyo_file_ioctl+0x23/0x30 [ 1139.633969][T21739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.633985][T21739] ? security_file_ioctl+0x93/0xc0 [ 1139.634004][T21739] ksys_ioctl+0xab/0xd0 [ 1139.634022][T21739] __x64_sys_ioctl+0x73/0xb0 [ 1139.634037][T21739] do_syscall_64+0x103/0x670 [ 1139.634056][T21739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1140.115278][T21739] RIP: 0033:0x458c29 [ 1140.119167][T21739] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1140.138754][T21739] RSP: 002b:00007f53a9435c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1140.147150][T21739] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1140.155192][T21739] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1140.163150][T21739] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1140.171104][T21739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94366d4 [ 1140.179056][T21739] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1140.187034][T21747] CPU: 1 PID: 21747 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1140.196135][T21747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1140.206183][T21747] Call Trace: [ 1140.209476][T21747] dump_stack+0x172/0x1f0 [ 1140.213818][T21747] warn_alloc.cold+0x87/0x17f [ 1140.218496][T21747] ? zone_watermark_ok_safe+0x260/0x260 [ 1140.220331][T21739] warn_alloc_show_mem: 3 callbacks suppressed [ 1140.220334][T21739] Mem-Info: [ 1140.224035][T21747] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1140.224072][T21747] __vmalloc_node_range+0x48a/0x790 [ 1140.224087][T21747] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1140.224105][T21747] ? kmem_cache_alloc_trace+0x354/0x760 [ 1140.224119][T21747] ? vb2_vmalloc_alloc+0xca/0x280 [ 1140.224136][T21747] vmalloc_user+0x6b/0x90 [ 1140.230352][T21739] active_anon:252664 inactive_anon:201 isolated_anon:0 [ 1140.230352][T21739] active_file:8224 inactive_file:40880 isolated_file:0 [ 1140.230352][T21739] unevictable:0 dirty:104 writeback:0 unstable:0 [ 1140.230352][T21739] slab_reclaimable:14167 slab_unreclaimable:116066 [ 1140.230352][T21739] mapped:58824 shmem:248 pagetables:7306 bounce:0 [ 1140.230352][T21739] free:1084150 free_pcp:472 free_cma:0 [ 1140.233312][T21747] ? vb2_vmalloc_alloc+0xca/0x280 [ 1140.233327][T21747] vb2_vmalloc_alloc+0xca/0x280 [ 1140.233337][T21747] ? __vb2_queue_alloc+0xf5/0xf40 [ 1140.233354][T21747] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1140.233366][T21747] __vb2_queue_alloc+0x5a6/0xf40 [ 1140.233396][T21747] vb2_core_create_bufs+0x2bc/0x790 [ 1140.233414][T21747] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1140.243887][T21739] Node 0 active_anon:1010656kB inactive_anon:804kB active_file:32760kB inactive_file:163520kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:416kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 587776kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1140.244183][T21747] ? __vb2_queue_alloc+0xf40/0xf40 [ 1140.249262][T21739] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1140.254703][T21747] ? lock_acquire+0x16f/0x3f0 [ 1140.254720][T21747] ? __video_do_ioctl+0x398/0xce0 [ 1140.254732][T21747] ? __lock_acquire+0x548/0x3fb0 [ 1140.254752][T21747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.254769][T21747] vb2_create_bufs+0x472/0x7d0 [ 1140.254787][T21747] ? vb2_request_queue+0x120/0x120 [ 1140.254800][T21747] ? __lock_acquire+0x548/0x3fb0 [ 1140.254818][T21747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.264739][T21739] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1140.302201][T21747] ? debug_smp_processor_id+0x3c/0x280 [ 1140.302222][T21747] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1140.302237][T21747] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1140.302258][T21747] v4l_create_bufs+0xc0/0x180 [ 1140.302275][T21747] __video_do_ioctl+0x7f1/0xce0 [ 1140.302306][T21747] ? v4l_s_fmt+0xab0/0xab0 [ 1140.302327][T21747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1140.302340][T21747] ? _copy_from_user+0xdd/0x150 [ 1140.302358][T21747] video_usercopy+0x4c5/0x10d0 [ 1140.302371][T21747] ? v4l_s_fmt+0xab0/0xab0 [ 1140.302389][T21747] ? v4l_enumstd+0x70/0x70 [ 1140.312995][T21739] lowmem_reserve[]: 0 2553 2555 2555 [ 1140.317213][T21747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.317232][T21747] ? tomoyo_path_number_perm+0x263/0x520 [ 1140.317250][T21747] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1140.317283][T21747] ? video_usercopy+0x10d0/0x10d0 [ 1140.336099][T21739] Node 0 DMA32 free:530504kB min:36232kB low:45288kB high:54344kB active_anon:1010656kB inactive_anon:804kB active_file:32760kB inactive_file:163520kB unevictable:0kB writepending:464kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15328kB pagetables:29224kB bounce:0kB free_pcp:1880kB local_pcp:744kB free_cma:0kB [ 1140.338514][T21747] video_ioctl2+0x2d/0x35 [ 1140.338530][T21747] v4l2_ioctl+0x156/0x1b0 [ 1140.338544][T21747] ? video_devdata+0xa0/0xa0 [ 1140.338563][T21747] do_vfs_ioctl+0xd6e/0x1390 [ 1140.371529][ T5] Bluetooth: hci0: command 0x1003 tx timeout 09:15:47 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x7400000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1140.372631][T21747] ? ioctl_preallocate+0x210/0x210 [ 1140.411609][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1140.413844][T21747] ? __fget+0x381/0x550 [ 1140.413865][T21747] ? ksys_dup3+0x3e0/0x3e0 [ 1140.413880][T21747] ? nsecs_to_jiffies+0x30/0x30 [ 1140.413903][T21747] ? tomoyo_file_ioctl+0x23/0x30 [ 1140.413919][T21747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.426117][T21739] lowmem_reserve[]: 0 0 2 2 [ 1140.430206][T21747] ? security_file_ioctl+0x93/0xc0 [ 1140.430226][T21747] ksys_ioctl+0xab/0xd0 [ 1140.430248][T21747] __x64_sys_ioctl+0x73/0xb0 [ 1140.430267][T21747] do_syscall_64+0x103/0x670 [ 1140.436479][T21739] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1140.441560][T21747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1140.441571][T21747] RIP: 0033:0x458c29 [ 1140.441586][T21747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1140.441592][T21747] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1140.441605][T21747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1140.441613][T21747] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1140.441620][T21747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1140.441628][T21747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1140.441635][T21747] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1140.476773][T21754] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1140.492095][T21754] CPU: 0 PID: 21754 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1140.504867][T21754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1140.504874][T21754] Call Trace: [ 1140.504900][T21754] dump_stack+0x172/0x1f0 [ 1140.504925][T21754] warn_alloc.cold+0x87/0x17f [ 1140.504942][T21754] ? zone_watermark_ok_safe+0x260/0x260 [ 1140.504958][T21754] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1140.504994][T21754] __vmalloc_node_range+0x48a/0x790 [ 1140.514660][T21754] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1140.514687][T21754] ? kmem_cache_alloc_trace+0x354/0x760 [ 1140.514703][T21754] ? vb2_vmalloc_alloc+0xca/0x280 [ 1140.514725][T21754] vmalloc_user+0x6b/0x90 [ 1140.523516][T21754] ? vb2_vmalloc_alloc+0xca/0x280 [ 1140.523533][T21754] vb2_vmalloc_alloc+0xca/0x280 [ 1140.523546][T21754] ? __vb2_queue_alloc+0xf5/0xf40 [ 1140.523564][T21754] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1140.523574][T21754] __vb2_queue_alloc+0x5a6/0xf40 [ 1140.523604][T21754] vb2_core_create_bufs+0x2bc/0x790 [ 1140.535170][T21754] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1140.535185][T21754] ? __vb2_queue_alloc+0xf40/0xf40 [ 1140.535200][T21754] ? lock_acquire+0x16f/0x3f0 [ 1140.535216][T21754] ? __video_do_ioctl+0x398/0xce0 [ 1140.535232][T21754] ? __lock_acquire+0x548/0x3fb0 [ 1140.546641][T21754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.546660][T21754] vb2_create_bufs+0x472/0x7d0 [ 1140.546679][T21754] ? vb2_request_queue+0x120/0x120 [ 1140.546691][T21754] ? __lock_acquire+0x548/0x3fb0 [ 1140.546709][T21754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.582416][T21754] ? debug_smp_processor_id+0x3c/0x280 [ 1140.582436][T21754] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1140.582451][T21754] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1140.582465][T21754] v4l_create_bufs+0xc0/0x180 [ 1140.582482][T21754] __video_do_ioctl+0x7f1/0xce0 [ 1140.591102][T21754] ? v4l_s_fmt+0xab0/0xab0 [ 1140.591125][T21754] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1140.600259][T21754] ? _copy_from_user+0xdd/0x150 [ 1140.600285][T21754] video_usercopy+0x4c5/0x10d0 [ 1140.600302][T21754] ? v4l_s_fmt+0xab0/0xab0 [ 1140.607905][T21739] lowmem_reserve[]: 0 0 0 0 [ 1140.611352][T21754] ? v4l_enumstd+0x70/0x70 [ 1140.611368][T21754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.611389][T21754] ? tomoyo_path_number_perm+0x263/0x520 [ 1140.633829][T21739] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1140.635736][T21754] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1140.635768][T21754] ? video_usercopy+0x10d0/0x10d0 [ 1140.643227][T21758] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 09:15:47 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)="de", 0x1}], 0x10000308}, 0x2000000) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1140.646507][T21754] video_ioctl2+0x2d/0x35 [ 1140.646523][T21754] v4l2_ioctl+0x156/0x1b0 [ 1140.646535][T21754] ? video_devdata+0xa0/0xa0 [ 1140.646555][T21754] do_vfs_ioctl+0xd6e/0x1390 [ 1140.659814][T21739] lowmem_reserve[]: 0 0 0 0 [ 1140.660548][T21754] ? ioctl_preallocate+0x210/0x210 [ 1140.677397][T21739] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1140.691650][T21754] ? __fget+0x381/0x550 [ 1140.691671][T21754] ? ksys_dup3+0x3e0/0x3e0 [ 1140.691684][T21754] ? nsecs_to_jiffies+0x30/0x30 [ 1140.691704][T21754] ? tomoyo_file_ioctl+0x23/0x30 [ 1140.691722][T21754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.728426][T21739] Node 0 DMA32: 546*4kB (UME) 169*8kB (UE) 101*16kB (UM) 337*32kB (UME) 378*64kB (UME) 19*128kB (ME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 2*2048kB (UE) 116*4096kB (UM) = 527168kB [ 1140.729437][T21754] ? security_file_ioctl+0x93/0xc0 [ 1140.729454][T21754] ksys_ioctl+0xab/0xd0 [ 1140.729471][T21754] __x64_sys_ioctl+0x73/0xb0 [ 1140.756254][T21739] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1140.761310][T21754] do_syscall_64+0x103/0x670 [ 1140.761328][T21754] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1140.761342][T21754] RIP: 0033:0x458c29 [ 1140.797907][T21739] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1140.802358][T21754] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1140.802367][T21754] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1140.802381][T21754] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1140.802389][T21754] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1140.802397][T21754] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1140.802406][T21754] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1140.802413][T21754] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1140.806812][T21758] CPU: 1 PID: 21758 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1140.825895][T21758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1140.825901][T21758] Call Trace: [ 1140.825921][T21758] dump_stack+0x172/0x1f0 [ 1140.825939][T21758] warn_alloc.cold+0x87/0x17f [ 1140.852691][T21739] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1140.855975][T21758] ? zone_watermark_ok_safe+0x260/0x260 [ 1140.855993][T21758] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1140.856031][T21758] __vmalloc_node_range+0x48a/0x790 [ 1140.856050][T21758] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1140.864128][T21765] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1140.866059][T21758] ? kmem_cache_alloc_trace+0x354/0x760 [ 1140.866076][T21758] ? vb2_vmalloc_alloc+0xca/0x280 [ 1140.866096][T21758] vmalloc_user+0x6b/0x90 [ 1140.872360][T21739] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1140.876913][T21758] ? vb2_vmalloc_alloc+0xca/0x280 [ 1140.876930][T21758] vb2_vmalloc_alloc+0xca/0x280 [ 1140.876943][T21758] ? __vb2_queue_alloc+0xf5/0xf40 [ 1140.876966][T21758] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1140.886955][T21739] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1140.887491][T21758] __vb2_queue_alloc+0x5a6/0xf40 [ 1140.887523][T21758] vb2_core_create_bufs+0x2bc/0x790 [ 1140.898372][T21739] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1140.902352][T21758] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1140.902366][T21758] ? __vb2_queue_alloc+0xf40/0xf40 [ 1140.902381][T21758] ? lock_acquire+0x16f/0x3f0 [ 1140.902398][T21758] ? __video_do_ioctl+0x398/0xce0 [ 1140.902412][T21758] ? __lock_acquire+0x548/0x3fb0 [ 1140.902438][T21758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.907424][T21739] 49353 total pagecache pages [ 1140.913657][T21758] vb2_create_bufs+0x472/0x7d0 [ 1140.913676][T21758] ? vb2_request_queue+0x120/0x120 [ 1140.913691][T21758] ? __lock_acquire+0x548/0x3fb0 [ 1140.913707][T21758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.913722][T21758] ? debug_smp_processor_id+0x3c/0x280 [ 1140.913745][T21758] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1140.913764][T21758] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1140.929626][T21739] 0 pages in swap cache [ 1140.934729][T21758] v4l_create_bufs+0xc0/0x180 [ 1140.934750][T21758] __video_do_ioctl+0x7f1/0xce0 [ 1140.934773][T21758] ? v4l_s_fmt+0xab0/0xab0 [ 1140.934798][T21758] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1140.934817][T21758] ? _copy_from_user+0xdd/0x150 [ 1140.951621][T21739] Swap cache stats: add 0, delete 0, find 0/0 [ 1140.955465][T21758] video_usercopy+0x4c5/0x10d0 [ 1140.955483][T21758] ? v4l_s_fmt+0xab0/0xab0 [ 1140.955504][T21758] ? v4l_enumstd+0x70/0x70 [ 1140.955523][T21758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.960468][T21739] Free swap = 0kB [ 1140.964753][T21758] ? tomoyo_path_number_perm+0x263/0x520 [ 1140.964772][T21758] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1140.964805][T21758] ? video_usercopy+0x10d0/0x10d0 [ 1140.964819][T21758] video_ioctl2+0x2d/0x35 [ 1140.964836][T21758] v4l2_ioctl+0x156/0x1b0 [ 1140.964851][T21758] ? video_devdata+0xa0/0xa0 [ 1140.964873][T21758] do_vfs_ioctl+0xd6e/0x1390 [ 1140.976014][T21739] Total swap = 0kB [ 1140.980663][T21758] ? ioctl_preallocate+0x210/0x210 [ 1140.980679][T21758] ? __fget+0x381/0x550 [ 1140.980702][T21758] ? ksys_dup3+0x3e0/0x3e0 [ 1140.995310][T21739] 1965979 pages RAM [ 1141.000186][T21758] ? nsecs_to_jiffies+0x30/0x30 [ 1141.000214][T21758] ? tomoyo_file_ioctl+0x23/0x30 [ 1141.000233][T21758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.018427][T21739] 0 pages HighMem/MovableOnly [ 1141.034131][T21758] ? security_file_ioctl+0x93/0xc0 [ 1141.034151][T21758] ksys_ioctl+0xab/0xd0 [ 1141.034171][T21758] __x64_sys_ioctl+0x73/0xb0 [ 1141.034189][T21758] do_syscall_64+0x103/0x670 [ 1141.034213][T21758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1141.034227][T21758] RIP: 0033:0x458c29 [ 1141.034242][T21758] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1141.034264][T21758] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1141.058384][T21739] 339405 pages reserved [ 1141.058935][T21758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1141.069262][T21739] 0 pages cma reserved [ 1141.072223][T21758] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1141.072232][T21758] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1141.072240][T21758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1141.072256][T21758] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1141.125629][T21765] CPU: 1 PID: 21765 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1141.149091][T21765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1141.149098][T21765] Call Trace: [ 1141.149121][T21765] dump_stack+0x172/0x1f0 [ 1141.149142][T21765] warn_alloc.cold+0x87/0x17f [ 1141.158047][T21765] ? zone_watermark_ok_safe+0x260/0x260 [ 1141.158066][T21765] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1141.158104][T21765] __vmalloc_node_range+0x48a/0x790 [ 1141.779807][T21765] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1141.784830][T21765] ? kmem_cache_alloc_trace+0x354/0x760 [ 1141.790364][T21765] ? vb2_vmalloc_alloc+0xca/0x280 [ 1141.795377][T21765] vmalloc_user+0x6b/0x90 [ 1141.799693][T21765] ? vb2_vmalloc_alloc+0xca/0x280 [ 1141.804700][T21765] vb2_vmalloc_alloc+0xca/0x280 [ 1141.809616][T21765] ? __vb2_queue_alloc+0xf5/0xf40 [ 1141.814631][T21765] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1141.820500][T21765] __vb2_queue_alloc+0x5a6/0xf40 [ 1141.825434][T21765] vb2_core_create_bufs+0x2bc/0x790 [ 1141.830609][T21765] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1141.835970][T21765] ? __vb2_queue_alloc+0xf40/0xf40 [ 1141.841062][T21765] ? lock_acquire+0x16f/0x3f0 [ 1141.845716][T21765] ? __video_do_ioctl+0x398/0xce0 [ 1141.850728][T21765] ? __lock_acquire+0x548/0x3fb0 [ 1141.855651][T21765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.861867][T21765] vb2_create_bufs+0x472/0x7d0 [ 1141.866606][T21765] ? vb2_request_queue+0x120/0x120 [ 1141.871701][T21765] ? __lock_acquire+0x548/0x3fb0 [ 1141.876616][T21765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.882834][T21765] ? debug_smp_processor_id+0x3c/0x280 [ 1141.888273][T21765] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1141.893302][T21765] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1141.898829][T21765] v4l_create_bufs+0xc0/0x180 [ 1141.903492][T21765] __video_do_ioctl+0x7f1/0xce0 [ 1141.908322][T21765] ? v4l_s_fmt+0xab0/0xab0 [ 1141.912720][T21765] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1141.918940][T21765] ? _copy_from_user+0xdd/0x150 [ 1141.923779][T21765] video_usercopy+0x4c5/0x10d0 [ 1141.928532][T21765] ? v4l_s_fmt+0xab0/0xab0 [ 1141.932931][T21765] ? v4l_enumstd+0x70/0x70 [ 1141.937327][T21765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.943552][T21765] ? tomoyo_path_number_perm+0x263/0x520 [ 1141.949177][T21765] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1141.954989][T21765] ? video_usercopy+0x10d0/0x10d0 [ 1141.960090][T21765] video_ioctl2+0x2d/0x35 [ 1141.964489][T21765] v4l2_ioctl+0x156/0x1b0 [ 1141.968795][T21765] ? video_devdata+0xa0/0xa0 [ 1141.973370][T21765] do_vfs_ioctl+0xd6e/0x1390 [ 1141.977948][T21765] ? ioctl_preallocate+0x210/0x210 [ 1141.983037][T21765] ? __fget+0x381/0x550 [ 1141.987208][T21765] ? ksys_dup3+0x3e0/0x3e0 [ 1141.991611][T21765] ? nsecs_to_jiffies+0x30/0x30 [ 1141.996456][T21765] ? tomoyo_file_ioctl+0x23/0x30 [ 1142.001372][T21765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1142.007587][T21765] ? security_file_ioctl+0x93/0xc0 [ 1142.012680][T21765] ksys_ioctl+0xab/0xd0 [ 1142.016814][T21765] __x64_sys_ioctl+0x73/0xb0 [ 1142.021382][T21765] do_syscall_64+0x103/0x670 [ 1142.025955][T21765] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1142.031839][T21765] RIP: 0033:0x458c29 [ 1142.035718][T21765] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1142.055391][T21765] RSP: 002b:00007fa60ca51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1142.063787][T21765] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1142.071739][T21765] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1142.079822][T21765] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1142.087770][T21765] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca526d4 [ 1142.095714][T21765] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1142.129382][T21765] warn_alloc_show_mem: 3 callbacks suppressed [ 1142.129387][T21765] Mem-Info: [ 1142.143835][T21765] active_anon:252135 inactive_anon:201 isolated_anon:0 [ 1142.143835][T21765] active_file:8227 inactive_file:40902 isolated_file:0 [ 1142.143835][T21765] unevictable:0 dirty:137 writeback:0 unstable:0 [ 1142.143835][T21765] slab_reclaimable:14162 slab_unreclaimable:116028 [ 1142.143835][T21765] mapped:58824 shmem:248 pagetables:7256 bounce:0 09:15:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x8000) ioctl$sock_rose_SIOCDELRT(r1, 0x890c, &(0x7f0000000140)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @null, @rose={'rose', 0x0}, 0x5, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000040)) 09:15:48 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000200)=@sack_info={0x0, 0x2, 0x5f9}, &(0x7f0000000240)=0xc) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000280)={r1, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:15:48 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x20000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:48 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x7a00000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1142.143835][T21765] free:1084654 free_pcp:663 free_cma:0 [ 1142.182394][T21765] Node 0 active_anon:1008540kB inactive_anon:804kB active_file:32772kB inactive_file:163608kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:548kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 589824kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1142.220130][ T1285] Bluetooth: hci1: sending frame failed (-49) 09:15:48 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x8000000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1142.228811][T21775] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1142.272572][T21775] CPU: 1 PID: 21775 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1142.281715][T21775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1142.291862][T21775] Call Trace: [ 1142.295167][T21775] dump_stack+0x172/0x1f0 [ 1142.299528][T21775] warn_alloc.cold+0x87/0x17f [ 1142.304223][T21775] ? zone_watermark_ok_safe+0x260/0x260 [ 1142.309782][T21775] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1142.311768][T21765] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1142.315446][T21775] __vmalloc_node_range+0x48a/0x790 [ 1142.315471][T21775] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1142.352331][T21775] ? kmem_cache_alloc_trace+0x354/0x760 [ 1142.357886][T21775] ? vb2_vmalloc_alloc+0xca/0x280 [ 1142.359874][T21765] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1142.362914][T21775] vmalloc_user+0x6b/0x90 [ 1142.362932][T21775] ? vb2_vmalloc_alloc+0xca/0x280 [ 1142.362947][T21775] vb2_vmalloc_alloc+0xca/0x280 [ 1142.362959][T21775] ? __vb2_queue_alloc+0xf5/0xf40 [ 1142.362977][T21775] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1142.362990][T21775] __vb2_queue_alloc+0x5a6/0xf40 [ 1142.363020][T21775] vb2_core_create_bufs+0x2bc/0x790 [ 1142.363037][T21775] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1142.363051][T21775] ? __vb2_queue_alloc+0xf40/0xf40 [ 1142.363066][T21775] ? lock_acquire+0x16f/0x3f0 [ 1142.363082][T21775] ? __video_do_ioctl+0x398/0xce0 [ 1142.363096][T21775] ? __lock_acquire+0x548/0x3fb0 [ 1142.363116][T21775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1142.363138][T21775] vb2_create_bufs+0x472/0x7d0 [ 1142.396890][T21765] lowmem_reserve[]: 0 2553 2555 2555 [ 1142.399356][T21775] ? vb2_request_queue+0x120/0x120 [ 1142.399374][T21775] ? __lock_acquire+0x548/0x3fb0 [ 1142.399393][T21775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1142.399408][T21775] ? debug_smp_processor_id+0x3c/0x280 [ 1142.399428][T21775] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1142.404898][T21765] Node 0 DMA32 free:527476kB min:36232kB low:45288kB high:54344kB active_anon:1012904kB inactive_anon:804kB active_file:32772kB inactive_file:163608kB unevictable:0kB writepending:548kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15296kB pagetables:29616kB bounce:0kB free_pcp:1756kB local_pcp:852kB free_cma:0kB [ 1142.409279][T21775] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1142.409301][T21775] v4l_create_bufs+0xc0/0x180 [ 1142.409322][T21775] __video_do_ioctl+0x7f1/0xce0 [ 1142.409351][T21775] ? v4l_s_fmt+0xab0/0xab0 [ 1142.421404][T21765] lowmem_reserve[]: 0 0 2 2 [ 1142.425325][T21775] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1142.425342][T21775] ? _copy_from_user+0xdd/0x150 [ 1142.425365][T21775] video_usercopy+0x4c5/0x10d0 [ 1142.425382][T21775] ? v4l_s_fmt+0xab0/0xab0 [ 1142.425402][T21775] ? v4l_enumstd+0x70/0x70 [ 1142.425415][T21775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1142.425432][T21775] ? tomoyo_path_number_perm+0x263/0x520 [ 1142.425450][T21775] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1142.425478][T21775] ? video_usercopy+0x10d0/0x10d0 [ 1142.438601][T21765] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1142.440693][T21775] video_ioctl2+0x2d/0x35 [ 1142.440712][T21775] v4l2_ioctl+0x156/0x1b0 [ 1142.440726][T21775] ? video_devdata+0xa0/0xa0 [ 1142.440753][T21775] do_vfs_ioctl+0xd6e/0x1390 [ 1142.446046][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 1142.450680][T21775] ? ioctl_preallocate+0x210/0x210 [ 1142.450697][T21775] ? __fget+0x381/0x550 [ 1142.450721][T21775] ? ksys_dup3+0x3e0/0x3e0 [ 1142.450739][T21775] ? nsecs_to_jiffies+0x30/0x30 [ 1142.468508][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1142.472166][T21775] ? tomoyo_file_ioctl+0x23/0x30 [ 1142.472184][T21775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1142.472200][T21775] ? security_file_ioctl+0x93/0xc0 [ 1142.472220][T21775] ksys_ioctl+0xab/0xd0 [ 1142.472241][T21775] __x64_sys_ioctl+0x73/0xb0 [ 1142.472260][T21775] do_syscall_64+0x103/0x670 [ 1142.472280][T21775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1142.477930][T21765] lowmem_reserve[]: 0 0 0 0 [ 1142.483423][T21775] RIP: 0033:0x458c29 [ 1142.483440][T21775] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1142.483448][T21775] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1142.483462][T21775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1142.483470][T21775] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1142.483478][T21775] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1142.483487][T21775] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1142.483496][T21775] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1142.565463][T21765] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1142.588139][T21765] lowmem_reserve[]: 0 0 0 0 [ 1142.634814][T21765] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1142.842246][T21765] Node 0 DMA32: 521*4kB (UME) 48*8kB (UME) 67*16kB (U) 338*32kB (UME) 378*64kB (UME) 19*128kB (ME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 3*2048kB (UME) 116*4096kB (UM) = 527636kB [ 1142.861744][T21765] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1142.874595][T21765] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1142.891971][T21765] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1142.901604][T21765] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1142.910909][T21765] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1142.920555][T21765] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1142.930910][T21765] 49392 total pagecache pages [ 1142.935729][T21765] 0 pages in swap cache [ 1142.939897][T21765] Swap cache stats: add 0, delete 0, find 0/0 [ 1142.946039][T21765] Free swap = 0kB [ 1142.949770][T21765] Total swap = 0kB [ 1142.953628][T21765] 1965979 pages RAM [ 1142.957444][T21765] 0 pages HighMem/MovableOnly [ 1142.962206][T21765] 339405 pages reserved [ 1142.966378][T21765] 0 pages cma reserved [ 1144.281589][ T5] Bluetooth: hci1: command 0x1003 tx timeout [ 1144.289184][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1144.521675][ T5] Bluetooth: hci0: command 0x1009 tx timeout [ 1145.081816][ T5] Bluetooth: hci2: command 0x1003 tx timeout [ 1145.088055][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1146.361648][ T7683] Bluetooth: hci1: command 0x1001 tx timeout [ 1146.367803][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1147.161633][ T7683] Bluetooth: hci2: command 0x1001 tx timeout [ 1147.167732][T20067] Bluetooth: hci2: sending frame failed (-49) 09:15:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5460, &(0x7f0000000080)) 09:15:54 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xfecaedfe00000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:54 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) syz_open_dev$usb(&(0x7f0000000200)='/dev/bus/usb/00#/00#\x00', 0x8000, 0x4040) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:15:54 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x40000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:54 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1148.085994][T21800] warn_alloc: 4 callbacks suppressed [ 1148.086012][T21800] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1148.092679][T21806] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1148.128104][T21804] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1148.142774][T21800] CPU: 0 PID: 21800 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1148.151917][T21800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.161996][T21800] Call Trace: [ 1148.165295][T21800] dump_stack+0x172/0x1f0 [ 1148.169639][T21800] warn_alloc.cold+0x87/0x17f [ 1148.174326][T21800] ? zone_watermark_ok_safe+0x260/0x260 [ 1148.179873][T21800] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1148.185533][T21800] __vmalloc_node_range+0x48a/0x790 [ 1148.190736][T21800] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1148.195767][T21800] ? kmem_cache_alloc_trace+0x354/0x760 [ 1148.201326][T21800] ? vb2_vmalloc_alloc+0xca/0x280 [ 1148.206359][T21800] vmalloc_user+0x6b/0x90 [ 1148.210686][T21800] ? vb2_vmalloc_alloc+0xca/0x280 [ 1148.215720][T21800] vb2_vmalloc_alloc+0xca/0x280 [ 1148.220566][T21800] ? __vb2_queue_alloc+0xf5/0xf40 [ 1148.225596][T21800] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1148.231396][T21800] __vb2_queue_alloc+0x5a6/0xf40 [ 1148.236345][T21800] vb2_core_create_bufs+0x2bc/0x790 [ 1148.241542][T21800] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1148.246915][T21800] ? __vb2_queue_alloc+0xf40/0xf40 [ 1148.252036][T21800] ? lock_acquire+0x16f/0x3f0 [ 1148.256722][T21800] ? __video_do_ioctl+0x398/0xce0 [ 1148.261751][T21800] ? __lock_acquire+0x548/0x3fb0 [ 1148.266692][T21800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.272942][T21800] vb2_create_bufs+0x472/0x7d0 [ 1148.277705][T21800] ? vb2_request_queue+0x120/0x120 [ 1148.282823][T21800] ? __lock_acquire+0x548/0x3fb0 [ 1148.287767][T21800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.294009][T21800] ? debug_smp_processor_id+0x3c/0x280 [ 1148.299473][T21800] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1148.304499][T21800] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1148.310043][T21800] v4l_create_bufs+0xc0/0x180 [ 1148.314721][T21800] __video_do_ioctl+0x7f1/0xce0 [ 1148.319677][T21800] ? v4l_s_fmt+0xab0/0xab0 [ 1148.324104][T21800] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1148.330362][T21800] ? _copy_from_user+0xdd/0x150 [ 1148.335225][T21800] video_usercopy+0x4c5/0x10d0 [ 1148.340023][T21800] ? v4l_s_fmt+0xab0/0xab0 [ 1148.344449][T21800] ? v4l_enumstd+0x70/0x70 [ 1148.348863][T21800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.355103][T21800] ? tomoyo_path_number_perm+0x263/0x520 [ 1148.360735][T21800] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1148.366569][T21800] ? video_usercopy+0x10d0/0x10d0 [ 1148.371591][T21800] video_ioctl2+0x2d/0x35 [ 1148.375924][T21800] v4l2_ioctl+0x156/0x1b0 [ 1148.380253][T21800] ? video_devdata+0xa0/0xa0 [ 1148.384865][T21800] do_vfs_ioctl+0xd6e/0x1390 [ 1148.389464][T21800] ? ioctl_preallocate+0x210/0x210 [ 1148.394579][T21800] ? __fget+0x381/0x550 [ 1148.398745][T21800] ? ksys_dup3+0x3e0/0x3e0 [ 1148.403163][T21800] ? nsecs_to_jiffies+0x30/0x30 [ 1148.408021][T21800] ? tomoyo_file_ioctl+0x23/0x30 [ 1148.412956][T21800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.419192][T21800] ? security_file_ioctl+0x93/0xc0 [ 1148.424320][T21800] ksys_ioctl+0xab/0xd0 [ 1148.428479][T21800] __x64_sys_ioctl+0x73/0xb0 [ 1148.433071][T21800] do_syscall_64+0x103/0x670 [ 1148.437658][T21800] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1148.443544][T21800] RIP: 0033:0x458c29 [ 1148.447438][T21800] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1148.467038][T21800] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1148.475458][T21800] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1148.483431][T21800] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1148.491487][T21800] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1148.499463][T21800] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1148.507429][T21800] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1148.515419][T21804] CPU: 1 PID: 21804 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1148.521632][ T5] Bluetooth: hci1: command 0x1009 tx timeout [ 1148.524523][T21804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.524536][T21804] Call Trace: [ 1148.524559][T21804] dump_stack+0x172/0x1f0 [ 1148.524580][T21804] warn_alloc.cold+0x87/0x17f [ 1148.542989][T21800] warn_alloc_show_mem: 1 callbacks suppressed [ 1148.542994][T21800] Mem-Info: [ 1148.543862][T21804] ? zone_watermark_ok_safe+0x260/0x260 [ 1148.543880][T21804] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1148.543919][T21804] __vmalloc_node_range+0x48a/0x790 [ 1148.548376][T21800] active_anon:254302 inactive_anon:201 isolated_anon:0 [ 1148.548376][T21800] active_file:8231 inactive_file:40921 isolated_file:0 [ 1148.548376][T21800] unevictable:0 dirty:158 writeback:0 unstable:0 [ 1148.548376][T21800] slab_reclaimable:14061 slab_unreclaimable:116114 [ 1148.548376][T21800] mapped:58824 shmem:248 pagetables:7377 bounce:0 [ 1148.548376][T21800] free:1082325 free_pcp:563 free_cma:0 [ 1148.552909][T21804] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1148.552930][T21804] ? kmem_cache_alloc_trace+0x354/0x760 [ 1148.552944][T21804] ? vb2_vmalloc_alloc+0xca/0x280 [ 1148.552962][T21804] vmalloc_user+0x6b/0x90 [ 1148.552977][T21804] ? vb2_vmalloc_alloc+0xca/0x280 [ 1148.552996][T21804] vb2_vmalloc_alloc+0xca/0x280 [ 1148.560073][T21800] Node 0 active_anon:1017208kB inactive_anon:804kB active_file:32788kB inactive_file:163684kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:632kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 595968kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1148.562132][T21804] ? __vb2_queue_alloc+0xf5/0xf40 [ 1148.562151][T21804] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1148.562162][T21804] __vb2_queue_alloc+0x5a6/0xf40 [ 1148.562208][T21804] vb2_core_create_bufs+0x2bc/0x790 [ 1148.562228][T21804] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1148.567906][T21800] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1148.573389][T21804] ? __vb2_queue_alloc+0xf40/0xf40 [ 1148.573405][T21804] ? lock_acquire+0x16f/0x3f0 [ 1148.573421][T21804] ? __video_do_ioctl+0x398/0xce0 [ 1148.573434][T21804] ? __lock_acquire+0x548/0x3fb0 [ 1148.573456][T21804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.573473][T21804] vb2_create_bufs+0x472/0x7d0 [ 1148.578821][T21800] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 09:15:55 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) sendmsg(r0, &(0x7f00000026c0)={0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000200)="c7de645da423bd334492c4eec668641a77af4a30b913dbe9be402eb79fcbc86a6df29b4d1d9e01975435bf7bdc25f135bbda0a60e535133b8b6eb63f59584ad5f745a771be67756bf88dd575c5bb5a29523fc45cce88", 0x56}, {&(0x7f0000000280)="4942398b0077eaa6c8766b6ce053d010a68b0f8a1936e4de0a3d5803f672e20649fb6f1aab1ff0a317bc67df68cad2dd036503fb51707654034aacb7afe8d7fcddd82fe8611df09cb4545c6708981fd73f773c59045a31c82e12325dc09c05e3ff4eeaa8821d79df19a54698c52d3ca4ca47095cb94191bade6d2d26e1d302268430494693076a7ad488dce135bde80a3203dc3e8c6b9e9eea27df9ae6fbcbf1de066f622f7dd6371cf5d50be2365ca0b2d20bd1f1fe5f6acff67856c31a1c65cec634f4fee97aad5849f6b4427da0c50551216c5707bd14c58b3e5f1808c8eaaae1444b40274f7470cbde2dcadc66cc10d250da48e3ddda152ceeabb5253cc15057a18b4a69fb88ffa9caa33e6956c73abf936bd9cc9548d15d33a47ab683282c147a2a5659707565b096414836f61a4e0cb8e2fb074edcfc3efe0e3bdc7f5979ede9b14cb8f33be45efa67c231ee07a3bad3650d40d4071742503eecebba1ad19a74976224dccff6bfb69cbc9a8920973b6fe24afe23d598328d41923516db399686b81a66e27b26bb458ac7c7b20cbf6d6ee6dc8f814a9960c3b2a6c9be4ec60210efbfdd6e470877165d8e8275d26973ccc5fe93f51d79bffec870cb4f7e5c2582373915bc940f19ec71dfec06cc3e519a9ba526b0d7aca7ccaea6bb11120d0caabf6da4a362b8e9aa8245f50fab38cbf60d06b1b17d63ce83bdd34c6f9b76e99dee209eabbb3e72d01268e869cf853f1d0af065e0abd23063dd7f272897f6f15f5e34433a87e41e7ad1a5120ab9e7a8f19f1c8b154b7fc695cb5583c165d18d66112cd0ff94836dfc6583a7d50d2eefb2a40c760b3200412c82247ef1384adc46d4ddf7e79c7d82af3091bcfc61a6e0248dcd4602e70c4fc3ac0f9ea1d31c06561b023aa13a920012f50b65121a413d91d82991bbe6c5d273f5739fc490e5ee56cf03cc2b369ff6c8cc4bc5a1fdc5025b144af1a69d593ad5d6fa94667420541b4ee378720ec3c057c4f6ac701ac665813c78cad09b023c40cd45e2128afc87972ea310a0855f8888026c8fc54316ea4a362b0b438d8a9883917d10e7eeb2a72d258bdce8ce7338da65f42fed226e81ba8eed7f097ab2b7c9942c854e3895ba331cf36a1239f4c9e5a55a1fec2de8175db666f257ff13227e93d96efcb49b2cf431c76c0085175ef45fa8bc4fd1372268aef40aaa14c17218b28bc0692564d07bfd0e07fe0bdccae56beb7b462bf7de481fa17240b9fab0262ae615e42875200b7be63ebc6897a3900be205b9efdfd5e9512350179d79900e4ed28bbe8c072beede911ccc9f44c039352662a7674ab8546310d8d34278ef35b4b705e072973999be3826c19c5c0fd7917184b4feb09036664d064e0b415001e9f90c88a9b04c1e9ca25b45f65648c60795f7eed1f86b6d74bd255b3ae6223b2ecc2add8b4626d90a149a534b05a1f61214f2e351617f6d2cb980fa628d72014a3144ae4947f0b8f4a4aa1418949e29a88032518c893055d942a441bfe0c1778b606c32fa3a93d7ca5b095510e9bda4c389e919357f9139fae278ea64549a1cc7ac1857c6bbd410894d9fc6e9879284819bf48fef6482da6b62eeb3d13c3fa7649214123c1d573c7d63dbfa24d87582cc3cf1cfccd167c02707fb893c2e2d6fe68fa46b8a7d46e6162223e59a0b76f592f5a798ec7cbad0fa559c4fcde171425eb3189af144918d325bf77551c5281fc771b3678752bcc667053a0eceec20bce62f1257d00507ac38a0ee41e00b54460d4e0b27cae64225472d5e420bc9c93d3aa75988d3c04e3a7141e95bfa30afee86f46d27a28ea23a23fcba37ad86da78f0a67b6704a67cce50a42b8fbd22e436f8f7a15e74afc92c31be74451754d46c6e8b92bd4d14215ef9e9e229a14868c3e31a26b048e484c902d69e97dfa96c4f22d470d7cbddacb7c5d7cb475d9d2e0010f7993ac5487663fe09561a78a05126b106e92c25a9989ecdd57427a79a21e502837f42fb537a0ea36fbadb0d4656085c3a39a56af8c69887940881a09a228c18a2de75a2ace6f4db20cd37a70d242880525ecdfdbdf7b7de0254a72b97c6dc2edafa4492cf8db02ea59bb16f01ec5206dc56dcdda75e37ada5c1a3a5717d2b9eece90237a6ee59cf89b78cba7019a219980c982ef6d420b664fafe87cb02ff649c4ec1d38c15b14b49142cd3e96663a68cd5dfbfdb2861734abd5793bd5d6be9755b791894dce31b56f337d00e23ce2f04804a0ec1ce65cf8d046a9c5f1bdc01667964b6b881951c1e441d10c483978f0df7b1f76fbe8fde9c2aea9c809f7f6315b7c2384a4ad87045d22dd4cf9e793154a5e382b6016a07a81e6eae16c9f9a6e45776b655ff71e0721733086811ad456eb57a7c8e2a4569adc4cbc4cbeb199145546e25fb32c07b007e6cd63bb7ea3930faa53177bd6f427be6b6bf3992a5c375e24d327f976219cdb525e46b3f2a6f42ec3661e90c0a130a9fbf89e484b88ef7ab22ae4467853fa92ffed1d2e163bb4357737f7d8c047cf26f52973166ab98c031f914e9c6cf7652b3c7dff80e61b37c373f06641a470c42be65f1fc092dd559f35c327ba28f66ad588b43b479439bfccc2c7e204115830a98d3422555301c3b2c4a3150e615932ecf1033669d55835bee4d2504f3f2d605793e4ebfb30a8cfc349a4099aae28b98d4d77076f99025de7dbb68b5189a7d9cd4904fb9069670d2b21a924ce333297cee35c38282388539a2a58ad7b4f85bc39bb87b712cf5c76c1ffe5e01582d1c0844a474311a0ded021c1f4cd1b3f7984647db09053cc7e2d26bc0eda7dbbc7999955e56106043acada207f7ca1d65388ef55dbf055041aeee85e88adcf7b07acee5ad06dfece0f3c89d161a74ddef1a472ad099f45ff90699b8fa2065726825492a1660bc59e7fef78d2eb70ba0a5d2cafadf5fa6d43d3badc1c90f931549eca8f42e67dd4e10092b36d10490b34f342851fefcc0e0182f84fe04d26d7a109f3b9652435cc86ec929d45a4106719c798d2c56dc366501f2d11dc1d93ab63e3ceb314d28b423599662dcf47568fa1d2c48ef6895cde2e20581579550459833f170d3a59e7387369bf01dc1db61b2b3c02ee78b94de5e849efe9e595e0b6dd116a0e0ac7dff09bc02bf1d166d1d9036ca46f2e12513b07d23a5c4546a96aa233d6a731baba87e6d1c87b6ee77ef12e36597074375200a06280324585df63cfdd750c2fdc6d1b295b064680176b521615d3f9aaa78f2f97d254737c2124d3458ef98b3010b50df992a003fea72ded5b4e30bffea50f2611d5ce045c0ae4f6eb97287efdf4a9ed0448028e322b21b9e29538c687d12ec96dd08b54ee4166c16f2f9632622d1dd239b5b87f87e815e72f6030e8e2e84aa07602ffa23e84408d5e7ef2d550b4eeb98187e29112326f482c381fb51224932e1f8b38abf0f6f17f761cb85d3331c0e117ddfd2add6b6925a1c3e894316caf4a4a472c73a4e11c27645e18f3e1bf13134e1e08d4cc35d52fe44d68fdf2e6b300995b937595eaf18ff1bcf9e1e63571ea4d65ca0612c0a823128c011fac3d5b23fee40cea2493a5b223c5f54cccbc5f8588f40cba9ae2f11ee98c173093d6ff3c67a01cf63c702cee23e69a1e40edc9300e78041678394c544cd9e3774bd064817c16b96c02d924d9a4e4d786a56fab0350dcbfee73c8acbb4a74867e5afe49ae07f3205106dfeaacb19f839396f5dffcc89a5a5cc6958f35b30392334bf1731d72935148118e4f3c7973f2e25eeeadd910658bd29daf4e4ada7b1ea0db5b12328d3c53ff220b73b3d6e6b7529b9009742eb24e95cc39f22672c891c83cff3fc274101ddd67f4330a2f958d4dc877292626dce46227c54835ef0d30de61b51573326b3fe4f26fd14913b2f08dd07e38f89a0f8952bcfc6aa352c63bf06b3313a01a957b436b271a2b6229894b799365ce8dbde5e8f7eaaed0ee26a46df61a9247df68ede2407ba9ce20438a120863d78afc93a1fe5d1e59205ad845c8209228d11238c4496d11a3ee982371252206684b633492184381ca53000e655bbdf7605b65e11ef564532c7c98cf80a65ac80973090e39b078722200b285992e3b161567df1d0dc68deb68d4b4bc9ed25400ff7ca012a74fef3f7b9a8aaa33f1875e04cfbeee79e7dd729639e202fa0c958548268a9fca962a53b566490fbd3f33ca596754aa173ce722fb6156090af3f55ad179882c8fa5b57deb626a608e60360317af39268f22f67842a6a4e1e29193506e96fb150c422751a80d71336812b2639c4883c2ab7a49be6bd0b00b236f222c242b7e07c058aec44ccbff5abdcaa828edb005aa319aca1402032f072a961d193de065e84daa2815ab9e0b99417d08bb6470e6800937e95e9e5aed44ba3c0da28c6646dc3ee71a0544b66a99332d628d2a573f702eb6abf933ee19054b32081d7ce95f729ba9e8656215f8a000148d49f4712326046630956055e75ca3da1c045613dfd333860fca4fb5bea823eab2b8827b83697eba291419108f5220d951325165ac6edcfda08a3de0be6881550aef234029baf0d176150076f5cc93442503b711f1af06ddc26658be74f84c46f56868441cd9749133f4ba54d65d42dd5ed3dc3804c4f91cc234b31d11b392bdecb592fbd35f143e4d9b057ef4389603b2bbe7cb0ad26877a44be4eea941c3606e51fe983b9bd5284ce1ce7c617c987641c15f148cfa1c69501249f1106fe58c4b328c604b95cd301a096ebf410c2721fb31b40e706fd2c63443f1e1211945257f1152970bb21f9a0e3430b6eff3d4bcc0d84ba805155926915aca2214cd73314caa555c524d64dc258223926982c2088854c4e104c524517499c5cb2e3d14d47c44d5684ca41c9097a3b8d7d93fcd55e11b03e5b02571c23be367291ef4adeec0c18dc756bb644140dcf6c6b03f1edc1d04623c5e536b6943a815b30c9eeade6a4a7b863f0f7594c92b4b1d7b13ca9047f4e50866b42953d0af9f34ff0a5eda2b63a39b167eacd69f687ea5101bc0283334ec1d8bade53e8203014e7ea167c9ce0c133c75220f4f9aafbd3af7a445b8bb4fdb76b4bb319aa6284438dcefdcce896960983b0c1d02d192b8eed2f30188dcb9d9878557d7e481b206efe2b92ed985978a37d12bda2c749024a1ec44886751933cc09ecc1ace5e4af02001adce8cd5ae88515246b0233aa35df9293f63905a7a8abb349fe78cf1c1203f3bbaffcac3ecd5ab610e0d0da002e4a30fe8792286f8ab1c347b9b2695dc5a23711c5d2fd30b723355dedc2dbb6fd1802e6a26b60c4dbaed39e2654ca6a2f2ff76b0439c161185956252c9ac0eb3fe0d0fb06906d2b05e4b596285756f08e0f9b5aefe8d58ca606861d56e4277e9c02e972fd3a00c7cc94009e36c5d50cd592d0da160db17668505c88c7f5b43827a071b11e59cdd752e14eb7bffc1b5f36e322333eb4b211393e850295c759f607d2a962fbd3ba26591755d2428ef4794bfdaa275b0ee3e6fa5bcd69986258f9720fb1878ccd1856d52950a39937e78698ecdf3afa4e6c9402b786c73f457a02cb7519c9a24004e24b3054b7ea0103574947e691ecbbec2e6ead650f1d001865070714b52dcfb0c77fb460b43d4315191f405bc450de833d98fb6de4415995ac6834a2755c92df82eb38758af057d888581f64d91ab6350619a0d2a9ece8adeda455c7238c8cbf0eaf28a6a96b44e45c47f2c3a2484e54bb818aaff65f32d2917e0ba2982f4df985cb0209de3979a25df0", 0x1000}, {&(0x7f0000001280)="51ea4619a34100b7e24ad3a4794096c1c7d8def79a2d36933e5c30369458695f5f04fd748fb5d246100c8fcf100d945fdd4233", 0x33}, {&(0x7f00000012c0)="a9c798d2d152e957c24e509d89f45f0b7e409fac857c639dff6729df4231a8d215acbd8082880d5af9c80428adda8a9c7b709792e2e25a476624968503694c6e033ae0e9a7ff45594317968ad69aebcee11687181a2fe6377616a97a868ac6e602e28d651b38d30633a6a2c528296afcc61e57048d17643d04a44bc6f7b60aa2e82e90263e45af694e7e5d29ecc707015ce08d23020d68ebb35b131f5eddb2ccead122bb05c0f09810772038cb8c696639867a454512a778f14b3471bddf6c", 0xbf}, {&(0x7f0000001380)="a9c98f9834b61c686b2d7eb0a80060f6a11530a075f314939fb1af22c777e0260badb502d471ac9afb8939f650f053622eff476f16655370efcd300359444cfb9e66fd1ddfac678447b2ced907e9ddffabbf516d54d2c9c088506556895faab50575b95a0e337716", 0x68}, {&(0x7f0000001400)="aa81045bdda272b9aa287e0c1721d1ff00bcd9543b6cb3f218c67c7aa5d848973ca7d17198013ae0afd2eebc3fea51b02fb241a124a47c91662d915ed2258d6180e594509a45e65e8e47858dbf74bb1cfe52bb9f6056", 0x56}, {&(0x7f0000001480)="044478fff3b75afa6e906927730b2909bac832f0be620c38f85cb847e1907b4b554e7d9f16ff", 0x26}], 0x7, &(0x7f0000001540)=[{0x1010, 0x111, 0x6, "4d3d46d1ff4a40ca1b76ca8f5f6453033d4229b8af56dada2912c23e76f8ccd72b79fa4bb06ae81d8b504e799e88bfdacd2e4ad4b7c9c29a21cc0fb99a5a589b953827ba97e91ff69abea7125b8e62da089cbe4488b18d083bac2d70f87c28824497d141389adc10c716794e1d429b45061aabcf6a089889168c00d91a339ba4f53eee52d3f0d8b7979939d2a94e0292de6b1c1f458fb58e1f6547fb8202265adc58e70b48f9fb51980a6bd28cc906943d0cdc74450f3b308141d02af8f4032cf988b167be0953fb400e1bc76e6ce8404d92e72196a79bcd2b37f33821e56d6b690e84f621a76871ca4a111b0b6e63fedfc97a95fdf806d9733f5ffcc06283cc6527199c8914b38cfa6a6dec73f513faabf0036ffb6a4607e8737b58a7c4a158a78808206fb9f8c208b939008425611a5589a3e713b86b45fe1873518706747235e04ea8b26996ad6b438814798bf26812b671f346004f587d1404ec25020653253d0d7c23f5f65e71e575bc082d3245ebb0c550f1e09a3c07692ca9ee9236b0d8a5cc5bf1327f79af223ab5dbeea4483ff0c7274924e12b1ac5988042c0b35602ce394c229fd40289bdcb451862af8ede240ab6e550e2d85144c9bd40e19cd055c65d42cacf6fe5e687b6898507287b426d630811400daed8e381d47297ebf5586f63e7225280ef0998eae551e862e81041561b32c978d90acc84f1cbdd5d1f3dca1a2ac5af39a8fd18bcf062edf3e19e8bb47b1d6fa804273f50cc7abb7aa1b91fab206d4d25e6683eb2077eac091a579a40631add4a62e97cc5620a3eee940b14ebaf1f0b15248cdfa9ef9ddc55f1124ce09b763c8172b53c7eaa2241903fa65887703e87ca6bcf48a36451780543964ef5bdd2fdcf1f713324ecb5d5045ebee5fb75bbdafe268c56e3ca32ae6c03de237a8324b4cca045bedcd4103389398167ab5f10681b7beac2d8f40fa49abbf2c112c2feafa810aeb62ec4c141e5f426b0654250c160aaefca92e7ffdc27a2eb0195c74a63588672e660d0bd20ac1dba30c037f8eaf8a54811b62a237529ca61758ea977d8e09f5550946de877423e40f84d9f152e1a11e3769e11bad2729a2c1a3e603a00dfbbeace42b4e46619ec6a50f27384706ae9134207bf3963fcc833a14142c7091b501d5b76d4ecec177228dc90610a834f15acfb97d0d16d3dce5e85a9e9a826e58864ebdc695120a8ba192ce96ab029c97bdc2329f19f353b3c30aac783db848fb2de4ba04b28f3d1accc9e6f6476cbbfd7d9ab34a81216ef5ae861cd0e2e261ffd3f00a76bd0a621a2e42ccc2cedba6238e4ced3565f029c9bf0f25bf25f60c19890efaefdf715f8c0f8003e35b7f40e19f5247336f1f486d0a4ec015723ebfe68141b748179368c0048b85d87f9cadc07a9ac9b3cbf6169eb0e8258095bda15136be191f8ebd6cb2c999ac2b1484bda6a5d2196accf970621634bae32f0f8066b55ad33dff256a2c860895c092faae5c642a158c7bb0ce15c5ace5804b4921f43cc94177a56245854379788649448f825e80741c8bc4ed427b37ff8c32a835c59e131ec62ad2f8d7b9878b06e98e1cee3a020db3e5644024745cda706d9582ef0bb2df0a4ad1ad7f55cdccb35d0006bf7f190521ff7310d29470c028a41c12da9539e0e3ee701abfb6fd411ec1a434babdde8ef4448269834eec4c842696e2d18756278f597f04243f4776399792acb91e13353ff76fc598e0fedbd11338613804d1911280bf65345b69f62bc3122118abef7e6a630e6396b23c23b813cc66b22c68580ac6f489bea53b9e16972765600d543d5a19d8591beeeab5cc061f05b88208be557eeb48c2cd2c88efff450a2f636e89433bb1af98ec9f650a76d883057aca27115e8672a9c8d1b0551eead37675483bf3aef80efb9cac641ff3c75e74e767d742a40ff8d151f001f0ef1449540cf8042a73420cab996d7d9eb6f789cb9b1e3d4c0a570316d9738412c7744414133c2ec2907a9e30b969e1e923eec51885368643f0b0ea33505d86d0c0d91d6daa4eb6ee0ac24cf098018bdb912ffcbaf97b9524065f1e1b160d72e786c32ea0a3c9e54172bd32c73edbcfa3e1d09dcaadc827f7bf347a9252d7e5234dcf35eec2b81c1233ffb503ba783ae90e35120508a6662b74d51881e98efef293c9efe4ff09adbe0af0ce48bddaeab41c9330fe6ef8440ccb696468abf2ce113b56f0a51ad94c1d74c75853018d320b2eaf2b9b712aa690e69471a4246267e4a72498fd90348de30765153381ee524612c04c0a248e67baa10bbad88548c78894b16e0446f0c2a44c24620f060ce330f06f8b0ebee035f35fed7e82b42f2e10995543ede5a0aaa90cd87cc8b3bf03df5be96870ed64b3c424e60fe1ba21e02b3da37113a909530208de03657b5fe9c97906aeab80c904e1c0f399f68823187559be1e26ccf72f8a9856738277f08dd08d19a23a5372c43013202c8884fb8f1cb3e8801ce3a2fa176ad0071f1312f0994f50a9cb28b3abfa825eaf6bf0fb86fc8d32efdfd397aabaadde58576e2603158986ab774b2688f73d0f150d8034047256b95c4f01a4284b7c90f2455787d3e149ac8ef576abebccdcd9fbb3bd07a9051d4fc7c77aef85199f4a3b23d0482a8ba10dd6b565f84f44e79123ca7f2ff4e97d7830496e61d871930a27a9b33b04dd97aa69f01d0546418f94e73f3b9efcd2760a9efe6d382361a4ff766b121939a4e91c5abea81cc1f93f8f72359a641412ca2f5fddb9195852cc33d19c8e2e31e3e29c28587b704bf701f1af65658d40c8edc26abba384e38833cd9f3353f5b1cf7ce379a944fa4339d19b7d5d05fc034554c13dc576823554baa150e5e276d4b2fb88f1155369f6ead85513677c99e3c1725cce5419df91a6bcdf4f377d8cd7282c79ede94b68bbb109bbe97e64e11d99d8b8374f3130780bb46fd643e94fe7e652e4840a1729abe77fe723551d4cab11b07f9b51bd82ce2fcc91eda62be7e0b74a3f44c07dd11af9eeb7dc14a2cf3ace5590f2d5cf03b64a35b5d9e19559e4118cae66af31a26ea3eaf762d39c815c4024884f84c95922cb08e7e7e8cc7d9a1b719196001913d90a0626939acd8a0dd0d97219faf3260fd96e54b30413fcba26e30639846c20d3f96e770c56d555a6d69550907f494e14981b7400a57258be312868c1199bd9884365a240435282165b14b0c16f49efa350024e64210c09db5f2ebd321b2a2a566a3aba831b07d29212667cacaa1ea66c0fc8ebca9eb756536cd810f84f1d2ec162aa56c5d75a960230d64aa0bae07ae344078d4e516ee2c19ab38ae29ac1f5608b3bd0f85b4f686cabdee2f167ad114116c7770646681de5ea725a4ab405698d407e6c0deea1b2e46dea2a0f2868288bc8c8471f4a4ab5e4b444f1183e0c47fae3595ab36a1599dc3acae8fd684369eddb34ed3cba5b6072a5fcb38dc620b525ff95049b94e07572b76b396900ff9e2d7854315a73e2f815aeeeb0377fe3326ae76a821f223418e6279f135f97e644a267039610cf91ea233e810f50ad749f8f942cf2a34c346f2b243bc7673e51cf3b3d42dc0d626c8c36ff777f6f798c0bd8d2df84740e95102c958e8e9afb34828d12ae1c57113949b684ae9ec5281a6a9d7df16841301bf82f412f32cc9bd400a6f530498a29cd1c557f145ff3f5a523a4c4ef84da445d6238166be140691cf75a1b3c9cb6dad2242b6834d00844c1a40c296bdade72d05bdf584730be5493a7004a1fcda37b7b78eb10e7d8134a8123d99584b1b5742b685fcd6c8c40496e7453bf532fae9cba0d803f2f5ee30491ff415dc268325a06f672232588054b58fed4e29182aac77cd12cbce6b009e6e21a980c3020560d432db66b4fd185f673998ca09d4463a48c182a72d605b2913a54e88d5e6669bd50ee3a57c6c08429f6975a988c14eb7fb9de7aacc5d1c770423ad93153d676dafc7a6d0071816a629f8be547278298980b5f471fabb812f72c087beb99aa633c66d0204be53f0e1e662ef2b8e2021db388da3947a9f05c68655c440ca7808cecbbd3777a3fd5cf3dd55883b70353a5d65e28c166c3ae0c7a83736194c5cfa7cead643691d4d17a16fb3da3c505367995d933b8a7694f7fcb835519aa90e5950e018da9b15b8882f3b57477e112d3032466ecf303485f17024edeff8f804b8aee0516a96f1220c69015e30608d4c8aeaa67ece0f48d603c1aa4d63f435e9f715c7a613f06e6e5d8720f7de360434f7aa0b327d20b6c581f824e7e8cd5fb50ae894e6852f55bc37e060b28302d6a9b20b51dc384270b5496b4df2c96ff9d17a9dbe53c85e5e63ee2c71e6fb32d72be5a69d302194bb0a9014d950a634fc946b4cca0e186d6230b40093bce6f7f71ba79f5169a1ea14b35dc82adf5c32fbb955e5212a40e751f112ebe27a08986e8a4f2f968e2d2eef9af5f4b49be2b533b87524af68ace4ff56ea930fd00960fa12cd0d11863f8d520aa09847198aba53d5666859df874e7ea35eb53cc2a5a49e41b1f522a670cce114f8e38276a395765fd175096aef36ef498b8340998ea3c1c47165d02308ede3f1a659844120c61e3b34b8ef6473528253bc4dfc1b5205f01020aecd5557226ef0a306995d903681208c3960912e54e87aca18e06a23dd00599ed6886de9772544ec80ff54c8602859ce527bb9ff6a9af109fefa3b40f287247df26ad01f96c95f015c4d1b66be35dd8bb9d87997d691d46af84e711ab00943cfb40d4db545cdbd59c8a5e244bcde5eb67dae340e1d571cf6fd32a088e4f34970508209d50c446d68170e8f0e1ed6d6f8fef63c5f344605401eec72ef552e5c42f5d9a3d9a69f81855c53978fc3fba145947a148afde042ec86fb374418db74b09ef5fd7402ee836ae50a01036f1da70f7cb3591e13c93d08d5380ab114cbb1bc375896805c70cf1034ba76b3dbffbb415c3c138c263bfb93160c5e7e711985d4914c2befeae67a5074824db6fb14496001c7a7f16cdaf61fde5de0dca263b153d3a830c262dadaeaee05d0631be2b8077e28f303db9931aeeedf2fb555acb34375d149c847419eb2b44c5e2f76dc7e3945987ec18e0526e721542b516bf32c8797eb56994d9c13cd8fe0363f7965132c639a927c0a01049eb97a29e41b659069075ae6777ed3a08843effb0f81b56de72ea44b67336f3299dafd09c2e649bb7c952f18d11a3ed71a196f93a7ece99aa80d04f2113cd7548119193a8f87dea34197fd1bfe9eb13e0a1765576940d2305ad2c935e4c5f3016f4c5f129a71f96cd7a60be1880dadbe32bd711bbfe5cd40d56c9f047a80b25a622005c4d7aeedcdc853e27ba0de30db93db2f9618d1467fee2e70d47a6d8e452f8c3728f1553dc53f83a83774d281d2daa1540176520135275c3d9766b1ac665d2a88947324e0541ed7a130e1e6cd408a3230fff6d391e16c33da459c4a9afdebaed09e642086fc2d069aefa02f7ea82c807fe562d28c7f66e7281aaa82c7662badf903143fd204eab5d1840aa14fee859d0e43890d7534e3e4c15951116fdc9e827e30ee97a5336051ffc4e13093718fe7f564c8f7c3d475540ec6ef62efa9cf698b8944b030b84eb65ab937dff9301d27fb5df76de59520efcb0b3956bba83c3cb7ed3b5c8a4281dddb9e4229325c187ddc6e317048f26acee36a15cf13eddd1e306170ed420f36af1079ab1a0138b7b6b79487d24f326243676d7981211d628e1274aff345f71ee32be4d768f1f82a3a8e3a970efd4d42f3dd"}, {0x90, 0x11f, 0x9, "f3bef4d780bd9a18a13b6f73e022b05aeb2e561ce160569690ae7110596672b85ec92f83c5ea726efb8699786ae7fef4ae8c5c7b269d868a615b87c683df520e18ea7d855cb255307d5c1ff6f8da8312a8d45fa3d3fddd64cdc39936c0b9a9b52e89a092af2291eae1aea6ca15df78f8cfc052e6577a92e31346d0bb244a6b"}, {0xe0, 0xcf89714356a1ed5, 0x2, "03aac45c1ce949d7c438e498ea9850e0795cfe4f9d7ad643890cf644eb2b38c66ff1ca7170252843d2b25ccc3715879e547a2cc4889ae7b48554a62e074cb2d74e5987eb1c3ba121b5826f8251d0f1471c667590c95f5f660c2bc02b34c7e67cb48124a0c9e71910a9cb696045894d28ac917bd5f34dd465d5f8fc42471a2e6bebe382d92b0d846d3ea632e3dda0dc78ea5d41a97593d68c0c87f8753b862da97fb7904794e38dd936bec8f577a996eddcd73eaa6ba72b225fdd4e013fdb8cd8ae88fcab3c90a67e9c29"}], 0x1180}, 0x50) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1148.616843][T21804] ? vb2_request_queue+0x120/0x120 [ 1148.616858][T21804] ? __lock_acquire+0x548/0x3fb0 [ 1148.616873][T21804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.616888][T21804] ? debug_smp_processor_id+0x3c/0x280 [ 1148.616910][T21804] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1148.616930][T21804] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1148.622083][T21800] lowmem_reserve[]: 0 2553 2555 2555 [ 1148.627467][T21804] v4l_create_bufs+0xc0/0x180 [ 1148.627488][T21804] __video_do_ioctl+0x7f1/0xce0 [ 1148.627513][T21804] ? v4l_s_fmt+0xab0/0xab0 [ 1148.627534][T21804] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1148.632644][T21800] Node 0 DMA32 free:523308kB min:36232kB low:45288kB high:54344kB active_anon:1017208kB inactive_anon:804kB active_file:32788kB inactive_file:163684kB unevictable:0kB writepending:632kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15328kB pagetables:29508kB bounce:0kB free_pcp:2252kB local_pcp:1272kB free_cma:0kB [ 1148.636866][T21804] ? _copy_from_user+0xdd/0x150 [ 1148.636889][T21804] video_usercopy+0x4c5/0x10d0 [ 1148.636906][T21804] ? v4l_s_fmt+0xab0/0xab0 [ 1148.636929][T21804] ? v4l_enumstd+0x70/0x70 [ 1148.642042][T21800] lowmem_reserve[]: 0 0 2 2 [ 1148.646759][T21804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.646785][T21804] ? tomoyo_path_number_perm+0x263/0x520 [ 1148.646807][T21804] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1148.646837][T21804] ? video_usercopy+0x10d0/0x10d0 [ 1148.676108][T21800] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1148.680965][T21804] video_ioctl2+0x2d/0x35 [ 1148.680983][T21804] v4l2_ioctl+0x156/0x1b0 [ 1148.680997][T21804] ? video_devdata+0xa0/0xa0 [ 1148.681015][T21804] do_vfs_ioctl+0xd6e/0x1390 [ 1148.681036][T21804] ? ioctl_preallocate+0x210/0x210 [ 1148.686936][T21800] lowmem_reserve[]: 0 0 0 0 [ 1148.691737][T21804] ? __fget+0x381/0x550 [ 1148.691762][T21804] ? ksys_dup3+0x3e0/0x3e0 [ 1148.691787][T21804] ? nsecs_to_jiffies+0x30/0x30 [ 1148.691816][T21804] ? tomoyo_file_ioctl+0x23/0x30 [ 1148.697080][T21800] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1148.702336][T21804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.702353][T21804] ? security_file_ioctl+0x93/0xc0 [ 1148.702373][T21804] ksys_ioctl+0xab/0xd0 [ 1148.702395][T21804] __x64_sys_ioctl+0x73/0xb0 [ 1148.702417][T21804] do_syscall_64+0x103/0x670 [ 1148.729156][T21800] lowmem_reserve[]: 0 0 0 0 [ 1148.734123][T21804] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1148.734136][T21804] RIP: 0033:0x458c29 [ 1148.734152][T21804] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1148.734161][T21804] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1148.734175][T21804] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1148.734182][T21804] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1148.734195][T21804] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1148.738946][T21800] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1148.743846][T21804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1148.743855][T21804] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1148.805880][T21806] CPU: 1 PID: 21806 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1148.831415][T21800] Node 0 DMA32: 522*4kB (UME) 91*8kB (UME) 34*16kB (UM) 323*32kB (UME) 378*64kB (UME) 19*128kB (ME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 3*2048kB (UME) 115*4096kB (UM) = 522880kB [ 1148.835916][T21806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.835923][T21806] Call Trace: [ 1148.835946][T21806] dump_stack+0x172/0x1f0 [ 1148.835967][T21806] warn_alloc.cold+0x87/0x17f [ 1148.840377][T21800] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1148.846579][T21806] ? zone_watermark_ok_safe+0x260/0x260 [ 1148.846595][T21806] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1148.846640][T21806] __vmalloc_node_range+0x48a/0x790 [ 1148.878841][T21800] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1148.882268][T21806] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1148.882289][T21806] ? kmem_cache_alloc_trace+0x354/0x760 [ 1148.882304][T21806] ? vb2_vmalloc_alloc+0xca/0x280 [ 1148.882324][T21806] vmalloc_user+0x6b/0x90 [ 1148.887092][T21800] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1148.891459][T21806] ? vb2_vmalloc_alloc+0xca/0x280 [ 1148.891476][T21806] vb2_vmalloc_alloc+0xca/0x280 [ 1148.891490][T21806] ? __vb2_queue_alloc+0xf5/0xf40 [ 1148.891513][T21806] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1148.895926][T21800] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1148.900376][T21806] __vb2_queue_alloc+0x5a6/0xf40 [ 1148.900411][T21806] vb2_core_create_bufs+0x2bc/0x790 [ 1148.906666][T21800] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1148.912233][T21806] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1148.912247][T21806] ? __vb2_queue_alloc+0xf40/0xf40 [ 1148.912263][T21806] ? lock_acquire+0x16f/0x3f0 [ 1148.912282][T21806] ? __video_do_ioctl+0x398/0xce0 [ 1148.918082][T21800] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1148.923142][T21806] ? __lock_acquire+0x548/0x3fb0 [ 1148.923165][T21806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.923183][T21806] vb2_create_bufs+0x472/0x7d0 [ 1148.923202][T21806] ? vb2_request_queue+0x120/0x120 [ 1148.949789][T21800] 49397 total pagecache pages [ 1148.954055][T21806] ? __lock_acquire+0x548/0x3fb0 [ 1148.954073][T21806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.954087][T21806] ? debug_smp_processor_id+0x3c/0x280 [ 1148.954108][T21806] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1148.958434][T21800] 0 pages in swap cache [ 1148.962973][T21806] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1148.962993][T21806] v4l_create_bufs+0xc0/0x180 [ 1148.963011][T21806] __video_do_ioctl+0x7f1/0xce0 [ 1148.963036][T21806] ? v4l_s_fmt+0xab0/0xab0 [ 1148.967622][T21800] Swap cache stats: add 0, delete 0, find 0/0 [ 1148.972714][T21806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1148.972732][T21806] ? _copy_from_user+0xdd/0x150 [ 1148.972761][T21806] video_usercopy+0x4c5/0x10d0 [ 1148.977268][T21800] Free swap = 0kB [ 1148.981386][T21806] ? v4l_s_fmt+0xab0/0xab0 [ 1148.981406][T21806] ? v4l_enumstd+0x70/0x70 [ 1148.981425][T21806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.985855][T21800] Total swap = 0kB [ 1148.990671][T21806] ? tomoyo_path_number_perm+0x263/0x520 [ 1148.990690][T21806] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1148.990722][T21806] ? video_usercopy+0x10d0/0x10d0 [ 1148.995654][T21800] 1965979 pages RAM [ 1149.023898][T21806] video_ioctl2+0x2d/0x35 [ 1149.023914][T21806] v4l2_ioctl+0x156/0x1b0 [ 1149.023930][T21806] ? video_devdata+0xa0/0xa0 [ 1149.023954][T21806] do_vfs_ioctl+0xd6e/0x1390 [ 1149.030182][T21800] 0 pages HighMem/MovableOnly [ 1149.035258][T21806] ? ioctl_preallocate+0x210/0x210 [ 1149.035275][T21806] ? __fget+0x381/0x550 [ 1149.035302][T21806] ? ksys_dup3+0x3e0/0x3e0 [ 1149.039443][T21800] 339405 pages reserved [ 1149.043991][T21806] ? nsecs_to_jiffies+0x30/0x30 [ 1149.044015][T21806] ? tomoyo_file_ioctl+0x23/0x30 [ 1149.044029][T21806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1149.044047][T21806] ? security_file_ioctl+0x93/0xc0 [ 1149.048626][T21800] 0 pages cma reserved [ 1149.053269][T21806] ksys_ioctl+0xab/0xd0 [ 1149.053290][T21806] __x64_sys_ioctl+0x73/0xb0 [ 1149.053308][T21806] do_syscall_64+0x103/0x670 [ 1149.053328][T21806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1149.568597][T21806] RIP: 0033:0x458c29 [ 1149.572464][T21806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1149.592036][T21806] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1149.600416][T21806] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1149.608372][T21806] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1149.616318][T21806] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1149.624263][T21806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1149.632207][T21806] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff 09:15:56 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1149.643093][ T5] Bluetooth: hci2: command 0x1009 tx timeout [ 1149.649141][T21806] warn_alloc_show_mem: 1 callbacks suppressed [ 1149.649146][T21806] Mem-Info: [ 1149.652418][T21824] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1149.661016][T21806] active_anon:253795 inactive_anon:199 isolated_anon:0 [ 1149.661016][T21806] active_file:8231 inactive_file:40921 isolated_file:0 [ 1149.661016][T21806] unevictable:0 dirty:168 writeback:0 unstable:0 [ 1149.661016][T21806] slab_reclaimable:14061 slab_unreclaimable:116195 [ 1149.661016][T21806] mapped:58824 shmem:248 pagetables:7378 bounce:0 [ 1149.661016][T21806] free:1082762 free_pcp:586 free_cma:0 [ 1149.721205][T21806] Node 0 active_anon:1015180kB inactive_anon:796kB active_file:32788kB inactive_file:163684kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:672kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 598016kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1149.736254][T21824] CPU: 1 PID: 21824 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1149.752222][T21806] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1149.759281][T21824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1149.759287][T21824] Call Trace: [ 1149.759309][T21824] dump_stack+0x172/0x1f0 [ 1149.759329][T21824] warn_alloc.cold+0x87/0x17f [ 1149.759346][T21824] ? zone_watermark_ok_safe+0x260/0x260 [ 1149.786978][T21806] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1149.796103][T21824] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1149.796140][T21824] __vmalloc_node_range+0x48a/0x790 [ 1149.796156][T21824] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1149.796174][T21824] ? kmem_cache_alloc_trace+0x354/0x760 [ 1149.796190][T21824] ? vb2_vmalloc_alloc+0xca/0x280 [ 1149.799715][T21806] lowmem_reserve[]: 0 2553 2555 2555 [ 1149.803758][T21824] vmalloc_user+0x6b/0x90 [ 1149.803779][T21824] ? vb2_vmalloc_alloc+0xca/0x280 [ 1149.803794][T21824] vb2_vmalloc_alloc+0xca/0x280 [ 1149.803806][T21824] ? __vb2_queue_alloc+0xf5/0xf40 [ 1149.803822][T21824] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1149.803837][T21824] __vb2_queue_alloc+0x5a6/0xf40 [ 1149.808657][T21806] Node 0 DMA32 free:525472kB min:36232kB low:45288kB high:54344kB active_anon:1015180kB inactive_anon:796kB active_file:32788kB inactive_file:163684kB unevictable:0kB writepending:672kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15264kB pagetables:29364kB bounce:0kB free_pcp:2296kB local_pcp:1012kB free_cma:0kB [ 1149.814021][T21824] vb2_core_create_bufs+0x2bc/0x790 [ 1149.814039][T21824] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1149.814053][T21824] ? __vb2_queue_alloc+0xf40/0xf40 [ 1149.814066][T21824] ? lock_acquire+0x16f/0x3f0 [ 1149.814085][T21824] ? __video_do_ioctl+0x398/0xce0 [ 1149.841133][T21806] lowmem_reserve[]: 0 0 2 2 [ 1149.846472][T21824] ? __lock_acquire+0x548/0x3fb0 [ 1149.846494][T21824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1149.846511][T21824] vb2_create_bufs+0x472/0x7d0 [ 1149.846529][T21824] ? vb2_request_queue+0x120/0x120 [ 1149.846541][T21824] ? __lock_acquire+0x548/0x3fb0 [ 1149.846558][T21824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1149.851972][T21806] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1149.856730][T21824] ? debug_smp_processor_id+0x3c/0x280 [ 1149.856754][T21824] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1149.856771][T21824] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1149.856792][T21824] v4l_create_bufs+0xc0/0x180 [ 1149.862524][T21806] lowmem_reserve[]: 0 0 0 0 [ 1149.867321][T21824] __video_do_ioctl+0x7f1/0xce0 [ 1149.867347][T21824] ? v4l_s_fmt+0xab0/0xab0 [ 1149.867368][T21824] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1149.867388][T21824] ? _copy_from_user+0xdd/0x150 [ 1149.872866][T21806] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1149.876976][T21824] video_usercopy+0x4c5/0x10d0 [ 1149.876993][T21824] ? v4l_s_fmt+0xab0/0xab0 [ 1149.877015][T21824] ? v4l_enumstd+0x70/0x70 [ 1149.877032][T21824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1149.882229][T21806] lowmem_reserve[]: 0 0 0 0 [ 1149.886849][T21824] ? tomoyo_path_number_perm+0x263/0x520 [ 1149.886870][T21824] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1149.886898][T21824] ? video_usercopy+0x10d0/0x10d0 [ 1149.886916][T21824] video_ioctl2+0x2d/0x35 [ 1149.892090][T21806] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1149.897686][T21824] v4l2_ioctl+0x156/0x1b0 [ 1149.897707][T21824] ? video_devdata+0xa0/0xa0 [ 1149.897726][T21824] do_vfs_ioctl+0xd6e/0x1390 [ 1149.897746][T21824] ? ioctl_preallocate+0x210/0x210 [ 1149.902877][T21806] Node 0 DMA32: 522*4kB (UME) 149*8kB (UME) 34*16kB (UM) 325*32kB (UME) 378*64kB (UME) 19*128kB (ME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 4*2048kB (UME) 115*4096kB (UM) = 525456kB [ 1149.933447][T21824] ? __fget+0x381/0x550 [ 1149.933470][T21824] ? ksys_dup3+0x3e0/0x3e0 [ 1149.933486][T21824] ? nsecs_to_jiffies+0x30/0x30 [ 1149.933508][T21824] ? tomoyo_file_ioctl+0x23/0x30 [ 1149.933524][T21824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1149.933539][T21824] ? security_file_ioctl+0x93/0xc0 [ 1149.933560][T21824] ksys_ioctl+0xab/0xd0 [ 1149.939085][T21806] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1149.944172][T21824] __x64_sys_ioctl+0x73/0xb0 [ 1149.944191][T21824] do_syscall_64+0x103/0x670 [ 1149.944213][T21824] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1149.944226][T21824] RIP: 0033:0x458c29 [ 1149.944241][T21824] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1149.944253][T21824] RSP: 002b:00007f53a9456c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1149.949556][T21806] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1149.953988][T21824] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1149.953998][T21824] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1149.954006][T21824] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1149.954015][T21824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94576d4 [ 1149.954024][T21824] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1149.970643][T21826] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1149.986197][T21806] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1150.031631][T21826] CPU: 0 PID: 21826 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1150.097269][T21826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1150.097275][T21826] Call Trace: [ 1150.097297][T21826] dump_stack+0x172/0x1f0 [ 1150.097318][T21826] warn_alloc.cold+0x87/0x17f [ 1150.097333][T21826] ? zone_watermark_ok_safe+0x260/0x260 [ 1150.097348][T21826] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1150.097389][T21826] __vmalloc_node_range+0x48a/0x790 [ 1150.097405][T21826] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1150.097423][T21826] ? kmem_cache_alloc_trace+0x354/0x760 [ 1150.097435][T21826] ? vb2_vmalloc_alloc+0xca/0x280 [ 1150.097449][T21826] vmalloc_user+0x6b/0x90 [ 1150.097463][T21826] ? vb2_vmalloc_alloc+0xca/0x280 [ 1150.097477][T21826] vb2_vmalloc_alloc+0xca/0x280 [ 1150.097495][T21826] ? __vb2_queue_alloc+0xf5/0xf40 [ 1150.117263][T21826] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1150.117276][T21826] __vb2_queue_alloc+0x5a6/0xf40 [ 1150.117305][T21826] vb2_core_create_bufs+0x2bc/0x790 [ 1150.117323][T21826] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1150.147699][T21806] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1150.156723][T21826] ? __vb2_queue_alloc+0xf40/0xf40 [ 1150.156738][T21826] ? lock_acquire+0x16f/0x3f0 [ 1150.156752][T21826] ? __video_do_ioctl+0x398/0xce0 [ 1150.156764][T21826] ? __lock_acquire+0x548/0x3fb0 [ 1150.156783][T21826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1150.161088][T21806] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1150.165664][T21826] vb2_create_bufs+0x472/0x7d0 [ 1150.165689][T21826] ? vb2_request_queue+0x120/0x120 [ 1150.165702][T21826] ? __lock_acquire+0x548/0x3fb0 [ 1150.165717][T21826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1150.165731][T21826] ? debug_smp_processor_id+0x3c/0x280 [ 1150.165749][T21826] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1150.165761][T21826] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1150.165776][T21826] v4l_create_bufs+0xc0/0x180 [ 1150.165791][T21826] __video_do_ioctl+0x7f1/0xce0 [ 1150.165813][T21826] ? v4l_s_fmt+0xab0/0xab0 [ 1150.183773][T21806] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1150.193559][T21826] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1150.193574][T21826] ? _copy_from_user+0xdd/0x150 [ 1150.193593][T21826] video_usercopy+0x4c5/0x10d0 [ 1150.193607][T21826] ? v4l_s_fmt+0xab0/0xab0 [ 1150.193624][T21826] ? v4l_enumstd+0x70/0x70 [ 1150.193653][T21826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1150.193677][T21826] ? tomoyo_path_number_perm+0x263/0x520 [ 1150.207875][T21806] 49434 total pagecache pages [ 1150.211947][T21826] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1150.211976][T21826] ? video_usercopy+0x10d0/0x10d0 [ 1150.211991][T21826] video_ioctl2+0x2d/0x35 [ 1150.212005][T21826] v4l2_ioctl+0x156/0x1b0 [ 1150.212017][T21826] ? video_devdata+0xa0/0xa0 [ 1150.212035][T21826] do_vfs_ioctl+0xd6e/0x1390 [ 1150.220763][T21806] 0 pages in swap cache [ 1150.223333][T21826] ? ioctl_preallocate+0x210/0x210 [ 1150.223347][T21826] ? __fget+0x381/0x550 [ 1150.223369][T21826] ? ksys_dup3+0x3e0/0x3e0 [ 1150.223382][T21826] ? nsecs_to_jiffies+0x30/0x30 [ 1150.223400][T21826] ? tomoyo_file_ioctl+0x23/0x30 [ 1150.223417][T21826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1150.230139][T21806] Swap cache stats: add 0, delete 0, find 0/0 [ 1150.239680][T21826] ? security_file_ioctl+0x93/0xc0 [ 1150.239698][T21826] ksys_ioctl+0xab/0xd0 [ 1150.239715][T21826] __x64_sys_ioctl+0x73/0xb0 [ 1150.239732][T21826] do_syscall_64+0x103/0x670 [ 1150.239749][T21826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1150.239758][T21826] RIP: 0033:0x458c29 [ 1150.239771][T21826] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1150.239782][T21826] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1150.250271][T21806] Free swap = 0kB [ 1150.254850][T21826] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1150.254859][T21826] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1150.254867][T21826] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1150.254875][T21826] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1150.254883][T21826] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1150.260432][T21832] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1150.283752][T21806] Total swap = 0kB [ 1150.287292][T21832] CPU: 0 PID: 21832 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1150.310331][T21806] 1965979 pages RAM [ 1150.311966][T21832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1150.311972][T21832] Call Trace: [ 1150.311992][T21832] dump_stack+0x172/0x1f0 [ 1150.312013][T21832] warn_alloc.cold+0x87/0x17f [ 1150.319950][T21806] 0 pages HighMem/MovableOnly [ 1150.327899][T21832] ? zone_watermark_ok_safe+0x260/0x260 [ 1150.327916][T21832] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1150.327956][T21832] __vmalloc_node_range+0x48a/0x790 [ 1150.327973][T21832] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1150.327992][T21832] ? kmem_cache_alloc_trace+0x354/0x760 [ 1150.328012][T21832] ? vb2_vmalloc_alloc+0xca/0x280 [ 1150.341004][T21806] 339405 pages reserved [ 1150.343911][T21832] vmalloc_user+0x6b/0x90 [ 1150.343926][T21832] ? vb2_vmalloc_alloc+0xca/0x280 [ 1150.343940][T21832] vb2_vmalloc_alloc+0xca/0x280 [ 1150.343957][T21832] ? __vb2_queue_alloc+0xf5/0xf40 [ 1150.363732][T21806] 0 pages cma reserved [ 1150.367325][T21832] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1150.916408][T21832] __vb2_queue_alloc+0x5a6/0xf40 [ 1150.921420][T21832] vb2_core_create_bufs+0x2bc/0x790 [ 1150.926605][T21832] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1150.931973][T21832] ? __vb2_queue_alloc+0xf40/0xf40 [ 1150.937110][T21832] ? lock_acquire+0x16f/0x3f0 [ 1150.941781][T21832] ? __video_do_ioctl+0x398/0xce0 [ 1150.946792][T21832] ? __lock_acquire+0x548/0x3fb0 [ 1150.951727][T21832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1150.957958][T21832] vb2_create_bufs+0x472/0x7d0 [ 1150.962717][T21832] ? vb2_request_queue+0x120/0x120 [ 1150.967837][T21832] ? __lock_acquire+0x548/0x3fb0 [ 1150.972782][T21832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1150.979009][T21832] ? debug_smp_processor_id+0x3c/0x280 [ 1150.984470][T21832] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1150.989476][T21832] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1150.995015][T21832] v4l_create_bufs+0xc0/0x180 [ 1150.999684][T21832] __video_do_ioctl+0x7f1/0xce0 [ 1151.004539][T21832] ? v4l_s_fmt+0xab0/0xab0 [ 1151.008949][T21832] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1151.015181][T21832] ? _copy_from_user+0xdd/0x150 [ 1151.020023][T21832] video_usercopy+0x4c5/0x10d0 [ 1151.024780][T21832] ? v4l_s_fmt+0xab0/0xab0 [ 1151.029176][T21832] ? v4l_enumstd+0x70/0x70 [ 1151.033578][T21832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1151.039810][T21832] ? tomoyo_path_number_perm+0x263/0x520 [ 1151.045447][T21832] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1151.051243][T21832] ? video_usercopy+0x10d0/0x10d0 [ 1151.056245][T21832] video_ioctl2+0x2d/0x35 [ 1151.060552][T21832] v4l2_ioctl+0x156/0x1b0 [ 1151.064862][T21832] ? video_devdata+0xa0/0xa0 [ 1151.069442][T21832] do_vfs_ioctl+0xd6e/0x1390 [ 1151.074029][T21832] ? ioctl_preallocate+0x210/0x210 [ 1151.079150][T21832] ? __fget+0x381/0x550 [ 1151.083310][T21832] ? ksys_dup3+0x3e0/0x3e0 [ 1151.087722][T21832] ? nsecs_to_jiffies+0x30/0x30 [ 1151.092570][T21832] ? tomoyo_file_ioctl+0x23/0x30 [ 1151.097504][T21832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1151.103725][T21832] ? security_file_ioctl+0x93/0xc0 [ 1151.108817][T21832] ksys_ioctl+0xab/0xd0 [ 1151.112970][T21832] __x64_sys_ioctl+0x73/0xb0 [ 1151.117556][T21832] do_syscall_64+0x103/0x670 [ 1151.122148][T21832] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1151.128033][T21832] RIP: 0033:0x458c29 [ 1151.131924][T21832] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1151.151527][T21832] RSP: 002b:00007fa60ca51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1151.160817][T21832] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1151.168816][T21832] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1151.176770][T21832] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1151.184722][T21832] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca526d4 [ 1151.192774][T21832] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1151.214372][T21832] warn_alloc_show_mem: 2 callbacks suppressed [ 1151.214377][T21832] Mem-Info: [ 1151.230613][T21832] active_anon:253271 inactive_anon:201 isolated_anon:0 [ 1151.230613][T21832] active_file:8231 inactive_file:40947 isolated_file:0 [ 1151.230613][T21832] unevictable:0 dirty:194 writeback:0 unstable:0 [ 1151.230613][T21832] slab_reclaimable:14064 slab_unreclaimable:115970 [ 1151.230613][T21832] mapped:58849 shmem:248 pagetables:7339 bounce:0 [ 1151.230613][T21832] free:1083488 free_pcp:632 free_cma:0 [ 1151.270821][T21832] Node 0 active_anon:1013084kB inactive_anon:804kB active_file:32788kB inactive_file:163788kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:776kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 593920kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1151.300039][T21832] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1151.326678][T21832] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1151.354192][T21832] lowmem_reserve[]: 0 2553 2555 2555 [ 1151.359522][T21832] Node 0 DMA32 free:527752kB min:36232kB low:45288kB high:54344kB active_anon:1013084kB inactive_anon:804kB active_file:32788kB inactive_file:163788kB unevictable:0kB writepending:776kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15104kB pagetables:29356kB bounce:0kB free_pcp:2672kB local_pcp:1340kB free_cma:0kB [ 1151.390501][T21832] lowmem_reserve[]: 0 0 2 2 [ 1151.395146][T21832] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1151.422025][T21832] lowmem_reserve[]: 0 0 0 0 [ 1151.426576][T21832] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1151.455079][T21832] lowmem_reserve[]: 0 0 0 0 [ 1151.459649][T21832] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1151.474054][T21832] Node 0 DMA32: 522*4kB (UME) 160*8kB (UME) 37*16kB (UM) 328*32kB (UME) 379*64kB (UME) 19*128kB (ME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 5*2048kB (UME) 115*4096kB (UM) = 527800kB [ 1151.492431][T21832] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1151.507250][T21832] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1151.524645][T21832] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1151.534263][T21832] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1151.543680][T21832] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1151.553316][T21832] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1151.562729][T21832] 49435 total pagecache pages [ 1151.567430][T21832] 0 pages in swap cache [ 1151.571668][T21832] Swap cache stats: add 0, delete 0, find 0/0 [ 1151.577750][T21832] Free swap = 0kB [ 1151.581547][T21832] Total swap = 0kB [ 1151.585304][T21832] 1965979 pages RAM [ 1151.589126][T21832] 0 pages HighMem/MovableOnly [ 1151.593906][T21832] 339405 pages reserved [ 1151.598080][T21832] 0 pages cma reserved 09:15:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2000000008f) ioctl$KDADDIO(r0, 0x400455c8, 0x1) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x27e44ddcf59c6498, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r1, 0x5380) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f00000000c0)={&(0x7f0000ffb000/0x2000)=nil, 0x2000}) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000140)={0x0, 0x252b}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f00000001c0)={r2, 0x7ff}, 0x8) 09:15:59 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x40049409, &(0x7f0000000080)) 09:15:59 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x29d}], 0x1, 0x0, 0xfffffffffffffe2a}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:15:59 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x80000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:59 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xffffffff00000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:15:59 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1153.214365][T21841] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1153.237584][T21844] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1153.260654][T21841] CPU: 0 PID: 21841 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1153.269807][T21841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1153.279873][T21841] Call Trace: [ 1153.283179][T21841] dump_stack+0x172/0x1f0 [ 1153.287532][T21841] warn_alloc.cold+0x87/0x17f [ 1153.292212][T21841] ? zone_watermark_ok_safe+0x260/0x260 [ 1153.292234][T21841] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1153.292272][T21841] __vmalloc_node_range+0x48a/0x790 [ 1153.292288][T21841] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1153.292310][T21841] ? kmem_cache_alloc_trace+0x354/0x760 [ 1153.308656][T21841] ? vb2_vmalloc_alloc+0xca/0x280 [ 1153.308677][T21841] vmalloc_user+0x6b/0x90 [ 1153.308693][T21841] ? vb2_vmalloc_alloc+0xca/0x280 [ 1153.308706][T21841] vb2_vmalloc_alloc+0xca/0x280 [ 1153.308723][T21841] ? __vb2_queue_alloc+0xf5/0xf40 [ 1153.324279][T21841] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1153.324294][T21841] __vb2_queue_alloc+0x5a6/0xf40 [ 1153.324326][T21841] vb2_core_create_bufs+0x2bc/0x790 [ 1153.324345][T21841] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1153.324362][T21841] ? __vb2_queue_alloc+0xf40/0xf40 [ 1153.333676][T21841] ? lock_acquire+0x16f/0x3f0 [ 1153.333694][T21841] ? __video_do_ioctl+0x398/0xce0 [ 1153.333709][T21841] ? __lock_acquire+0x548/0x3fb0 [ 1153.333732][T21841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.333751][T21841] vb2_create_bufs+0x472/0x7d0 [ 1153.333770][T21841] ? vb2_request_queue+0x120/0x120 [ 1153.343598][T21841] ? __lock_acquire+0x548/0x3fb0 [ 1153.343617][T21841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.343633][T21841] ? debug_smp_processor_id+0x3c/0x280 [ 1153.343656][T21841] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1153.343674][T21841] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1153.343690][T21841] v4l_create_bufs+0xc0/0x180 [ 1153.343710][T21841] __video_do_ioctl+0x7f1/0xce0 [ 1153.354426][T21841] ? v4l_s_fmt+0xab0/0xab0 [ 1153.354449][T21841] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1153.354466][T21841] ? _copy_from_user+0xdd/0x150 [ 1153.354495][T21841] video_usercopy+0x4c5/0x10d0 [ 1153.354511][T21841] ? v4l_s_fmt+0xab0/0xab0 [ 1153.354536][T21841] ? v4l_enumstd+0x70/0x70 [ 1153.466340][T21841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.472602][T21841] ? tomoyo_path_number_perm+0x263/0x520 [ 1153.478233][T21841] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1153.484061][T21841] ? video_usercopy+0x10d0/0x10d0 [ 1153.489083][T21841] video_ioctl2+0x2d/0x35 [ 1153.493413][T21841] v4l2_ioctl+0x156/0x1b0 [ 1153.497823][T21841] ? video_devdata+0xa0/0xa0 [ 1153.502411][T21841] do_vfs_ioctl+0xd6e/0x1390 [ 1153.508507][T21841] ? ioctl_preallocate+0x210/0x210 [ 1153.513620][T21841] ? __fget+0x381/0x550 [ 1153.517781][T21841] ? ksys_dup3+0x3e0/0x3e0 [ 1153.522196][T21841] ? nsecs_to_jiffies+0x30/0x30 [ 1153.527062][T21841] ? tomoyo_file_ioctl+0x23/0x30 [ 1153.532025][T21841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.538264][T21841] ? security_file_ioctl+0x93/0xc0 [ 1153.543381][T21841] ksys_ioctl+0xab/0xd0 [ 1153.547539][T21841] __x64_sys_ioctl+0x73/0xb0 [ 1153.552126][T21841] do_syscall_64+0x103/0x670 [ 1153.556713][T21841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1153.562597][T21841] RIP: 0033:0x458c29 [ 1153.566495][T21841] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1153.586094][T21841] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1153.594499][T21841] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1153.602473][T21841] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1153.610437][T21841] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1153.618406][T21841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1153.626371][T21841] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1153.634364][T21844] CPU: 1 PID: 21844 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1153.634811][T21846] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1153.643478][T21844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1153.643484][T21844] Call Trace: [ 1153.643508][T21844] dump_stack+0x172/0x1f0 [ 1153.643529][T21844] warn_alloc.cold+0x87/0x17f [ 1153.643543][T21844] ? zone_watermark_ok_safe+0x260/0x260 [ 1153.643560][T21844] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1153.643597][T21844] __vmalloc_node_range+0x48a/0x790 [ 1153.677572][T21844] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1153.677600][T21844] ? kmem_cache_alloc_trace+0x354/0x760 [ 1153.703594][T21844] ? vb2_vmalloc_alloc+0xca/0x280 09:16:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) fcntl$getflags(r0, 0xb) 09:16:00 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000002c0)={r1, @in={{0x2, 0x4e24, @remote}}, 0x2, 0xffffffffffffff00}, &(0x7f0000000380)=0x90) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/btrfs-control\x00', 0x20201, 0x0) accept4$inet6(r2, &(0x7f0000000400), &(0x7f0000000440)=0x1c, 0x80800) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x1, 0x0) write$FUSE_OPEN(r3, &(0x7f0000000240)={0x20, 0x0, 0x5, {0x0, 0x6}}, 0x20) pipe2(&(0x7f0000000280), 0x84800) [ 1153.703613][T21844] vmalloc_user+0x6b/0x90 [ 1153.703629][T21844] ? vb2_vmalloc_alloc+0xca/0x280 [ 1153.703645][T21844] vb2_vmalloc_alloc+0xca/0x280 [ 1153.703656][T21844] ? __vb2_queue_alloc+0xf5/0xf40 [ 1153.703674][T21844] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1153.703687][T21844] __vb2_queue_alloc+0x5a6/0xf40 [ 1153.703718][T21844] vb2_core_create_bufs+0x2bc/0x790 [ 1153.733429][T21844] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1153.733454][T21844] ? __vb2_queue_alloc+0xf40/0xf40 [ 1153.733470][T21844] ? lock_acquire+0x16f/0x3f0 09:16:00 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) pause() getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1153.733487][T21844] ? __video_do_ioctl+0x398/0xce0 [ 1153.733502][T21844] ? __lock_acquire+0x548/0x3fb0 [ 1153.733531][T21844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.754814][T21844] vb2_create_bufs+0x472/0x7d0 [ 1153.754836][T21844] ? vb2_request_queue+0x120/0x120 [ 1153.754855][T21844] ? __lock_acquire+0x548/0x3fb0 [ 1153.780769][T21844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.780785][T21844] ? debug_smp_processor_id+0x3c/0x280 [ 1153.780808][T21844] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1153.780827][T21844] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1153.780848][T21844] v4l_create_bufs+0xc0/0x180 [ 1153.807259][T21844] __video_do_ioctl+0x7f1/0xce0 [ 1153.807282][T21844] ? v4l_s_fmt+0xab0/0xab0 [ 1153.831688][T21844] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1153.831704][T21844] ? _copy_from_user+0xdd/0x150 [ 1153.831726][T21844] video_usercopy+0x4c5/0x10d0 [ 1153.831738][T21844] ? v4l_s_fmt+0xab0/0xab0 [ 1153.831757][T21844] ? v4l_enumstd+0x70/0x70 [ 1153.831770][T21844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.831788][T21844] ? tomoyo_path_number_perm+0x263/0x520 [ 1153.847563][T21844] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1153.847594][T21844] ? video_usercopy+0x10d0/0x10d0 [ 1153.847610][T21844] video_ioctl2+0x2d/0x35 [ 1153.883343][T21844] v4l2_ioctl+0x156/0x1b0 [ 1153.887668][T21844] ? video_devdata+0xa0/0xa0 [ 1153.892254][T21844] do_vfs_ioctl+0xd6e/0x1390 [ 1153.896846][T21844] ? ioctl_preallocate+0x210/0x210 [ 1153.901967][T21844] ? __fget+0x381/0x550 [ 1153.906125][T21844] ? ksys_dup3+0x3e0/0x3e0 [ 1153.910535][T21844] ? nsecs_to_jiffies+0x30/0x30 [ 1153.915392][T21844] ? tomoyo_file_ioctl+0x23/0x30 [ 1153.920328][T21844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.926560][T21844] ? security_file_ioctl+0x93/0xc0 [ 1153.931673][T21844] ksys_ioctl+0xab/0xd0 [ 1153.935851][T21844] __x64_sys_ioctl+0x73/0xb0 [ 1153.940451][T21844] do_syscall_64+0x103/0x670 [ 1153.945042][T21844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1153.950924][T21844] RIP: 0033:0x458c29 [ 1153.954814][T21844] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1153.974420][T21844] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1153.982925][T21844] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1153.990887][T21844] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1153.998853][T21844] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1154.006816][T21844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1154.014791][T21844] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1154.029674][T21870] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1154.031206][T21846] CPU: 0 PID: 21846 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1154.052696][T21846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.062834][T21846] Call Trace: [ 1154.066132][T21846] dump_stack+0x172/0x1f0 [ 1154.070482][T21846] warn_alloc.cold+0x87/0x17f [ 1154.075161][T21846] ? zone_watermark_ok_safe+0x260/0x260 [ 1154.080715][T21846] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1154.086373][T21846] __vmalloc_node_range+0x48a/0x790 [ 1154.091572][T21846] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1154.096596][T21846] ? kmem_cache_alloc_trace+0x354/0x760 [ 1154.102138][T21846] ? vb2_vmalloc_alloc+0xca/0x280 [ 1154.107178][T21846] vmalloc_user+0x6b/0x90 [ 1154.111509][T21846] ? vb2_vmalloc_alloc+0xca/0x280 [ 1154.116533][T21846] vb2_vmalloc_alloc+0xca/0x280 [ 1154.121376][T21846] ? __vb2_queue_alloc+0xf5/0xf40 [ 1154.126402][T21846] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1154.132217][T21846] __vb2_queue_alloc+0x5a6/0xf40 [ 1154.137167][T21846] vb2_core_create_bufs+0x2bc/0x790 [ 1154.142363][T21846] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1154.147733][T21846] ? __vb2_queue_alloc+0xf40/0xf40 [ 1154.152842][T21846] ? lock_acquire+0x16f/0x3f0 [ 1154.157521][T21846] ? __video_do_ioctl+0x398/0xce0 [ 1154.162540][T21846] ? __lock_acquire+0x548/0x3fb0 [ 1154.167481][T21846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.173726][T21846] vb2_create_bufs+0x472/0x7d0 [ 1154.178491][T21846] ? vb2_request_queue+0x120/0x120 [ 1154.183609][T21846] ? __lock_acquire+0x548/0x3fb0 [ 1154.188542][T21846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.194778][T21846] ? debug_smp_processor_id+0x3c/0x280 [ 1154.200239][T21846] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1154.205258][T21846] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1154.210798][T21846] v4l_create_bufs+0xc0/0x180 [ 1154.215478][T21846] __video_do_ioctl+0x7f1/0xce0 [ 1154.220331][T21846] ? v4l_s_fmt+0xab0/0xab0 [ 1154.224751][T21846] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1154.230985][T21846] ? _copy_from_user+0xdd/0x150 [ 1154.235842][T21846] video_usercopy+0x4c5/0x10d0 [ 1154.240607][T21846] ? v4l_s_fmt+0xab0/0xab0 [ 1154.245025][T21846] ? v4l_enumstd+0x70/0x70 [ 1154.249446][T21846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.255686][T21846] ? tomoyo_path_number_perm+0x263/0x520 [ 1154.261319][T21846] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1154.267134][T21846] ? video_usercopy+0x10d0/0x10d0 [ 1154.272152][T21846] video_ioctl2+0x2d/0x35 [ 1154.276490][T21846] v4l2_ioctl+0x156/0x1b0 [ 1154.279651][T21844] Mem-Info: [ 1154.280817][T21846] ? video_devdata+0xa0/0xa0 [ 1154.280838][T21846] do_vfs_ioctl+0xd6e/0x1390 [ 1154.280860][T21846] ? ioctl_preallocate+0x210/0x210 [ 1154.280879][T21846] ? __fget+0x381/0x550 [ 1154.287560][T21844] active_anon:255422 inactive_anon:201 isolated_anon:0 [ 1154.287560][T21844] active_file:8231 inactive_file:40963 isolated_file:0 [ 1154.287560][T21844] unevictable:0 dirty:212 writeback:0 unstable:0 [ 1154.287560][T21844] slab_reclaimable:14047 slab_unreclaimable:116265 [ 1154.287560][T21844] mapped:58824 shmem:248 pagetables:7410 bounce:0 [ 1154.287560][T21844] free:1080962 free_pcp:520 free_cma:0 [ 1154.288551][T21846] ? ksys_dup3+0x3e0/0x3e0 [ 1154.288569][T21846] ? nsecs_to_jiffies+0x30/0x30 [ 1154.288591][T21846] ? tomoyo_file_ioctl+0x23/0x30 [ 1154.288610][T21846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.298531][T21844] Node 0 active_anon:1021688kB inactive_anon:804kB active_file:32788kB inactive_file:163852kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:848kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 595968kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1154.302416][T21846] ? security_file_ioctl+0x93/0xc0 [ 1154.302439][T21846] ksys_ioctl+0xab/0xd0 [ 1154.302460][T21846] __x64_sys_ioctl+0x73/0xb0 [ 1154.302480][T21846] do_syscall_64+0x103/0x670 [ 1154.302501][T21846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1154.302519][T21846] RIP: 0033:0x458c29 09:16:00 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x2, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1154.371639][T21844] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1154.389925][T21846] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1154.389934][T21846] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1154.389949][T21846] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1154.389958][T21846] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1154.389967][T21846] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1154.389976][T21846] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1154.389985][T21846] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1154.404479][T21867] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1154.416341][T21870] CPU: 1 PID: 21870 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1154.445263][T21870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.445270][T21870] Call Trace: [ 1154.445292][T21870] dump_stack+0x172/0x1f0 [ 1154.445312][T21870] warn_alloc.cold+0x87/0x17f [ 1154.445331][T21870] ? zone_watermark_ok_safe+0x260/0x260 [ 1154.497219][T21870] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1154.569824][T21870] __vmalloc_node_range+0x48a/0x790 [ 1154.575211][T21870] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1154.580587][T21870] ? kmem_cache_alloc_trace+0x354/0x760 [ 1154.586134][T21870] ? vb2_vmalloc_alloc+0xca/0x280 [ 1154.591155][T21870] vmalloc_user+0x6b/0x90 [ 1154.595484][T21870] ? vb2_vmalloc_alloc+0xca/0x280 [ 1154.600501][T21870] vb2_vmalloc_alloc+0xca/0x280 [ 1154.605354][T21870] ? __vb2_queue_alloc+0xf5/0xf40 [ 1154.610377][T21870] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1154.616182][T21870] __vb2_queue_alloc+0x5a6/0xf40 [ 1154.621129][T21870] vb2_core_create_bufs+0x2bc/0x790 [ 1154.626325][T21870] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1154.631705][T21870] ? __vb2_queue_alloc+0xf40/0xf40 [ 1154.636901][T21870] ? lock_acquire+0x16f/0x3f0 [ 1154.641571][T21870] ? __video_do_ioctl+0x398/0xce0 [ 1154.646594][T21870] ? __lock_acquire+0x548/0x3fb0 [ 1154.651538][T21870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.657792][T21870] vb2_create_bufs+0x472/0x7d0 [ 1154.662559][T21870] ? vb2_request_queue+0x120/0x120 [ 1154.667673][T21870] ? __lock_acquire+0x548/0x3fb0 [ 1154.671416][T21844] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1154.699606][T21870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.699623][T21870] ? debug_smp_processor_id+0x3c/0x280 [ 1154.699644][T21870] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1154.699660][T21870] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1154.699679][T21870] v4l_create_bufs+0xc0/0x180 [ 1154.699697][T21870] __video_do_ioctl+0x7f1/0xce0 [ 1154.699721][T21870] ? v4l_s_fmt+0xab0/0xab0 [ 1154.699743][T21870] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1154.699757][T21870] ? _copy_from_user+0xdd/0x150 [ 1154.699779][T21870] video_usercopy+0x4c5/0x10d0 [ 1154.699794][T21870] ? v4l_s_fmt+0xab0/0xab0 [ 1154.699820][T21870] ? v4l_enumstd+0x70/0x70 [ 1154.699837][T21870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.765604][T21844] lowmem_reserve[]: 0 2553 2555 2555 [ 1154.767127][T21870] ? tomoyo_path_number_perm+0x263/0x520 [ 1154.767147][T21870] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1154.767178][T21870] ? video_usercopy+0x10d0/0x10d0 [ 1154.788868][T21870] video_ioctl2+0x2d/0x35 [ 1154.793208][T21870] v4l2_ioctl+0x156/0x1b0 [ 1154.794803][T21844] Node 0 DMA32 free:517364kB min:36232kB low:45288kB high:54344kB active_anon:1021788kB inactive_anon:804kB active_file:32788kB inactive_file:163852kB unevictable:0kB writepending:848kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15552kB pagetables:29788kB bounce:0kB free_pcp:1952kB local_pcp:560kB free_cma:0kB [ 1154.797541][T21870] ? video_devdata+0xa0/0xa0 [ 1154.797563][T21870] do_vfs_ioctl+0xd6e/0x1390 [ 1154.797585][T21870] ? ioctl_preallocate+0x210/0x210 [ 1154.797602][T21870] ? __fget+0x381/0x550 [ 1154.797626][T21870] ? ksys_dup3+0x3e0/0x3e0 [ 1154.851545][T21870] ? nsecs_to_jiffies+0x30/0x30 [ 1154.856403][T21870] ? tomoyo_file_ioctl+0x23/0x30 [ 1154.861352][T21870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.867600][T21870] ? security_file_ioctl+0x93/0xc0 [ 1154.872725][T21870] ksys_ioctl+0xab/0xd0 [ 1154.876894][T21870] __x64_sys_ioctl+0x73/0xb0 [ 1154.881491][T21870] do_syscall_64+0x103/0x670 [ 1154.886093][T21870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1154.891984][T21870] RIP: 0033:0x458c29 [ 1154.895881][T21870] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1154.911433][T21844] lowmem_reserve[]: 0 0 2 2 09:16:01 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) r1 = syz_open_dev$dmmidi(&(0x7f0000000280)='/dev/dmmidi#\x00', 0x0, 0x204100) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000002c0)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x1000, 0x1}) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000380)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="24000001", @ANYRES16=r2, @ANYBLOB="20012bbd7000fbdbdf2504000000100004007f0000000300000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4840}, 0x1) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@random={'system.', 'selinux\'\x00'}, &(0x7f0000000280), 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000300)={0x2, [0x3, 0x80000001]}, 0x8) [ 1154.915483][T21870] RSP: 002b:00007f53a9435c78 EFLAGS: 00000246 [ 1154.919972][T21870] ORIG_RAX: 0000000000000010 [ 1154.919982][T21870] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1154.919992][T21870] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1154.920001][T21870] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1154.920011][T21870] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94366d4 [ 1154.920020][T21870] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff 09:16:01 executing program 0: r0 = socket$inet(0x2, 0x9, 0xfffffffffffffffe) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) r1 = dup(r0) ioctl$TUNSETLINK(r1, 0x400454cd, 0x3b058db604445c99) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1154.947141][T21867] CPU: 1 PID: 21867 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1154.947152][T21867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.947158][T21867] Call Trace: [ 1154.947183][T21867] dump_stack+0x172/0x1f0 [ 1154.997977][T21867] warn_alloc.cold+0x87/0x17f [ 1155.002753][T21867] ? zone_watermark_ok_safe+0x260/0x260 [ 1155.008308][T21867] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1155.014062][T21867] __vmalloc_node_range+0x48a/0x790 [ 1155.017571][T21844] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.045802][T21867] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1155.045823][T21867] ? kmem_cache_alloc_trace+0x354/0x760 [ 1155.045836][T21867] ? vb2_vmalloc_alloc+0xca/0x280 [ 1155.045852][T21867] vmalloc_user+0x6b/0x90 [ 1155.045866][T21867] ? vb2_vmalloc_alloc+0xca/0x280 [ 1155.045880][T21867] vb2_vmalloc_alloc+0xca/0x280 [ 1155.045891][T21867] ? __vb2_queue_alloc+0xf5/0xf40 [ 1155.045907][T21867] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1155.045919][T21867] __vb2_queue_alloc+0x5a6/0xf40 [ 1155.045951][T21867] vb2_core_create_bufs+0x2bc/0x790 [ 1155.045969][T21867] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1155.045983][T21867] ? __vb2_queue_alloc+0xf40/0xf40 [ 1155.045998][T21867] ? lock_acquire+0x16f/0x3f0 [ 1155.046014][T21867] ? __video_do_ioctl+0x398/0xce0 [ 1155.046026][T21867] ? __lock_acquire+0x548/0x3fb0 09:16:01 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000200)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000280)=[{&(0x7f00000002c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@sack_info={0x0, 0xfff, 0x4}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)={0x0, 0x18, "ce73ad436f5db2ae104256cd859d8b7276ae9d8c418800c3"}, &(0x7f0000000300)=0x20) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000040)) io_setup(0x4, &(0x7f0000000000)=0x0) io_destroy(r2) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000340)={r1, @in={{0x2, 0x4e23, @remote}}}, 0x0) [ 1155.046046][T21867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1155.079380][T21844] lowmem_reserve[]: 0 0 0 0 [ 1155.080761][T21867] vb2_create_bufs+0x472/0x7d0 [ 1155.080778][T21867] ? vb2_request_queue+0x120/0x120 [ 1155.080796][T21867] ? __lock_acquire+0x548/0x3fb0 [ 1155.102190][T21844] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.102224][T21844] lowmem_reserve[]: 0 0 0 0 [ 1155.107335][T21867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1155.107352][T21867] ? debug_smp_processor_id+0x3c/0x280 [ 1155.107383][T21867] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1155.107400][T21867] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1155.138284][T21844] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1155.142595][T21867] v4l_create_bufs+0xc0/0x180 [ 1155.142614][T21867] __video_do_ioctl+0x7f1/0xce0 [ 1155.142635][T21867] ? v4l_s_fmt+0xab0/0xab0 [ 1155.142657][T21867] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1155.142673][T21867] ? _copy_from_user+0xdd/0x150 [ 1155.142691][T21867] video_usercopy+0x4c5/0x10d0 [ 1155.142707][T21867] ? v4l_s_fmt+0xab0/0xab0 [ 1155.142732][T21867] ? v4l_enumstd+0x70/0x70 [ 1155.151179][T21844] Node 0 DMA32: 488*4kB (UE) 118*8kB (UE) 2*16kB (U) 293*32kB (UME) 378*64kB (UME) 20*128kB (UME) 4*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 3*2048kB (UME) 114*4096kB (UM) = 517264kB [ 1155.176102][T21867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1155.176119][T21867] ? tomoyo_path_number_perm+0x263/0x520 [ 1155.176136][T21867] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1155.176169][T21867] ? video_usercopy+0x10d0/0x10d0 [ 1155.176183][T21867] video_ioctl2+0x2d/0x35 [ 1155.176196][T21867] v4l2_ioctl+0x156/0x1b0 [ 1155.176209][T21867] ? video_devdata+0xa0/0xa0 [ 1155.176227][T21867] do_vfs_ioctl+0xd6e/0x1390 [ 1155.176253][T21867] ? ioctl_preallocate+0x210/0x210 [ 1155.176267][T21867] ? __fget+0x381/0x550 [ 1155.176289][T21867] ? ksys_dup3+0x3e0/0x3e0 [ 1155.176305][T21867] ? nsecs_to_jiffies+0x30/0x30 [ 1155.176328][T21867] ? tomoyo_file_ioctl+0x23/0x30 [ 1155.231540][T21844] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1155.237550][T21867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1155.237566][T21867] ? security_file_ioctl+0x93/0xc0 [ 1155.237588][T21867] ksys_ioctl+0xab/0xd0 [ 1155.237606][T21867] __x64_sys_ioctl+0x73/0xb0 [ 1155.259683][T21844] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1155.273762][T21867] do_syscall_64+0x103/0x670 [ 1155.273783][T21867] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1155.273796][T21867] RIP: 0033:0x458c29 [ 1155.273810][T21867] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1155.273816][T21867] RSP: 002b:00007fa60ca51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1155.273828][T21867] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1155.273836][T21867] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1155.273844][T21867] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1155.273852][T21867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca526d4 [ 1155.273860][T21867] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1155.289120][T21870] warn_alloc_show_mem: 2 callbacks suppressed [ 1155.289125][T21870] Mem-Info: [ 1155.310774][T21870] active_anon:254978 inactive_anon:201 isolated_anon:0 [ 1155.310774][T21870] active_file:8231 inactive_file:40963 isolated_file:0 [ 1155.310774][T21870] unevictable:0 dirty:212 writeback:0 unstable:0 [ 1155.310774][T21870] slab_reclaimable:14047 slab_unreclaimable:116390 [ 1155.310774][T21870] mapped:58824 shmem:248 pagetables:7410 bounce:0 [ 1155.310774][T21870] free:1081308 free_pcp:543 free_cma:0 [ 1155.332835][T21870] Node 0 active_anon:1019912kB inactive_anon:804kB active_file:32788kB inactive_file:163852kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:848kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 595968kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1155.356841][T21844] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1155.370885][T21870] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1155.379511][T21844] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1155.389621][T21870] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.389659][T21870] lowmem_reserve[]: 0 2553 2555 2555 [ 1155.406403][T21844] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1155.425659][T21870] Node 0 DMA32 free:519436kB min:36232kB low:45288kB high:54344kB active_anon:1019928kB inactive_anon:804kB active_file:32788kB inactive_file:163968kB unevictable:0kB writepending:972kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15296kB pagetables:29596kB bounce:0kB free_pcp:2392kB local_pcp:1484kB free_cma:0kB [ 1155.439554][T21844] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1155.440969][T21870] lowmem_reserve[]: 0 0 2 2 [ 1155.440990][T21870] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.441027][T21870] lowmem_reserve[]: 0 0 0 0 [ 1155.450423][T21844] 49469 total pagecache pages [ 1155.458123][T21870] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.458157][T21870] lowmem_reserve[]: 0 0 0 0 [ 1155.458177][T21870] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1155.458249][T21870] Node 0 DMA32: 545*4kB (UME) 87*8kB (UME) 5*16kB (U) 294*32kB (UME) 379*64kB (UME) 20*128kB (UME) 4*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 4*2048kB (UME) 114*4096kB (UM) = 519436kB [ 1155.472723][T21844] 0 pages in swap cache [ 1155.474641][T21870] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1155.480767][T21844] Swap cache stats: add 0, delete 0, find 0/0 [ 1155.483831][T21870] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1155.531830][T21844] Free swap = 0kB [ 1155.553648][T21870] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1155.568249][T21844] Total swap = 0kB [ 1155.589718][T21870] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1155.604376][T21844] 1965979 pages RAM [ 1155.626514][T21870] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1155.636897][T21844] 0 pages HighMem/MovableOnly [ 1155.641275][T21870] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1155.677352][T21844] 339405 pages reserved [ 1155.681544][T21870] 49469 total pagecache pages [ 1155.686354][T21844] 0 pages cma reserved [ 1155.713365][T21870] 0 pages in swap cache [ 1155.750085][T21870] Swap cache stats: add 0, delete 0, find 0/0 [ 1155.750091][T21870] Free swap = 0kB [ 1155.750096][T21870] Total swap = 0kB [ 1155.750104][T21870] 1965979 pages RAM [ 1155.750108][T21870] 0 pages HighMem/MovableOnly [ 1155.750113][T21870] 339405 pages reserved [ 1155.750117][T21870] 0 pages cma reserved [ 1155.929141][T21835] Bluetooth: hci0: command 0x1003 tx timeout [ 1155.935404][T17400] Bluetooth: hci0: sending frame failed (-49) [ 1156.041618][T21835] Bluetooth: hci1: command 0x1003 tx timeout [ 1156.047843][T17400] Bluetooth: hci1: sending frame failed (-49) [ 1157.961804][T21835] Bluetooth: hci0: command 0x1001 tx timeout [ 1157.967943][T17400] Bluetooth: hci0: sending frame failed (-49) [ 1158.121585][ T7678] Bluetooth: hci1: command 0x1001 tx timeout [ 1158.127803][T17400] Bluetooth: hci1: sending frame failed (-49) [ 1160.041570][ T7678] Bluetooth: hci0: command 0x1009 tx timeout [ 1160.201559][T21835] Bluetooth: hci1: command 0x1009 tx timeout 09:16:10 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x4020940d, &(0x7f0000000080)) 09:16:10 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in6={0xa, 0x4e23, 0x2, @ipv4={[], [], @rand_addr=0x4}, 0x40}, 0x80, &(0x7f0000007f80)=[{&(0x7f0000000300)="758cc6f9171618", 0x7}], 0x1}, 0x800) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20\x00', 0x101000, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000001880)={@dev, @multicast2, 0x0}, &(0x7f00000018c0)=0xffffffffffffff12) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000001900)={@rand_addr="1b2d3fc7cc394f7d96ffd41c96d59685", @remote, @loopback, 0x8000, 0x0, 0x9d3, 0x100, 0x0, 0x400000, r2}) lsetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@random={'system.', '\x00'}, &(0x7f0000000280)='\x00', 0x1, 0x1) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:16:10 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x3, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:10 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:10 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x100000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x7, 0x200001) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0x10) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$KDADDIO(r1, 0x4b34, 0x101) ioctl$TIOCSSERIAL(r0, 0x541f, &(0x7f00000001c0)={0x5d, 0x4, 0x7ff, 0x5, 0x3c, 0x85, 0x1, 0x1, 0x2, 0x1, 0x4, 0x856, 0xfffffffffffeffff, 0x4, &(0x7f0000000140)=""/103, 0x8, 0x4, 0x401}) [ 1164.117358][T21895] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1164.164047][T21902] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1164.177294][T21895] CPU: 1 PID: 21895 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1164.187093][T21895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1164.197242][T21895] Call Trace: [ 1164.200644][T21895] dump_stack+0x172/0x1f0 [ 1164.205175][T21895] warn_alloc.cold+0x87/0x17f [ 1164.209870][T21895] ? zone_watermark_ok_safe+0x260/0x260 [ 1164.215512][T21895] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1164.221169][T21895] __vmalloc_node_range+0x48a/0x790 [ 1164.226455][T21895] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1164.231828][T21895] ? kmem_cache_alloc_trace+0x354/0x760 [ 1164.237381][T21895] ? vb2_vmalloc_alloc+0xca/0x280 [ 1164.242417][T21895] vmalloc_user+0x6b/0x90 [ 1164.246760][T21895] ? vb2_vmalloc_alloc+0xca/0x280 [ 1164.251805][T21895] vb2_vmalloc_alloc+0xca/0x280 [ 1164.256654][T21895] ? __vb2_queue_alloc+0xf5/0xf40 [ 1164.261682][T21895] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1164.267491][T21895] __vb2_queue_alloc+0x5a6/0xf40 [ 1164.272446][T21895] vb2_core_create_bufs+0x2bc/0x790 [ 1164.277647][T21895] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1164.283017][T21895] ? __vb2_queue_alloc+0xf40/0xf40 [ 1164.288150][T21895] ? lock_acquire+0x16f/0x3f0 [ 1164.292828][T21895] ? __video_do_ioctl+0x398/0xce0 [ 1164.297849][T21895] ? __lock_acquire+0x548/0x3fb0 [ 1164.302801][T21895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.309399][T21895] vb2_create_bufs+0x472/0x7d0 [ 1164.314158][T21895] ? vb2_request_queue+0x120/0x120 [ 1164.314174][T21895] ? __lock_acquire+0x548/0x3fb0 [ 1164.314190][T21895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.314205][T21895] ? debug_smp_processor_id+0x3c/0x280 [ 1164.314225][T21895] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1164.341115][T21895] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1164.346673][T21895] v4l_create_bufs+0xc0/0x180 [ 1164.351350][T21895] __video_do_ioctl+0x7f1/0xce0 [ 1164.356208][T21895] ? v4l_s_fmt+0xab0/0xab0 [ 1164.360634][T21895] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1164.367132][T21895] ? _copy_from_user+0xdd/0x150 [ 1164.371995][T21895] video_usercopy+0x4c5/0x10d0 [ 1164.376776][T21895] ? v4l_s_fmt+0xab0/0xab0 [ 1164.381208][T21895] ? v4l_enumstd+0x70/0x70 [ 1164.385655][T21895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.391902][T21895] ? tomoyo_path_number_perm+0x263/0x520 [ 1164.397544][T21895] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1164.403370][T21895] ? video_usercopy+0x10d0/0x10d0 [ 1164.408402][T21895] video_ioctl2+0x2d/0x35 [ 1164.412739][T21895] v4l2_ioctl+0x156/0x1b0 [ 1164.417070][T21895] ? video_devdata+0xa0/0xa0 [ 1164.421663][T21895] do_vfs_ioctl+0xd6e/0x1390 [ 1164.426256][T21895] ? ioctl_preallocate+0x210/0x210 [ 1164.431361][T21895] ? __fget+0x381/0x550 [ 1164.435528][T21895] ? ksys_dup3+0x3e0/0x3e0 [ 1164.441166][T21895] ? nsecs_to_jiffies+0x30/0x30 [ 1164.446033][T21895] ? tomoyo_file_ioctl+0x23/0x30 [ 1164.450981][T21895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.457231][T21895] ? security_file_ioctl+0x93/0xc0 [ 1164.462354][T21895] ksys_ioctl+0xab/0xd0 [ 1164.466512][T21895] __x64_sys_ioctl+0x73/0xb0 [ 1164.471119][T21895] do_syscall_64+0x103/0x670 [ 1164.475720][T21895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1164.481617][T21895] RIP: 0033:0x458c29 [ 1164.485512][T21895] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1164.505134][T21895] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 09:16:11 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000200)=0x0) syz_open_procfs(r1, &(0x7f0000000240)='net/bnep\x00') bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:16:11 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x4, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:11 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x80045432, &(0x7f0000000080)) 09:16:11 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x101ffe, 0x0) ioctl$SIOCX25SFACILITIES(r1, 0x89e3, &(0x7f00000001c0)={0x4a, 0x9, 0x20b, 0xf, 0x5, 0x81}) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) [ 1164.513546][T21895] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1164.522057][T21895] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1164.530035][T21895] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1164.538013][T21895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1164.546094][T21895] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1164.601128][T21902] CPU: 0 PID: 21902 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1164.609034][T21895] warn_alloc_show_mem: 1 callbacks suppressed [ 1164.609039][T21895] Mem-Info: [ 1164.610303][T21902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1164.610309][T21902] Call Trace: [ 1164.610334][T21902] dump_stack+0x172/0x1f0 [ 1164.610358][T21902] warn_alloc.cold+0x87/0x17f [ 1164.610374][T21902] ? zone_watermark_ok_safe+0x260/0x260 [ 1164.610394][T21902] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1164.616724][T21895] active_anon:255555 inactive_anon:200 isolated_anon:0 [ 1164.616724][T21895] active_file:8232 inactive_file:41002 isolated_file:0 [ 1164.616724][T21895] unevictable:0 dirty:249 writeback:0 unstable:0 [ 1164.616724][T21895] slab_reclaimable:13997 slab_unreclaimable:116046 [ 1164.616724][T21895] mapped:58824 shmem:248 pagetables:7473 bounce:0 [ 1164.616724][T21895] free:1081139 free_pcp:390 free_cma:0 [ 1164.619564][T21902] __vmalloc_node_range+0x48a/0x790 [ 1164.619582][T21902] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1164.619602][T21902] ? kmem_cache_alloc_trace+0x354/0x760 [ 1164.619620][T21902] ? vb2_vmalloc_alloc+0xca/0x280 [ 1164.629939][T21895] Node 0 active_anon:1022220kB inactive_anon:800kB active_file:32792kB inactive_file:164008kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:996kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 598016kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1164.632931][T21902] vmalloc_user+0x6b/0x90 09:16:11 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x5, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1164.632949][T21902] ? vb2_vmalloc_alloc+0xca/0x280 [ 1164.632965][T21902] vb2_vmalloc_alloc+0xca/0x280 [ 1164.632979][T21902] ? __vb2_queue_alloc+0xf5/0xf40 [ 1164.632998][T21902] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1164.633010][T21902] __vb2_queue_alloc+0x5a6/0xf40 [ 1164.633041][T21902] vb2_core_create_bufs+0x2bc/0x790 [ 1164.637549][T21895] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1164.642611][T21902] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1164.642626][T21902] ? __vb2_queue_alloc+0xf40/0xf40 [ 1164.642642][T21902] ? lock_acquire+0x16f/0x3f0 [ 1164.642661][T21902] ? __video_do_ioctl+0x398/0xce0 [ 1164.642675][T21902] ? __lock_acquire+0x548/0x3fb0 [ 1164.642695][T21902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.642713][T21902] vb2_create_bufs+0x472/0x7d0 [ 1164.648426][T21895] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1164.653999][T21902] ? vb2_request_queue+0x120/0x120 [ 1164.654015][T21902] ? __lock_acquire+0x548/0x3fb0 [ 1164.654033][T21902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.654048][T21902] ? debug_smp_processor_id+0x3c/0x280 [ 1164.654068][T21902] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1164.654087][T21902] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1164.694159][T21895] lowmem_reserve[]: 0 2553 2555 2555 [ 1164.699045][T21902] v4l_create_bufs+0xc0/0x180 [ 1164.699067][T21902] __video_do_ioctl+0x7f1/0xce0 [ 1164.699093][T21902] ? v4l_s_fmt+0xab0/0xab0 [ 1164.699113][T21902] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1164.699131][T21902] ? _copy_from_user+0xdd/0x150 [ 1164.705319][T21895] Node 0 DMA32 free:518564kB min:36232kB low:45288kB high:54344kB active_anon:1022220kB inactive_anon:800kB active_file:32792kB inactive_file:164008kB unevictable:0kB writepending:996kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15456kB pagetables:29892kB bounce:0kB free_pcp:1560kB local_pcp:944kB free_cma:0kB [ 1164.710615][T21902] video_usercopy+0x4c5/0x10d0 [ 1164.710632][T21902] ? v4l_s_fmt+0xab0/0xab0 [ 1164.710655][T21902] ? v4l_enumstd+0x70/0x70 [ 1164.710671][T21902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.710684][T21902] ? tomoyo_path_number_perm+0x263/0x520 [ 1164.710703][T21902] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1164.716039][T21895] lowmem_reserve[]: 0 0 2 2 09:16:11 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) r1 = syz_open_dev$sndpcmc(&(0x7f0000000200)='/dev/snd/pcmC#D#c\x00', 0x7, 0x40000) setsockopt$packet_buf(r1, 0x107, 0x6, &(0x7f0000000240)="aa98696181bca8ddfa3613dd3d1d815374e5cb3d0f2de8df5838310a09c77a4488bb832dd4f105d4f2a1279de75024005bc210c6036b96e256c431e37375e8ded7ab24233877a6d5a216443303a866ad91b844a45f67a0c86289b2e00ef36376fd1f469d58328a0573aea0f7b7c5ccdec0f38e3e4ddede7bc49cbd44435f287555d99114884b400b39911e8e512d2634adde02077b4b44b99c1305e69f1c01e06a5fc868b5a9a8b7a70812339c873ad1228b304e374af7761f49752037406ef0a0c2ed5893182244f91ba839cc74c3e1425de37e8c80d02a09bf8b2c4ed9c06a0b96017e551f35048fa495e570fb47758a26a509c5ee5324", 0xf8) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) openat$zero(0xffffffffffffff9c, &(0x7f0000000440)='/dev/zero\x00', 0x200000, 0x0) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000340)={{0xffffffffffffffff, 0x3, 0x800, 0x3, 0x3}, 0x6, 0x5f, 'id0\x00', 'timer0\x00', 0x0, 0x8, 0xeb, 0x6, 0x4}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:16:11 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x6, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1164.744789][T21902] ? video_usercopy+0x10d0/0x10d0 [ 1164.744805][T21902] video_ioctl2+0x2d/0x35 [ 1164.744823][T21902] v4l2_ioctl+0x156/0x1b0 [ 1164.744837][T21902] ? video_devdata+0xa0/0xa0 [ 1164.744855][T21902] do_vfs_ioctl+0xd6e/0x1390 [ 1164.744879][T21902] ? ioctl_preallocate+0x210/0x210 [ 1164.749423][T21895] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1164.754195][T21902] ? __fget+0x381/0x550 [ 1164.754224][T21902] ? ksys_dup3+0x3e0/0x3e0 [ 1164.754242][T21902] ? nsecs_to_jiffies+0x30/0x30 [ 1164.754265][T21902] ? tomoyo_file_ioctl+0x23/0x30 [ 1164.754281][T21902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1164.754300][T21902] ? security_file_ioctl+0x93/0xc0 [ 1164.759314][T21895] lowmem_reserve[]: 0 0 0 0 [ 1164.764139][T21902] ksys_ioctl+0xab/0xd0 [ 1164.764161][T21902] __x64_sys_ioctl+0x73/0xb0 [ 1164.764181][T21902] do_syscall_64+0x103/0x670 [ 1164.764206][T21902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1164.764218][T21902] RIP: 0033:0x458c29 [ 1164.764236][T21902] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1164.770168][T21895] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1164.774934][T21902] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1164.774949][T21902] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1164.774958][T21902] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1164.774967][T21902] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1164.774976][T21902] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1164.774986][T21902] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1164.816562][T21895] lowmem_reserve[]: 0 0 0 0 [ 1164.824887][T21895] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1164.844701][T21895] Node 0 DMA32: 706*4kB (UE) 125*8kB (UME) 5*16kB (U) 277*32kB (UME) 378*64kB (UME) 20*128kB (UME) 4*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 2*2048kB (UE) 114*4096kB (UM) = 515680kB [ 1164.877054][T21895] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1164.888181][T21895] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1165.008187][T21937] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1165.060036][T21940] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1165.124249][T21940] CPU: 1 PID: 21940 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1165.165588][T21940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1165.165596][T21940] Call Trace: [ 1165.165621][T21940] dump_stack+0x172/0x1f0 [ 1165.165642][T21940] warn_alloc.cold+0x87/0x17f [ 1165.165656][T21940] ? zone_watermark_ok_safe+0x260/0x260 [ 1165.165670][T21940] ? fs_reclaim_acquire.part.0+0x30/0x30 09:16:11 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:11 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x13) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) unshare(0x10400) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1165.165710][T21940] __vmalloc_node_range+0x48a/0x790 [ 1165.165733][T21940] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1165.165751][T21940] ? kmem_cache_alloc_trace+0x354/0x760 [ 1165.165764][T21940] ? vb2_vmalloc_alloc+0xca/0x280 [ 1165.165780][T21940] vmalloc_user+0x6b/0x90 [ 1165.165795][T21940] ? vb2_vmalloc_alloc+0xca/0x280 [ 1165.165813][T21940] vb2_vmalloc_alloc+0xca/0x280 [ 1165.182180][T21940] ? __vb2_queue_alloc+0xf5/0xf40 [ 1165.182202][T21940] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1165.182213][T21940] __vb2_queue_alloc+0x5a6/0xf40 [ 1165.182243][T21940] vb2_core_create_bufs+0x2bc/0x790 [ 1165.182261][T21940] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1165.182275][T21940] ? __vb2_queue_alloc+0xf40/0xf40 [ 1165.182294][T21940] ? lock_acquire+0x16f/0x3f0 [ 1165.198224][T21940] ? __video_do_ioctl+0x398/0xce0 [ 1165.198241][T21940] ? __lock_acquire+0x548/0x3fb0 [ 1165.198262][T21940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.198280][T21940] vb2_create_bufs+0x472/0x7d0 [ 1165.198297][T21940] ? vb2_request_queue+0x120/0x120 [ 1165.198309][T21940] ? __lock_acquire+0x548/0x3fb0 [ 1165.198324][T21940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.198340][T21940] ? debug_smp_processor_id+0x3c/0x280 [ 1165.198360][T21940] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1165.198377][T21940] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1165.198396][T21940] v4l_create_bufs+0xc0/0x180 [ 1165.214335][T21940] __video_do_ioctl+0x7f1/0xce0 [ 1165.214359][T21940] ? v4l_s_fmt+0xab0/0xab0 [ 1165.214381][T21940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1165.214396][T21940] ? _copy_from_user+0xdd/0x150 [ 1165.214417][T21940] video_usercopy+0x4c5/0x10d0 [ 1165.214438][T21940] ? v4l_s_fmt+0xab0/0xab0 [ 1165.233148][T21940] ? v4l_enumstd+0x70/0x70 [ 1165.233164][T21940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.233181][T21940] ? tomoyo_path_number_perm+0x263/0x520 [ 1165.233197][T21940] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1165.233224][T21940] ? video_usercopy+0x10d0/0x10d0 [ 1165.233238][T21940] video_ioctl2+0x2d/0x35 [ 1165.233252][T21940] v4l2_ioctl+0x156/0x1b0 [ 1165.233265][T21940] ? video_devdata+0xa0/0xa0 [ 1165.233283][T21940] do_vfs_ioctl+0xd6e/0x1390 [ 1165.233302][T21940] ? ioctl_preallocate+0x210/0x210 [ 1165.233322][T21940] ? __fget+0x381/0x550 [ 1165.263251][T21940] ? ksys_dup3+0x3e0/0x3e0 [ 1165.263269][T21940] ? nsecs_to_jiffies+0x30/0x30 [ 1165.263290][T21940] ? tomoyo_file_ioctl+0x23/0x30 [ 1165.263305][T21940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.263320][T21940] ? security_file_ioctl+0x93/0xc0 [ 1165.263339][T21940] ksys_ioctl+0xab/0xd0 [ 1165.263358][T21940] __x64_sys_ioctl+0x73/0xb0 [ 1165.263374][T21940] do_syscall_64+0x103/0x670 [ 1165.263396][T21940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1165.294769][T21940] RIP: 0033:0x458c29 [ 1165.294784][T21940] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1165.294792][T21940] RSP: 002b:00007fa60ca0fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1165.294805][T21940] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 09:16:12 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x7, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1165.294812][T21940] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1165.294820][T21940] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 1165.294828][T21940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca106d4 [ 1165.294837][T21940] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1165.372525][T21937] CPU: 0 PID: 21937 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1165.378640][T21937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1165.378647][T21937] Call Trace: [ 1165.378669][T21937] dump_stack+0x172/0x1f0 [ 1165.378692][T21937] warn_alloc.cold+0x87/0x17f [ 1165.378713][T21937] ? zone_watermark_ok_safe+0x260/0x260 [ 1165.378733][T21937] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1165.392622][T17349] Bluetooth: hci1: sending frame failed (-49) [ 1165.393657][T21937] __vmalloc_node_range+0x48a/0x790 [ 1165.408887][T21895] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1165.409901][T21937] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1165.430236][T21937] ? kmem_cache_alloc_trace+0x354/0x760 [ 1165.430254][T21937] ? vb2_vmalloc_alloc+0xca/0x280 [ 1165.430274][T21937] vmalloc_user+0x6b/0x90 [ 1165.441421][T21937] ? vb2_vmalloc_alloc+0xca/0x280 [ 1165.441439][T21937] vb2_vmalloc_alloc+0xca/0x280 [ 1165.441451][T21937] ? __vb2_queue_alloc+0xf5/0xf40 [ 1165.441468][T21937] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1165.441480][T21937] __vb2_queue_alloc+0x5a6/0xf40 [ 1165.441508][T21937] vb2_core_create_bufs+0x2bc/0x790 [ 1165.460850][T21895] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1165.462599][T21937] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1165.462614][T21937] ? __vb2_queue_alloc+0xf40/0xf40 [ 1165.462631][T21937] ? lock_acquire+0x16f/0x3f0 [ 1165.462650][T21937] ? __video_do_ioctl+0x398/0xce0 [ 1165.462664][T21937] ? __lock_acquire+0x548/0x3fb0 [ 1165.462691][T21937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.473282][T21937] vb2_create_bufs+0x472/0x7d0 [ 1165.473303][T21937] ? vb2_request_queue+0x120/0x120 [ 1165.473319][T21937] ? __lock_acquire+0x548/0x3fb0 [ 1165.473334][T21937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.473354][T21937] ? debug_smp_processor_id+0x3c/0x280 [ 1165.483549][T21937] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1165.483567][T21937] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1165.483586][T21937] v4l_create_bufs+0xc0/0x180 [ 1165.483606][T21937] __video_do_ioctl+0x7f1/0xce0 [ 1165.483628][T21937] ? v4l_s_fmt+0xab0/0xab0 [ 1165.483650][T21937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1165.499226][T21937] ? _copy_from_user+0xdd/0x150 [ 1165.514596][T21937] video_usercopy+0x4c5/0x10d0 [ 1165.514614][T21937] ? v4l_s_fmt+0xab0/0xab0 [ 1165.514638][T21937] ? v4l_enumstd+0x70/0x70 [ 1165.514654][T21937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.514675][T21937] ? tomoyo_path_number_perm+0x263/0x520 [ 1165.519200][T21895] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1165.525305][T21937] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1165.525337][T21937] ? video_usercopy+0x10d0/0x10d0 [ 1165.525352][T21937] video_ioctl2+0x2d/0x35 [ 1165.525371][T21937] v4l2_ioctl+0x156/0x1b0 [ 1165.536767][T21937] ? video_devdata+0xa0/0xa0 [ 1165.536789][T21937] do_vfs_ioctl+0xd6e/0x1390 [ 1165.536812][T21937] ? ioctl_preallocate+0x210/0x210 [ 1165.546118][T21937] ? __fget+0x381/0x550 [ 1165.546143][T21937] ? ksys_dup3+0x3e0/0x3e0 [ 1165.546163][T21937] ? nsecs_to_jiffies+0x30/0x30 [ 1165.546187][T21937] ? tomoyo_file_ioctl+0x23/0x30 [ 1165.550586][T21895] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1165.555051][T21937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.555067][T21937] ? security_file_ioctl+0x93/0xc0 [ 1165.555088][T21937] ksys_ioctl+0xab/0xd0 [ 1165.555107][T21937] __x64_sys_ioctl+0x73/0xb0 [ 1165.555128][T21937] do_syscall_64+0x103/0x670 [ 1165.565400][T21895] 49479 total pagecache pages [ 1165.568932][T21937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1165.568944][T21937] RIP: 0033:0x458c29 [ 1165.568960][T21937] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1165.568967][T21937] RSP: 002b:00007f53a9435c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1165.573547][T21895] 0 pages in swap cache [ 1165.578197][T21937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1165.578206][T21937] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1165.578215][T21937] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1165.578225][T21937] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94366d4 [ 1165.578234][T21937] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1165.683214][T21964] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1165.714296][T21964] CPU: 0 PID: 21964 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1165.720718][T21964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1165.720725][T21964] Call Trace: [ 1165.720750][T21964] dump_stack+0x172/0x1f0 [ 1165.720776][T21964] warn_alloc.cold+0x87/0x17f [ 1165.732789][T21937] warn_alloc_show_mem: 2 callbacks suppressed [ 1165.732794][T21937] Mem-Info: [ 1165.737994][T21964] ? zone_watermark_ok_safe+0x260/0x260 [ 1165.738015][T21964] ? kmem_cache_alloc_trace+0x5a4/0x760 [ 1165.738055][T21964] __vmalloc_node_range+0x48a/0x790 [ 1165.743426][T21937] active_anon:255597 inactive_anon:201 isolated_anon:0 [ 1165.743426][T21937] active_file:8233 inactive_file:41020 isolated_file:0 [ 1165.743426][T21937] unevictable:0 dirty:273 writeback:0 unstable:0 [ 1165.743426][T21937] slab_reclaimable:14011 slab_unreclaimable:116460 [ 1165.743426][T21937] mapped:58824 shmem:248 pagetables:7432 bounce:0 [ 1165.743426][T21937] free:1080691 free_pcp:448 free_cma:0 [ 1165.752873][T21964] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1165.752894][T21964] ? kmem_cache_alloc_trace+0x354/0x760 [ 1165.752910][T21964] ? vb2_vmalloc_alloc+0xca/0x280 [ 1165.752931][T21964] vmalloc_user+0x6b/0x90 [ 1165.758026][T21937] Node 0 active_anon:1022388kB inactive_anon:804kB active_file:32796kB inactive_file:164080kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:1092kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1165.763456][T21964] ? vb2_vmalloc_alloc+0xca/0x280 [ 1165.763473][T21964] vb2_vmalloc_alloc+0xca/0x280 [ 1165.763485][T21964] ? __vb2_queue_alloc+0xf5/0xf40 [ 1165.763500][T21964] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1165.763516][T21964] __vb2_queue_alloc+0x5a6/0xf40 [ 1165.768609][T21937] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1165.772841][T21964] vb2_core_create_bufs+0x2bc/0x790 [ 1165.772860][T21964] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1165.772877][T21964] ? __vb2_queue_alloc+0xf40/0xf40 [ 1165.777976][T21937] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1165.782742][T21964] ? lock_acquire+0x16f/0x3f0 [ 1165.782760][T21964] ? __video_do_ioctl+0x398/0xce0 [ 1165.782774][T21964] ? __lock_acquire+0x548/0x3fb0 [ 1165.782799][T21964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.787858][T21937] lowmem_reserve[]: 0 2553 2555 2555 [ 1165.793582][T21964] vb2_create_bufs+0x472/0x7d0 [ 1165.793602][T21964] ? vb2_request_queue+0x120/0x120 [ 1165.793617][T21964] ? __lock_acquire+0x548/0x3fb0 [ 1165.793635][T21964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.798620][T21937] Node 0 DMA32 free:516772kB min:36232kB low:45288kB high:54344kB active_anon:1022388kB inactive_anon:804kB active_file:32796kB inactive_file:164080kB unevictable:0kB writepending:1092kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15360kB pagetables:29728kB bounce:0kB free_pcp:1792kB local_pcp:984kB free_cma:0kB [ 1165.803817][T21964] ? debug_smp_processor_id+0x3c/0x280 [ 1165.803840][T21964] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1165.803858][T21964] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1165.803877][T21964] v4l_create_bufs+0xc0/0x180 [ 1165.813216][T21937] lowmem_reserve[]: 0 0 2 2 [ 1165.818483][T21964] __video_do_ioctl+0x7f1/0xce0 [ 1165.818507][T21964] ? v4l_s_fmt+0xab0/0xab0 [ 1165.818528][T21964] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1165.823724][T21937] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1165.828276][T21964] ? _copy_from_user+0xdd/0x150 [ 1165.828299][T21964] video_usercopy+0x4c5/0x10d0 [ 1165.828317][T21964] ? v4l_s_fmt+0xab0/0xab0 [ 1165.833396][T21937] lowmem_reserve[]: 0 0 0 0 [ 1165.838235][T21964] ? v4l_enumstd+0x70/0x70 [ 1165.838250][T21964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.838269][T21964] ? tomoyo_path_number_perm+0x263/0x520 [ 1165.844756][T21937] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1165.849421][T21964] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1165.849457][T21964] ? video_usercopy+0x10d0/0x10d0 [ 1165.854620][T21937] lowmem_reserve[]: 0 0 0 0 [ 1165.859447][T21964] video_ioctl2+0x2d/0x35 [ 1165.859464][T21964] v4l2_ioctl+0x156/0x1b0 [ 1165.859483][T21964] ? video_devdata+0xa0/0xa0 [ 1165.865780][T21937] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1165.871153][T21964] do_vfs_ioctl+0xd6e/0x1390 [ 1165.871174][T21964] ? ioctl_preallocate+0x210/0x210 [ 1165.871193][T21964] ? __fget+0x381/0x550 [ 1165.876274][T21937] Node 0 DMA32: 707*4kB (UME) 149*8kB (UME) 0*16kB 265*32kB (ME) 377*64kB (ME) 19*128kB (ME) 4*256kB (ME) 3*512kB (ME) 2*1024kB (ME) 3*2048kB (UME) 114*4096kB (UM) = 516756kB [ 1165.881729][T21964] ? ksys_dup3+0x3e0/0x3e0 [ 1165.881746][T21964] ? nsecs_to_jiffies+0x30/0x30 [ 1165.881766][T21964] ? tomoyo_file_ioctl+0x23/0x30 [ 1165.881785][T21964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.886499][T21937] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1165.891269][T21964] ? security_file_ioctl+0x93/0xc0 [ 1165.891289][T21964] ksys_ioctl+0xab/0xd0 [ 1165.891310][T21964] __x64_sys_ioctl+0x73/0xb0 [ 1165.895786][T21937] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1165.902184][T21964] do_syscall_64+0x103/0x670 [ 1165.902205][T21964] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1165.902218][T21964] RIP: 0033:0x458c29 [ 1165.902236][T21964] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1165.907130][T21937] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1165.911789][T21964] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1165.911803][T21964] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1165.911813][T21964] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1165.911821][T21964] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1165.911830][T21964] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1165.911838][T21964] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1165.921120][T21895] Swap cache stats: add 0, delete 0, find 0/0 [ 1165.940834][T21937] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1165.961119][T21895] Free swap = 0kB [ 1165.966096][T21937] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1165.967774][T21895] Total swap = 0kB [ 1165.972715][T21937] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1165.983748][T21895] 1965979 pages RAM [ 1165.987003][T21937] 49498 total pagecache pages 09:16:13 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x200000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:13 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x8, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:13 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x9, 0x400040) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="09000000000000009c0300000000000001010000000000009f0b00000000000001000080000000007b1601c0000000003ec600000003c3c18702000000000000040000000000000029080000000000000200000000000000fd0200000000000001000080000000000000000000000000ff7f0000000000005302000000000000c50000845b000000ff090040000000007f00000000000000"]) 09:16:13 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1165.991807][T21895] 0 pages HighMem/MovableOnly [ 1165.999438][T21937] 0 pages in swap cache [ 1166.007056][T21895] 339405 pages reserved [ 1166.015940][T21937] Swap cache stats: add 0, delete 0, find 0/0 [ 1166.018423][T21895] 0 pages cma reserved [ 1166.025459][T21937] Free swap = 0kB [ 1166.039446][T21937] Total swap = 0kB [ 1166.049215][T21937] 1965979 pages RAM [ 1166.895796][T21937] 0 pages HighMem/MovableOnly [ 1166.900571][T21937] 339405 pages reserved [ 1166.905210][T21937] 0 pages cma reserved [ 1166.952121][T21977] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1166.967192][T21977] CPU: 0 PID: 21977 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1166.976314][T21977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1166.986726][T21977] Call Trace: [ 1166.987724][T21980] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1166.990015][T21977] dump_stack+0x172/0x1f0 [ 1166.990039][T21977] warn_alloc.cold+0x87/0x17f [ 1166.990063][T21977] ? zone_watermark_ok_safe+0x260/0x260 [ 1167.018483][T21977] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1167.024125][T21977] __vmalloc_node_range+0x48a/0x790 [ 1167.029318][T21977] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1167.034340][T21977] ? kmem_cache_alloc_trace+0x354/0x760 [ 1167.039875][T21977] ? vb2_vmalloc_alloc+0xca/0x280 [ 1167.044888][T21977] vmalloc_user+0x6b/0x90 [ 1167.049205][T21977] ? vb2_vmalloc_alloc+0xca/0x280 [ 1167.054216][T21977] vb2_vmalloc_alloc+0xca/0x280 [ 1167.059056][T21977] ? __vb2_queue_alloc+0xf5/0xf40 [ 1167.064073][T21977] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1167.069863][T21977] __vb2_queue_alloc+0x5a6/0xf40 [ 1167.074804][T21977] vb2_core_create_bufs+0x2bc/0x790 [ 1167.079999][T21977] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1167.085361][T21977] ? __vb2_queue_alloc+0xf40/0xf40 [ 1167.090465][T21977] ? lock_acquire+0x16f/0x3f0 [ 1167.095133][T21977] ? __video_do_ioctl+0x398/0xce0 [ 1167.100153][T21977] ? __lock_acquire+0x548/0x3fb0 [ 1167.105091][T21977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.111330][T21977] vb2_create_bufs+0x472/0x7d0 [ 1167.116091][T21977] ? vb2_request_queue+0x120/0x120 [ 1167.121716][T21977] ? __lock_acquire+0x548/0x3fb0 [ 1167.126649][T21977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.132886][T21977] ? debug_smp_processor_id+0x3c/0x280 [ 1167.138432][T21977] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1167.143454][T21977] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1167.149003][T21977] v4l_create_bufs+0xc0/0x180 [ 1167.153766][T21977] __video_do_ioctl+0x7f1/0xce0 [ 1167.158624][T21977] ? v4l_s_fmt+0xab0/0xab0 [ 1167.163035][T21977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1167.169289][T21977] ? _copy_from_user+0xdd/0x150 [ 1167.174154][T21977] video_usercopy+0x4c5/0x10d0 [ 1167.178920][T21977] ? v4l_s_fmt+0xab0/0xab0 [ 1167.183327][T21977] ? v4l_enumstd+0x70/0x70 [ 1167.187729][T21977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.193959][T21977] ? tomoyo_path_number_perm+0x263/0x520 [ 1167.199580][T21977] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1167.205391][T21977] ? video_usercopy+0x10d0/0x10d0 [ 1167.210403][T21977] video_ioctl2+0x2d/0x35 [ 1167.214725][T21977] v4l2_ioctl+0x156/0x1b0 [ 1167.219065][T21977] ? video_devdata+0xa0/0xa0 [ 1167.223654][T21977] do_vfs_ioctl+0xd6e/0x1390 [ 1167.228239][T21977] ? ioctl_preallocate+0x210/0x210 [ 1167.233346][T21977] ? __fget+0x381/0x550 [ 1167.237501][T21977] ? ksys_dup3+0x3e0/0x3e0 [ 1167.241912][T21977] ? nsecs_to_jiffies+0x30/0x30 [ 1167.246766][T21977] ? tomoyo_file_ioctl+0x23/0x30 [ 1167.251693][T21977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.257920][T21977] ? security_file_ioctl+0x93/0xc0 [ 1167.263023][T21977] ksys_ioctl+0xab/0xd0 [ 1167.267170][T21977] __x64_sys_ioctl+0x73/0xb0 [ 1167.271756][T21977] do_syscall_64+0x103/0x670 [ 1167.276349][T21977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1167.282236][T21977] RIP: 0033:0x458c29 [ 1167.286127][T21977] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1167.305737][T21977] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1167.314145][T21977] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1167.322109][T21977] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1167.330065][T21977] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1167.338027][T21977] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1167.345986][T21977] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1167.354574][T21980] CPU: 1 PID: 21980 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1167.363684][T21980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1167.371986][T21977] warn_alloc_show_mem: 1 callbacks suppressed [ 1167.371990][T21977] Mem-Info: [ 1167.373720][T21980] Call Trace: [ 1167.373742][T21980] dump_stack+0x172/0x1f0 [ 1167.373762][T21980] warn_alloc.cold+0x87/0x17f [ 1167.373795][T21980] ? zone_watermark_ok_safe+0x260/0x260 [ 1167.373815][T21980] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1167.381649][T21977] active_anon:256159 inactive_anon:201 isolated_anon:0 [ 1167.381649][T21977] active_file:8233 inactive_file:41034 isolated_file:0 [ 1167.381649][T21977] unevictable:0 dirty:287 writeback:0 unstable:0 [ 1167.381649][T21977] slab_reclaimable:14015 slab_unreclaimable:116498 [ 1167.381649][T21977] mapped:58824 shmem:248 pagetables:7462 bounce:0 [ 1167.381649][T21977] free:1080046 free_pcp:452 free_cma:0 [ 1167.383002][T21980] __vmalloc_node_range+0x48a/0x790 [ 1167.383021][T21980] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1167.455588][T21980] ? kmem_cache_alloc_trace+0x354/0x760 [ 1167.461116][T21980] ? vb2_vmalloc_alloc+0xca/0x280 [ 1167.466116][T21980] vmalloc_user+0x6b/0x90 [ 1167.470432][T21980] ? vb2_vmalloc_alloc+0xca/0x280 [ 1167.475435][T21980] vb2_vmalloc_alloc+0xca/0x280 [ 1167.480264][T21980] ? __vb2_queue_alloc+0xf5/0xf40 [ 1167.485280][T21980] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1167.491062][T21980] __vb2_queue_alloc+0x5a6/0xf40 [ 1167.495992][T21980] vb2_core_create_bufs+0x2bc/0x790 [ 1167.501174][T21980] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1167.507971][T21980] ? __vb2_queue_alloc+0xf40/0xf40 [ 1167.513082][T21980] ? lock_acquire+0x16f/0x3f0 [ 1167.517750][T21980] ? __video_do_ioctl+0x398/0xce0 [ 1167.522921][T21980] ? __lock_acquire+0x548/0x3fb0 [ 1167.527849][T21980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.534068][T21980] vb2_create_bufs+0x472/0x7d0 [ 1167.538811][T21980] ? vb2_request_queue+0x120/0x120 [ 1167.543892][T21980] ? __lock_acquire+0x548/0x3fb0 [ 1167.548803][T21980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.555019][T21980] ? debug_smp_processor_id+0x3c/0x280 [ 1167.560458][T21980] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1167.565463][T21980] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1167.571073][T21980] v4l_create_bufs+0xc0/0x180 [ 1167.575729][T21980] __video_do_ioctl+0x7f1/0xce0 [ 1167.580559][T21980] ? v4l_s_fmt+0xab0/0xab0 [ 1167.585186][T21980] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1167.591947][T21980] ? _copy_from_user+0xdd/0x150 [ 1167.598178][T21980] video_usercopy+0x4c5/0x10d0 [ 1167.602920][T21980] ? v4l_s_fmt+0xab0/0xab0 [ 1167.607313][T21980] ? v4l_enumstd+0x70/0x70 [ 1167.611701][T21980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.617918][T21980] ? tomoyo_path_number_perm+0x263/0x520 [ 1167.623536][T21980] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1167.629340][T21980] ? video_usercopy+0x10d0/0x10d0 [ 1167.634337][T21980] video_ioctl2+0x2d/0x35 [ 1167.638645][T21980] v4l2_ioctl+0x156/0x1b0 [ 1167.642954][T21980] ? video_devdata+0xa0/0xa0 [ 1167.647527][T21980] do_vfs_ioctl+0xd6e/0x1390 [ 1167.652097][T21980] ? ioctl_preallocate+0x210/0x210 [ 1167.657189][T21980] ? __fget+0x381/0x550 [ 1167.661324][T21980] ? ksys_dup3+0x3e0/0x3e0 [ 1167.665727][T21980] ? nsecs_to_jiffies+0x30/0x30 [ 1167.672025][T21980] ? tomoyo_file_ioctl+0x23/0x30 [ 1167.676944][T21980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.683160][T21980] ? security_file_ioctl+0x93/0xc0 [ 1167.688267][T21980] ksys_ioctl+0xab/0xd0 [ 1167.692402][T21980] __x64_sys_ioctl+0x73/0xb0 [ 1167.696986][T21980] do_syscall_64+0x103/0x670 [ 1167.701564][T21980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1167.707605][T21980] RIP: 0033:0x458c29 [ 1167.711483][T21980] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1167.731155][T21980] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1167.740247][T21980] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1167.748197][T21980] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1167.756168][T21980] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1167.764118][T21980] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1167.772071][T21980] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1167.780408][T19050] Bluetooth: hci2: command 0x1003 tx timeout [ 1167.788921][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1167.795803][T21977] Node 0 active_anon:1024612kB inactive_anon:796kB active_file:32796kB inactive_file:164136kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:748kB writeback:500kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 602112kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1167.799774][ T7678] Bluetooth: hci0: command 0x1003 tx timeout [ 1167.844071][T21977] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1167.858641][ T7678] Bluetooth: hci1: command 0x1003 tx timeout [ 1167.870824][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1167.884486][T21443] Bluetooth: hci1: sending frame failed (-49) [ 1167.887399][T21991] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1167.890820][T21977] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1167.912208][T21991] CPU: 1 PID: 21991 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1167.932257][T21977] lowmem_reserve[]: 0 2553 2555 2555 [ 1167.940968][T21991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1167.940975][T21991] Call Trace: [ 1167.941002][T21991] dump_stack+0x172/0x1f0 [ 1167.941023][T21991] warn_alloc.cold+0x87/0x17f [ 1167.941040][T21991] ? zone_watermark_ok_safe+0x260/0x260 [ 1167.946497][T21977] Node 0 DMA32 free:515104kB min:36232kB low:45288kB high:54344kB active_anon:1024648kB inactive_anon:800kB active_file:32796kB inactive_file:164188kB unevictable:0kB writepending:712kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15392kB pagetables:29856kB bounce:0kB free_pcp:1736kB local_pcp:936kB free_cma:0kB [ 1167.956329][T21991] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1167.956367][T21991] __vmalloc_node_range+0x48a/0x790 [ 1167.956382][T21991] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1167.956401][T21991] ? kmem_cache_alloc_trace+0x354/0x760 [ 1167.956416][T21991] ? vb2_vmalloc_alloc+0xca/0x280 [ 1167.956435][T21991] vmalloc_user+0x6b/0x90 [ 1167.959811][T21977] lowmem_reserve[]: 0 0 2 2 [ 1167.963990][T21991] ? vb2_vmalloc_alloc+0xca/0x280 [ 1167.964005][T21991] vb2_vmalloc_alloc+0xca/0x280 [ 1167.964016][T21991] ? __vb2_queue_alloc+0xf5/0xf40 [ 1167.964033][T21991] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1167.964045][T21991] __vb2_queue_alloc+0x5a6/0xf40 [ 1167.964074][T21991] vb2_core_create_bufs+0x2bc/0x790 [ 1167.968784][T21977] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1167.974233][T21991] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1167.974246][T21991] ? __vb2_queue_alloc+0xf40/0xf40 [ 1167.974261][T21991] ? lock_acquire+0x16f/0x3f0 [ 1167.974276][T21991] ? __video_do_ioctl+0x398/0xce0 [ 1167.974288][T21991] ? __lock_acquire+0x548/0x3fb0 [ 1167.974306][T21991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.974322][T21991] vb2_create_bufs+0x472/0x7d0 [ 1167.974338][T21991] ? vb2_request_queue+0x120/0x120 [ 1167.974353][T21991] ? __lock_acquire+0x548/0x3fb0 [ 1168.005327][T21977] lowmem_reserve[]: 0 0 0 0 [ 1168.010741][T21991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1168.010757][T21991] ? debug_smp_processor_id+0x3c/0x280 [ 1168.010780][T21991] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1168.010798][T21991] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1168.016094][T21977] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1168.021496][T21991] v4l_create_bufs+0xc0/0x180 [ 1168.021517][T21991] __video_do_ioctl+0x7f1/0xce0 [ 1168.021546][T21991] ? v4l_s_fmt+0xab0/0xab0 [ 1168.021567][T21991] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1168.021583][T21991] ? _copy_from_user+0xdd/0x150 [ 1168.021605][T21991] video_usercopy+0x4c5/0x10d0 [ 1168.028295][T21977] lowmem_reserve[]: 0 0 0 0 [ 1168.033161][T21991] ? v4l_s_fmt+0xab0/0xab0 [ 1168.033183][T21991] ? v4l_enumstd+0x70/0x70 [ 1168.033197][T21991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1168.033213][T21991] ? tomoyo_path_number_perm+0x263/0x520 [ 1168.033232][T21991] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1168.033260][T21991] ? video_usercopy+0x10d0/0x10d0 [ 1168.037648][T21977] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1168.042047][T21991] video_ioctl2+0x2d/0x35 [ 1168.042065][T21991] v4l2_ioctl+0x156/0x1b0 [ 1168.042078][T21991] ? video_devdata+0xa0/0xa0 [ 1168.042098][T21991] do_vfs_ioctl+0xd6e/0x1390 [ 1168.042119][T21991] ? ioctl_preallocate+0x210/0x210 [ 1168.042136][T21991] ? __fget+0x381/0x550 [ 1168.042157][T21991] ? ksys_dup3+0x3e0/0x3e0 [ 1168.042175][T21991] ? nsecs_to_jiffies+0x30/0x30 [ 1168.047336][T21977] Node 0 DMA32: 644*4kB (UME) 235*8kB (UME) 3*16kB (U) 266*32kB (UME) 378*64kB (UME) 20*128kB (UME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (ME) 113*4096kB (UM) = 515160kB [ 1168.052022][T21991] ? tomoyo_file_ioctl+0x23/0x30 [ 1168.052038][T21991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1168.052054][T21991] ? security_file_ioctl+0x93/0xc0 [ 1168.052074][T21991] ksys_ioctl+0xab/0xd0 [ 1168.052096][T21991] __x64_sys_ioctl+0x73/0xb0 [ 1168.057184][T21977] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1168.062885][T21991] do_syscall_64+0x103/0x670 [ 1168.062906][T21991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1168.062918][T21991] RIP: 0033:0x458c29 [ 1168.062932][T21991] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1168.062940][T21991] RSP: 002b:00007f53a9456c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1168.062954][T21991] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1168.062963][T21991] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1168.062972][T21991] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1168.062980][T21991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94576d4 [ 1168.062993][T21991] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1168.068043][T21977] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1168.146393][T21977] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1168.163490][T21977] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1168.163503][T21977] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1168.163514][T21977] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1168.163520][T21977] 49525 total pagecache pages [ 1168.163543][T21977] 0 pages in swap cache [ 1168.163556][T21977] Swap cache stats: add 0, delete 0, find 0/0 [ 1168.529132][T21977] Free swap = 0kB [ 1168.534259][T21977] Total swap = 0kB [ 1168.537991][T21977] 1965979 pages RAM [ 1168.542179][T21977] 0 pages HighMem/MovableOnly [ 1168.546913][T21977] 339405 pages reserved [ 1168.551042][T21977] 0 pages cma reserved [ 1169.801586][T19050] Bluetooth: hci2: command 0x1001 tx timeout [ 1169.807690][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1169.961658][T19050] Bluetooth: hci0: command 0x1001 tx timeout [ 1169.970270][T19050] Bluetooth: hci1: command 0x1001 tx timeout [ 1169.970328][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1169.985145][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1171.881936][ T7678] Bluetooth: hci2: command 0x1009 tx timeout [ 1172.041583][ T7678] Bluetooth: hci1: command 0x1009 tx timeout [ 1172.047631][ T7678] Bluetooth: hci0: command 0x1009 tx timeout 09:16:22 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x80045440, &(0x7f0000000080)) 09:16:22 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000000)) 09:16:22 executing program 0: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x101000, 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="58000000daffffff02000000000000000600000000000000010000000000000000000006000000000200000000000000ffffffffffffffff13000000040000002b776c616e31766d6e6574312f6370757365740000000000"], 0x58) r1 = socket$inet(0x2, 0x1, 0x84) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f0000000200)="815f0000792a5b201e5ae5ef44bf68b1da7b94f2000078b2abfb1151fef72a75d34cf72b7eb7d5b1e5d0d9dd343c2060a63f87b56201d5f86fb0e87cddba319e1cb14c8db132ee1d2094669e081235a457285c21c12e7c000000", 0x5a}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:16:22 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x9, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:22 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x300000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:22 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:22 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xa, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1175.639942][T22001] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1175.666399][T22010] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1175.736771][T22010] CPU: 1 PID: 22010 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1175.746379][T22010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1175.756457][T22010] Call Trace: [ 1175.759787][T22010] dump_stack+0x172/0x1f0 [ 1175.764271][T22010] warn_alloc.cold+0x87/0x17f [ 1175.768997][T22010] ? zone_watermark_ok_safe+0x260/0x260 [ 1175.774614][T22010] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1175.780397][T22010] __vmalloc_node_range+0x48a/0x790 [ 1175.785737][T22010] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1175.791146][T22010] ? kmem_cache_alloc_trace+0x354/0x760 [ 1175.796984][T22010] ? vb2_vmalloc_alloc+0xca/0x280 [ 1175.802130][T22010] vmalloc_user+0x6b/0x90 [ 1175.806482][T22010] ? vb2_vmalloc_alloc+0xca/0x280 [ 1175.811533][T22010] vb2_vmalloc_alloc+0xca/0x280 [ 1175.816577][T22010] ? __vb2_queue_alloc+0xf5/0xf40 [ 1175.821634][T22010] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1175.827871][T22010] __vb2_queue_alloc+0x5a6/0xf40 [ 1175.833124][T22010] vb2_core_create_bufs+0x2bc/0x790 [ 1175.838427][T22010] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1175.843892][T22010] ? __vb2_queue_alloc+0xf40/0xf40 [ 1175.849203][T22010] ? lock_acquire+0x16f/0x3f0 [ 1175.854104][T22010] ? __video_do_ioctl+0x398/0xce0 [ 1175.859395][T22010] ? __lock_acquire+0x548/0x3fb0 [ 1175.864362][T22010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1175.868812][T22006] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1175.871173][T22010] vb2_create_bufs+0x472/0x7d0 [ 1175.871195][T22010] ? vb2_request_queue+0x120/0x120 [ 1175.871212][T22010] ? __lock_acquire+0x548/0x3fb0 [ 1175.871229][T22010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1175.871244][T22010] ? debug_smp_processor_id+0x3c/0x280 [ 1175.871264][T22010] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1175.919446][T22010] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1175.925366][T22010] v4l_create_bufs+0xc0/0x180 [ 1175.931799][T22010] __video_do_ioctl+0x7f1/0xce0 [ 1175.939524][T22010] ? v4l_s_fmt+0xab0/0xab0 [ 1175.946415][T22010] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1175.952856][T22010] ? _copy_from_user+0xdd/0x150 [ 1175.958136][T22010] video_usercopy+0x4c5/0x10d0 [ 1175.963364][T22010] ? v4l_s_fmt+0xab0/0xab0 [ 1175.968103][T22010] ? v4l_enumstd+0x70/0x70 [ 1175.972672][T22010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1175.979198][T22010] ? tomoyo_path_number_perm+0x263/0x520 09:16:22 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xb, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1175.984862][T22010] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1175.990830][T22010] ? video_usercopy+0x10d0/0x10d0 [ 1175.996310][T22010] video_ioctl2+0x2d/0x35 [ 1176.000682][T22010] v4l2_ioctl+0x156/0x1b0 [ 1176.005071][T22010] ? video_devdata+0xa0/0xa0 [ 1176.009701][T22010] do_vfs_ioctl+0xd6e/0x1390 [ 1176.014316][T22010] ? ioctl_preallocate+0x210/0x210 [ 1176.019441][T22010] ? __fget+0x381/0x550 [ 1176.019464][T22010] ? ksys_dup3+0x3e0/0x3e0 [ 1176.019482][T22010] ? nsecs_to_jiffies+0x30/0x30 [ 1176.019507][T22010] ? tomoyo_file_ioctl+0x23/0x30 [ 1176.028100][T22010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.045071][T22010] ? security_file_ioctl+0x93/0xc0 [ 1176.050507][T22010] ksys_ioctl+0xab/0xd0 [ 1176.054779][T22010] __x64_sys_ioctl+0x73/0xb0 [ 1176.059490][T22010] do_syscall_64+0x103/0x670 [ 1176.064114][T22010] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1176.070643][T22010] RIP: 0033:0x458c29 [ 1176.075409][T22010] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1176.095478][T22010] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1176.104268][T22010] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1176.112784][T22010] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1176.121159][T22010] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1176.129324][T22010] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 09:16:22 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xc, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:22 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000000)) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 09:16:22 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@loopback, @in=@local}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000300)=0xe8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1176.137392][T22010] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1176.184663][T22001] CPU: 0 PID: 22001 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1176.193525][T22010] warn_alloc_show_mem: 2 callbacks suppressed [ 1176.193530][T22010] Mem-Info: [ 1176.193952][T22001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1176.200482][T22010] active_anon:257284 inactive_anon:201 isolated_anon:0 [ 1176.200482][T22010] active_file:8234 inactive_file:41055 isolated_file:0 [ 1176.200482][T22010] unevictable:0 dirty:78 writeback:0 unstable:0 [ 1176.200482][T22010] slab_reclaimable:13979 slab_unreclaimable:116338 [ 1176.200482][T22010] mapped:58824 shmem:248 pagetables:7536 bounce:0 [ 1176.200482][T22010] free:1078391 free_pcp:406 free_cma:0 [ 1176.203330][T22001] Call Trace: [ 1176.203354][T22001] dump_stack+0x172/0x1f0 [ 1176.203375][T22001] warn_alloc.cold+0x87/0x17f [ 1176.203390][T22001] ? zone_watermark_ok_safe+0x260/0x260 [ 1176.203405][T22001] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1176.203439][T22001] __vmalloc_node_range+0x48a/0x790 [ 1176.203461][T22001] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1176.215153][T22010] Node 0 active_anon:1029136kB inactive_anon:804kB active_file:32800kB inactive_file:164220kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:312kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1176.251871][T22001] ? kmem_cache_alloc_trace+0x354/0x760 [ 1176.251889][T22001] ? vb2_vmalloc_alloc+0xca/0x280 [ 1176.251906][T22001] vmalloc_user+0x6b/0x90 [ 1176.251921][T22001] ? vb2_vmalloc_alloc+0xca/0x280 [ 1176.251935][T22001] vb2_vmalloc_alloc+0xca/0x280 [ 1176.251946][T22001] ? __vb2_queue_alloc+0xf5/0xf40 [ 1176.251962][T22001] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1176.251984][T22001] __vb2_queue_alloc+0x5a6/0xf40 [ 1176.255652][T22010] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1176.259997][T22001] vb2_core_create_bufs+0x2bc/0x790 [ 1176.260036][T22001] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1176.260049][T22001] ? __vb2_queue_alloc+0xf40/0xf40 [ 1176.260064][T22001] ? lock_acquire+0x16f/0x3f0 [ 1176.260084][T22001] ? __video_do_ioctl+0x398/0xce0 09:16:23 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xd, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1176.264932][T22010] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1176.270295][T22001] ? __lock_acquire+0x548/0x3fb0 [ 1176.270318][T22001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.270338][T22001] vb2_create_bufs+0x472/0x7d0 [ 1176.270357][T22001] ? vb2_request_queue+0x120/0x120 [ 1176.276169][T22010] lowmem_reserve[]: 0 2553 2555 2555 [ 1176.281368][T22001] ? __lock_acquire+0x548/0x3fb0 [ 1176.281384][T22001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.281399][T22001] ? debug_smp_processor_id+0x3c/0x280 [ 1176.281418][T22001] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1176.281437][T22001] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1176.286681][T22010] Node 0 DMA32 free:507572kB min:36232kB low:45288kB high:54344kB active_anon:1029136kB inactive_anon:804kB active_file:32800kB inactive_file:164220kB unevictable:0kB writepending:360kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15616kB pagetables:30144kB bounce:0kB free_pcp:1576kB local_pcp:764kB free_cma:0kB [ 1176.315645][T22001] v4l_create_bufs+0xc0/0x180 [ 1176.315664][T22001] __video_do_ioctl+0x7f1/0xce0 [ 1176.315688][T22001] ? v4l_s_fmt+0xab0/0xab0 [ 1176.315710][T22001] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1176.315725][T22001] ? _copy_from_user+0xdd/0x150 [ 1176.315745][T22001] video_usercopy+0x4c5/0x10d0 [ 1176.321599][T22010] lowmem_reserve[]: 0 0 2 2 [ 1176.326540][T22001] ? v4l_s_fmt+0xab0/0xab0 [ 1176.326561][T22001] ? v4l_enumstd+0x70/0x70 [ 1176.326575][T22001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.326595][T22001] ? tomoyo_path_number_perm+0x263/0x520 [ 1176.331250][T22010] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1176.336405][T22001] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1176.336436][T22001] ? video_usercopy+0x10d0/0x10d0 [ 1176.336451][T22001] video_ioctl2+0x2d/0x35 [ 1176.336476][T22001] v4l2_ioctl+0x156/0x1b0 [ 1176.341443][T22010] lowmem_reserve[]: 0 0 0 0 [ 1176.346329][T22001] ? video_devdata+0xa0/0xa0 [ 1176.346349][T22001] do_vfs_ioctl+0xd6e/0x1390 [ 1176.346376][T22001] ? ioctl_preallocate+0x210/0x210 [ 1176.352322][T22010] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1176.357116][T22001] ? __fget+0x381/0x550 [ 1176.357140][T22001] ? ksys_dup3+0x3e0/0x3e0 [ 1176.357156][T22001] ? nsecs_to_jiffies+0x30/0x30 [ 1176.357178][T22001] ? tomoyo_file_ioctl+0x23/0x30 [ 1176.384216][T22010] lowmem_reserve[]: 0 0 0 0 [ 1176.389218][T22001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.389235][T22001] ? security_file_ioctl+0x93/0xc0 [ 1176.389255][T22001] ksys_ioctl+0xab/0xd0 [ 1176.389276][T22001] __x64_sys_ioctl+0x73/0xb0 [ 1176.394972][T22010] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1176.400080][T22001] do_syscall_64+0x103/0x670 [ 1176.400101][T22001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1176.400113][T22001] RIP: 0033:0x458c29 [ 1176.400127][T22001] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1176.400140][T22001] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1176.405105][T22010] Node 0 DMA32: 581*4kB (UME) 114*8kB (UE) 17*16kB (UM) 253*32kB (UME) 379*64kB (UME) 19*128kB (ME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 2*2048kB (ME) 112*4096kB (UM) = 507540kB [ 1176.410073][T22001] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1176.410081][T22001] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1176.410088][T22001] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1176.410097][T22001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1176.410105][T22001] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1176.542126][T22006] CPU: 1 PID: 22006 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1176.565604][T22006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1176.565610][T22006] Call Trace: [ 1176.565634][T22006] dump_stack+0x172/0x1f0 [ 1176.565656][T22006] warn_alloc.cold+0x87/0x17f [ 1176.565671][T22006] ? zone_watermark_ok_safe+0x260/0x260 [ 1176.565687][T22006] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1176.565721][T22006] __vmalloc_node_range+0x48a/0x790 [ 1176.610108][T22006] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1176.610128][T22006] ? kmem_cache_alloc_trace+0x354/0x760 [ 1176.610142][T22006] ? vb2_vmalloc_alloc+0xca/0x280 [ 1176.610157][T22006] vmalloc_user+0x6b/0x90 [ 1176.610170][T22006] ? vb2_vmalloc_alloc+0xca/0x280 [ 1176.610184][T22006] vb2_vmalloc_alloc+0xca/0x280 [ 1176.610194][T22006] ? __vb2_queue_alloc+0xf5/0xf40 [ 1176.610209][T22006] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1176.610221][T22006] __vb2_queue_alloc+0x5a6/0xf40 [ 1176.610250][T22006] vb2_core_create_bufs+0x2bc/0x790 [ 1176.610264][T22006] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1176.610275][T22006] ? __vb2_queue_alloc+0xf40/0xf40 [ 1176.610288][T22006] ? lock_acquire+0x16f/0x3f0 [ 1176.610302][T22006] ? __video_do_ioctl+0x398/0xce0 [ 1176.610315][T22006] ? __lock_acquire+0x548/0x3fb0 [ 1176.610334][T22006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.610353][T22006] vb2_create_bufs+0x472/0x7d0 [ 1176.616711][T22010] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1176.622152][T22006] ? vb2_request_queue+0x120/0x120 [ 1176.622168][T22006] ? __lock_acquire+0x548/0x3fb0 [ 1176.622184][T22006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.622198][T22006] ? debug_smp_processor_id+0x3c/0x280 [ 1176.622218][T22006] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1176.622233][T22006] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1176.622250][T22006] v4l_create_bufs+0xc0/0x180 [ 1176.622276][T22006] __video_do_ioctl+0x7f1/0xce0 [ 1176.645401][T22010] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1176.650744][T22006] ? v4l_s_fmt+0xab0/0xab0 [ 1176.650769][T22006] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1176.650784][T22006] ? _copy_from_user+0xdd/0x150 [ 1176.650802][T22006] video_usercopy+0x4c5/0x10d0 [ 1176.650821][T22006] ? v4l_s_fmt+0xab0/0xab0 [ 1176.698356][T22006] ? v4l_enumstd+0x70/0x70 [ 1176.698373][T22006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.698388][T22006] ? tomoyo_path_number_perm+0x263/0x520 [ 1176.698407][T22006] ? debug_smp_processor_id+0x3c/0x280 [ 1176.707699][T22010] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1176.709230][T22006] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1176.709263][T22006] ? video_usercopy+0x10d0/0x10d0 [ 1176.709283][T22006] video_ioctl2+0x2d/0x35 [ 1176.717436][T22010] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1176.718712][T22006] v4l2_ioctl+0x156/0x1b0 [ 1176.718726][T22006] ? video_devdata+0xa0/0xa0 [ 1176.718752][T22006] do_vfs_ioctl+0xd6e/0x1390 [ 1176.718771][T22006] ? ioctl_preallocate+0x210/0x210 [ 1176.718789][T22006] ? kasan_check_read+0x11/0x20 [ 1176.737707][T22006] ? _copy_to_user+0xc9/0x120 [ 1176.737729][T22006] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1176.737744][T22006] ? put_timespec64+0xda/0x140 [ 1176.737757][T22006] ? nsecs_to_jiffies+0x30/0x30 [ 1176.737778][T22006] ? tomoyo_file_ioctl+0x23/0x30 [ 1176.737791][T22006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1176.737805][T22006] ? security_file_ioctl+0x93/0xc0 [ 1176.737824][T22006] ksys_ioctl+0xab/0xd0 [ 1176.737843][T22006] __x64_sys_ioctl+0x73/0xb0 [ 1176.737861][T22006] do_syscall_64+0x103/0x670 [ 1176.737883][T22006] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1176.749422][T22010] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1176.752559][T22006] RIP: 0033:0x458c29 [ 1176.752574][T22006] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1176.752582][T22006] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1176.752596][T22006] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1176.752604][T22006] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1176.752612][T22006] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1176.752620][T22006] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1176.752629][T22006] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1176.781648][T22010] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1176.830305][T22010] 49553 total pagecache pages [ 1176.905128][T22010] 0 pages in swap cache [ 1176.966555][T22010] Swap cache stats: add 0, delete 0, find 0/0 [ 1177.010294][T22010] Free swap = 0kB [ 1177.043363][T22010] Total swap = 0kB [ 1177.166623][T22010] 1965979 pages RAM [ 1177.339132][T22010] 0 pages HighMem/MovableOnly [ 1177.344242][T22010] 339405 pages reserved [ 1177.348534][T22010] 0 pages cma reserved [ 1177.721606][T21835] Bluetooth: hci0: command 0x1003 tx timeout [ 1177.728136][T17400] Bluetooth: hci0: sending frame failed (-49) [ 1179.321591][ T7678] Bluetooth: hci1: command 0x1003 tx timeout [ 1179.328035][T17400] Bluetooth: hci1: sending frame failed (-49) [ 1179.801624][ T7678] Bluetooth: hci0: command 0x1001 tx timeout [ 1179.808362][T17400] Bluetooth: hci0: sending frame failed (-49) [ 1181.401765][T21835] Bluetooth: hci1: command 0x1001 tx timeout [ 1181.407922][T17400] Bluetooth: hci1: sending frame failed (-49) [ 1181.881698][T21835] Bluetooth: hci0: command 0x1009 tx timeout [ 1183.481650][T21835] Bluetooth: hci1: command 0x1009 tx timeout 09:16:32 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f0000000080)) 09:16:32 executing program 0: r0 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xb6a, 0x301000) close(r0) r1 = socket$inet(0x2, 0x1, 0x81) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYBLOB="fa000000fd01dcee8a1e66a1c8041c8a2af0e76e9adf9db669202ad74ccec0283621b75ac3e57d9a21f3bd1f7aaa3ece203692892b3ed051e60af96273d276fa5cde74fe32ad549ea88b922f6e6bdd027b97312d3b386cc729d1acdbf854089196aab85e456daf035575dc113f301fc7dcfefe47775adad2354d1a47914d581fbc1cb2d929d1b3e9bdda91d370655a8245aa420994f49c47d0e1e4d0590c0f2a6dcb6606a93c39612a83df06d84a68d883435b24bcecd1f4b855752bbfc20dca2283a66a8f1fc00e7c80c9c4f2b875882b4e5e5f961f80597ed7653171d5fd83000b5aca8bfc5c618675eca4e4761ede372c8896a2ced21768c35b84d4b4f475bf06"], &(0x7f0000000400)=0x102) r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mkdir(0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r2, 0x0) read(r4, &(0x7f0000367fe4)=""/91, 0x275) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000080)={0x0, @aes128, 0x0, "de41c2136817a660"}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000580)={0x0, @in={{0x2, 0x4e20, @loopback}}, [0x24000000000, 0xfffffffffffffffe, 0xaa, 0x96a, 0x7, 0x9, 0x10001, 0x6, 0xa003, 0x1, 0x80000000, 0x275e, 0x6f5, 0x64, 0x2]}, &(0x7f0000000380)=0x100) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000002c0)={r5, @in={{0x2, 0x4e21, @rand_addr=0x8ee1}}}, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xdcaf, @mcast2, 0x80000000}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x2c) 09:16:32 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x400000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:32 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xe, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:32 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1185.830891][T22059] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1185.873846][T22066] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1185.881051][T22059] CPU: 1 PID: 22059 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1185.896889][T22059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1185.907027][T22059] Call Trace: [ 1185.910351][T22059] dump_stack+0x172/0x1f0 [ 1185.914783][T22059] warn_alloc.cold+0x87/0x17f [ 1185.919637][T22059] ? zone_watermark_ok_safe+0x260/0x260 [ 1185.925782][T22059] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1185.931439][T22059] __vmalloc_node_range+0x48a/0x790 [ 1185.936635][T22059] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1185.941659][T22059] ? kmem_cache_alloc_trace+0x354/0x760 [ 1185.947189][T22059] ? vb2_vmalloc_alloc+0xca/0x280 [ 1185.952204][T22059] vmalloc_user+0x6b/0x90 [ 1185.956516][T22059] ? vb2_vmalloc_alloc+0xca/0x280 [ 1185.961536][T22059] vb2_vmalloc_alloc+0xca/0x280 [ 1185.966371][T22059] ? __vb2_queue_alloc+0xf5/0xf40 [ 1185.971385][T22059] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1185.977172][T22059] __vb2_queue_alloc+0x5a6/0xf40 [ 1185.982107][T22059] vb2_core_create_bufs+0x2bc/0x790 [ 1185.987291][T22059] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1185.992649][T22059] ? __vb2_queue_alloc+0xf40/0xf40 [ 1185.997740][T22059] ? lock_acquire+0x16f/0x3f0 [ 1186.002404][T22059] ? __video_do_ioctl+0x398/0xce0 [ 1186.007414][T22059] ? __lock_acquire+0x548/0x3fb0 [ 1186.012336][T22059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.018559][T22059] vb2_create_bufs+0x472/0x7d0 [ 1186.023313][T22059] ? vb2_request_queue+0x120/0x120 [ 1186.028420][T22059] ? __lock_acquire+0x548/0x3fb0 [ 1186.033343][T22059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.039567][T22059] ? debug_smp_processor_id+0x3c/0x280 [ 1186.045010][T22059] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1186.050016][T22059] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1186.055546][T22059] v4l_create_bufs+0xc0/0x180 [ 1186.060429][T22059] __video_do_ioctl+0x7f1/0xce0 [ 1186.065272][T22059] ? v4l_s_fmt+0xab0/0xab0 [ 1186.069680][T22059] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1186.075904][T22059] ? _copy_from_user+0xdd/0x150 [ 1186.080750][T22059] video_usercopy+0x4c5/0x10d0 [ 1186.085493][T22059] ? v4l_s_fmt+0xab0/0xab0 [ 1186.089896][T22059] ? v4l_enumstd+0x70/0x70 [ 1186.094290][T22059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.100517][T22059] ? tomoyo_path_number_perm+0x263/0x520 [ 1186.106136][T22059] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1186.111939][T22059] ? video_usercopy+0x10d0/0x10d0 [ 1186.117030][T22059] video_ioctl2+0x2d/0x35 [ 1186.121392][T22059] v4l2_ioctl+0x156/0x1b0 [ 1186.125701][T22059] ? video_devdata+0xa0/0xa0 [ 1186.130273][T22059] do_vfs_ioctl+0xd6e/0x1390 [ 1186.134863][T22059] ? ioctl_preallocate+0x210/0x210 [ 1186.139954][T22059] ? __fget+0x381/0x550 [ 1186.144092][T22059] ? ksys_dup3+0x3e0/0x3e0 [ 1186.148499][T22059] ? nsecs_to_jiffies+0x30/0x30 [ 1186.153349][T22059] ? tomoyo_file_ioctl+0x23/0x30 [ 1186.158267][T22059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.164504][T22059] ? security_file_ioctl+0x93/0xc0 [ 1186.169600][T22059] ksys_ioctl+0xab/0xd0 [ 1186.173747][T22059] __x64_sys_ioctl+0x73/0xb0 [ 1186.178321][T22059] do_syscall_64+0x103/0x670 [ 1186.182905][T22059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1186.188783][T22059] RIP: 0033:0x458c29 [ 1186.192660][T22059] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1186.212252][T22059] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 09:16:32 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x10, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1186.220738][T22059] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1186.228702][T22059] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1186.236655][T22059] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1186.244630][T22059] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1186.252597][T22059] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1186.263474][T22059] warn_alloc_show_mem: 2 callbacks suppressed [ 1186.263480][T22059] Mem-Info: [ 1186.273349][T22059] active_anon:258379 inactive_anon:201 isolated_anon:0 [ 1186.273349][T22059] active_file:8236 inactive_file:41080 isolated_file:0 [ 1186.273349][T22059] unevictable:0 dirty:114 writeback:0 unstable:0 [ 1186.273349][T22059] slab_reclaimable:13983 slab_unreclaimable:116195 [ 1186.273349][T22059] mapped:58824 shmem:248 pagetables:7552 bounce:0 [ 1186.273349][T22059] free:1077885 free_pcp:463 free_cma:0 [ 1186.278125][T22066] CPU: 0 PID: 22066 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1186.321020][T22066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1186.331080][T22066] Call Trace: [ 1186.334387][T22066] dump_stack+0x172/0x1f0 [ 1186.338725][T22066] warn_alloc.cold+0x87/0x17f [ 1186.338790][T22059] Node 0 active_anon:1033600kB inactive_anon:804kB active_file:32808kB inactive_file:164320kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:456kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 604160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1186.343406][T22066] ? zone_watermark_ok_safe+0x260/0x260 [ 1186.343423][T22066] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1186.343468][T22066] __vmalloc_node_range+0x48a/0x790 [ 1186.343484][T22066] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1186.343502][T22066] ? kmem_cache_alloc_trace+0x354/0x760 [ 1186.343518][T22066] ? vb2_vmalloc_alloc+0xca/0x280 [ 1186.373477][T22059] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1186.378012][T22066] vmalloc_user+0x6b/0x90 [ 1186.378031][T22066] ? vb2_vmalloc_alloc+0xca/0x280 [ 1186.378049][T22066] vb2_vmalloc_alloc+0xca/0x280 [ 1186.444971][T22066] ? __vb2_queue_alloc+0xf5/0xf40 [ 1186.449999][T22066] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1186.455797][T22066] __vb2_queue_alloc+0x5a6/0xf40 [ 1186.460737][T22066] vb2_core_create_bufs+0x2bc/0x790 [ 1186.465925][T22066] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1186.471282][T22066] ? __vb2_queue_alloc+0xf40/0xf40 [ 1186.476385][T22066] ? lock_acquire+0x16f/0x3f0 [ 1186.481046][T22066] ? __video_do_ioctl+0x398/0xce0 [ 1186.486053][T22066] ? __lock_acquire+0x548/0x3fb0 [ 1186.490977][T22066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.497200][T22066] vb2_create_bufs+0x472/0x7d0 [ 1186.502284][T22066] ? vb2_request_queue+0x120/0x120 [ 1186.507384][T22066] ? __lock_acquire+0x548/0x3fb0 [ 1186.512305][T22066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.518534][T22066] ? debug_smp_processor_id+0x3c/0x280 [ 1186.523981][T22066] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1186.528992][T22066] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1186.534522][T22066] v4l_create_bufs+0xc0/0x180 [ 1186.539199][T22066] __video_do_ioctl+0x7f1/0xce0 [ 1186.544049][T22066] ? v4l_s_fmt+0xab0/0xab0 [ 1186.548455][T22066] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1186.554677][T22066] ? _copy_from_user+0xdd/0x150 [ 1186.559530][T22066] video_usercopy+0x4c5/0x10d0 [ 1186.564290][T22066] ? v4l_s_fmt+0xab0/0xab0 [ 1186.568690][T22066] ? v4l_enumstd+0x70/0x70 [ 1186.573085][T22066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.579304][T22066] ? tomoyo_path_number_perm+0x263/0x520 [ 1186.584917][T22066] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1186.590720][T22066] ? video_usercopy+0x10d0/0x10d0 [ 1186.595724][T22066] video_ioctl2+0x2d/0x35 [ 1186.600034][T22066] v4l2_ioctl+0x156/0x1b0 [ 1186.604346][T22066] ? video_devdata+0xa0/0xa0 [ 1186.608935][T22066] do_vfs_ioctl+0xd6e/0x1390 [ 1186.613528][T22066] ? ioctl_preallocate+0x210/0x210 [ 1186.618631][T22066] ? __fget+0x381/0x550 [ 1186.622779][T22066] ? ksys_dup3+0x3e0/0x3e0 [ 1186.627179][T22066] ? nsecs_to_jiffies+0x30/0x30 [ 1186.632022][T22066] ? tomoyo_file_ioctl+0x23/0x30 [ 1186.636957][T22066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.643182][T22066] ? security_file_ioctl+0x93/0xc0 [ 1186.648282][T22066] ksys_ioctl+0xab/0xd0 [ 1186.652429][T22066] __x64_sys_ioctl+0x73/0xb0 [ 1186.657009][T22066] do_syscall_64+0x103/0x670 [ 1186.661600][T22066] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1186.667483][T22066] RIP: 0033:0x458c29 [ 1186.671370][T22066] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1186.690955][T22066] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1186.699347][T22066] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1186.707310][T22066] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1186.715268][T22066] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 09:16:33 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x25, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1186.723233][T22066] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1186.731187][T22066] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1186.740730][T22059] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1186.769391][T22059] lowmem_reserve[]: 0 2553 2555 2555 [ 1186.796968][T22059] Node 0 DMA32 free:505524kB min:36232kB low:45288kB high:54344kB active_anon:1033548kB inactive_anon:804kB active_file:32808kB inactive_file:164336kB unevictable:0kB writepending:544kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15584kB pagetables:30380kB bounce:0kB free_pcp:1476kB local_pcp:656kB free_cma:0kB [ 1186.854315][T22059] lowmem_reserve[]: 0 0 2 2 [ 1186.859301][T22059] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1186.887461][T22059] lowmem_reserve[]: 0 0 0 0 09:16:33 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x63, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1186.892857][T22059] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1186.939318][T22059] lowmem_reserve[]: 0 0 0 0 09:16:33 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, 0x0, 0x0, 0x0, 0x300}, 0x0) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000200)={'eql\x00', 0x1}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1186.952427][T22059] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1186.980696][T22059] Node 0 DMA32: 580*4kB (UE) 69*8kB (UE) 15*16kB (U) 238*32kB (UME) 379*64kB (UME) 20*128kB (UME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (ME) 112*4096kB (UM) = 508840kB [ 1186.999974][T22059] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1187.013443][T22059] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1187.032573][T22059] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1187.042850][T22059] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1187.052793][T22059] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1187.067498][T22059] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1187.078560][T22059] 49574 total pagecache pages [ 1187.084877][T22059] 0 pages in swap cache [ 1187.089581][T22059] Swap cache stats: add 0, delete 0, find 0/0 [ 1187.096163][T22059] Free swap = 0kB [ 1187.100030][T22059] Total swap = 0kB [ 1187.104212][T22059] 1965979 pages RAM [ 1187.108156][T22059] 0 pages HighMem/MovableOnly [ 1187.113624][T22059] 339405 pages reserved [ 1187.117900][T22059] 0 pages cma reserved 09:16:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000000)={0x5, 0x80000000, 0xfffffffffffffffc, 0x100000000, 0x81}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 09:16:34 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:34 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x9d, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1187.786819][T22117] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1187.816632][T22117] CPU: 0 PID: 22117 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1187.825866][T22117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1187.836015][T22117] Call Trace: [ 1187.839310][T22117] dump_stack+0x172/0x1f0 [ 1187.843644][T22117] warn_alloc.cold+0x87/0x17f [ 1187.848327][T22117] ? zone_watermark_ok_safe+0x260/0x260 [ 1187.853870][T22117] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1187.859503][T22117] __vmalloc_node_range+0x48a/0x790 [ 1187.864786][T22117] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1187.869819][T22117] ? kmem_cache_alloc_trace+0x354/0x760 [ 1187.875368][T22117] ? vb2_vmalloc_alloc+0xca/0x280 [ 1187.880406][T22117] vmalloc_user+0x6b/0x90 [ 1187.881657][T21445] Bluetooth: hci0: command 0x1003 tx timeout [ 1187.885593][T22117] ? vb2_vmalloc_alloc+0xca/0x280 [ 1187.885611][T22117] vb2_vmalloc_alloc+0xca/0x280 [ 1187.885625][T22117] ? __vb2_queue_alloc+0xf5/0xf40 [ 1187.885644][T22117] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1187.896255][T17400] Bluetooth: hci0: sending frame failed (-49) [ 1187.896621][T22117] __vb2_queue_alloc+0x5a6/0xf40 [ 1187.896655][T22117] vb2_core_create_bufs+0x2bc/0x790 [ 1187.896674][T22117] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1187.934401][T22117] ? __vb2_queue_alloc+0xf40/0xf40 [ 1187.939502][T22117] ? lock_acquire+0x16f/0x3f0 [ 1187.944177][T22117] ? __video_do_ioctl+0x398/0xce0 [ 1187.949197][T22117] ? __lock_acquire+0x548/0x3fb0 [ 1187.954143][T22117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1187.960370][T22117] vb2_create_bufs+0x472/0x7d0 [ 1187.965139][T22117] ? vb2_request_queue+0x120/0x120 [ 1187.970257][T22117] ? __lock_acquire+0x548/0x3fb0 [ 1187.975201][T22117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1187.981423][T22117] ? debug_smp_processor_id+0x3c/0x280 [ 1187.986892][T22117] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1187.991918][T22117] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1187.997460][T22117] v4l_create_bufs+0xc0/0x180 [ 1188.002138][T22117] __video_do_ioctl+0x7f1/0xce0 [ 1188.007011][T22117] ? v4l_s_fmt+0xab0/0xab0 [ 1188.011437][T22117] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1188.017687][T22117] ? _copy_from_user+0xdd/0x150 [ 1188.022541][T22117] video_usercopy+0x4c5/0x10d0 [ 1188.027316][T22117] ? v4l_s_fmt+0xab0/0xab0 [ 1188.031740][T22117] ? v4l_enumstd+0x70/0x70 [ 1188.036172][T22117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1188.042403][T22117] ? tomoyo_path_number_perm+0x263/0x520 [ 1188.048043][T22117] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1188.053871][T22117] ? video_usercopy+0x10d0/0x10d0 [ 1188.058892][T22117] video_ioctl2+0x2d/0x35 [ 1188.063210][T22117] v4l2_ioctl+0x156/0x1b0 [ 1188.067529][T22117] ? video_devdata+0xa0/0xa0 [ 1188.072204][T22117] do_vfs_ioctl+0xd6e/0x1390 [ 1188.076978][T22117] ? ioctl_preallocate+0x210/0x210 [ 1188.082104][T22117] ? __fget+0x381/0x550 [ 1188.086279][T22117] ? ksys_dup3+0x3e0/0x3e0 [ 1188.090698][T22117] ? nsecs_to_jiffies+0x30/0x30 [ 1188.095555][T22117] ? tomoyo_file_ioctl+0x23/0x30 [ 1188.100485][T22117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1188.106707][T22117] ? security_file_ioctl+0x93/0xc0 [ 1188.111820][T22117] ksys_ioctl+0xab/0xd0 [ 1188.115987][T22117] __x64_sys_ioctl+0x73/0xb0 [ 1188.120603][T22117] do_syscall_64+0x103/0x670 [ 1188.125209][T22117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1188.131277][T22117] RIP: 0033:0x458c29 [ 1188.135182][T22117] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1188.154795][T22117] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1188.163227][T22117] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1188.171198][T22117] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1188.179184][T22117] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1188.187174][T22117] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1188.195149][T22117] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1188.203581][T22117] warn_alloc_show_mem: 1 callbacks suppressed [ 1188.203585][T22117] Mem-Info: [ 1188.213037][T22117] active_anon:257874 inactive_anon:201 isolated_anon:0 [ 1188.213037][T22117] active_file:8237 inactive_file:41097 isolated_file:0 [ 1188.213037][T22117] unevictable:0 dirty:141 writeback:0 unstable:0 [ 1188.213037][T22117] slab_reclaimable:13985 slab_unreclaimable:116570 [ 1188.213037][T22117] mapped:58824 shmem:248 pagetables:7542 bounce:0 [ 1188.213037][T22117] free:1078012 free_pcp:528 free_cma:0 [ 1188.251402][T22117] Node 0 active_anon:1031496kB inactive_anon:804kB active_file:32812kB inactive_file:164388kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:564kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 606208kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1188.280888][T22117] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1188.307601][T22117] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1188.334688][T22117] lowmem_reserve[]: 0 2553 2555 2555 [ 1188.340012][T22117] Node 0 DMA32 free:506056kB min:36232kB low:45288kB high:54344kB active_anon:1031496kB inactive_anon:804kB active_file:32812kB inactive_file:164388kB unevictable:0kB writepending:564kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15456kB pagetables:30168kB bounce:0kB free_pcp:2104kB local_pcp:1176kB free_cma:0kB [ 1188.371080][T22117] lowmem_reserve[]: 0 0 2 2 [ 1188.375679][T22117] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1188.402577][T22117] lowmem_reserve[]: 0 0 0 0 [ 1188.407123][T22117] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1188.435758][T22117] lowmem_reserve[]: 0 0 0 0 [ 1188.440318][T22117] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1188.454844][T22117] Node 0 DMA32: 580*4kB (UE) 42*8kB (UE) 0*16kB 231*32kB (UME) 378*64kB (UME) 20*128kB (UME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 2*2048kB (ME) 112*4096kB (UM) = 506048kB [ 1188.472597][T22117] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1188.484886][T22117] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1188.502354][T22117] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1188.511977][T22117] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1188.521294][T22117] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1188.530981][T22117] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1188.540307][T22117] 49589 total pagecache pages [ 1188.545093][T22117] 0 pages in swap cache [ 1188.549271][T22117] Swap cache stats: add 0, delete 0, find 0/0 [ 1188.555381][T22117] Free swap = 0kB [ 1188.559106][T22117] Total swap = 0kB [ 1188.562933][T22117] 1965979 pages RAM [ 1188.566774][T22117] 0 pages HighMem/MovableOnly [ 1188.571869][T22117] 339405 pages reserved [ 1188.576049][T22117] 0 pages cma reserved [ 1189.881645][T21445] Bluetooth: hci1: command 0x1003 tx timeout [ 1189.887810][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1189.961574][T21445] Bluetooth: hci0: command 0x1001 tx timeout [ 1189.967675][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1190.601587][T21835] Bluetooth: hci2: command 0x1003 tx timeout [ 1190.607788][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1191.961607][T21835] Bluetooth: hci1: command 0x1001 tx timeout [ 1191.967687][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1192.041617][T21835] Bluetooth: hci0: command 0x1009 tx timeout [ 1192.681604][T21445] Bluetooth: hci2: command 0x1001 tx timeout [ 1192.687709][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1194.041690][T21445] Bluetooth: hci1: command 0x1009 tx timeout [ 1194.761596][T21835] Bluetooth: hci2: command 0x1009 tx timeout 09:16:42 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x500000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:42 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) getsockname(r0, &(0x7f0000000200)=@in6={0xa, 0x0, 0x0, @local}, &(0x7f0000000280)=0x80) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:16:42 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x300, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f0000000080)) 09:16:42 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1196.084317][T22126] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1196.101335][T22130] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1196.107597][T22126] CPU: 1 PID: 22126 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1196.124830][T22126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1196.135369][T22126] Call Trace: [ 1196.138668][T22126] dump_stack+0x172/0x1f0 [ 1196.143002][T22126] warn_alloc.cold+0x87/0x17f [ 1196.147678][T22126] ? zone_watermark_ok_safe+0x260/0x260 [ 1196.153228][T22126] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1196.158887][T22126] __vmalloc_node_range+0x48a/0x790 [ 1196.164089][T22126] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1196.169119][T22126] ? kmem_cache_alloc_trace+0x354/0x760 [ 1196.174668][T22126] ? vb2_vmalloc_alloc+0xca/0x280 [ 1196.179698][T22126] vmalloc_user+0x6b/0x90 [ 1196.184028][T22126] ? vb2_vmalloc_alloc+0xca/0x280 [ 1196.189046][T22126] vb2_vmalloc_alloc+0xca/0x280 [ 1196.193890][T22126] ? __vb2_queue_alloc+0xf5/0xf40 [ 1196.198922][T22126] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1196.204731][T22126] __vb2_queue_alloc+0x5a6/0xf40 [ 1196.209687][T22126] vb2_core_create_bufs+0x2bc/0x790 [ 1196.214894][T22126] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1196.220258][T22126] ? __vb2_queue_alloc+0xf40/0xf40 [ 1196.225362][T22126] ? lock_acquire+0x16f/0x3f0 [ 1196.230027][T22126] ? __video_do_ioctl+0x398/0xce0 [ 1196.235046][T22126] ? __lock_acquire+0x548/0x3fb0 [ 1196.239987][T22126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.246221][T22126] vb2_create_bufs+0x472/0x7d0 [ 1196.250985][T22126] ? vb2_request_queue+0x120/0x120 [ 1196.256090][T22126] ? __lock_acquire+0x548/0x3fb0 [ 1196.261022][T22126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.267254][T22126] ? debug_smp_processor_id+0x3c/0x280 [ 1196.272715][T22126] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1196.277752][T22126] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1196.283381][T22126] v4l_create_bufs+0xc0/0x180 [ 1196.288065][T22126] __video_do_ioctl+0x7f1/0xce0 [ 1196.292931][T22126] ? v4l_s_fmt+0xab0/0xab0 [ 1196.297352][T22126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1196.303591][T22126] ? _copy_from_user+0xdd/0x150 [ 1196.308448][T22126] video_usercopy+0x4c5/0x10d0 [ 1196.313208][T22126] ? v4l_s_fmt+0xab0/0xab0 [ 1196.317645][T22126] ? v4l_enumstd+0x70/0x70 [ 1196.322053][T22126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.328284][T22126] ? tomoyo_path_number_perm+0x263/0x520 [ 1196.333917][T22126] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1196.339819][T22126] ? video_usercopy+0x10d0/0x10d0 [ 1196.344854][T22126] video_ioctl2+0x2d/0x35 [ 1196.349181][T22126] v4l2_ioctl+0x156/0x1b0 [ 1196.353506][T22126] ? video_devdata+0xa0/0xa0 [ 1196.358092][T22126] do_vfs_ioctl+0xd6e/0x1390 [ 1196.362681][T22126] ? ioctl_preallocate+0x210/0x210 [ 1196.367815][T22126] ? __fget+0x381/0x550 [ 1196.371970][T22126] ? ksys_dup3+0x3e0/0x3e0 [ 1196.376382][T22126] ? nsecs_to_jiffies+0x30/0x30 [ 1196.381233][T22126] ? tomoyo_file_ioctl+0x23/0x30 [ 1196.386162][T22126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.392395][T22126] ? security_file_ioctl+0x93/0xc0 [ 1196.397512][T22126] ksys_ioctl+0xab/0xd0 [ 1196.401671][T22126] __x64_sys_ioctl+0x73/0xb0 [ 1196.406280][T22126] do_syscall_64+0x103/0x670 [ 1196.410869][T22126] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1196.416761][T22126] RIP: 0033:0x458c29 [ 1196.420653][T22126] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1196.440256][T22126] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1196.448672][T22126] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1196.456631][T22126] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1196.464594][T22126] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1196.472558][T22126] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1196.480518][T22126] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1196.488519][T22130] CPU: 0 PID: 22130 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1196.497621][T22130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1196.507662][T22130] Call Trace: [ 1196.510951][T22130] dump_stack+0x172/0x1f0 [ 1196.512877][T22126] Mem-Info: [ 1196.515334][T22130] warn_alloc.cold+0x87/0x17f [ 1196.515350][T22130] ? zone_watermark_ok_safe+0x260/0x260 [ 1196.515363][T22130] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1196.515395][T22130] __vmalloc_node_range+0x48a/0x790 [ 1196.523139][T22130] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1196.523159][T22130] ? kmem_cache_alloc_trace+0x354/0x760 [ 1196.523171][T22130] ? vb2_vmalloc_alloc+0xca/0x280 [ 1196.523192][T22130] vmalloc_user+0x6b/0x90 [ 1196.532181][T22126] active_anon:259459 inactive_anon:201 isolated_anon:0 [ 1196.532181][T22126] active_file:8238 inactive_file:41109 isolated_file:0 [ 1196.532181][T22126] unevictable:0 dirty:157 writeback:0 unstable:0 [ 1196.532181][T22126] slab_reclaimable:13960 slab_unreclaimable:116514 09:16:43 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x38e, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:43 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x7ffffff2, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1196.532181][T22126] mapped:58824 shmem:248 pagetables:7605 bounce:0 [ 1196.532181][T22126] free:1076397 free_pcp:428 free_cma:0 [ 1196.534313][T22130] ? vb2_vmalloc_alloc+0xca/0x280 [ 1196.534328][T22130] vb2_vmalloc_alloc+0xca/0x280 [ 1196.534343][T22130] ? __vb2_queue_alloc+0xf5/0xf40 [ 1196.544514][T22130] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1196.544530][T22130] __vb2_queue_alloc+0x5a6/0xf40 [ 1196.559021][T22126] Node 0 active_anon:1037836kB inactive_anon:804kB active_file:32816kB inactive_file:164436kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:628kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 608256kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1196.559354][T22130] vb2_core_create_bufs+0x2bc/0x790 [ 1196.657202][T22130] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1196.662581][T22130] ? __vb2_queue_alloc+0xf40/0xf40 [ 1196.667689][T22130] ? lock_acquire+0x16f/0x3f0 [ 1196.671344][T22126] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1196.672384][T22130] ? __video_do_ioctl+0x398/0xce0 [ 1196.672398][T22130] ? __lock_acquire+0x548/0x3fb0 [ 1196.672419][T22130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.672435][T22130] vb2_create_bufs+0x472/0x7d0 [ 1196.672450][T22130] ? vb2_request_queue+0x120/0x120 [ 1196.672462][T22130] ? __lock_acquire+0x548/0x3fb0 [ 1196.672478][T22130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.699387][T22126] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1196.704096][T22130] ? debug_smp_processor_id+0x3c/0x280 [ 1196.704119][T22130] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1196.704135][T22130] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1196.704150][T22130] v4l_create_bufs+0xc0/0x180 [ 1196.704168][T22130] __video_do_ioctl+0x7f1/0xce0 [ 1196.709185][T22126] lowmem_reserve[]: 0 2553 2555 2555 [ 1196.715299][T22130] ? v4l_s_fmt+0xab0/0xab0 [ 1196.715323][T22130] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1196.715339][T22130] ? _copy_from_user+0xdd/0x150 [ 1196.715358][T22130] video_usercopy+0x4c5/0x10d0 [ 1196.715372][T22130] ? v4l_s_fmt+0xab0/0xab0 [ 1196.715392][T22130] ? v4l_enumstd+0x70/0x70 [ 1196.720270][T22126] Node 0 DMA32 free:501388kB min:36232kB low:45288kB high:54344kB active_anon:1035740kB inactive_anon:804kB active_file:32816kB inactive_file:164436kB unevictable:0kB writepending:628kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15616kB pagetables:30420kB bounce:0kB free_pcp:2332kB local_pcp:1508kB free_cma:0kB [ 1196.725211][T22130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.725229][T22130] ? tomoyo_path_number_perm+0x263/0x520 [ 1196.725248][T22130] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1196.725277][T22130] ? video_usercopy+0x10d0/0x10d0 [ 1196.725295][T22130] video_ioctl2+0x2d/0x35 [ 1196.730315][T22126] lowmem_reserve[]: 0 0 2 2 09:16:43 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x7ffffff8, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:43 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)=0x0) ptrace$poke(0x5, r1, &(0x7f00000002c0), 0x3ff) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x2000, 0x0) socket$isdn(0x22, 0x3, 0x26) setsockopt$inet_tcp_int(r2, 0x6, 0x4, &(0x7f0000000240)=0x4, 0x4) ioctl$LOOP_SET_FD(r2, 0x4c00, r2) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1196.736423][T22130] v4l2_ioctl+0x156/0x1b0 [ 1196.736438][T22130] ? video_devdata+0xa0/0xa0 [ 1196.736458][T22130] do_vfs_ioctl+0xd6e/0x1390 [ 1196.736479][T22130] ? ioctl_preallocate+0x210/0x210 [ 1196.736494][T22130] ? __fget+0x381/0x550 [ 1196.736521][T22130] ? ksys_dup3+0x3e0/0x3e0 [ 1196.764372][T22126] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1196.768766][T22130] ? nsecs_to_jiffies+0x30/0x30 [ 1196.768791][T22130] ? tomoyo_file_ioctl+0x23/0x30 [ 1196.768813][T22130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.773975][T22126] lowmem_reserve[]: 0 0 0 0 [ 1196.779344][T22130] ? security_file_ioctl+0x93/0xc0 [ 1196.779365][T22130] ksys_ioctl+0xab/0xd0 [ 1196.779390][T22130] __x64_sys_ioctl+0x73/0xb0 [ 1196.784229][T22126] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1196.788870][T22130] do_syscall_64+0x103/0x670 [ 1196.788892][T22130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1196.788910][T22130] RIP: 0033:0x458c29 [ 1196.794307][T22126] lowmem_reserve[]: 0 0 0 0 [ 1196.798567][T22130] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1196.798576][T22130] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1196.798591][T22130] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1196.798600][T22130] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1196.798613][T22130] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1196.805007][T22126] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1196.810202][T22130] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1196.810211][T22130] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1196.855977][T22154] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1196.889940][T22160] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1196.957217][T22154] CPU: 0 PID: 22154 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1196.967455][T22126] Node 0 DMA32: 488*4kB (UE) 111*8kB (UME) 1*16kB (M) 225*32kB (UME) 378*64kB (UME) 20*128kB (UME) 4*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (ME) 111*4096kB (UM) = 501192kB [ 1196.970901][T22154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1196.970907][T22154] Call Trace: [ 1196.970932][T22154] dump_stack+0x172/0x1f0 [ 1196.970957][T22154] warn_alloc.cold+0x87/0x17f [ 1196.989344][T22126] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1197.003791][T22154] ? zone_watermark_ok_safe+0x260/0x260 [ 1197.003806][T22154] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1197.003837][T22154] __vmalloc_node_range+0x48a/0x790 [ 1197.003851][T22154] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1197.003867][T22154] ? kmem_cache_alloc_trace+0x354/0x760 [ 1197.003882][T22154] ? vb2_vmalloc_alloc+0xca/0x280 [ 1197.011196][T22126] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1197.014410][T22154] vmalloc_user+0x6b/0x90 [ 1197.014427][T22154] ? vb2_vmalloc_alloc+0xca/0x280 [ 1197.014440][T22154] vb2_vmalloc_alloc+0xca/0x280 [ 1197.014455][T22154] ? __vb2_queue_alloc+0xf5/0xf40 [ 1197.018369][T22126] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1197.022799][T22154] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1197.022823][T22154] __vb2_queue_alloc+0x5a6/0xf40 [ 1197.022851][T22154] vb2_core_create_bufs+0x2bc/0x790 [ 1197.022867][T22154] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1197.022878][T22154] ? __vb2_queue_alloc+0xf40/0xf40 [ 1197.022897][T22154] ? lock_acquire+0x16f/0x3f0 [ 1197.043231][T22126] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1197.050853][T22154] ? __video_do_ioctl+0x398/0xce0 [ 1197.050866][T22154] ? __lock_acquire+0x548/0x3fb0 [ 1197.050886][T22154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.058890][T22126] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1197.066772][T22154] vb2_create_bufs+0x472/0x7d0 [ 1197.066790][T22154] ? vb2_request_queue+0x120/0x120 [ 1197.066804][T22154] ? __lock_acquire+0x548/0x3fb0 [ 1197.066820][T22154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.066838][T22154] ? debug_smp_processor_id+0x3c/0x280 [ 1197.074869][T22126] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1197.088980][T22154] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1197.088996][T22154] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1197.089012][T22154] v4l_create_bufs+0xc0/0x180 [ 1197.089034][T22154] __video_do_ioctl+0x7f1/0xce0 [ 1197.097297][T22126] 49607 total pagecache pages [ 1197.104925][T22154] ? v4l_s_fmt+0xab0/0xab0 [ 1197.104946][T22154] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1197.104959][T22154] ? _copy_from_user+0xdd/0x150 [ 1197.104977][T22154] video_usercopy+0x4c5/0x10d0 [ 1197.118920][T22126] 0 pages in swap cache [ 1197.132676][T22154] ? v4l_s_fmt+0xab0/0xab0 [ 1197.132704][T22154] ? v4l_enumstd+0x70/0x70 [ 1197.132717][T22154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.132733][T22154] ? tomoyo_path_number_perm+0x263/0x520 [ 1197.132751][T22154] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1197.144128][T22126] Swap cache stats: add 0, delete 0, find 0/0 [ 1197.159599][T22154] ? video_usercopy+0x10d0/0x10d0 [ 1197.159614][T22154] video_ioctl2+0x2d/0x35 [ 1197.159629][T22154] v4l2_ioctl+0x156/0x1b0 [ 1197.159639][T22154] ? video_devdata+0xa0/0xa0 [ 1197.159662][T22154] do_vfs_ioctl+0xd6e/0x1390 [ 1197.214652][T22126] Free swap = 0kB [ 1197.215350][T22154] ? ioctl_preallocate+0x210/0x210 [ 1197.227519][T22126] Total swap = 0kB [ 1197.243012][T22154] ? __fget+0x381/0x550 [ 1197.243036][T22154] ? ksys_dup3+0x3e0/0x3e0 [ 1197.243052][T22154] ? nsecs_to_jiffies+0x30/0x30 [ 1197.243075][T22154] ? tomoyo_file_ioctl+0x23/0x30 [ 1197.243089][T22154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.243103][T22154] ? security_file_ioctl+0x93/0xc0 [ 1197.243121][T22154] ksys_ioctl+0xab/0xd0 [ 1197.243145][T22154] __x64_sys_ioctl+0x73/0xb0 [ 1197.265861][T22126] 1965979 pages RAM [ 1197.271803][T22154] do_syscall_64+0x103/0x670 [ 1197.271825][T22154] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1197.271836][T22154] RIP: 0033:0x458c29 [ 1197.271852][T22154] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1197.284064][T22126] 0 pages HighMem/MovableOnly [ 1197.288577][T22154] RSP: 002b:00007f53a9456c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1197.288592][T22154] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1197.288607][T22154] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1197.305780][T22126] 339405 pages reserved [ 1197.312944][T22154] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1197.312954][T22154] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94576d4 [ 1197.312963][T22154] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1197.318938][T22160] CPU: 0 PID: 22160 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1197.338748][T22160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1197.353486][T22160] Call Trace: [ 1197.353509][T22160] dump_stack+0x172/0x1f0 [ 1197.353528][T22160] warn_alloc.cold+0x87/0x17f [ 1197.353544][T22160] ? zone_watermark_ok_safe+0x260/0x260 [ 1197.353559][T22160] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1197.353597][T22160] __vmalloc_node_range+0x48a/0x790 [ 1197.376361][T22126] 0 pages cma reserved [ 1197.379501][T22160] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1197.379526][T22160] ? kmem_cache_alloc_trace+0x354/0x760 [ 1197.432377][T22160] ? vb2_vmalloc_alloc+0xca/0x280 [ 1197.444204][T22160] vmalloc_user+0x6b/0x90 [ 1197.444220][T22160] ? vb2_vmalloc_alloc+0xca/0x280 [ 1197.444234][T22160] vb2_vmalloc_alloc+0xca/0x280 [ 1197.444247][T22160] ? __vb2_queue_alloc+0xf5/0xf40 [ 1197.444263][T22160] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1197.444276][T22160] __vb2_queue_alloc+0x5a6/0xf40 [ 1197.444308][T22160] vb2_core_create_bufs+0x2bc/0x790 [ 1197.444326][T22160] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1197.444343][T22160] ? __vb2_queue_alloc+0xf40/0xf40 [ 1197.478969][T22160] ? lock_acquire+0x16f/0x3f0 [ 1197.487766][T22160] ? __video_do_ioctl+0x398/0xce0 [ 1197.487786][T22160] ? __lock_acquire+0x548/0x3fb0 [ 1197.760722][T22160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.766973][T22160] vb2_create_bufs+0x472/0x7d0 [ 1197.771740][T22160] ? vb2_request_queue+0x120/0x120 [ 1197.776853][T22160] ? __lock_acquire+0x548/0x3fb0 [ 1197.781782][T22160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.787998][T22160] ? debug_smp_processor_id+0x3c/0x280 [ 1197.793535][T22160] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1197.798556][T22160] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1197.804088][T22160] v4l_create_bufs+0xc0/0x180 [ 1197.808767][T22160] __video_do_ioctl+0x7f1/0xce0 [ 1197.813617][T22160] ? v4l_s_fmt+0xab0/0xab0 [ 1197.818029][T22160] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1197.824244][T22160] ? _copy_from_user+0xdd/0x150 [ 1197.829076][T22160] video_usercopy+0x4c5/0x10d0 [ 1197.833833][T22160] ? v4l_s_fmt+0xab0/0xab0 [ 1197.838239][T22160] ? v4l_enumstd+0x70/0x70 [ 1197.842631][T22160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.848856][T22160] ? tomoyo_path_number_perm+0x263/0x520 [ 1197.854667][T22160] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1197.860469][T22160] ? video_usercopy+0x10d0/0x10d0 [ 1197.865469][T22160] video_ioctl2+0x2d/0x35 [ 1197.869783][T22160] v4l2_ioctl+0x156/0x1b0 [ 1197.874107][T22160] ? video_devdata+0xa0/0xa0 [ 1197.878685][T22160] do_vfs_ioctl+0xd6e/0x1390 [ 1197.883251][T22160] ? ioctl_preallocate+0x210/0x210 [ 1197.888335][T22160] ? __fget+0x381/0x550 [ 1197.892477][T22160] ? ksys_dup3+0x3e0/0x3e0 [ 1197.896874][T22160] ? nsecs_to_jiffies+0x30/0x30 [ 1197.901709][T22160] ? tomoyo_file_ioctl+0x23/0x30 [ 1197.906686][T22160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.912910][T22160] ? security_file_ioctl+0x93/0xc0 [ 1197.918006][T22160] ksys_ioctl+0xab/0xd0 [ 1197.922148][T22160] __x64_sys_ioctl+0x73/0xb0 [ 1197.926720][T22160] do_syscall_64+0x103/0x670 [ 1197.931290][T22160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1197.937157][T22160] RIP: 0033:0x458c29 [ 1197.941025][T22160] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1197.961772][T22160] RSP: 002b:00007fa60ca30c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1197.970190][T22160] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1197.970199][T22160] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1197.970207][T22160] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1197.970214][T22160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca316d4 [ 1197.970228][T22160] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1197.988343][T22160] warn_alloc_show_mem: 2 callbacks suppressed [ 1197.988347][T22160] Mem-Info: [ 1198.002345][T22160] active_anon:257910 inactive_anon:201 isolated_anon:0 [ 1198.002345][T22160] active_file:8239 inactive_file:41111 isolated_file:0 [ 1198.002345][T22160] unevictable:0 dirty:176 writeback:0 unstable:0 [ 1198.002345][T22160] slab_reclaimable:13974 slab_unreclaimable:116621 [ 1198.002345][T22160] mapped:58824 shmem:248 pagetables:7570 bounce:0 [ 1198.002345][T22160] free:1078002 free_pcp:452 free_cma:0 [ 1198.019555][T22160] Node 0 active_anon:1031640kB inactive_anon:804kB active_file:32820kB inactive_file:164444kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:704kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 612352kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1198.086866][T22160] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1198.113571][T22160] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1198.140453][T22160] lowmem_reserve[]: 0 2553 2555 2555 [ 1198.140472][T22160] Node 0 DMA32 free:506016kB min:36232kB low:45288kB high:54344kB active_anon:1031640kB inactive_anon:804kB active_file:32820kB inactive_file:164444kB unevictable:0kB writepending:704kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15424kB pagetables:30280kB bounce:0kB free_pcp:1808kB local_pcp:480kB free_cma:0kB [ 1198.140505][T22160] lowmem_reserve[]: 0 0 2 2 [ 1198.140522][T22160] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1198.140552][T22160] lowmem_reserve[]: 0 0 0 0 [ 1198.140569][T22160] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1198.140597][T22160] lowmem_reserve[]: 0 0 0 0 [ 1198.140614][T22160] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1198.176914][T22160] Node 0 DMA32: 572*4kB (UME) 233*8kB (UME) 3*16kB (UM) 225*32kB (UME) 378*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 2*2048kB (ME) 112*4096kB (UM) = 505992kB [ 1198.208105][T22160] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1198.240916][T22160] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1198.241003][T22160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1198.241013][T22160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1198.326250][T22160] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1198.337075][T22160] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1198.346464][T22160] 49607 total pagecache pages [ 1198.351156][T22160] 0 pages in swap cache [ 1198.355359][T22160] Swap cache stats: add 0, delete 0, find 0/0 [ 1198.361480][T22160] Free swap = 0kB [ 1198.365226][T22160] Total swap = 0kB [ 1198.368973][T22160] 1965979 pages RAM [ 1198.372881][T22160] 0 pages HighMem/MovableOnly [ 1198.377565][T22160] 339405 pages reserved [ 1198.381773][T22160] 0 pages cma reserved 09:16:45 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000140)=""/213) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) r1 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x6, 0x200000) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000400)={0x1, 'veth1_to_hsr\x00', 0x1}, 0x18) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) r2 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x3, 0x2) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00') openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/attr/exec\x00', 0x2, 0x0) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r3, 0x400, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0xd}, 0x1, 0x0, 0x0, 0x4044000}, 0x4000013) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000380)) 09:16:45 executing program 0: r0 = socket$inet(0x2, 0x4, 0x37bd) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000280)) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop-control\x00', 0x40, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vsock\x00', 0x200400, 0x0) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:16:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0xc0189436, &(0x7f0000000080)) 09:16:45 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x7ffffff9, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:45 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x600000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:45 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1198.648254][T22177] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1198.650374][T22176] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1198.686949][T22177] CPU: 1 PID: 22177 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1198.696125][T22177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1198.706183][T22177] Call Trace: [ 1198.709490][T22177] dump_stack+0x172/0x1f0 [ 1198.713834][T22177] warn_alloc.cold+0x87/0x17f [ 1198.718615][T22177] ? zone_watermark_ok_safe+0x260/0x260 [ 1198.724175][T22177] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1198.729818][T22177] __vmalloc_node_range+0x48a/0x790 [ 1198.735004][T22177] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1198.740014][T22177] ? kmem_cache_alloc_trace+0x354/0x760 [ 1198.745551][T22177] ? vb2_vmalloc_alloc+0xca/0x280 [ 1198.750569][T22177] vmalloc_user+0x6b/0x90 [ 1198.754897][T22177] ? vb2_vmalloc_alloc+0xca/0x280 [ 1198.759922][T22177] vb2_vmalloc_alloc+0xca/0x280 [ 1198.764763][T22177] ? __vb2_queue_alloc+0xf5/0xf40 [ 1198.769779][T22177] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1198.775574][T22177] __vb2_queue_alloc+0x5a6/0xf40 [ 1198.780522][T22177] vb2_core_create_bufs+0x2bc/0x790 [ 1198.785733][T22177] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1198.791104][T22177] ? __vb2_queue_alloc+0xf40/0xf40 [ 1198.796210][T22177] ? lock_acquire+0x16f/0x3f0 [ 1198.800882][T22177] ? __video_do_ioctl+0x398/0xce0 [ 1198.805899][T22177] ? __lock_acquire+0x548/0x3fb0 [ 1198.810838][T22177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1198.817076][T22177] vb2_create_bufs+0x472/0x7d0 [ 1198.821837][T22177] ? vb2_request_queue+0x120/0x120 [ 1198.826943][T22177] ? __lock_acquire+0x548/0x3fb0 [ 1198.831877][T22177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1198.838114][T22177] ? debug_smp_processor_id+0x3c/0x280 [ 1198.843601][T22177] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1198.848622][T22177] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1198.854166][T22177] v4l_create_bufs+0xc0/0x180 [ 1198.858851][T22177] __video_do_ioctl+0x7f1/0xce0 [ 1198.863723][T22177] ? v4l_s_fmt+0xab0/0xab0 [ 1198.868155][T22177] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1198.874408][T22177] ? _copy_from_user+0xdd/0x150 [ 1198.879258][T22177] video_usercopy+0x4c5/0x10d0 [ 1198.884016][T22177] ? v4l_s_fmt+0xab0/0xab0 [ 1198.888519][T22177] ? v4l_enumstd+0x70/0x70 [ 1198.892932][T22177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1198.899254][T22177] ? tomoyo_path_number_perm+0x263/0x520 [ 1198.904888][T22177] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1198.910709][T22177] ? video_usercopy+0x10d0/0x10d0 [ 1198.915744][T22177] video_ioctl2+0x2d/0x35 [ 1198.920070][T22177] v4l2_ioctl+0x156/0x1b0 [ 1198.924395][T22177] ? video_devdata+0xa0/0xa0 [ 1198.928981][T22177] do_vfs_ioctl+0xd6e/0x1390 [ 1198.933569][T22177] ? ioctl_preallocate+0x210/0x210 [ 1198.938679][T22177] ? __fget+0x381/0x550 [ 1198.942832][T22177] ? ksys_dup3+0x3e0/0x3e0 [ 1198.947241][T22177] ? nsecs_to_jiffies+0x30/0x30 [ 1198.952093][T22177] ? tomoyo_file_ioctl+0x23/0x30 [ 1198.957030][T22177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1198.963269][T22177] ? security_file_ioctl+0x93/0xc0 [ 1198.968377][T22177] ksys_ioctl+0xab/0xd0 [ 1198.972538][T22177] __x64_sys_ioctl+0x73/0xb0 [ 1198.977140][T22177] do_syscall_64+0x103/0x670 [ 1198.981728][T22177] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1198.987617][T22177] RIP: 0033:0x458c29 [ 1198.991512][T22177] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1199.015456][T22177] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1199.023865][T22177] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1199.031836][T22177] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1199.039801][T22177] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1199.047774][T22177] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1199.055744][T22177] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1199.063740][T22176] CPU: 0 PID: 22176 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1199.072858][T22176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.083001][T22176] Call Trace: [ 1199.083031][T22176] dump_stack+0x172/0x1f0 [ 1199.083052][T22176] warn_alloc.cold+0x87/0x17f [ 1199.083065][T22176] ? zone_watermark_ok_safe+0x260/0x260 [ 1199.083080][T22176] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1199.083116][T22176] __vmalloc_node_range+0x48a/0x790 [ 1199.083136][T22176] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1199.090750][T22176] ? kmem_cache_alloc_trace+0x354/0x760 [ 1199.090767][T22176] ? vb2_vmalloc_alloc+0xca/0x280 [ 1199.090785][T22176] vmalloc_user+0x6b/0x90 [ 1199.100998][T22176] ? vb2_vmalloc_alloc+0xca/0x280 [ 1199.101015][T22176] vb2_vmalloc_alloc+0xca/0x280 [ 1199.101037][T22176] ? __vb2_queue_alloc+0xf5/0xf40 [ 1199.111874][T22176] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1199.111887][T22176] __vb2_queue_alloc+0x5a6/0xf40 [ 1199.111916][T22176] vb2_core_create_bufs+0x2bc/0x790 [ 1199.111933][T22176] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1199.111945][T22176] ? __vb2_queue_alloc+0xf40/0xf40 [ 1199.111968][T22176] ? lock_acquire+0x16f/0x3f0 [ 1199.122954][T22176] ? __video_do_ioctl+0x398/0xce0 [ 1199.122971][T22176] ? __lock_acquire+0x548/0x3fb0 [ 1199.122995][T22176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.123016][T22176] vb2_create_bufs+0x472/0x7d0 09:16:45 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) sendto(r0, &(0x7f0000000200)="dfe1d4e2c9b7ab95583094e1398a02d130bf55dcdc8631b1825ce8800640d22d59e3c57ff7bfd73b475bd9147e02f0d656f0c5032438571a4add0069c12804546174eb2de6f1ff94f2eeb652eab382d560e87856775717b199b0a5d9aca3eabd38276ad3ee", 0x65, 0x20040080, &(0x7f0000000280)=@nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x400000}, 0x80) [ 1199.123037][T22176] ? vb2_request_queue+0x120/0x120 [ 1199.123050][T22176] ? __lock_acquire+0x548/0x3fb0 [ 1199.123069][T22176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.132757][T22176] ? debug_smp_processor_id+0x3c/0x280 [ 1199.132781][T22176] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1199.132799][T22176] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1199.132816][T22176] v4l_create_bufs+0xc0/0x180 [ 1199.132836][T22176] __video_do_ioctl+0x7f1/0xce0 [ 1199.132860][T22176] ? v4l_s_fmt+0xab0/0xab0 [ 1199.142213][T22177] Mem-Info: [ 1199.142702][T22176] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1199.149889][T22177] active_anon:259486 inactive_anon:201 isolated_anon:0 [ 1199.149889][T22177] active_file:8239 inactive_file:41139 isolated_file:0 [ 1199.149889][T22177] unevictable:0 dirty:108 writeback:0 unstable:0 [ 1199.149889][T22177] slab_reclaimable:13979 slab_unreclaimable:116676 [ 1199.149889][T22177] mapped:58824 shmem:248 pagetables:7631 bounce:0 [ 1199.149889][T22177] free:1076336 free_pcp:260 free_cma:0 [ 1199.153527][T22176] ? _copy_from_user+0xdd/0x150 09:16:45 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0xffffff1f, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:45 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x700000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1199.153552][T22176] video_usercopy+0x4c5/0x10d0 [ 1199.153578][T22176] ? v4l_s_fmt+0xab0/0xab0 [ 1199.153600][T22176] ? v4l_enumstd+0x70/0x70 [ 1199.153615][T22176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.153629][T22176] ? tomoyo_path_number_perm+0x263/0x520 [ 1199.153646][T22176] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1199.153674][T22176] ? video_usercopy+0x10d0/0x10d0 [ 1199.158819][T22177] Node 0 active_anon:1037944kB inactive_anon:804kB active_file:32820kB inactive_file:164556kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:432kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 606208kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1199.163769][T22176] video_ioctl2+0x2d/0x35 [ 1199.163786][T22176] v4l2_ioctl+0x156/0x1b0 [ 1199.163802][T22176] ? video_devdata+0xa0/0xa0 [ 1199.163823][T22176] do_vfs_ioctl+0xd6e/0x1390 [ 1199.163843][T22176] ? ioctl_preallocate+0x210/0x210 [ 1199.163858][T22176] ? __fget+0x381/0x550 [ 1199.163878][T22176] ? ksys_dup3+0x3e0/0x3e0 [ 1199.163892][T22176] ? nsecs_to_jiffies+0x30/0x30 [ 1199.163914][T22176] ? tomoyo_file_ioctl+0x23/0x30 [ 1199.169488][T22177] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1199.174346][T22176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.174364][T22176] ? security_file_ioctl+0x93/0xc0 [ 1199.174385][T22176] ksys_ioctl+0xab/0xd0 [ 1199.174406][T22176] __x64_sys_ioctl+0x73/0xb0 [ 1199.174426][T22176] do_syscall_64+0x103/0x670 [ 1199.174444][T22176] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1199.174455][T22176] RIP: 0033:0x458c29 [ 1199.174475][T22176] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1199.179360][T22177] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1199.184121][T22176] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1199.184135][T22176] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1199.184144][T22176] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1199.184153][T22176] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1199.184163][T22176] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1199.184172][T22176] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1199.256147][T22177] lowmem_reserve[]: 0 2553 2555 2555 [ 1199.305380][T22198] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1199.312685][T22198] CPU: 0 PID: 22198 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 09:16:46 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000280)={r1, @in6={{0xa, 0x4e22, 0xffffffffffffffc0, @empty, 0x7}}}, &(0x7f0000000340)=0x84) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={r1, @in={{0x2, 0x4e21, @loopback}}}, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000380)='/dev/radio#\x00', 0x1, 0x2) getsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f00000003c0)=@assoc_id=r2, &(0x7f0000000400)=0x4) [ 1199.326319][T22198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.326327][T22198] Call Trace: [ 1199.326353][T22198] dump_stack+0x172/0x1f0 [ 1199.326377][T22198] warn_alloc.cold+0x87/0x17f [ 1199.337201][T22198] ? zone_watermark_ok_safe+0x260/0x260 [ 1199.337221][T22198] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1199.337265][T22198] __vmalloc_node_range+0x48a/0x790 [ 1199.374911][T22198] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1199.374933][T22198] ? kmem_cache_alloc_trace+0x354/0x760 [ 1199.374951][T22198] ? vb2_vmalloc_alloc+0xca/0x280 [ 1199.379751][T22177] Node 0 DMA32 free:494224kB min:36232kB low:45288kB high:54344kB active_anon:1042280kB inactive_anon:804kB active_file:32820kB inactive_file:164556kB unevictable:0kB writepending:432kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15840kB pagetables:30672kB bounce:0kB free_pcp:964kB local_pcp:492kB free_cma:0kB [ 1199.384112][T22198] vmalloc_user+0x6b/0x90 [ 1199.384129][T22198] ? vb2_vmalloc_alloc+0xca/0x280 [ 1199.384145][T22198] vb2_vmalloc_alloc+0xca/0x280 [ 1199.384157][T22198] ? __vb2_queue_alloc+0xf5/0xf40 09:16:46 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:46 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0xffffffffffffff30) r1 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0xfff, 0x0) sendto$unix(r1, &(0x7f00000002c0)="0ca78c015f7085d75afdb2d811b331e81ee2ab17c840a9cf766454ced397958543e83e6dcdd24d046889f8df0e19846bbae23cf6147f73c98dacfbc8bbe2d9954eae1b40f73dfbbc10fb5ea5a8fe4a7449852d9a611adaca4748a44102c70d82bd52a5f9ef2eefbc81777ca2fce7fbfdf08de5c4e3b3e5f7e86659c69d8f2e844f12e6f5916be206", 0x88, 0x20000041, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e22}, 0x6e) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$rds(0x15, 0x5, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) getsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000240), &(0x7f0000000280)=0x4) sendmsg$kcm(r1, &(0x7f0000002d40)={&(0x7f0000000400)=@isdn={0x22, 0x8, 0x5, 0x3f, 0xffffffff}, 0x80, &(0x7f0000001840)=[{&(0x7f0000000480)="bf34fd0b3f78cea1a39862c926c1035371df96c17b465b356291594e603b9e6a32e32715e6cd88307ae71d30d218a473caeb14858efeeedd505642e034ce8d8d660c114d2964c4e74c452a98ca114724d6d53595ca4b1509b7eebacc25ea482f35e9c1eb10b78f852cd35ce72504f36278c74430f6bb3178d7c9e3d2ec9b6bca", 0x80}, {&(0x7f0000000500)="6d0e075b862431b7d55e01809f18402948630aee6fa9b6c89d9ce8aa62f987237e6497e1bafbf397429270", 0x2b}, {&(0x7f0000000540)="d39306b364b6be9019eaab97f85628e5ee65", 0x12}, {&(0x7f0000000580)="26b00ca48db46c9c32c14da15d3230c9e8811960c8db9fb8de5d30934f83c97b89845c1115b7a2f40b", 0x29}, {&(0x7f00000005c0)}, {&(0x7f0000000600)="8ca6a1dbdeaea8833f317bb23f4c5f3591810a0df6aa49aae80aba934788fb92631459942b47b8ad1b19cf22ef8f5f34a4f042b412d027df936c212baa35b5f8221e4a9320d421448994485b90bdb4cfe6fde9c771707cdc6da1b1", 0x5b}, {&(0x7f0000000680)="bfb6eb2689674cb440", 0x9}, {&(0x7f00000006c0)="92d85fc6791ed0ee51862ac9c4b90dc043d7448fbc46e64fb12465e69e50507305627f5252487d1ac2b693c55a452f2477718ef18add94deb683d60ac9888fea9f82c357f2880cd964d3fe859c34326ded4a", 0x52}, {&(0x7f0000000740)="50b19b4a43f4d2a65b16dc8a9b4ec9a786272e446b8ce1a68e708ea5d6002e5d5e4be537ab6a4a35b3b7107b477a3cbe4d0b932fc9bea1caa2ac3b9bafd68d3eb2b9380bfbd8b3129e9ef1fb411cab480f40838e0734a54c38b2c3808d9934deca18977ada18365289805f5a53c406c40add487ab471723dcdcd25eadf5e6fa7e9a425a587faab2f4ee8269fe7819207002280943b27708ffc7df7521d16530c37eb74a39f8c62b7e92fed60e54a7f4938858cca21ca16db010b17c4716f2041c07a0550e2e07829005877f326fe5a768acf16ca984296b9b7f4c43ef17705e050365a6b18f973fa29d3bd8a8483dc1b", 0xf0}, {&(0x7f0000000840)="2afcad6ed4dbd0b3c075b759223d9d1691538ecaaa877d61a3d70c2304a8e037c81da0dcf7aa4f795451e07ebf63b89f050d4e5fcd41f93a9095026d3d64b9d10a696340a837345729bb70c2a0c83b7a3de5925b3eb34c0e3423d254f1d5947433fe921b46836e5703cfd4235fadc5ff14a7f1df3d458edba86ef3ba8407f1c8a41f67cda3eebb42acfcb0f6378df35e62da7d4d11f5ac2b567d2fe13922732881b79db14e23599c5e874cdced94a6c45b72eacff4ce2df8aa916975899db8f6819a49d50ca0f3e980a86e4511ad4ddf21f66982c3f61bda39b301ce54e6b1bcba62b20757bc6c79a39d5cb45299a91aaaea6c63db424b3d1fceae2cd4c64e2021dd88755067ca840afe8e429307152be477b0ed75992e628c1f3b3178f22bee9dbb1c5384b848c038e867c96aebf8915b2e033e2c481d54dbd4a433c73c7d7a5698d3a9a4fd6671ac1f868d4bd1426f54e0732dc83721d3d9ed13624aada29f4e3b6a2f9070203a596d18c3a5a371deb727d039775d5ff9f251987caa86db096ba089976eadd333b1a89d5018cfed28740f699d815aff368926386f4442212228217c48efbe3048da2d0b6e94f25a7e245a6ab04fec1455de7b3395eb2e1734cb90183707a691ae8643c64840a23532d099d09c5e8dff4e3d45ae3250eff6c8939368a650911c05ba9723a8b8f90b5743b40de25540e30c61243064b475193d56d15afc5f593a9d5a3522bb63c03af1bfad403f5e80552b6a547ed87b1894e04dae8e8bef80b1f2d4fb407df1f2f87bd17d344653dc303ce73742dd533a01c2299ec4bcf5200d5b4553d98583fd97e9924f0ccdd277baf1f62ffca27cee4d6d6b024e480899ebe248904636a0e8c333f3dc0615b70dd2c41166901d6c85da39fb5703c8e3c6d6b44bd3d058df6225e116b9ff57d967e864c8b416dab4d1a1f792d84f11d5b5b128f2fae8d8377fbd5e08bb7cbbfb3ccd656bad82fc4428678e7cb775b033be431724b39f9243b12d2bdcbd70557d96813a1d79fd4a4f316bd9513866738a1ad0ab4aee3be5c0434e58a211e07a9bfcbc7283e9795cca2b218d0ee0655b05afdd4193ad011ef85b3975af41a14eca8d51e42fc3abab591bb7bc8b08834de0526ad6d3d8999085c9f7b5d6b63152820a5beaa5d5ca9563a3aeb3de83858c02c056d4d943eb9577fc54abac9602a0ff415d2c2af47fae4cd21db8c61bc55d359cfcc4ef84728fa9911a32e51cf0c4e136fc770284c1be29cbd761ef10308aceffce0bac782ffa0864173668fe962f11001ab288f00697945ddd7c7aea62a45440d995844f4161acf741f5d706051849f7898b15065d3385da1f0b9a73ea0d2c1c7627d2847128a0b5061eb64df0ed0e93b83669bc2f49191eba98cc6555de0250c933e2bac9151a3d5ae0e9bad6e8ce89515ad1835d7f27e16677791f59cf38cc4497a08e570e4f25aa46e87990b5471a04bbbdc743ed4c10900406c878a9f55c3bd828f50beb4e8e4e87555ca4e2dadfa0a71b810bea807b918b483f5c81e39e101582c87e828e6ffaf167ec66dbcce6cdb7f909a8a00a9039ab7d079362f939dfb7624cafe26e87c4dc66065b24dd8bc866186e5ceea73d7267e073a8df449228d0734301b3b02147a8df23568467ff3bb543ef5683340a2741d52cbb8b501e5c6005627589942c476fcb86b8341b0e31cfc580f1bd4ffa64adf8264e0db134d9d11b5b3cfd1c490d12e8a088a21afee1888d63a1deae7bef0276ba16d3b3e448040939140fac3fffd152cbbd2f46ebb592e8f8947ee7bb34ecb838ccab9d80b24354ba5c95ffe4406e32f6da550c0532b045228b9b36b6b427fd5e29c4748b32286e5c5a869e7a3b6cc2761df53f77965851263f5b1db9689fc0bcd02ffcab8aeb965767cb2dced4349c28b9f87da01193fefc2548aeb0fd09d2cd476b8aa9286165fa28a1fb4306e9ec1e555def4b1e0e7b0ef808fe254350e5e9533b7647619b3fb2ffe2b79ff2481e11c52ae9a07dcea63ed965565ed5252c64af5845bdd315f92f84cd7f89b5d3d8d7cdbbccad4a86548510c25cb2e40d8b90e4edd117d32153370f9a4f692c49c9e8ea3044adacdc55dd1965c8f3aafc23182a57a1e80a8e00bd5da942c5b257010cea27d4cd96d1f40fd0a96d89bb79bbb56f116f1f8039e2295a407528b10cf2bd5015a2260bc74ab1eee26f1ef0dae11d030671822c0434b74a2b513dd46a74ee4b38582dc19be59ea673a4591307d218541f4609aa79131b3c5a987799515a97a49eb94d055c6ef4d68fad94454d53f5f8f1c5c238b122560a746e58f7e58262838f868f64e528a8e774b18c480cb164c84bb92b23470387f946974cad99ac8acb2e1a17ef7c1d4a9d7f5d492a3b887a92a9c9f9b5009724c168d551503d1192407c3f1275cc1fa1cf8f5eb93433da6b39c6f5ac65add204687f49208e4b14e6b4c178997eec8fb026b7d8c1d10cbd71c72fc36d7e20205791ca87109c8920799c9256dd9e4d7d574092b36a078784bd983a45302e9c336a9964d5b4f9870073ea8b20a0ee46b9d3e6a93adad5a93341cb024a7cf8272386af0a2b7d31d87a6abf1e05530aba67d695f8a641404b248ac1fe1ca031cbd5faad52b3a42a66d38f479a0bfb9c9272a79a2315cd64518a2742421f6b915916ca8ad674ed0277442d4a04f7f7737ed4adf2412a227ff544ac27f81bb9b8d342822e86efedf80b83ce5a07c25083756d43e217ff00ec6e557cb9c7d9a50285d38516cb4d317dc6634173104ada8db4fcbc6d6f18d25a220a59fecb256773dac74743cbd364a3205230c8281213bae1bbca0c67a58c70743567222b09da35bd9f8e92de56cb0aef1e829cb1cf413b245ef9bce8295c36c8eecfd2e14f2af3977c0224c01c693ddf5e517865e890b78222442cf517bac28418e461bca3f4c1427ec86e361367239f911d7210b0f7594e053dec78fed67a54f1a5c2610710e10b77c57fd8be589941570eb196ccb37126daa5a31bdc6e1ee61b43a1b6ba8c347ebccce80f4cc6da570fdb3ce5692b32db0b05adf9f464c8e4944834bc8623fba8351fd9447fff8df4e38fe47f26dc559d71e8f6d3df02f5cb23d7eea0106dc99791aa9d7b8f98524705fa1b7215de01717aaa14c45f937fd0bc5c3338d3828caf0a0730dcc810b8dc858ee9845b8a4c9c82aebbf4571c7154851a7b8253355bbd68b511a4b353251cfe01963c42f85653073c0def278006926ab02b65ab8541d3491f6192397999475b2f4b11f4c4f712394c92837a509d184a97186d114d3d89868ac37516a605d66bcda6da5621e051f2a47f46f7e473e011584d357d2e1779a6960774889a609acd8d37193fa55d5e62b8583342c5e01efeef49f7c6fa50a591730a79d0d5f61e5906cfc257a8d2ed51a37623e9226f0d99dbdd876261525662ba0fd977253d424f54663a0f91dd637ecb187f85bf4ab17ea58e002057a72a971f3aaa770969c85b6a72f99cac003b3e2bceb249f3eadc6e483c3adda638183c048089b2620ac4fe06602a2f4701615cfd495bfe4805fc88ac87043e135d8e1fb034abe15027f423e0213ed2d7abc9014bcc10a5a0c27b99b7c96fe2457e29d81e075b21a4466ad3ddc1763f38393e8fb68f7a64949ca4a159fa7178679ebe597d1765e81d71ef4913c02a81cb2ef85493f16802861a3b3d8df8b0b48bde7fdf8482d51202d39163ad0a1d76b9537673637e30d1be634f69a06f8743323dda618779749d80a43e70775531877d7d72e9bd692134925a0e03bbc272b618ea50b6c0d9898a0dc2002b0beb8d7ebcb057934e330eaff17a2ee711b56e4af19d5529fea3d7d81f01a2c0303b5bb4927e82d03b3a161995ef850cfd212d86d02abc08273b1a79244bf9b7ab2ea5651081431de9fe75ed7a469f0c33c3e74d2bef37803541c95b8c3ce88c6d2cade193b1cf77158313aed61b4acc128032ab9c6e3d739ec75ba9f7e8c775b42ade4ee3b6f8d3ede267eea17502c6071594f8cce74446c092588a1d7122338ade55fcc504216d15716f815972f709c5961460dd8997ad6537a5bc28a3183cd4ca3ba80adfe6bced73aa5618943d428f12b5a2b88c9c95d4f5b8aa6a06be7eb5b1644b3b447726f30af3c43a98efd688e5667ec40703fcad337fc73a68c5dbaa9519949669dcf43607d16efeeed359794169bb963656ee9ac3bba8108b48bc1f2af414a74f000d8131e59cb83e00920927025504370ff6dab50aec0fb4498bdbbf78d558be7c5f7e4b253de832e5d595339107b866e3fe2dc2759a2bbc95f4736dd3792b8f6d0299b5c789a63ebb8e1b6d4c0589bd48eeb1c0fb1d179f77b53f0c1cdfabd7ad694151114f93d45710b2ef088486fbf3fc547695c9f9657409263145dbfa2d44418f1c91a08f1afacfbb8f1c695a5423d1a2c053bfa84e95d72b0369eb0ca68ae27a76dd467ea33cd00543ac802734b804c448954e9d82681b030552eddcf61c53254f5a4c460fa81879272acceafa9ef43e59f3103629e20396b36732adbd5c97ee163605e275a653d35a4aa472164961770c19d3429052806396b8230f0ca9b96ccb947a0c5ff5e82ca66e265182b18786f5ce6541f7ae77e73aaf80d37621cc5ffce99c461db8044e4e7591c0a8753d3908d632ffe95ef0c122b14eb70ffa32313b72661559a4a7a9e1b7c41681b86ba5708ee68a49feebc97622de830b8d8428c8d9910d9cab74d66c92ed0a68e0d5a45cca359b8c8c023f57541805ca19dcfac9640f109971a8cd0e7f70cb31ad7a8359781edc78a767fb6870af1a29cb3855b66f2adbf31aa7585daf055a491929aad51fd42e4619f1fae3928f372008a5e72b3736c4a0486f3098fe1ed5203ddde67dd977bd684332f6cf24efd00b67b366adda4c822d32a799aa1444bc446bc2cf93d25ea9fbb17a1d0f03558459d336d52162316880d2e192183970afaca27eae2475ff80cadeaa9a90f1aa6bc9a9a4927aba08fe31cd375d4eb97387d673ce00dec423050cf9639a67e20cfb9d9dab440a77d421d242d7322ade48840dfd94f5ede482f25d15c3d29df55f14168e399d8b0d47248bdb0813cccc26169201683a33b5e846562787344f41eaac87c75e20ca99b26780622135d15e0c7fe9c9469f70648fcca58de515a187aaff393346304ae21e5c9806c2d4486efa6d63177df851d386ca52a859b3753d5add07b25a7abb25b2a98557cbe00267198b2a1d5d1c7cf5309b39aa6fa07574f94b1a62ccf9781e6991b838fec212387e44f3dd0974b96c839a18055dab029620ea4627e538acd95002e6ccb6bec98f2a8a3c5e977f6a7000b3d09bd6e7e4061567ccffc8cd0871bc0f28e258d2c45cdca409bde7fd858af032e03464ebc4806731e36d61e437e4a699ab5fcdbee50c552244fe14b85ddeb9647353a66eeb4ded542ec66a608967f0e2e745416941c447e2c59e152f6cf14e3ed303c343c24c9f9c375f616423d0fb06fe5b76d5a9e0029321c40167f7fd999cc5712344e71f151c791bfb8111d679e9704d36c6cd669d2bb7a5d9b7be316d675a84d039f726f106fae84045d2e2e02276c77fc5466247c2bddc57b645f0c03f36889623351b6de3a4071826818c05c90de1777d20e63f2af894e5267196fbe2381f336733c252a80f2c33c0e3e44877b5c05dbb5a07f06a0370d2bb578108961bd8c69a5059c74b92e245c3b6a135a0fc40cc6ee602db36a4a9e645a77f2f25525bd927f6b42ce80bbd2395d8d20d1e6588", 0x1000}], 0xa, &(0x7f0000001900)=[{0xb8, 0x10d, 0x8000, "4a267ddcc13a90aef67bd3361a8e46393755e5bea75cfd99f6ad758fd688e8bbc192e0d25beb2f108b6a3190e975ef7f0c0a6012fd36d4760f05603f2947d508ff62f6ddb8b6dc9f30cd080cdecb1e6cde9da44d222fa4231a0e10e86694c8d7ff341fd4bc2d7ab4baf14264c40656f84363989d061d3d8408622274faba28374afdfcce07300ece8a1cfd2150f75841a158be6881429b56adeba6888a1058ab56f2"}, {0xd8, 0x88, 0x8, "300890f293e9fbf47bd62d2fb6c08c2584936aae9b1f0e74d2f8b4e5f71d5eeb8de10a2a8eede7b8c90169e5f268effec2b8e63c6e4a6be142e2df4ef59871a25e631111e75d511eec6075f81fc51531dd025c6d2623c333cfa520f383d482dee9ce0798746e01e4476cecc5cd0c8dfb3da61a4217d50d3dcac5bcc4c999be7a7d009397119e1964a52e388f39ce7268b71bdaa7d0b470f524926467b8e471ea9724d0e08168cc20dbea0ed8219d458565ea983092bf840b8f9b1083d3e9846f9a505676b0"}, {0x68, 0x1, 0x1, "d020ae55124429fc07a65ae9a6ba74e469c74644f6c12792c1d3a5af09c330928b83f41fea941eb2c59ca588975f1471a86cb85f04fac8f88db9c57fa2f69d1d37f7836176f74d17b935eba2c7332a9e01d2"}, {0x10, 0x11, 0x62d7000000000000}, {0x20, 0x10f, 0x0, "eee56f4d89f980167f4e"}, {0x20, 0x117, 0xffffffffffffffff, "478a7d9814f55ff34a"}, {0xe8, 0x117, 0x932d, "22e7817e8dd7958bf7f4a63e366ad79db44c359b35a1333757af5251b2dedbbb3e58a17c23cda1f268737f0422fd2fb8ea6d77415b5a5b209bf6f208418929f80c58817ff52dcf10045e2166a02db2722ba8e6a8e2167abcce9d717ba0f431d267e8a543b2eb99aa7a805e13452239113742fd13fa4cc8149aab84610a23459251345c19a391bd1cca7a44a9f08d1affc089889e8c5b8ca9f4fd9a9862c03d5672bb5613bfd52dba79238291d34c28dbf9fd186176f3fa57b18e609bbb8ab76f3bb0af573b08e04c3b8cc075ccb28facd8225f"}, {0x1010, 0x887c384498a41d72, 0x100000001, "ebb9d5ed8c3180c5fa74a008a190a669073d48dbedcc0d9a67864faea0a4e7f2dc46fb0d8f7fde69de94717d697f70e5f3315b537742bc8da855df331f4095658b9b05ff9d9f86269f47ad150a991b4a05aa39e35f031b978bda16de68340f17163c8b64a1d1527be6b128cf0a9df74f1ccf8b5125152053e4863c0a34a7c527e02d8d2d15cedb47c95c98af22ba3749a775256f096faf634339fbdc14d8ba4bb051a7a24132db01e20d143b7ce4cb1546c22980ac07f976013b64dbcdc06e9c678daa64889a34ad473a820082faf1d015f7c6e6aecf5900a4fe921ce229c3d8f83a9b79fa7a023baa82af0ef1cecfe16b43560a40e1c25430a55406bac373b73e99f5041ee5af74a08e43c7b650bcf596b0557a7523909537a2e15867a58a6f6294f70e5a90c3abb89e7dd30f179c340a967be6af57b30807df6669e4de0c954892051689b7ba5f621e6a0fb1c18af57c0fa6f4e40cec101f1f5d2c64c849669bc7933b0b810c622109722ad3c727591ea8f5dd1255ef5bc7df873d92547019369d4e1828bba117478ac572750b45797316c8c2ce480633f71cad4a8efe7676a148f1493caa6218d6c23e1dd94491a4b8279202fc9c5377f8d41555c5a5ddd76dc8411fad7c18fdd422a1050980339a444e368c7a0356034ab8b622f4b4cd58b8ba3b79d14879d4800312d83f1b3bfa1af64d95c5c28e9de62ee3ba3236602015c75cfa9cfefe8dcf744e4494d5c33341c7388160aa8fa3723b26a587f4a62eb0edc3144fa2de0ab9ba34b4a49081836c7bf56d0154e7753a183a395dc786d7e5b9edb7ee8fa3ee95c855331b748ae4b7a700e101cec5bc1e34b5d03788a575ae51fd322564d2e785bf28ffbd0b3150a4e3a38107191c74e971b713cebbba04a019b5855cf1becdf0395df0bc023a644a92f1c55be4494a6c26bee4b30a71d01579156662556ea67aa431b7e4a9497b20da2b514c5841edf3eca1a752e95ba8e0438b33d34f17392820a420f3bcf5f9a7f8196735cdcffd84112dd6adcea713c7d17b4b5a554b2060e367d8dd2bfd74cedd2a44e981abbd0d7bdf26b0f966eb4cc2988fc7a1c470abfb6a609efd4ba7e23f4809019574ffc833501c0503722bc1eb2bc11b9558d6def43ca9a078c4bc2677d372e4a9a282084bd616de67687abd07f4f0e7039091f7ea272c072ca8f21b3bc42e99b1e4d494eace10f78e2bc97dadac1fc7b043664b61fb6c20f37e3b2604cc7255b5fa0a8a671890a5477a94e49bf1fe11cac4d4136744c62b6bf0c49b1bff65dc0ffac6ad57a242cfc89883f650a87a7c1544ab68d73570a63d00ede0bc6df9734e658ec6d8d196802d10e443b41537d259bb63f76516746e79427950d6209e88c2aadf19af5d367464d62c96f5114122d6e516884984a2e2f2481b2a90944a936189423c0e2ef5d753a19ebdc02667ee4c9981804c99b96b429e1f13dec4952b1a18bd45c1512f057bd5b96f245ef5851a9348226939599c389db779f777a6c47299a38f9416315d6dd17d7662f1a5ba5e7d23851b2415311a6283700b9db9b375a176bfdba45a62674dbdb97735602c983eb349e22f63e5bac26c90b52f0dca5654b5a271078361c7222e29e9191c1534bfb3c4be1cbc2026cbe70fda09f252f83fffed4ea0a28db142d57e88d3eef580fe8f8e038abdb65aad502af731aa4942d162e01ea86cf94bb3ae3fddee925e4636ea4eeed78ea1b27eb4c8e7351d51efcda4d4ae79e52f287ee293055b7d9047909b1876a01939afc821be88bb6c266b20513d462e37ac53c35e943ff6f69f020703e76ec6129f20cfc279e91173bf2f3a8d6e21f3eba2c6eb7f639f1298e5435441dde9e144ecfb757cb2888b93c354181759503fe628434c6589f442d2fc1093f986f66df45c5be29f5aa1a6db26651b8b9e6542d50f9806ae45099a645b77e64d72293c4358ae0f2ffc028137f6a19807e799fe346658e58358bc764ba2222d33a9de1aa8fb258348a6fd5bfdc5b8b6c7ff9bd4fa2488a189ee03caf1f6e38a37e9147aa7cf36a45e1142b76ca0d95592795d13824ce2232afdd717f95b8ca91cc4dc8bc9607787d9b30b5044475950c151667e7cd61b466350bae546e816c3e10b1975a4501fec19fe926b388c8a0d3ef2bab870e2d132bf71670338816a17892972b7d475ac41a41a02396a450491cddcb8044640af0513768f20e3cc7a9331f284956265e5403b56843e9b5b90236df03a1f56a8c2270c72c3caae6aa86ba061ddf221d9705f76f51d3ed6338553cf07b5ec4548fefa9f6081089527c0e79bd7381ead17aeb7198c0a9fc67f73342b0ec35942bf2d687e535bf8065289eaba7120f39a6d030f5e7acf633bbd3bc5bcc7c00f7816cda2faab97a2165b42db3ce323b10615860c11948bbd7e67985949138d6edd0f1cf45dd547a3e405df8d9e74a8c0f93c0e4fb4e02ce5e150af414c8ecc5fec9082a6b0c2cc276578070c157f6d239fa3a102553e59ac383f2715b12facbb035693f46ba2d28060b98a1a9c417d786fca90215db6a3124c7a53cdf7a8d2dfb020285b8081089497b07befe0bcb447a5f8be64cdfaabad71d39a1f67df6c6ac58ae3c8d341b101cee2ec2b3be49154590571e3e5942d2ff0198afaa8e790159f759ccff4b5ec13ded93a893a3ecec88c6517c1738871f4c8c5614d55bcca23c174022d1bb99fa3840ad4b41215f007453d34aa1a07dfeebc5a6aa1440bb0071bdeb9699853bda15f4c50354cb335b56cd3f86cfd9b5172c97b77cd79a125f8c09f1b35521b2ef018f64de5cc734fd0c68b1f4bf060577e99859de6753873dd26512292a771577887037de3eb2aa9745b1114cb4cae1ecaec1d2fce0cb154684727442bf159084aa31bc95ffec5aa548b39faf106ad593f213a0e1d94f955ffc451eeba1f34ce9c6dd8247092d4339b3f27a7010e8bd24ddcf0013c41463b311ec13e22b487dff29587967b2b805510bae477fdc666acea8d58f02a1df69d01372a3730554d9765b15b3014241a9e648a4cb640e9f6ee5659e26a0865f34314083b6b2b3703a855c042589240da522c89a6b53e849ff73afe142d42a54d3546b00864401dddd18d5864c60b0222fdd2e08c3d2f5eb59293d4e59f203d019f7afd6bce97cc7fa3e69a8a6212a5b1c0d2106f5735c25cbaf5708c2b79f38fcc928ff4f39d9f4c585dd122705857962b0e4a2a60810d77d49335c3c839aaac3a228a28b40e76e45034262ff86bb12f625b7dcd3456bf7d1687b13b7513738c348763a72d58c74d513d4400c8ad923db94e3cd3a1a29b4b19afec1d1a70fe5e331f2cc2cd58c4dbb337c5e3fd17bcae69dad4c0c494600e341731bd9d48aad73c58674ed9e29f98e70ca418728c6c9a6e0cccc74b94e7f85fe3e0042928bcf6fa4f84b2a737c2f28b8607d5d14ac51a3ae80cc7a03825e3b01a285a62bf72ac4417b76c6e887f35a0c51dea40692637a28e4c21eb4ad54a0dc2a7e35f6ef292379d487c5b31e54bc9706c0f6ed95f0bc92be0142c421f3e736babfbd8b8cf70d58146139c72ee61ff3fff45413d8fe39712cfc49e0da57e3a14b83bc3b463089d47ec0493f8d4ca1834df86f915ede061a7f68295b2a9c8571ab09dfd720cd62823fb98028671ee6e2f7dff204186c35dfb1382f31eb81ecceac2e1e63de5051ae0a05f654914f3c3a1b26900059ba8d38f31418e1a06e2a5a055f4b209c81117b10219ebb5ed6959d732fb1c9c0e552cc891613fdf90f8d70847b2350786c19a325eba826ac9b594cdbc0575bbfcef923a772cb4b6c3943f677708121391004b59aa4be954c005d646a2bfd68d40c7bdfffc2f6a35ef2c202e1e0d155d5fc339d9b8835240976cb0be1dd8f8848891f7c2e9ffbd4428d4a12352d618d4cca21fd2674b3f6445c89334ae038d1992219c5e28fb512011e59bfe542d87e68ac42a471a3305bbeb770b93797e46c6d661db7dd32a34f2ae665eed197ea736168d5a5e12c41a62314caef1a413afa224cca9389253cec4e22ce3dfbba87914d05255edef0720926a107c9d0d33393ed31113650a00e073c0e886f9657ba3abb2d5ca5db8e64f04fe5717cbcf4d6064392b6d957f366fab3304f00a13a70e902942dc8f6fbfba072de2361c080f60c7444010d605ff5d1eb6e36480ead6757419300fbffc4585789276cc054b751fcec2fbda20196ee04a63f41d07033f0781657d1f244dd61109ced639c446919a81f8ced005a104183938f75091c34600b47a83e17c7591368037b35aa8f82421ddee078b2c9908836548f6e3bb8f10c3ffc5d63954cb9784d156b2abb8e89496ae1e2c537669067dda06f839b277d9ec39590efe23fa2f5c193d77d6cafd87580642e0b93a733f0639a1a4b85aec7ccb7f12f94eef4b2fc6bc26e26ce324fde508f8676424b28e14c610a52534d9d1e79c46715800699ef9b43ed91d65805f90908b137cc0e04d98f8cc5571c769ccc06c3b624e682e81bde199a1346d0a34e99453863eef1262de7225f9cdf9fdef4d45cd5e20b0356b4871117a8417eaeadc101cedbf41008a5f8b5b381621fafd7ee8e0d9acdd3a0424cdb3bccc500220db15d69145b1868db6a202a6df80777c98204392002ebf246fe1eecdc40c963902fda40dbd58a92947f914761ad2b10a37b2dd3a613578835c436b1e3c857b659d03c783d6358335cc73fd77e0cac6fef1f67157060cfabb471446b7b7578a6f5d75ca51d0e822b87384eede9a29a1155b25a861b22085b3a44b0234d9665d7a955da0af5876eb9d50d7a2c1e0c010abe370cd22af7f58b74a003d1c399eb31f97befe21ef2c2a9d90a71b9cc636e42895a71ee5728f84fab0c9457b4716da196fe439e49ae1bbfc469f0e7d80ef158348b9e7a9742df633f54883a296da2c372d2057e0c32ab116de095a9774ea928d968ee6e64a78274f8f5ee37204e66f5a62b8134d6e2b14aab057d2a3c7e0f811b00558b221b5714095e38438c2e890d744dc605469062d1d4226c4534daee30cad1c2db4ccb99e2ea2d970e17c6647d1d9faaeb85b7aa458cdc03888263fc582e70380e6a8240c953f9b4a363c275b607feac4415ca81113f5800b96487b9e8b24d8f8abcd45795838aa374987934ec3f34a2d348e4c280919ec42e5f06976207a5b34d903230d6f6ea78a4e7ac954a659029d20991985d59151f977cfb1779f59f1ccfc45e95b87b7cd1ff266c4bd3c2ed788d720e6ce8b34516dfed53392a59881de88d4e61081b86d827b60a4edfb8c40214cce26bc0bfa06eea9d66fac13d47492afe12dc8aaca1ce277fdf549231e21a263a72ac6bf485cb4543a6db230c79d1a62b59cadd18c4af80611d114e1a5048b96a234184fb3badc5131c0d7dd1d123b81049f71768f53a1496a3899c01dc909edf5cd44febafd1287027663c6b9bad35a96957fc826807c04d8295fa198bd94c5982fb1c237414129b7b3a4f381c37dc5701ccc80f4e34dd0a3dfb4a088c9e5b504766fc0524d21521b389e8676d0858e6907d0854d840b7e6b6bcf142441df0b0f8759dae36c1e6b1840c7469dcb59a32d94d4ccead708b0ce5a21d41523429de467a2cf0ba5acba1b08d91962d7393bf8a69a73d73786476433ae2803383037ffbf8360595b2e623b7150d16b5a63d1cb26dd070b37222847898f44d1d29681db0bca5851e6b8a8aee11ddfcb3c0715f32c2576888ed8fb6a148621140182b5437199f4719ac779f627555d9a8cad00c498680d98375c"}, {0x100, 0x117, 0x400, "ea1534fcc52f4e03b053651c1dd45c9d70166d72d1c67ecd074286aa402f1ff92443e5d03a10a6f070b57a096f46a6bb790411478be9d0e217e6cc9e3a0ea7b9379b7e87eb61bcb67db26fa2a5119ac22e9db8620a77802489e0080d5f9d46850c31be30eeb617a528882f1b1c98752ea35a9273a14731610db54b3ea7ca4cf66e512c6ce546ac0dcf10e35ec0db7a43ee334d6acbcd638f0bc88720b0b460191c76b0db5428843812345b0c2ff208e4a9a92c9018aad3087bfdea50fb6e5805aff2d9bf29e8359ecfdb6b3793812671d81f6c6b1e4cb7531327fcc2b759c8f68cae2ffdba1ea3f38956"}], 0x1440}, 0x24000800) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1199.384173][T22198] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1199.384185][T22198] __vb2_queue_alloc+0x5a6/0xf40 [ 1199.384213][T22198] vb2_core_create_bufs+0x2bc/0x790 [ 1199.384233][T22198] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1199.399575][T22177] lowmem_reserve[]: 0 0 2 2 [ 1199.403255][T22198] ? __vb2_queue_alloc+0xf40/0xf40 [ 1199.403272][T22198] ? lock_acquire+0x16f/0x3f0 [ 1199.403288][T22198] ? __video_do_ioctl+0x398/0xce0 [ 1199.403300][T22198] ? __lock_acquire+0x548/0x3fb0 [ 1199.403320][T22198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.403337][T22198] vb2_create_bufs+0x472/0x7d0 [ 1199.403356][T22198] ? vb2_request_queue+0x120/0x120 [ 1199.403369][T22198] ? __lock_acquire+0x548/0x3fb0 [ 1199.403383][T22198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.403398][T22198] ? debug_smp_processor_id+0x3c/0x280 [ 1199.403418][T22198] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1199.403433][T22198] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1199.403452][T22198] v4l_create_bufs+0xc0/0x180 [ 1199.416519][T22177] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1199.434967][T22198] __video_do_ioctl+0x7f1/0xce0 [ 1199.434992][T22198] ? v4l_s_fmt+0xab0/0xab0 [ 1199.435019][T22198] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1199.435034][T22198] ? _copy_from_user+0xdd/0x150 [ 1199.435052][T22198] video_usercopy+0x4c5/0x10d0 [ 1199.435064][T22198] ? v4l_s_fmt+0xab0/0xab0 [ 1199.435083][T22198] ? v4l_enumstd+0x70/0x70 [ 1199.435095][T22198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.435111][T22198] ? tomoyo_path_number_perm+0x263/0x520 [ 1199.435132][T22198] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1199.446470][T22198] ? video_usercopy+0x10d0/0x10d0 [ 1199.446492][T22198] video_ioctl2+0x2d/0x35 [ 1199.459818][T22198] v4l2_ioctl+0x156/0x1b0 [ 1199.459832][T22198] ? video_devdata+0xa0/0xa0 [ 1199.459854][T22198] do_vfs_ioctl+0xd6e/0x1390 [ 1199.469634][T22198] ? ioctl_preallocate+0x210/0x210 [ 1199.469651][T22198] ? __fget+0x381/0x550 [ 1199.469675][T22198] ? ksys_dup3+0x3e0/0x3e0 [ 1199.492044][T22177] lowmem_reserve[]: 0 0 0 0 [ 1199.518094][T22198] ? nsecs_to_jiffies+0x30/0x30 [ 1199.518116][T22198] ? tomoyo_file_ioctl+0x23/0x30 [ 1199.518132][T22198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.518146][T22198] ? security_file_ioctl+0x93/0xc0 [ 1199.518164][T22198] ksys_ioctl+0xab/0xd0 [ 1199.518183][T22198] __x64_sys_ioctl+0x73/0xb0 [ 1199.518202][T22198] do_syscall_64+0x103/0x670 [ 1199.518220][T22198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1199.518231][T22198] RIP: 0033:0x458c29 [ 1199.518245][T22198] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1199.518251][T22198] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1199.518265][T22198] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1199.518272][T22198] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1199.518279][T22198] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1199.518286][T22198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1199.518294][T22198] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1199.633222][T22216] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1199.709354][T22221] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1199.750437][T22221] CPU: 0 PID: 22221 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1199.757108][T22221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.757116][T22221] Call Trace: [ 1199.757142][T22221] dump_stack+0x172/0x1f0 [ 1199.757163][T22221] warn_alloc.cold+0x87/0x17f [ 1199.809245][T22177] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1199.825355][T22221] ? zone_watermark_ok_safe+0x260/0x260 [ 1199.825371][T22221] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1199.825407][T22221] __vmalloc_node_range+0x48a/0x790 [ 1199.825422][T22221] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1199.825443][T22221] ? kmem_cache_alloc_trace+0x354/0x760 [ 1199.847031][T22177] lowmem_reserve[]: 0 0 0 0 [ 1199.850723][T22221] ? vb2_vmalloc_alloc+0xca/0x280 [ 1199.850741][T22221] vmalloc_user+0x6b/0x90 [ 1199.863969][T22177] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1199.865848][T22221] ? vb2_vmalloc_alloc+0xca/0x280 [ 1199.865867][T22221] vb2_vmalloc_alloc+0xca/0x280 [ 1199.877294][T22221] ? __vb2_queue_alloc+0xf5/0xf40 [ 1199.890941][T22221] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1199.890954][T22221] __vb2_queue_alloc+0x5a6/0xf40 [ 1199.890988][T22221] vb2_core_create_bufs+0x2bc/0x790 [ 1199.900033][T22177] Node 0 DMA32: 459*4kB (ME) 65*8kB (UME) 3*16kB (U) 209*32kB (UME) 378*64kB (UME) 20*128kB (UME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 109*4096kB (UM) = 494596kB [ 1199.900488][T22221] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1199.930534][T22177] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1199.935385][T22221] ? __vb2_queue_alloc+0xf40/0xf40 [ 1199.935402][T22221] ? lock_acquire+0x16f/0x3f0 [ 1199.935420][T22221] ? __video_do_ioctl+0x398/0xce0 [ 1199.935432][T22221] ? __lock_acquire+0x548/0x3fb0 [ 1199.935453][T22221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.959883][T22221] vb2_create_bufs+0x472/0x7d0 [ 1199.959902][T22221] ? vb2_request_queue+0x120/0x120 [ 1199.966555][T22177] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1199.983395][T22221] ? __lock_acquire+0x548/0x3fb0 [ 1199.983413][T22221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.983429][T22221] ? debug_smp_processor_id+0x3c/0x280 [ 1199.983451][T22221] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1199.983466][T22221] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1199.983485][T22221] v4l_create_bufs+0xc0/0x180 [ 1199.983503][T22221] __video_do_ioctl+0x7f1/0xce0 [ 1199.983534][T22221] ? v4l_s_fmt+0xab0/0xab0 [ 1200.045616][T22177] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1200.045712][T22221] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1200.078014][T22177] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1200.078715][T22221] ? _copy_from_user+0xdd/0x150 [ 1200.087973][T22177] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1200.090973][T22221] video_usercopy+0x4c5/0x10d0 [ 1200.090992][T22221] ? v4l_s_fmt+0xab0/0xab0 [ 1200.158031][T22177] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1200.160209][T22221] ? v4l_enumstd+0x70/0x70 [ 1200.160229][T22221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.195644][T22177] 49638 total pagecache pages [ 1200.200197][T22221] ? tomoyo_path_number_perm+0x263/0x520 [ 1200.200216][T22221] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1200.217833][T22177] 0 pages in swap cache [ 1200.223278][T22221] ? video_usercopy+0x10d0/0x10d0 [ 1200.223294][T22221] video_ioctl2+0x2d/0x35 [ 1200.223309][T22221] v4l2_ioctl+0x156/0x1b0 [ 1200.223321][T22221] ? video_devdata+0xa0/0xa0 [ 1200.223343][T22221] do_vfs_ioctl+0xd6e/0x1390 [ 1200.236786][T22177] Swap cache stats: add 0, delete 0, find 0/0 [ 1200.240848][T22221] ? ioctl_preallocate+0x210/0x210 [ 1200.240867][T22221] ? __fget+0x381/0x550 [ 1200.259103][T22177] Free swap = 0kB [ 1200.260567][T22221] ? ksys_dup3+0x3e0/0x3e0 [ 1200.260587][T22221] ? nsecs_to_jiffies+0x30/0x30 [ 1200.277540][T22177] Total swap = 0kB [ 1200.293825][T22221] ? tomoyo_file_ioctl+0x23/0x30 [ 1200.293843][T22221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.293858][T22221] ? security_file_ioctl+0x93/0xc0 [ 1200.293877][T22221] ksys_ioctl+0xab/0xd0 [ 1200.293897][T22221] __x64_sys_ioctl+0x73/0xb0 [ 1200.293922][T22221] do_syscall_64+0x103/0x670 [ 1200.320040][T22177] 1965979 pages RAM [ 1200.321059][T22221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1200.334583][T22177] 0 pages HighMem/MovableOnly [ 1200.335290][T22221] RIP: 0033:0x458c29 [ 1200.357900][T22177] 339405 pages reserved [ 1200.360299][T22221] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1200.360307][T22221] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1200.374554][T22177] 0 pages cma reserved [ 1200.374673][T22221] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1200.570656][T22221] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1200.578626][T22221] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1200.586594][T22221] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1200.594562][T22221] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1200.602556][T22216] CPU: 1 PID: 22216 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1200.605121][T22221] warn_alloc_show_mem: 2 callbacks suppressed [ 1200.605125][T22221] Mem-Info: [ 1200.612274][T22216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1200.612280][T22216] Call Trace: [ 1200.612304][T22216] dump_stack+0x172/0x1f0 [ 1200.612326][T22216] warn_alloc.cold+0x87/0x17f [ 1200.612342][T22216] ? zone_watermark_ok_safe+0x260/0x260 [ 1200.612359][T22216] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1200.612395][T22216] __vmalloc_node_range+0x48a/0x790 [ 1200.618652][T22221] active_anon:260074 inactive_anon:201 isolated_anon:0 [ 1200.618652][T22221] active_file:8241 inactive_file:41163 isolated_file:0 [ 1200.618652][T22221] unevictable:0 dirty:160 writeback:0 unstable:0 [ 1200.618652][T22221] slab_reclaimable:13998 slab_unreclaimable:116878 [ 1200.618652][T22221] mapped:58824 shmem:248 pagetables:7652 bounce:0 [ 1200.618652][T22221] free:1075375 free_pcp:431 free_cma:0 [ 1200.621539][T22216] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1200.621559][T22216] ? kmem_cache_alloc_trace+0x354/0x760 [ 1200.621575][T22216] ? vb2_vmalloc_alloc+0xca/0x280 [ 1200.621593][T22216] vmalloc_user+0x6b/0x90 [ 1200.621609][T22216] ? vb2_vmalloc_alloc+0xca/0x280 [ 1200.621628][T22216] vb2_vmalloc_alloc+0xca/0x280 [ 1200.631855][T22221] Node 0 active_anon:1040296kB inactive_anon:804kB active_file:32828kB inactive_file:164652kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:640kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 616448kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1200.634926][T22216] ? __vb2_queue_alloc+0xf5/0xf40 [ 1200.634946][T22216] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1200.634960][T22216] __vb2_queue_alloc+0x5a6/0xf40 [ 1200.634999][T22216] vb2_core_create_bufs+0x2bc/0x790 [ 1200.639490][T22221] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1200.643979][T22216] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1200.643994][T22216] ? __vb2_queue_alloc+0xf40/0xf40 [ 1200.644010][T22216] ? lock_acquire+0x16f/0x3f0 [ 1200.644027][T22216] ? __video_do_ioctl+0x398/0xce0 [ 1200.644042][T22216] ? __lock_acquire+0x548/0x3fb0 [ 1200.644065][T22216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.649728][T22221] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1200.655196][T22216] vb2_create_bufs+0x472/0x7d0 [ 1200.655217][T22216] ? vb2_request_queue+0x120/0x120 [ 1200.655232][T22216] ? __lock_acquire+0x548/0x3fb0 [ 1200.655250][T22216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.655265][T22216] ? debug_smp_processor_id+0x3c/0x280 [ 1200.655286][T22216] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1200.660603][T22221] lowmem_reserve[]: 0 2553 2555 2555 [ 1200.699126][T22216] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1200.699144][T22216] v4l_create_bufs+0xc0/0x180 [ 1200.699162][T22216] __video_do_ioctl+0x7f1/0xce0 [ 1200.699187][T22216] ? v4l_s_fmt+0xab0/0xab0 [ 1200.699208][T22216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1200.699228][T22216] ? _copy_from_user+0xdd/0x150 [ 1200.704422][T22221] Node 0 DMA32 free:495508kB min:36232kB low:45288kB high:54344kB active_anon:1040296kB inactive_anon:804kB active_file:32828kB inactive_file:164652kB unevictable:0kB writepending:640kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15616kB pagetables:30608kB bounce:0kB free_pcp:1724kB local_pcp:736kB free_cma:0kB [ 1200.709758][T22216] video_usercopy+0x4c5/0x10d0 [ 1200.709775][T22216] ? v4l_s_fmt+0xab0/0xab0 [ 1200.709798][T22216] ? v4l_enumstd+0x70/0x70 [ 1200.709811][T22216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.709831][T22216] ? tomoyo_path_number_perm+0x263/0x520 [ 1200.715021][T22221] lowmem_reserve[]: 0 0 2 2 [ 1200.719147][T22216] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1200.719181][T22216] ? video_usercopy+0x10d0/0x10d0 [ 1200.719196][T22216] video_ioctl2+0x2d/0x35 [ 1200.719217][T22216] v4l2_ioctl+0x156/0x1b0 [ 1200.724373][T22221] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1200.729045][T22216] ? video_devdata+0xa0/0xa0 [ 1200.729066][T22216] do_vfs_ioctl+0xd6e/0x1390 [ 1200.729088][T22216] ? ioctl_preallocate+0x210/0x210 [ 1200.729103][T22216] ? __fget+0x381/0x550 [ 1200.729125][T22216] ? ksys_dup3+0x3e0/0x3e0 [ 1200.758416][T22221] lowmem_reserve[]: 0 0 0 0 [ 1200.763084][T22216] ? nsecs_to_jiffies+0x30/0x30 [ 1200.763107][T22216] ? tomoyo_file_ioctl+0x23/0x30 [ 1200.763122][T22216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.763137][T22216] ? security_file_ioctl+0x93/0xc0 [ 1200.763161][T22216] ksys_ioctl+0xab/0xd0 [ 1200.769100][T22221] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1200.773866][T22216] __x64_sys_ioctl+0x73/0xb0 [ 1200.773886][T22216] do_syscall_64+0x103/0x670 [ 1200.773906][T22216] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1200.773917][T22216] RIP: 0033:0x458c29 [ 1200.773932][T22216] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1200.773946][T22216] RSP: 002b:00007fa60ca30c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1200.779313][T22221] lowmem_reserve[]: 0 0 0 0 [ 1200.805581][T22216] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1200.805588][T22216] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1200.805595][T22216] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1200.805603][T22216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca316d4 [ 1200.805612][T22216] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1200.865020][T22221] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1200.879442][T22221] Node 0 DMA32: 459*4kB (ME) 160*8kB (UME) 18*16kB (U) 208*32kB (UME) 378*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 4*2048kB (UME) 109*4096kB (UM) = 497484kB [ 1201.241554][T21445] Bluetooth: hci0: command 0x1003 tx timeout [ 1201.251328][T22221] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1201.264333][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1201.267688][T22221] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1201.288411][T22221] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1201.298060][T22221] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1201.307414][T22221] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1201.317110][T22221] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1201.326491][T22221] 49651 total pagecache pages [ 1201.331194][T22221] 0 pages in swap cache [ 1201.335409][T22221] Swap cache stats: add 0, delete 0, find 0/0 [ 1201.341603][T22221] Free swap = 0kB [ 1201.345340][T22221] Total swap = 0kB [ 1201.349069][T22221] 1965979 pages RAM [ 1201.352936][T22221] 0 pages HighMem/MovableOnly [ 1201.357656][T22221] 339405 pages reserved [ 1201.361981][T22221] 0 pages cma reserved [ 1202.041572][T21445] Bluetooth: hci1: command 0x1003 tx timeout [ 1202.047708][ T1285] Bluetooth: hci1: sending frame failed (-49) [ 1203.321727][T21445] Bluetooth: hci0: command 0x1001 tx timeout [ 1203.327954][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1204.121558][T19050] Bluetooth: hci1: command 0x1001 tx timeout [ 1204.127679][ T1285] Bluetooth: hci1: sending frame failed (-49) [ 1205.401685][T19050] Bluetooth: hci0: command 0x1009 tx timeout [ 1206.201618][T21445] Bluetooth: hci1: command 0x1009 tx timeout 09:16:56 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x1, 0x200) mknodat(r0, &(0x7f0000000280)='./file0\x00', 0x403, 0xd2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000340)={0x1ff, 0x20a8a5d6}, 0x2) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f00000003c0)={@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xf, 0x6, 0x2, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}) ioctl$TIOCPKT(r1, 0x5420, &(0x7f00000002c0)=0x81) openat$mixer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mixer\x00', 0x50140, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xf) ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f00000000c0)={0x86, 0x42, &(0x7f0000000140)="faf5c7cdf905d40bc2c3946edbff5bd143ad423924893bb03afdcdee1bfc6540632a05addf256bfbf9ab918b9e2d68c95bc26341adf026a6e4b3349f0cdffe4254a653c127950895d9d880d234b282e97e77d3008cae1e40ee424c271460dc048f1f2c42cf04624de168a4a73841ce68dba97d13c32238ef16b0d1cc4b8bb7809488935a774b76030a786e6cd144bb4a8719823ec4f5af56725cd06c6567ea0d509162791054c02e7d1f254b15cebf4b8e9d4dc5c73b0ea01f6c2108595d59ccb183fbc515feeea8291d98b0985550c0ef7f18e06e6b01cf26b965ab9602e14e5dfc8cc845c76fe778e961edc6fcb9680afa06e8fcef49ab869795c18d97f7", {0x20, 0x6, 0x33364d59, 0x9, 0x17, 0x4, 0xf, 0x9}}) ioctl$KDADDIO(r1, 0x400455c8, 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 09:16:56 executing program 0: r0 = socket$inet(0x2, 0x1, 0x2) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:16:56 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x900000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:56 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:56 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:16:56 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0xc020660b, &(0x7f0000000080)) [ 1210.172619][T22231] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1210.187450][T22234] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1210.214641][T22237] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1210.231323][T22231] CPU: 1 PID: 22231 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1210.240462][T22231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1210.240471][T22231] Call Trace: [ 1210.240499][T22231] dump_stack+0x172/0x1f0 [ 1210.240524][T22231] warn_alloc.cold+0x87/0x17f [ 1210.240544][T22231] ? zone_watermark_ok_safe+0x260/0x260 [ 1210.258197][T22231] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1210.274112][T22231] __vmalloc_node_range+0x48a/0x790 [ 1210.279311][T22231] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1210.279332][T22231] ? kmem_cache_alloc_trace+0x354/0x760 [ 1210.279346][T22231] ? vb2_vmalloc_alloc+0xca/0x280 [ 1210.279365][T22231] vmalloc_user+0x6b/0x90 [ 1210.299223][T22231] ? vb2_vmalloc_alloc+0xca/0x280 [ 1210.299240][T22231] vb2_vmalloc_alloc+0xca/0x280 [ 1210.299254][T22231] ? __vb2_queue_alloc+0xf5/0xf40 [ 1210.299272][T22231] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1210.299286][T22231] __vb2_queue_alloc+0x5a6/0xf40 [ 1210.299323][T22231] vb2_core_create_bufs+0x2bc/0x790 [ 1210.319969][T22231] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1210.319984][T22231] ? __vb2_queue_alloc+0xf40/0xf40 [ 1210.320000][T22231] ? lock_acquire+0x16f/0x3f0 [ 1210.320017][T22231] ? __video_do_ioctl+0x398/0xce0 [ 1210.320036][T22231] ? __lock_acquire+0x548/0x3fb0 [ 1210.340598][T22231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.340619][T22231] vb2_create_bufs+0x472/0x7d0 [ 1210.340638][T22231] ? vb2_request_queue+0x120/0x120 [ 1210.340654][T22231] ? __lock_acquire+0x548/0x3fb0 [ 1210.340671][T22231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.361488][T22231] ? debug_smp_processor_id+0x3c/0x280 [ 1210.361514][T22231] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1210.361530][T22231] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1210.361548][T22231] v4l_create_bufs+0xc0/0x180 [ 1210.361567][T22231] __video_do_ioctl+0x7f1/0xce0 [ 1210.361591][T22231] ? v4l_s_fmt+0xab0/0xab0 [ 1210.361613][T22231] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1210.361629][T22231] ? _copy_from_user+0xdd/0x150 [ 1210.361650][T22231] video_usercopy+0x4c5/0x10d0 [ 1210.382690][T22231] ? v4l_s_fmt+0xab0/0xab0 [ 1210.382715][T22231] ? v4l_enumstd+0x70/0x70 [ 1210.382732][T22231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.382748][T22231] ? tomoyo_path_number_perm+0x263/0x520 [ 1210.382767][T22231] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1210.382796][T22231] ? video_usercopy+0x10d0/0x10d0 [ 1210.382817][T22231] video_ioctl2+0x2d/0x35 [ 1210.382834][T22231] v4l2_ioctl+0x156/0x1b0 [ 1210.382862][T22231] ? video_devdata+0xa0/0xa0 [ 1210.408455][T22231] do_vfs_ioctl+0xd6e/0x1390 [ 1210.408480][T22231] ? ioctl_preallocate+0x210/0x210 [ 1210.408497][T22231] ? __fget+0x381/0x550 [ 1210.408520][T22231] ? ksys_dup3+0x3e0/0x3e0 [ 1210.408539][T22231] ? nsecs_to_jiffies+0x30/0x30 [ 1210.428850][T22231] ? tomoyo_file_ioctl+0x23/0x30 [ 1210.428870][T22231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.428886][T22231] ? security_file_ioctl+0x93/0xc0 [ 1210.428908][T22231] ksys_ioctl+0xab/0xd0 [ 1210.428929][T22231] __x64_sys_ioctl+0x73/0xb0 [ 1210.449573][T22231] do_syscall_64+0x103/0x670 [ 1210.449596][T22231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1210.449609][T22231] RIP: 0033:0x458c29 [ 1210.449625][T22231] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1210.449634][T22231] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1210.449653][T22231] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 09:16:57 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1210.572383][T22231] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1210.580451][T22231] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1210.588446][T22231] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1210.596442][T22231] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1210.604444][T22234] CPU: 0 PID: 22234 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1210.613741][T22234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1210.623803][T22234] Call Trace: [ 1210.627119][T22234] dump_stack+0x172/0x1f0 [ 1210.631464][T22234] warn_alloc.cold+0x87/0x17f [ 1210.636177][T22234] ? zone_watermark_ok_safe+0x260/0x260 [ 1210.641722][T22234] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1210.647378][T22234] __vmalloc_node_range+0x48a/0x790 [ 1210.652578][T22234] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1210.657606][T22234] ? kmem_cache_alloc_trace+0x354/0x760 [ 1210.663147][T22234] ? vb2_vmalloc_alloc+0xca/0x280 [ 1210.668172][T22234] vmalloc_user+0x6b/0x90 [ 1210.672514][T22234] ? vb2_vmalloc_alloc+0xca/0x280 [ 1210.677549][T22234] vb2_vmalloc_alloc+0xca/0x280 [ 1210.682409][T22234] ? __vb2_queue_alloc+0xf5/0xf40 [ 1210.684342][T22231] warn_alloc_show_mem: 1 callbacks suppressed [ 1210.684346][T22231] Mem-Info: [ 1210.687432][T22234] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1210.687446][T22234] __vb2_queue_alloc+0x5a6/0xf40 [ 1210.687478][T22234] vb2_core_create_bufs+0x2bc/0x790 [ 1210.687496][T22234] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1210.698193][T22231] active_anon:261130 inactive_anon:201 isolated_anon:0 [ 1210.698193][T22231] active_file:8241 inactive_file:41183 isolated_file:0 [ 1210.698193][T22231] unevictable:0 dirty:112 writeback:0 unstable:0 [ 1210.698193][T22231] slab_reclaimable:13969 slab_unreclaimable:116698 [ 1210.698193][T22231] mapped:58824 shmem:248 pagetables:7727 bounce:0 [ 1210.698193][T22231] free:1074368 free_pcp:438 free_cma:0 [ 1210.702433][T22234] ? __vb2_queue_alloc+0xf40/0xf40 [ 1210.702450][T22234] ? lock_acquire+0x16f/0x3f0 [ 1210.702468][T22234] ? __video_do_ioctl+0x398/0xce0 [ 1210.702481][T22234] ? __lock_acquire+0x548/0x3fb0 [ 1210.702509][T22234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.709735][T22231] Node 0 active_anon:1044520kB inactive_anon:804kB active_file:32828kB inactive_file:164732kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:448kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 620544kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1210.712622][T22234] vb2_create_bufs+0x472/0x7d0 [ 1210.712643][T22234] ? vb2_request_queue+0x120/0x120 [ 1210.712658][T22234] ? __lock_acquire+0x548/0x3fb0 [ 1210.712674][T22234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.712692][T22234] ? debug_smp_processor_id+0x3c/0x280 [ 1210.721596][T22231] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1210.756388][T22234] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1210.756407][T22234] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1210.756427][T22234] v4l_create_bufs+0xc0/0x180 [ 1210.756445][T22234] __video_do_ioctl+0x7f1/0xce0 [ 1210.756468][T22234] ? v4l_s_fmt+0xab0/0xab0 [ 1210.779353][T22231] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1210.782365][T22234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1210.782383][T22234] ? _copy_from_user+0xdd/0x150 [ 1210.782406][T22234] video_usercopy+0x4c5/0x10d0 [ 1210.782425][T22234] ? v4l_s_fmt+0xab0/0xab0 [ 1210.826971][T22231] lowmem_reserve[]: 0 2553 2555 2555 [ 1210.832370][T22234] ? v4l_enumstd+0x70/0x70 [ 1210.832387][T22234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.832404][T22234] ? tomoyo_path_number_perm+0x263/0x520 [ 1210.832422][T22234] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1210.832450][T22234] ? video_usercopy+0x10d0/0x10d0 [ 1210.840186][T22231] Node 0 DMA32 free:491480kB min:36232kB low:45288kB high:54344kB active_anon:1044520kB inactive_anon:804kB active_file:32828kB inactive_file:164732kB unevictable:0kB writepending:448kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15840kB pagetables:30908kB bounce:0kB free_pcp:1752kB local_pcp:796kB free_cma:0kB [ 1210.864346][T22234] video_ioctl2+0x2d/0x35 [ 1210.864365][T22234] v4l2_ioctl+0x156/0x1b0 [ 1210.864379][T22234] ? video_devdata+0xa0/0xa0 [ 1210.864398][T22234] do_vfs_ioctl+0xd6e/0x1390 [ 1210.864418][T22234] ? ioctl_preallocate+0x210/0x210 [ 1210.881620][T22231] lowmem_reserve[]: 0 0 2 2 [ 1210.884440][T22234] ? __fget+0x381/0x550 [ 1210.884465][T22234] ? ksys_dup3+0x3e0/0x3e0 [ 1210.884482][T22234] ? nsecs_to_jiffies+0x30/0x30 [ 1210.884505][T22234] ? tomoyo_file_ioctl+0x23/0x30 [ 1210.889021][T22231] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1210.915693][T22234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.915710][T22234] ? security_file_ioctl+0x93/0xc0 [ 1210.915731][T22234] ksys_ioctl+0xab/0xd0 [ 1210.915751][T22234] __x64_sys_ioctl+0x73/0xb0 [ 1210.915769][T22234] do_syscall_64+0x103/0x670 [ 1210.915793][T22234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1210.938735][T22231] lowmem_reserve[]: 0 0 0 0 [ 1210.941273][T22234] RIP: 0033:0x458c29 [ 1210.941289][T22234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1210.941298][T22234] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1210.941312][T22234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1210.941319][T22234] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1210.941332][T22234] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1210.953823][T22231] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1210.957564][T22234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1210.957574][T22234] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1210.965496][T22237] CPU: 0 PID: 22237 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1211.216407][T22237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1211.226443][T22237] Call Trace: [ 1211.229723][T22237] dump_stack+0x172/0x1f0 [ 1211.234053][T22237] warn_alloc.cold+0x87/0x17f [ 1211.238728][T22237] ? zone_watermark_ok_safe+0x260/0x260 [ 1211.244271][T22237] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1211.249905][T22237] __vmalloc_node_range+0x48a/0x790 [ 1211.255182][T22237] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1211.260209][T22237] ? kmem_cache_alloc_trace+0x354/0x760 [ 1211.265736][T22237] ? vb2_vmalloc_alloc+0xca/0x280 [ 1211.270745][T22237] vmalloc_user+0x6b/0x90 [ 1211.275075][T22237] ? vb2_vmalloc_alloc+0xca/0x280 [ 1211.280083][T22237] vb2_vmalloc_alloc+0xca/0x280 [ 1211.284926][T22237] ? __vb2_queue_alloc+0xf5/0xf40 [ 1211.289949][T22237] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1211.295741][T22237] __vb2_queue_alloc+0x5a6/0xf40 [ 1211.300674][T22237] vb2_core_create_bufs+0x2bc/0x790 [ 1211.305871][T22237] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1211.311223][T22237] ? __vb2_queue_alloc+0xf40/0xf40 [ 1211.316319][T22237] ? lock_acquire+0x16f/0x3f0 [ 1211.321081][T22237] ? __video_do_ioctl+0x398/0xce0 [ 1211.326087][T22237] ? __lock_acquire+0x548/0x3fb0 [ 1211.331013][T22237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.337256][T22237] vb2_create_bufs+0x472/0x7d0 [ 1211.342005][T22237] ? vb2_request_queue+0x120/0x120 [ 1211.347102][T22237] ? __lock_acquire+0x548/0x3fb0 [ 1211.352047][T22237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.358271][T22237] ? debug_smp_processor_id+0x3c/0x280 [ 1211.363731][T22237] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1211.368742][T22237] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1211.374361][T22237] v4l_create_bufs+0xc0/0x180 [ 1211.379183][T22237] __video_do_ioctl+0x7f1/0xce0 [ 1211.384029][T22237] ? v4l_s_fmt+0xab0/0xab0 [ 1211.388432][T22237] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1211.394743][T22237] ? _copy_from_user+0xdd/0x150 [ 1211.399596][T22237] video_usercopy+0x4c5/0x10d0 [ 1211.404369][T22237] ? v4l_s_fmt+0xab0/0xab0 [ 1211.408773][T22237] ? v4l_enumstd+0x70/0x70 [ 1211.413193][T22237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.419430][T22237] ? tomoyo_path_number_perm+0x263/0x520 [ 1211.425067][T22237] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1211.430880][T22237] ? video_usercopy+0x10d0/0x10d0 [ 1211.435984][T22237] video_ioctl2+0x2d/0x35 [ 1211.440298][T22237] v4l2_ioctl+0x156/0x1b0 [ 1211.444718][T22237] ? video_devdata+0xa0/0xa0 [ 1211.449297][T22237] do_vfs_ioctl+0xd6e/0x1390 [ 1211.453960][T22237] ? ioctl_preallocate+0x210/0x210 [ 1211.459054][T22237] ? __fget+0x381/0x550 [ 1211.463296][T22237] ? ksys_dup3+0x3e0/0x3e0 [ 1211.467706][T22237] ? nsecs_to_jiffies+0x30/0x30 [ 1211.472556][T22237] ? tomoyo_file_ioctl+0x23/0x30 [ 1211.477481][T22237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.483704][T22237] ? security_file_ioctl+0x93/0xc0 [ 1211.488805][T22237] ksys_ioctl+0xab/0xd0 [ 1211.492957][T22237] __x64_sys_ioctl+0x73/0xb0 [ 1211.497530][T22237] do_syscall_64+0x103/0x670 [ 1211.503582][T22237] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.509466][T22237] RIP: 0033:0x458c29 [ 1211.513345][T22237] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1211.532950][T22237] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1211.541345][T22237] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1211.549300][T22237] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1211.557433][T22237] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1211.565387][T22237] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1211.573340][T22237] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1211.586474][T22258] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 09:16:58 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x4000000) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e22, 0x4, @empty, 0xa7}}}, 0x0) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r1, 0x5e78, 0x7, 0x0, 0x9, 0x2}, 0x14) socket$xdp(0x2c, 0x3, 0x0) [ 1211.626125][T22231] lowmem_reserve[]: 0 0 0 0 [ 1211.631086][T22258] CPU: 0 PID: 22258 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1211.640208][T22258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1211.650267][T22258] Call Trace: [ 1211.653571][T22258] dump_stack+0x172/0x1f0 [ 1211.657913][T22258] warn_alloc.cold+0x87/0x17f [ 1211.662684][T22258] ? zone_watermark_ok_safe+0x260/0x260 [ 1211.669479][T22258] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1211.672312][T22260] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1211.675144][T22258] __vmalloc_node_range+0x48a/0x790 [ 1211.675162][T22258] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1211.675187][T22258] ? kmem_cache_alloc_trace+0x354/0x760 [ 1211.704810][T22258] ? vb2_vmalloc_alloc+0xca/0x280 [ 1211.709866][T22258] vmalloc_user+0x6b/0x90 [ 1211.714205][T22258] ? vb2_vmalloc_alloc+0xca/0x280 [ 1211.719280][T22258] vb2_vmalloc_alloc+0xca/0x280 09:16:58 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1211.724150][T22258] ? __vb2_queue_alloc+0xf5/0xf40 [ 1211.729188][T22258] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1211.735000][T22258] __vb2_queue_alloc+0x5a6/0xf40 [ 1211.739949][T22258] vb2_core_create_bufs+0x2bc/0x790 [ 1211.745164][T22258] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1211.750540][T22258] ? __vb2_queue_alloc+0xf40/0xf40 [ 1211.755657][T22258] ? lock_acquire+0x16f/0x3f0 [ 1211.760341][T22258] ? __video_do_ioctl+0x398/0xce0 [ 1211.765378][T22258] ? __lock_acquire+0x548/0x3fb0 [ 1211.770335][T22258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.776583][T22258] vb2_create_bufs+0x472/0x7d0 [ 1211.781356][T22258] ? vb2_request_queue+0x120/0x120 [ 1211.786465][T22258] ? __lock_acquire+0x548/0x3fb0 [ 1211.791405][T22258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.797656][T22258] ? debug_smp_processor_id+0x3c/0x280 [ 1211.803206][T22258] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1211.808242][T22258] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1211.813899][T22258] v4l_create_bufs+0xc0/0x180 [ 1211.818580][T22258] __video_do_ioctl+0x7f1/0xce0 09:16:58 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) write$binfmt_aout(r0, &(0x7f0000000380)={{0x1cf, 0x10000, 0x7, 0x296, 0xd0, 0x5b, 0x375, 0xfff}, "e6ca2628840f53bb6aa2992037062294f31b0c266656e53545991c41c9258d4433762c63b9d557394f6c7663716627c925832ff5ec83459d56b8d036071e92ec723ed84d5c410181e1348b3a081683e2f8e6398969dbb5b3e2ea3241404cdb881e", [[], [], [], [], [], [], [], []]}, 0x881) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000280)={'ah\x00'}, &(0x7f00000002c0)=0x1e) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0xa000, 0x0) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000340)={0xff, 0x2000000}) r2 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x6, 0x10000) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000240)) [ 1211.823434][T22258] ? v4l_s_fmt+0xab0/0xab0 [ 1211.827849][T22258] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1211.834254][T22258] ? _copy_from_user+0xdd/0x150 [ 1211.839132][T22258] video_usercopy+0x4c5/0x10d0 [ 1211.843895][T22258] ? v4l_s_fmt+0xab0/0xab0 [ 1211.848331][T22258] ? v4l_enumstd+0x70/0x70 [ 1211.852750][T22258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.858999][T22258] ? tomoyo_path_number_perm+0x263/0x520 [ 1211.864641][T22258] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1211.870468][T22258] ? video_usercopy+0x10d0/0x10d0 09:16:58 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0xa000, 0x0) [ 1211.875662][T22258] video_ioctl2+0x2d/0x35 [ 1211.879995][T22258] v4l2_ioctl+0x156/0x1b0 [ 1211.884321][T22258] ? video_devdata+0xa0/0xa0 [ 1211.888925][T22258] do_vfs_ioctl+0xd6e/0x1390 [ 1211.893522][T22258] ? ioctl_preallocate+0x210/0x210 [ 1211.898637][T22258] ? __fget+0x381/0x550 [ 1211.902800][T22258] ? ksys_dup3+0x3e0/0x3e0 [ 1211.907222][T22258] ? nsecs_to_jiffies+0x30/0x30 [ 1211.912088][T22258] ? tomoyo_file_ioctl+0x23/0x30 [ 1211.917031][T22258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.923269][T22258] ? security_file_ioctl+0x93/0xc0 [ 1211.928383][T22258] ksys_ioctl+0xab/0xd0 [ 1211.932543][T22258] __x64_sys_ioctl+0x73/0xb0 [ 1211.937143][T22258] do_syscall_64+0x103/0x670 [ 1211.941736][T22258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.947720][T22258] RIP: 0033:0x458c29 [ 1211.951617][T22258] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:16:58 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x2000, 0x0) ioctl$IMGETCOUNT(r1, 0x80044943, &(0x7f0000000240)) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1211.971241][T22258] RSP: 002b:00007fa60ca30c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1211.979655][T22258] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1211.987623][T22258] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1211.995589][T22258] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1212.003647][T22258] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca316d4 [ 1212.011709][T22258] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1212.020380][T22260] CPU: 1 PID: 22260 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1212.029494][T22260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1212.031759][T22231] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1212.039538][T22260] Call Trace: [ 1212.039560][T22260] dump_stack+0x172/0x1f0 [ 1212.039580][T22260] warn_alloc.cold+0x87/0x17f [ 1212.039600][T22260] ? zone_watermark_ok_safe+0x260/0x260 [ 1212.061950][T22231] Node 0 DMA32: 446*4kB (E) 130*8kB (UE) 8*16kB (UM) 216*32kB (UME) 379*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 108*4096kB (UM) = 491208kB [ 1212.066051][T22260] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1212.066087][T22260] __vmalloc_node_range+0x48a/0x790 [ 1212.066104][T22260] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1212.077423][T22231] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1212.089498][T22260] ? kmem_cache_alloc_trace+0x354/0x760 [ 1212.089513][T22260] ? vb2_vmalloc_alloc+0xca/0x280 [ 1212.089528][T22260] vmalloc_user+0x6b/0x90 [ 1212.089542][T22260] ? vb2_vmalloc_alloc+0xca/0x280 [ 1212.089556][T22260] vb2_vmalloc_alloc+0xca/0x280 [ 1212.089568][T22260] ? __vb2_queue_alloc+0xf5/0xf40 [ 1212.089588][T22260] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1212.100633][T22231] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1212.105393][T22260] __vb2_queue_alloc+0x5a6/0xf40 [ 1212.105423][T22260] vb2_core_create_bufs+0x2bc/0x790 [ 1212.105441][T22260] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1212.105455][T22260] ? __vb2_queue_alloc+0xf40/0xf40 [ 1212.105471][T22260] ? lock_acquire+0x16f/0x3f0 [ 1212.105490][T22260] ? __video_do_ioctl+0x398/0xce0 [ 1212.123361][T22231] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1212.128153][T22260] ? __lock_acquire+0x548/0x3fb0 [ 1212.128176][T22260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1212.128198][T22260] vb2_create_bufs+0x472/0x7d0 [ 1212.136176][T22231] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1212.137610][T22260] ? vb2_request_queue+0x120/0x120 [ 1212.137626][T22260] ? __lock_acquire+0x548/0x3fb0 [ 1212.137644][T22260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1212.144498][T22231] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1212.147487][T22260] ? debug_smp_processor_id+0x3c/0x280 [ 1212.147510][T22260] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1212.147529][T22260] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1212.157239][T22231] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1212.170559][T22260] v4l_create_bufs+0xc0/0x180 [ 1212.170576][T22260] __video_do_ioctl+0x7f1/0xce0 [ 1212.170598][T22260] ? v4l_s_fmt+0xab0/0xab0 [ 1212.170618][T22260] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1212.170632][T22260] ? _copy_from_user+0xdd/0x150 [ 1212.170651][T22260] video_usercopy+0x4c5/0x10d0 [ 1212.170666][T22260] ? v4l_s_fmt+0xab0/0xab0 [ 1212.170692][T22260] ? v4l_enumstd+0x70/0x70 [ 1212.181234][T22231] 49669 total pagecache pages [ 1212.186340][T22260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1212.186355][T22260] ? tomoyo_path_number_perm+0x263/0x520 [ 1212.186373][T22260] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1212.186401][T22260] ? video_usercopy+0x10d0/0x10d0 [ 1212.186415][T22260] video_ioctl2+0x2d/0x35 [ 1212.196499][T22231] 0 pages in swap cache [ 1212.201167][T22260] v4l2_ioctl+0x156/0x1b0 [ 1212.201179][T22260] ? video_devdata+0xa0/0xa0 [ 1212.201196][T22260] do_vfs_ioctl+0xd6e/0x1390 [ 1212.201213][T22260] ? ioctl_preallocate+0x210/0x210 [ 1212.210942][T22231] Swap cache stats: add 0, delete 0, find 0/0 [ 1212.215660][T22260] ? __fget+0x381/0x550 [ 1212.215683][T22260] ? ksys_dup3+0x3e0/0x3e0 [ 1212.215710][T22260] ? nsecs_to_jiffies+0x30/0x30 [ 1212.215740][T22260] ? tomoyo_file_ioctl+0x23/0x30 [ 1212.215756][T22260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1212.215772][T22260] ? security_file_ioctl+0x93/0xc0 [ 1212.215791][T22260] ksys_ioctl+0xab/0xd0 [ 1212.215811][T22260] __x64_sys_ioctl+0x73/0xb0 [ 1212.215827][T22260] do_syscall_64+0x103/0x670 [ 1212.215847][T22260] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1212.227693][T22231] Free swap = 0kB [ 1212.236053][T22260] RIP: 0033:0x458c29 [ 1212.236068][T22260] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1212.236075][T22260] RSP: 002b:00007f92fa7a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1212.236088][T22260] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1212.236097][T22260] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1212.236105][T22260] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1212.236113][T22260] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7a26d4 [ 1212.236121][T22260] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1212.252446][T22231] Total swap = 0kB [ 1212.266500][T22231] 1965979 pages RAM [ 1212.299351][T22260] warn_alloc_show_mem: 1 callbacks suppressed [ 1212.299355][T22260] Mem-Info: [ 1212.309951][T22231] 0 pages HighMem/MovableOnly [ 1212.325337][T22260] active_anon:261146 inactive_anon:201 isolated_anon:0 [ 1212.325337][T22260] active_file:8241 inactive_file:41208 isolated_file:0 [ 1212.325337][T22260] unevictable:0 dirty:137 writeback:0 unstable:0 [ 1212.325337][T22260] slab_reclaimable:13968 slab_unreclaimable:116464 [ 1212.325337][T22260] mapped:58824 shmem:248 pagetables:7694 bounce:0 [ 1212.325337][T22260] free:1074642 free_pcp:405 free_cma:0 [ 1212.339434][T22231] 339405 pages reserved [ 1212.345537][T22260] Node 0 active_anon:1044584kB inactive_anon:804kB active_file:32828kB inactive_file:164832kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:548kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 622592kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1212.349738][T22231] 0 pages cma reserved [ 1212.358178][T22260] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1212.399048][T22260] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1212.407184][T22260] lowmem_reserve[]: 0 2553 2555 2555 [ 1212.521626][T19050] Bluetooth: hci1: command 0x1003 tx timeout [ 1212.535986][T22260] Node 0 DMA32 free:497516kB min:36232kB low:45288kB high:54344kB active_anon:1040224kB inactive_anon:796kB active_file:32828kB inactive_file:164836kB unevictable:0kB writepending:564kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15584kB pagetables:30600kB bounce:0kB free_pcp:1860kB local_pcp:536kB free_cma:0kB [ 1212.574794][ T1285] Bluetooth: hci1: sending frame failed (-49) [ 1212.583038][T22260] lowmem_reserve[]: 0 0 2 2 [ 1212.616036][T19050] Bluetooth: hci0: command 0x1003 tx timeout [ 1212.625482][T22260] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1212.647012][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1212.681352][T22260] lowmem_reserve[]: 0 0 0 0 [ 1212.771169][T22260] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1212.799599][T22260] lowmem_reserve[]: 0 0 0 0 [ 1212.804734][T22260] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1212.819074][T22260] Node 0 DMA32: 489*4kB (UME) 260*8kB (UE) 22*16kB (U) 240*32kB (UME) 379*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 5*2048kB (UME) 108*4096kB (UM) = 497508kB [ 1212.837128][T22260] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1212.849345][T22260] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1212.866630][T22260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1212.876264][T22260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1212.885613][T22260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1212.895212][T22260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1212.904556][T22260] 49696 total pagecache pages [ 1212.909241][T22260] 0 pages in swap cache [ 1212.913431][T22260] Swap cache stats: add 0, delete 0, find 0/0 [ 1212.919576][T22260] Free swap = 0kB [ 1212.923428][T22260] Total swap = 0kB [ 1212.927140][T22260] 1965979 pages RAM [ 1212.930929][T22260] 0 pages HighMem/MovableOnly [ 1212.936266][T22260] 339405 pages reserved [ 1212.940420][T22260] 0 pages cma reserved [ 1214.681604][T19050] Bluetooth: hci1: command 0x1001 tx timeout [ 1214.687715][ T1285] Bluetooth: hci1: sending frame failed (-49) [ 1214.761710][T19050] Bluetooth: hci0: command 0x1001 tx timeout [ 1214.767869][ T1285] Bluetooth: hci0: sending frame failed (-49) [ 1216.761694][ T17] Bluetooth: hci1: command 0x1009 tx timeout [ 1216.841621][ T17] Bluetooth: hci0: command 0x1009 tx timeout 09:17:07 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 09:17:07 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0xa00000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:07 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:07 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000240)={'team_slave_0\x00', @broadcast}) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:17:07 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:07 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000080)=0xfdfdffff) [ 1221.060366][T22288] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1221.086941][T22292] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1221.110040][T22294] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1221.146989][T22294] CPU: 1 PID: 22294 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1221.156157][T22294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1221.156171][T22294] Call Trace: [ 1221.156200][T22294] dump_stack+0x172/0x1f0 [ 1221.156230][T22294] warn_alloc.cold+0x87/0x17f [ 1221.178562][T22294] ? zone_watermark_ok_safe+0x260/0x260 [ 1221.184128][T22294] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1221.189801][T22294] __vmalloc_node_range+0x48a/0x790 [ 1221.195005][T22294] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1221.200039][T22294] ? kmem_cache_alloc_trace+0x354/0x760 [ 1221.205588][T22294] ? vb2_vmalloc_alloc+0xca/0x280 [ 1221.210642][T22294] vmalloc_user+0x6b/0x90 [ 1221.214970][T22294] ? vb2_vmalloc_alloc+0xca/0x280 [ 1221.214988][T22294] vb2_vmalloc_alloc+0xca/0x280 [ 1221.215000][T22294] ? __vb2_queue_alloc+0xf5/0xf40 [ 1221.215018][T22294] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1221.215031][T22294] __vb2_queue_alloc+0x5a6/0xf40 [ 1221.215062][T22294] vb2_core_create_bufs+0x2bc/0x790 [ 1221.215082][T22294] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1221.229953][T22294] ? __vb2_queue_alloc+0xf40/0xf40 [ 1221.229971][T22294] ? lock_acquire+0x16f/0x3f0 [ 1221.229987][T22294] ? __video_do_ioctl+0x398/0xce0 [ 1221.230005][T22294] ? __lock_acquire+0x548/0x3fb0 [ 1221.251246][T22294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.251267][T22294] vb2_create_bufs+0x472/0x7d0 [ 1221.251285][T22294] ? vb2_request_queue+0x120/0x120 [ 1221.277178][T22294] ? __lock_acquire+0x548/0x3fb0 [ 1221.277199][T22294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.277215][T22294] ? debug_smp_processor_id+0x3c/0x280 [ 1221.277242][T22294] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1221.298215][T22294] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1221.298235][T22294] v4l_create_bufs+0xc0/0x180 [ 1221.298255][T22294] __video_do_ioctl+0x7f1/0xce0 [ 1221.298281][T22294] ? v4l_s_fmt+0xab0/0xab0 [ 1221.318964][T22294] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1221.318982][T22294] ? _copy_from_user+0xdd/0x150 [ 1221.319002][T22294] video_usercopy+0x4c5/0x10d0 [ 1221.319019][T22294] ? v4l_s_fmt+0xab0/0xab0 [ 1221.348559][T22294] ? v4l_enumstd+0x70/0x70 [ 1221.352979][T22294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.359224][T22294] ? tomoyo_path_number_perm+0x263/0x520 [ 1221.364862][T22294] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1221.370681][T22294] ? video_usercopy+0x10d0/0x10d0 [ 1221.375718][T22294] video_ioctl2+0x2d/0x35 [ 1221.380135][T22294] v4l2_ioctl+0x156/0x1b0 [ 1221.384506][T22294] ? video_devdata+0xa0/0xa0 [ 1221.389089][T22294] do_vfs_ioctl+0xd6e/0x1390 [ 1221.393694][T22294] ? ioctl_preallocate+0x210/0x210 [ 1221.398801][T22294] ? __fget+0x381/0x550 [ 1221.402959][T22294] ? ksys_dup3+0x3e0/0x3e0 [ 1221.407392][T22294] ? nsecs_to_jiffies+0x30/0x30 [ 1221.412245][T22294] ? tomoyo_file_ioctl+0x23/0x30 [ 1221.417190][T22294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.423444][T22294] ? security_file_ioctl+0x93/0xc0 [ 1221.428563][T22294] ksys_ioctl+0xab/0xd0 [ 1221.432717][T22294] __x64_sys_ioctl+0x73/0xb0 [ 1221.437394][T22294] do_syscall_64+0x103/0x670 [ 1221.441987][T22294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1221.447883][T22294] RIP: 0033:0x458c29 [ 1221.451775][T22294] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1221.471389][T22294] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1221.479796][T22294] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1221.487761][T22294] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1221.495812][T22294] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 09:17:08 executing program 0: bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={0x0, {0x2, 0x4e20, @remote}, {0x2, 0x4e20, @rand_addr=0xc483}, {0x2, 0x4e24, @local}, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)='veth1_to_bridge\x00', 0x10001, 0xf947, 0x7fff}) sendmsg(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1221.504880][T22294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1221.512845][T22294] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1221.521192][T22288] CPU: 0 PID: 22288 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1221.530294][T22288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1221.530300][T22288] Call Trace: [ 1221.530320][T22288] dump_stack+0x172/0x1f0 [ 1221.530340][T22288] warn_alloc.cold+0x87/0x17f [ 1221.552672][T22288] ? zone_watermark_ok_safe+0x260/0x260 [ 1221.558231][T22288] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1221.563884][T22288] __vmalloc_node_range+0x48a/0x790 [ 1221.569076][T22288] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1221.574099][T22288] ? kmem_cache_alloc_trace+0x354/0x760 [ 1221.579638][T22288] ? vb2_vmalloc_alloc+0xca/0x280 [ 1221.579655][T22288] vmalloc_user+0x6b/0x90 [ 1221.579670][T22288] ? vb2_vmalloc_alloc+0xca/0x280 [ 1221.579684][T22288] vb2_vmalloc_alloc+0xca/0x280 [ 1221.579694][T22288] ? __vb2_queue_alloc+0xf5/0xf40 [ 1221.579711][T22288] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1221.610903][T22288] __vb2_queue_alloc+0x5a6/0xf40 [ 1221.616048][T22288] vb2_core_create_bufs+0x2bc/0x790 [ 1221.616067][T22288] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1221.616078][T22288] ? __vb2_queue_alloc+0xf40/0xf40 [ 1221.616097][T22288] ? lock_acquire+0x16f/0x3f0 [ 1221.636411][T22288] ? __video_do_ioctl+0x398/0xce0 [ 1221.636429][T22288] ? __lock_acquire+0x548/0x3fb0 [ 1221.636451][T22288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.636469][T22288] vb2_create_bufs+0x472/0x7d0 [ 1221.657538][T22288] ? vb2_request_queue+0x120/0x120 [ 1221.662642][T22288] ? __lock_acquire+0x548/0x3fb0 [ 1221.662661][T22288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.662675][T22288] ? debug_smp_processor_id+0x3c/0x280 [ 1221.662693][T22288] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1221.662708][T22288] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1221.662725][T22288] v4l_create_bufs+0xc0/0x180 [ 1221.662744][T22288] __video_do_ioctl+0x7f1/0xce0 [ 1221.662765][T22288] ? v4l_s_fmt+0xab0/0xab0 [ 1221.662783][T22288] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1221.662797][T22288] ? _copy_from_user+0xdd/0x150 [ 1221.662813][T22288] video_usercopy+0x4c5/0x10d0 [ 1221.662827][T22288] ? v4l_s_fmt+0xab0/0xab0 [ 1221.662845][T22288] ? v4l_enumstd+0x70/0x70 [ 1221.662857][T22288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.662871][T22288] ? tomoyo_path_number_perm+0x263/0x520 [ 1221.662888][T22288] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1221.662913][T22288] ? video_usercopy+0x10d0/0x10d0 [ 1221.662929][T22288] video_ioctl2+0x2d/0x35 [ 1221.681156][T22288] v4l2_ioctl+0x156/0x1b0 [ 1221.681172][T22288] ? video_devdata+0xa0/0xa0 [ 1221.681191][T22288] do_vfs_ioctl+0xd6e/0x1390 [ 1221.681210][T22288] ? ioctl_preallocate+0x210/0x210 [ 1221.776000][T22288] ? __fget+0x381/0x550 [ 1221.780174][T22288] ? ksys_dup3+0x3e0/0x3e0 [ 1221.784784][T22288] ? nsecs_to_jiffies+0x30/0x30 [ 1221.789640][T22288] ? tomoyo_file_ioctl+0x23/0x30 [ 1221.794575][T22288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.800816][T22288] ? security_file_ioctl+0x93/0xc0 [ 1221.805929][T22288] ksys_ioctl+0xab/0xd0 [ 1221.810106][T22288] __x64_sys_ioctl+0x73/0xb0 [ 1221.814709][T22288] do_syscall_64+0x103/0x670 [ 1221.819303][T22288] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1221.825188][T22288] RIP: 0033:0x458c29 [ 1221.829078][T22288] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1221.848680][T22288] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1221.857089][T22288] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1221.865070][T22288] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1221.873064][T22288] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1221.881138][T22288] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1221.888369][T22313] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1221.889195][T22288] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1221.894410][T22288] warn_alloc_show_mem: 2 callbacks suppressed [ 1221.894415][T22288] Mem-Info: [ 1221.909595][T22292] CPU: 1 PID: 22292 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1221.922305][T22288] active_anon:261648 inactive_anon:201 isolated_anon:0 [ 1221.922305][T22288] active_file:8245 inactive_file:41219 isolated_file:0 [ 1221.922305][T22288] unevictable:0 dirty:165 writeback:0 unstable:0 [ 1221.922305][T22288] slab_reclaimable:13958 slab_unreclaimable:116359 [ 1221.922305][T22288] mapped:58824 shmem:248 pagetables:7753 bounce:0 [ 1221.922305][T22288] free:1074123 free_pcp:356 free_cma:0 [ 1221.929664][T22292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1221.929670][T22292] Call Trace: [ 1221.929695][T22292] dump_stack+0x172/0x1f0 [ 1221.929716][T22292] warn_alloc.cold+0x87/0x17f [ 1221.929734][T22292] ? zone_watermark_ok_safe+0x260/0x260 [ 1221.929758][T22292] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1221.977940][T22292] __vmalloc_node_range+0x48a/0x790 [ 1221.977959][T22292] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1221.977982][T22292] ? kmem_cache_alloc_trace+0x354/0x760 [ 1221.990234][T22292] ? vb2_vmalloc_alloc+0xca/0x280 [ 1221.990255][T22292] vmalloc_user+0x6b/0x90 [ 1221.990271][T22292] ? vb2_vmalloc_alloc+0xca/0x280 [ 1221.990291][T22292] vb2_vmalloc_alloc+0xca/0x280 [ 1222.001440][T22292] ? __vb2_queue_alloc+0xf5/0xf40 [ 1222.001461][T22292] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1222.001473][T22292] __vb2_queue_alloc+0x5a6/0xf40 [ 1222.001504][T22292] vb2_core_create_bufs+0x2bc/0x790 [ 1222.001523][T22292] ? vim2m_buf_out_validate+0xc0/0xc0 09:17:08 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000200)='/dev/cec#\x00', 0x2, 0x2) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000240)="1a69677544aafef74b78234929071dfe8053c7431b436a3e1a3130d687af5a86085de0256c8fc800c4e7178b72661f894e6b963a95c5e5473fad5ab614af0d2bf9758a57aab28953a3531c2c2714995c8f189baf45b73e00b410a6d53703a2c7e3c2f8a150d310af0f713116111c781f72654f36b1d22da589") getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000002c0)={r2, 0x7}, &(0x7f0000000300)=0x8) [ 1222.001538][T22292] ? __vb2_queue_alloc+0xf40/0xf40 [ 1222.001560][T22292] ? lock_acquire+0x16f/0x3f0 [ 1222.011935][T22292] ? __video_do_ioctl+0x398/0xce0 [ 1222.011950][T22292] ? __lock_acquire+0x548/0x3fb0 [ 1222.011973][T22292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.011992][T22292] vb2_create_bufs+0x472/0x7d0 [ 1222.012010][T22292] ? vb2_request_queue+0x120/0x120 [ 1222.022548][T22292] ? __lock_acquire+0x548/0x3fb0 [ 1222.022567][T22292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.022582][T22292] ? debug_smp_processor_id+0x3c/0x280 [ 1222.022605][T22292] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1222.022620][T22292] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1222.022640][T22292] v4l_create_bufs+0xc0/0x180 [ 1222.031969][T22292] __video_do_ioctl+0x7f1/0xce0 [ 1222.031994][T22292] ? v4l_s_fmt+0xab0/0xab0 [ 1222.032016][T22292] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1222.032034][T22292] ? _copy_from_user+0xdd/0x150 [ 1222.032058][T22292] video_usercopy+0x4c5/0x10d0 09:17:08 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x410000, 0x0) ioctl$TCGETA(r1, 0x5405, &(0x7f0000000240)) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1222.038219][T22288] Node 0 active_anon:1046592kB inactive_anon:804kB active_file:32844kB inactive_file:164876kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:660kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 622592kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1222.041932][T22292] ? v4l_s_fmt+0xab0/0xab0 [ 1222.041958][T22292] ? v4l_enumstd+0x70/0x70 [ 1222.041974][T22292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.041990][T22292] ? tomoyo_path_number_perm+0x263/0x520 [ 1222.042007][T22292] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1222.042034][T22292] ? video_usercopy+0x10d0/0x10d0 [ 1222.048434][T22288] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1222.052745][T22292] video_ioctl2+0x2d/0x35 [ 1222.052763][T22292] v4l2_ioctl+0x156/0x1b0 [ 1222.052775][T22292] ? video_devdata+0xa0/0xa0 [ 1222.052795][T22292] do_vfs_ioctl+0xd6e/0x1390 [ 1222.052816][T22292] ? ioctl_preallocate+0x210/0x210 [ 1222.052832][T22292] ? __fget+0x381/0x550 [ 1222.052852][T22292] ? ksys_dup3+0x3e0/0x3e0 [ 1222.058591][T22288] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1222.063434][T22292] ? nsecs_to_jiffies+0x30/0x30 [ 1222.063457][T22292] ? tomoyo_file_ioctl+0x23/0x30 [ 1222.063473][T22292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.063488][T22292] ? security_file_ioctl+0x93/0xc0 [ 1222.063509][T22292] ksys_ioctl+0xab/0xd0 [ 1222.063533][T22292] __x64_sys_ioctl+0x73/0xb0 [ 1222.069276][T22288] lowmem_reserve[]: 0 2553 2555 2555 [ 1222.073331][T22292] do_syscall_64+0x103/0x670 [ 1222.073352][T22292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1222.073364][T22292] RIP: 0033:0x458c29 [ 1222.073378][T22292] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1222.073386][T22292] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1222.073399][T22292] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1222.073408][T22292] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1222.073417][T22292] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1222.073431][T22292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1222.079054][T22288] Node 0 DMA32 free:490500kB min:36232kB low:45288kB high:54344kB active_anon:1046592kB inactive_anon:804kB active_file:32844kB inactive_file:164876kB unevictable:0kB writepending:660kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15936kB pagetables:30864kB bounce:0kB free_pcp:1632kB local_pcp:1124kB free_cma:0kB [ 1222.083356][T22292] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1222.222186][T22313] CPU: 1 PID: 22313 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 09:17:09 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x2000000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1222.253613][T22313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1222.253620][T22313] Call Trace: [ 1222.253643][T22313] dump_stack+0x172/0x1f0 [ 1222.253664][T22313] warn_alloc.cold+0x87/0x17f [ 1222.262826][T22313] ? zone_watermark_ok_safe+0x260/0x260 [ 1222.262841][T22313] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1222.262881][T22313] __vmalloc_node_range+0x48a/0x790 [ 1222.262897][T22313] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1222.262918][T22313] ? kmem_cache_alloc_trace+0x354/0x760 [ 1222.272532][T22288] lowmem_reserve[]: 0 0 2 2 09:17:09 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1222.276574][T22313] ? vb2_vmalloc_alloc+0xca/0x280 [ 1222.276595][T22313] vmalloc_user+0x6b/0x90 [ 1222.276610][T22313] ? vb2_vmalloc_alloc+0xca/0x280 [ 1222.276629][T22313] vb2_vmalloc_alloc+0xca/0x280 [ 1222.303557][T22288] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 09:17:09 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @empty}, 0xffffff72) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x301000, 0x0) ioctl$VT_ACTIVATE(r1, 0x5606, 0x3e828164) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x101000, 0x0) ioctl$LOOP_CLR_FD(r2, 0x4c01) [ 1222.308257][T22313] ? __vb2_queue_alloc+0xf5/0xf40 [ 1222.308277][T22313] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1222.308291][T22313] __vb2_queue_alloc+0x5a6/0xf40 [ 1222.308322][T22313] vb2_core_create_bufs+0x2bc/0x790 [ 1222.313306][T22288] lowmem_reserve[]: 0 0 0 0 [ 1222.319454][T22313] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1222.319469][T22313] ? __vb2_queue_alloc+0xf40/0xf40 [ 1222.319484][T22313] ? lock_acquire+0x16f/0x3f0 [ 1222.319504][T22313] ? __video_do_ioctl+0x398/0xce0 [ 1222.324866][T22288] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1222.328920][T22313] ? __lock_acquire+0x548/0x3fb0 [ 1222.328943][T22313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.328961][T22313] vb2_create_bufs+0x472/0x7d0 [ 1222.328979][T22313] ? vb2_request_queue+0x120/0x120 [ 1222.333702][T22288] lowmem_reserve[]: 0 0 0 0 [ 1222.338899][T22313] ? __lock_acquire+0x548/0x3fb0 [ 1222.338917][T22313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.338932][T22313] ? debug_smp_processor_id+0x3c/0x280 [ 1222.338953][T22313] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1222.343685][T22288] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1222.349489][T22313] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1222.349509][T22313] v4l_create_bufs+0xc0/0x180 [ 1222.349530][T22313] __video_do_ioctl+0x7f1/0xce0 [ 1222.349561][T22313] ? v4l_s_fmt+0xab0/0xab0 [ 1222.353546][T22288] Node 0 DMA32: 468*4kB (UE) 199*8kB (UME) 31*16kB (U) 230*32kB (UME) 379*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 107*4096kB (UM) = 488568kB [ 1222.373219][T22313] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1222.373236][T22313] ? _copy_from_user+0xdd/0x150 [ 1222.373258][T22313] video_usercopy+0x4c5/0x10d0 [ 1222.373272][T22313] ? v4l_s_fmt+0xab0/0xab0 [ 1222.373293][T22313] ? v4l_enumstd+0x70/0x70 [ 1222.381774][T22288] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1222.389646][T22313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.389664][T22313] ? tomoyo_path_number_perm+0x263/0x520 [ 1222.389684][T22313] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1222.389715][T22313] ? video_usercopy+0x10d0/0x10d0 [ 1222.397743][T22288] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1222.405625][T22313] video_ioctl2+0x2d/0x35 [ 1222.405643][T22313] v4l2_ioctl+0x156/0x1b0 [ 1222.405658][T22313] ? video_devdata+0xa0/0xa0 [ 1222.405677][T22313] do_vfs_ioctl+0xd6e/0x1390 [ 1222.405697][T22313] ? ioctl_preallocate+0x210/0x210 [ 1222.413745][T22288] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1222.444547][T22313] ? __fget+0x381/0x550 [ 1222.444568][T22313] ? ksys_dup3+0x3e0/0x3e0 [ 1222.444585][T22313] ? nsecs_to_jiffies+0x30/0x30 [ 1222.444608][T22313] ? tomoyo_file_ioctl+0x23/0x30 [ 1222.444628][T22313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.452673][T22288] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1222.461754][T22313] ? security_file_ioctl+0x93/0xc0 [ 1222.461774][T22313] ksys_ioctl+0xab/0xd0 [ 1222.461796][T22313] __x64_sys_ioctl+0x73/0xb0 [ 1222.461816][T22313] do_syscall_64+0x103/0x670 [ 1222.461836][T22313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1222.472073][T22288] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1222.475243][T22313] RIP: 0033:0x458c29 [ 1222.475259][T22313] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1222.475267][T22313] RSP: 002b:00007f92fa780c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1222.475282][T22313] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1222.475290][T22313] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1222.475303][T22313] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1222.479717][T22288] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1222.484262][T22313] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7816d4 [ 1222.484271][T22313] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1222.583273][T22324] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1222.614174][T22288] 49710 total pagecache pages [ 1222.623165][T22327] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1222.679382][T22288] 0 pages in swap cache [ 1222.684721][T22324] CPU: 0 PID: 22324 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1222.697711][T22288] Swap cache stats: add 0, delete 0, find 0/0 [ 1222.709417][T22324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1222.709424][T22324] Call Trace: [ 1222.709450][T22324] dump_stack+0x172/0x1f0 [ 1222.709470][T22324] warn_alloc.cold+0x87/0x17f [ 1222.709484][T22324] ? zone_watermark_ok_safe+0x260/0x260 [ 1222.709501][T22324] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1222.709541][T22324] __vmalloc_node_range+0x48a/0x790 [ 1222.709561][T22324] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1222.724622][T22324] ? kmem_cache_alloc_trace+0x354/0x760 [ 1222.724640][T22324] ? vb2_vmalloc_alloc+0xca/0x280 [ 1222.724658][T22324] vmalloc_user+0x6b/0x90 [ 1222.740701][T22288] Free swap = 0kB [ 1222.747025][T22324] ? vb2_vmalloc_alloc+0xca/0x280 [ 1222.747040][T22324] vb2_vmalloc_alloc+0xca/0x280 [ 1222.747053][T22324] ? __vb2_queue_alloc+0xf5/0xf40 [ 1222.747079][T22324] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1222.747092][T22324] __vb2_queue_alloc+0x5a6/0xf40 [ 1222.747125][T22324] vb2_core_create_bufs+0x2bc/0x790 [ 1222.747141][T22324] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1222.747153][T22324] ? __vb2_queue_alloc+0xf40/0xf40 [ 1222.747172][T22324] ? lock_acquire+0x16f/0x3f0 [ 1223.165260][T22324] ? __video_do_ioctl+0x398/0xce0 [ 1223.170282][T22324] ? __lock_acquire+0x548/0x3fb0 [ 1223.175208][T22324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.181433][T22324] vb2_create_bufs+0x472/0x7d0 [ 1223.186191][T22324] ? vb2_request_queue+0x120/0x120 [ 1223.191286][T22324] ? __lock_acquire+0x548/0x3fb0 [ 1223.196212][T22324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.202455][T22324] ? debug_smp_processor_id+0x3c/0x280 [ 1223.207914][T22324] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1223.212922][T22324] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1223.218465][T22324] v4l_create_bufs+0xc0/0x180 [ 1223.223134][T22324] __video_do_ioctl+0x7f1/0xce0 [ 1223.227975][T22324] ? v4l_s_fmt+0xab0/0xab0 [ 1223.232392][T22324] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1223.238616][T22324] ? _copy_from_user+0xdd/0x150 [ 1223.243455][T22324] video_usercopy+0x4c5/0x10d0 [ 1223.248201][T22324] ? v4l_s_fmt+0xab0/0xab0 [ 1223.252618][T22324] ? v4l_enumstd+0x70/0x70 [ 1223.257016][T22324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.263246][T22324] ? tomoyo_path_number_perm+0x263/0x520 [ 1223.268863][T22324] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1223.274663][T22324] ? video_usercopy+0x10d0/0x10d0 [ 1223.279669][T22324] video_ioctl2+0x2d/0x35 [ 1223.283994][T22324] v4l2_ioctl+0x156/0x1b0 [ 1223.288305][T22324] ? video_devdata+0xa0/0xa0 [ 1223.292881][T22324] do_vfs_ioctl+0xd6e/0x1390 [ 1223.297458][T22324] ? ioctl_preallocate+0x210/0x210 [ 1223.302557][T22324] ? __fget+0x381/0x550 [ 1223.306874][T22324] ? ksys_dup3+0x3e0/0x3e0 [ 1223.311276][T22324] ? nsecs_to_jiffies+0x30/0x30 [ 1223.316127][T22324] ? tomoyo_file_ioctl+0x23/0x30 [ 1223.321052][T22324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.327299][T22324] ? security_file_ioctl+0x93/0xc0 [ 1223.332409][T22324] ksys_ioctl+0xab/0xd0 [ 1223.336553][T22324] __x64_sys_ioctl+0x73/0xb0 [ 1223.341142][T22324] do_syscall_64+0x103/0x670 [ 1223.345719][T22324] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1223.351593][T22324] RIP: 0033:0x458c29 [ 1223.355469][T22324] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1223.375060][T22324] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1223.383456][T22324] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1223.391416][T22324] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1223.399371][T22324] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1223.407343][T22324] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1223.415298][T22324] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1223.441245][T22327] CPU: 0 PID: 22327 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1223.450394][T22327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.460457][T22327] Call Trace: [ 1223.463771][T22327] dump_stack+0x172/0x1f0 [ 1223.468122][T22327] warn_alloc.cold+0x87/0x17f [ 1223.472811][T22327] ? zone_watermark_ok_safe+0x260/0x260 [ 1223.478369][T22327] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1223.483765][T22330] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1223.484047][T22327] __vmalloc_node_range+0x48a/0x790 [ 1223.504762][T22327] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1223.509801][T22327] ? kmem_cache_alloc_trace+0x354/0x760 [ 1223.515351][T22327] ? vb2_vmalloc_alloc+0xca/0x280 [ 1223.520382][T22327] vmalloc_user+0x6b/0x90 [ 1223.524716][T22327] ? vb2_vmalloc_alloc+0xca/0x280 [ 1223.529829][T22327] vb2_vmalloc_alloc+0xca/0x280 [ 1223.534684][T22327] ? __vb2_queue_alloc+0xf5/0xf40 [ 1223.539707][T22327] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1223.545513][T22327] __vb2_queue_alloc+0x5a6/0xf40 [ 1223.550474][T22327] vb2_core_create_bufs+0x2bc/0x790 [ 1223.555685][T22327] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1223.561057][T22327] ? __vb2_queue_alloc+0xf40/0xf40 [ 1223.561572][ T17] Bluetooth: hci1: command 0x1003 tx timeout [ 1223.566165][T22327] ? lock_acquire+0x16f/0x3f0 [ 1223.566183][T22327] ? __video_do_ioctl+0x398/0xce0 [ 1223.566197][T22327] ? __lock_acquire+0x548/0x3fb0 [ 1223.566220][T22327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.566238][T22327] vb2_create_bufs+0x472/0x7d0 [ 1223.582401][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1223.586772][T22327] ? vb2_request_queue+0x120/0x120 [ 1223.586787][T22327] ? __lock_acquire+0x548/0x3fb0 [ 1223.586803][T22327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.586816][T22327] ? debug_smp_processor_id+0x3c/0x280 [ 1223.586832][T22327] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1223.586848][T22327] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1223.586882][T22327] v4l_create_bufs+0xc0/0x180 [ 1223.616561][T22288] Total swap = 0kB [ 1223.620473][T22327] __video_do_ioctl+0x7f1/0xce0 [ 1223.620495][T22327] ? v4l_s_fmt+0xab0/0xab0 [ 1223.631001][T22288] 1965979 pages RAM [ 1223.636452][T22327] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1223.636471][T22327] ? _copy_from_user+0xdd/0x150 [ 1223.636491][T22327] video_usercopy+0x4c5/0x10d0 [ 1223.636505][T22327] ? v4l_s_fmt+0xab0/0xab0 [ 1223.636524][T22327] ? v4l_enumstd+0x70/0x70 [ 1223.636536][T22327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.636551][T22327] ? tomoyo_path_number_perm+0x263/0x520 [ 1223.636566][T22327] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1223.636590][T22327] ? video_usercopy+0x10d0/0x10d0 [ 1223.655078][T22288] 0 pages HighMem/MovableOnly [ 1223.657965][T22327] video_ioctl2+0x2d/0x35 [ 1223.657980][T22327] v4l2_ioctl+0x156/0x1b0 [ 1223.657990][T22327] ? video_devdata+0xa0/0xa0 [ 1223.658015][T22327] do_vfs_ioctl+0xd6e/0x1390 [ 1223.658036][T22327] ? ioctl_preallocate+0x210/0x210 [ 1223.658055][T22327] ? __fget+0x381/0x550 [ 1223.671807][T22324] warn_alloc_show_mem: 3 callbacks suppressed [ 1223.671811][T22324] Mem-Info: [ 1223.675152][T22327] ? ksys_dup3+0x3e0/0x3e0 [ 1223.675169][T22327] ? nsecs_to_jiffies+0x30/0x30 [ 1223.675188][T22327] ? tomoyo_file_ioctl+0x23/0x30 [ 1223.675205][T22327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.690075][T22288] 339405 pages reserved [ 1223.690213][T22327] ? security_file_ioctl+0x93/0xc0 [ 1223.696187][T22324] active_anon:262717 inactive_anon:200 isolated_anon:0 [ 1223.696187][T22324] active_file:8246 inactive_file:41242 isolated_file:0 [ 1223.696187][T22324] unevictable:0 dirty:189 writeback:0 unstable:0 [ 1223.696187][T22324] slab_reclaimable:13967 slab_unreclaimable:116182 [ 1223.696187][T22324] mapped:58824 shmem:248 pagetables:7778 bounce:0 [ 1223.696187][T22324] free:1073153 free_pcp:373 free_cma:0 [ 1223.701600][T22327] ksys_ioctl+0xab/0xd0 [ 1223.701619][T22327] __x64_sys_ioctl+0x73/0xb0 [ 1223.701637][T22327] do_syscall_64+0x103/0x670 [ 1223.701655][T22327] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1223.701665][T22327] RIP: 0033:0x458c29 [ 1223.701678][T22327] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1223.701684][T22327] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1223.701697][T22327] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1223.701704][T22327] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1223.701712][T22327] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1223.701718][T22327] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1223.701726][T22327] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1223.703895][T22330] CPU: 0 PID: 22330 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1223.711401][T22330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.711410][T22330] Call Trace: [ 1223.723980][T22288] 0 pages cma reserved [ 1223.724627][T22330] dump_stack+0x172/0x1f0 [ 1223.734294][T22330] warn_alloc.cold+0x87/0x17f [ 1223.734308][T22330] ? zone_watermark_ok_safe+0x260/0x260 [ 1223.734323][T22330] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1223.734358][T22330] __vmalloc_node_range+0x48a/0x790 [ 1223.734375][T22330] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1223.734393][T22330] ? kmem_cache_alloc_trace+0x354/0x760 [ 1223.734409][T22330] ? vb2_vmalloc_alloc+0xca/0x280 [ 1223.744015][T22324] Node 0 active_anon:1050968kB inactive_anon:800kB active_file:32848kB inactive_file:164968kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:756kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 624640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1223.744589][T22330] vmalloc_user+0x6b/0x90 [ 1223.762024][T22330] ? vb2_vmalloc_alloc+0xca/0x280 [ 1223.762039][T22330] vb2_vmalloc_alloc+0xca/0x280 [ 1223.762049][T22330] ? __vb2_queue_alloc+0xf5/0xf40 [ 1223.762065][T22330] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1223.762075][T22330] __vb2_queue_alloc+0x5a6/0xf40 [ 1223.762102][T22330] vb2_core_create_bufs+0x2bc/0x790 [ 1223.762118][T22330] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1223.762131][T22330] ? __vb2_queue_alloc+0xf40/0xf40 [ 1223.777578][T22330] ? lock_acquire+0x16f/0x3f0 [ 1223.777596][T22330] ? __video_do_ioctl+0x398/0xce0 [ 1223.777614][T22330] ? __lock_acquire+0x548/0x3fb0 [ 1223.816171][ T17] Bluetooth: hci0: command 0x1003 tx timeout [ 1223.819906][T22330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.819924][T22330] vb2_create_bufs+0x472/0x7d0 [ 1223.829690][T22324] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1223.834941][T22330] ? vb2_request_queue+0x120/0x120 [ 1223.834958][T22330] ? __lock_acquire+0x548/0x3fb0 [ 1223.834973][T22330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.834986][T22330] ? debug_smp_processor_id+0x3c/0x280 [ 1223.835013][T22330] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1223.835028][T22330] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1223.835052][T22330] v4l_create_bufs+0xc0/0x180 [ 1223.839254][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1223.858505][T22330] __video_do_ioctl+0x7f1/0xce0 [ 1223.858528][T22330] ? v4l_s_fmt+0xab0/0xab0 [ 1223.858550][T22330] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1223.858565][T22330] ? _copy_from_user+0xdd/0x150 [ 1223.858583][T22330] video_usercopy+0x4c5/0x10d0 [ 1223.858597][T22330] ? v4l_s_fmt+0xab0/0xab0 [ 1223.858635][T22330] ? v4l_enumstd+0x70/0x70 [ 1223.858649][T22330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.858663][T22330] ? tomoyo_path_number_perm+0x263/0x520 [ 1223.858678][T22330] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1223.858707][T22330] ? video_usercopy+0x10d0/0x10d0 [ 1223.874756][T22324] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1223.875283][T22330] video_ioctl2+0x2d/0x35 [ 1223.875298][T22330] v4l2_ioctl+0x156/0x1b0 [ 1223.875317][T22330] ? video_devdata+0xa0/0xa0 [ 1223.886470][T22324] lowmem_reserve[]: 0 2553 2555 2555 [ 1223.891509][T22330] do_vfs_ioctl+0xd6e/0x1390 [ 1223.891529][T22330] ? ioctl_preallocate+0x210/0x210 [ 1223.891543][T22330] ? __fget+0x381/0x550 [ 1223.891563][T22330] ? ksys_dup3+0x3e0/0x3e0 [ 1223.891578][T22330] ? nsecs_to_jiffies+0x30/0x30 [ 1223.891599][T22330] ? tomoyo_file_ioctl+0x23/0x30 [ 1223.891612][T22330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.891629][T22330] ? security_file_ioctl+0x93/0xc0 [ 1223.928670][T22324] Node 0 DMA32 free:487060kB min:36232kB low:45288kB high:54344kB active_anon:1051068kB inactive_anon:800kB active_file:32848kB inactive_file:164968kB unevictable:0kB writepending:756kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15968kB pagetables:31112kB bounce:0kB free_pcp:1336kB local_pcp:616kB free_cma:0kB [ 1223.930295][T22330] ksys_ioctl+0xab/0xd0 [ 1223.930316][T22330] __x64_sys_ioctl+0x73/0xb0 [ 1223.930337][T22330] do_syscall_64+0x103/0x670 [ 1223.935776][T22324] lowmem_reserve[]: 0 0 2 2 [ 1223.938719][T22330] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1223.938732][T22330] RIP: 0033:0x458c29 [ 1223.938746][T22330] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1223.938759][T22330] RSP: 002b:00007f92fa7a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1223.949318][T22324] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1223.954545][T22330] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1223.954554][T22330] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1223.954564][T22330] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1223.954573][T22330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7a26d4 [ 1223.954583][T22330] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1224.447237][T22324] lowmem_reserve[]: 0 0 0 0 [ 1224.449119][ T17] Bluetooth: hci2: command 0x1003 tx timeout [ 1224.453479][T22324] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1224.457927][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1224.486948][T22324] lowmem_reserve[]: 0 0 0 0 [ 1224.497843][T22324] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1224.514364][T22324] Node 0 DMA32: 469*4kB (UME) 134*8kB (UME) 71*16kB (U) 235*32kB (UME) 379*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 107*4096kB (UM) = 488852kB [ 1224.533270][T22324] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1224.545967][T22324] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1224.563713][T22324] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1224.573358][T22324] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1224.582846][T22324] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1224.592513][T22324] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1224.602010][T22324] 49751 total pagecache pages [ 1224.606709][T22324] 0 pages in swap cache [ 1224.610862][T22324] Swap cache stats: add 0, delete 0, find 0/0 [ 1224.617161][T22324] Free swap = 0kB [ 1224.620952][T22324] Total swap = 0kB [ 1224.624796][T22324] 1965979 pages RAM [ 1224.628628][T22324] 0 pages HighMem/MovableOnly [ 1224.633370][T22324] 339405 pages reserved [ 1224.637564][T22324] 0 pages cma reserved [ 1225.641599][ T17] Bluetooth: hci1: command 0x1001 tx timeout [ 1225.648663][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1225.881608][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 1225.887764][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1226.521854][ T17] Bluetooth: hci2: command 0x1001 tx timeout [ 1226.527948][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1227.721567][T19050] Bluetooth: hci1: command 0x1009 tx timeout [ 1227.961553][T19050] Bluetooth: hci0: command 0x1009 tx timeout [ 1228.601623][T19050] Bluetooth: hci2: command 0x1009 tx timeout 09:17:19 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4000, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0xffff) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x5}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000180)={r2, 0x96, 0x5, 0x100000001, 0x6, 0x6}, &(0x7f00000001c0)=0x14) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 09:17:19 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x200a000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:19 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:19 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000080)=0xfffffdfd) 09:17:19 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nullb0\x00', 0x101080, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x2, 0x1d, 0x4, "763148a8d28f61701588f229d62d344e3ecccf5bea11f6654f3657b57de18ea403ce8e146f1dca7ba13c7acf03fe2938d3b5674c311cc1360c2c1c38e7610004", "1843263bd4ebeb6955c78ce9c9c09cd99c5329b963c0ffca9e97ee79a4c2ce03fbabca9d88d99a7365614cafb0c27e12973b47c9c17c5f6ff54db2a9c5bb7141", "3173bef4b5ccc89162d3eb78c8bee46ecce7e7723b7f873fcf222c2deac25c42", [0x10001, 0x3]}) stat(&(0x7f0000000340)='./file0\x00', &(0x7f00000002c0)) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$BLKIOMIN(r2, 0x1278, &(0x7f0000000240)) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1232.580861][T22350] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1232.604329][T22346] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1232.619527][T22353] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1232.640247][T22353] CPU: 1 PID: 22353 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1232.649402][T22353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1232.659480][T22353] Call Trace: [ 1232.662796][T22353] dump_stack+0x172/0x1f0 [ 1232.667399][T22353] warn_alloc.cold+0x87/0x17f [ 1232.672101][T22353] ? zone_watermark_ok_safe+0x260/0x260 [ 1232.677692][T22353] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1232.683359][T22353] __vmalloc_node_range+0x48a/0x790 [ 1232.683381][T22353] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1232.683410][T22353] ? kmem_cache_alloc_trace+0x354/0x760 [ 1232.683438][T22353] ? vb2_vmalloc_alloc+0xca/0x280 [ 1232.693645][T22353] vmalloc_user+0x6b/0x90 [ 1232.693663][T22353] ? vb2_vmalloc_alloc+0xca/0x280 [ 1232.693677][T22353] vb2_vmalloc_alloc+0xca/0x280 [ 1232.693689][T22353] ? __vb2_queue_alloc+0xf5/0xf40 [ 1232.693706][T22353] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1232.693719][T22353] __vb2_queue_alloc+0x5a6/0xf40 [ 1232.693751][T22353] vb2_core_create_bufs+0x2bc/0x790 [ 1232.693770][T22353] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1232.693783][T22353] ? __vb2_queue_alloc+0xf40/0xf40 [ 1232.693797][T22353] ? lock_acquire+0x16f/0x3f0 [ 1232.693816][T22353] ? __video_do_ioctl+0x398/0xce0 [ 1232.693830][T22353] ? __lock_acquire+0x548/0x3fb0 [ 1232.693851][T22353] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.770743][T22353] vb2_create_bufs+0x472/0x7d0 [ 1232.775507][T22353] ? vb2_request_queue+0x120/0x120 [ 1232.780610][T22353] ? __lock_acquire+0x548/0x3fb0 [ 1232.785542][T22353] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.791772][T22353] ? debug_smp_processor_id+0x3c/0x280 [ 1232.797227][T22353] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1232.802259][T22353] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1232.807812][T22353] v4l_create_bufs+0xc0/0x180 [ 1232.812525][T22353] __video_do_ioctl+0x7f1/0xce0 [ 1232.817380][T22353] ? v4l_s_fmt+0xab0/0xab0 [ 1232.821801][T22353] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1232.828049][T22353] ? _copy_from_user+0xdd/0x150 [ 1232.828892][T22351] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1232.833009][T22353] video_usercopy+0x4c5/0x10d0 [ 1232.833026][T22353] ? v4l_s_fmt+0xab0/0xab0 [ 1232.833066][T22353] ? v4l_enumstd+0x70/0x70 [ 1232.833082][T22353] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.833098][T22353] ? tomoyo_path_number_perm+0x263/0x520 [ 1232.833118][T22353] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1232.833186][T22353] ? video_usercopy+0x10d0/0x10d0 [ 1232.883195][T22353] video_ioctl2+0x2d/0x35 [ 1232.887535][T22353] v4l2_ioctl+0x156/0x1b0 [ 1232.891868][T22353] ? video_devdata+0xa0/0xa0 [ 1232.896461][T22353] do_vfs_ioctl+0xd6e/0x1390 [ 1232.901056][T22353] ? ioctl_preallocate+0x210/0x210 [ 1232.906172][T22353] ? __fget+0x381/0x550 [ 1232.910334][T22353] ? ksys_dup3+0x3e0/0x3e0 [ 1232.914755][T22353] ? nsecs_to_jiffies+0x30/0x30 [ 1232.919619][T22353] ? tomoyo_file_ioctl+0x23/0x30 [ 1232.924822][T22353] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.931070][T22353] ? security_file_ioctl+0x93/0xc0 [ 1232.936199][T22353] ksys_ioctl+0xab/0xd0 [ 1232.940368][T22353] __x64_sys_ioctl+0x73/0xb0 [ 1232.944971][T22353] do_syscall_64+0x103/0x670 [ 1232.949574][T22353] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1232.955478][T22353] RIP: 0033:0x458c29 [ 1232.959385][T22353] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:17:19 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x7f) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x210000, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x93, 0x6, 0x7, 0xfffffffffffffff9, 0xff81, 0x2, 0x1f, 0x2f2983f2, 0x9, 0x80, 0x4}, 0xb) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x0, 0x100, 0x15d8, 0x7}) 09:17:19 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r1 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000340)={0xdf, 0x1000, 0x401}) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r1, &(0x7f0000000140)={0x10}) add_key(&(0x7f0000000000)='asymmetric\x00', 0x0, &(0x7f00000000c0)="3058020af10cb8b56c96d27c44d58e94ea51a7dfc59e92e80d9482ca7839173a8f1143a711f5a939b4fd0072693a46c08df6616dd21be3453ecf73039a20f43acbc5376139a9070ae27dd847474d1e59b26978", 0x53, 0xfffffffffffffffd) ioctl$EVIOCSREP(r1, 0x40084503, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1232.979172][T22353] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1232.987591][T22353] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1232.995566][T22353] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1233.003552][T22353] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1233.011522][T22353] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1233.019497][T22353] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1233.027494][T22346] CPU: 0 PID: 22346 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1233.036624][T22346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1233.046687][T22346] Call Trace: [ 1233.048136][T22353] warn_alloc_show_mem: 2 callbacks suppressed [ 1233.048141][T22353] Mem-Info: [ 1233.050003][T22346] dump_stack+0x172/0x1f0 [ 1233.050024][T22346] warn_alloc.cold+0x87/0x17f [ 1233.050044][T22346] ? zone_watermark_ok_safe+0x260/0x260 [ 1233.057181][T22353] active_anon:263845 inactive_anon:201 isolated_anon:0 [ 1233.057181][T22353] active_file:8249 inactive_file:41263 isolated_file:0 [ 1233.057181][T22353] unevictable:0 dirty:113 writeback:0 unstable:0 [ 1233.057181][T22353] slab_reclaimable:13931 slab_unreclaimable:116370 [ 1233.057181][T22353] mapped:58824 shmem:248 pagetables:7865 bounce:0 [ 1233.057181][T22353] free:1071793 free_pcp:346 free_cma:0 [ 1233.059218][T22346] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1233.059261][T22346] __vmalloc_node_range+0x48a/0x790 [ 1233.063742][T22353] Node 0 active_anon:1055380kB inactive_anon:804kB active_file:32860kB inactive_file:165052kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:452kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 622592kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1233.068234][T22346] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1233.068255][T22346] ? kmem_cache_alloc_trace+0x354/0x760 [ 1233.068274][T22346] ? vb2_vmalloc_alloc+0xca/0x280 [ 1233.073966][T22353] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1233.111809][T22346] vmalloc_user+0x6b/0x90 [ 1233.111829][T22346] ? vb2_vmalloc_alloc+0xca/0x280 [ 1233.111843][T22346] vb2_vmalloc_alloc+0xca/0x280 [ 1233.111855][T22346] ? __vb2_queue_alloc+0xf5/0xf40 [ 1233.111875][T22346] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1233.111888][T22346] __vb2_queue_alloc+0x5a6/0xf40 [ 1233.111922][T22346] vb2_core_create_bufs+0x2bc/0x790 [ 1233.125686][T22353] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1233.151707][T22346] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1233.151723][T22346] ? __vb2_queue_alloc+0xf40/0xf40 [ 1233.151739][T22346] ? lock_acquire+0x16f/0x3f0 [ 1233.151755][T22346] ? __video_do_ioctl+0x398/0xce0 [ 1233.151767][T22346] ? __lock_acquire+0x548/0x3fb0 [ 1233.151788][T22346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.156939][T22353] lowmem_reserve[]: 0 2553 2555 2555 [ 1233.162328][T22346] vb2_create_bufs+0x472/0x7d0 [ 1233.162349][T22346] ? vb2_request_queue+0x120/0x120 [ 1233.162364][T22346] ? __lock_acquire+0x548/0x3fb0 [ 1233.162382][T22346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.162397][T22346] ? debug_smp_processor_id+0x3c/0x280 [ 1233.162426][T22346] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1233.167566][T22353] Node 0 DMA32 free:479228kB min:36232kB low:45288kB high:54344kB active_anon:1057376kB inactive_anon:804kB active_file:32860kB inactive_file:165052kB unevictable:0kB writepending:452kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:16032kB pagetables:31460kB bounce:0kB free_pcp:1280kB local_pcp:824kB free_cma:0kB [ 1233.193880][T22346] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1233.193900][T22346] v4l_create_bufs+0xc0/0x180 [ 1233.193920][T22346] __video_do_ioctl+0x7f1/0xce0 [ 1233.193943][T22346] ? v4l_s_fmt+0xab0/0xab0 [ 1233.193962][T22346] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1233.193980][T22346] ? _copy_from_user+0xdd/0x150 [ 1233.198406][T22353] lowmem_reserve[]: 0 0 2 2 [ 1233.203310][T22346] video_usercopy+0x4c5/0x10d0 [ 1233.203327][T22346] ? v4l_s_fmt+0xab0/0xab0 [ 1233.203350][T22346] ? v4l_enumstd+0x70/0x70 [ 1233.203364][T22346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.203385][T22346] ? tomoyo_path_number_perm+0x263/0x520 [ 1233.208319][T22353] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1233.213217][T22346] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1233.213249][T22346] ? video_usercopy+0x10d0/0x10d0 [ 1233.213264][T22346] video_ioctl2+0x2d/0x35 [ 1233.213284][T22346] v4l2_ioctl+0x156/0x1b0 [ 1233.219151][T22353] lowmem_reserve[]: 0 0 0 0 [ 1233.223980][T22346] ? video_devdata+0xa0/0xa0 [ 1233.224000][T22346] do_vfs_ioctl+0xd6e/0x1390 [ 1233.224021][T22346] ? ioctl_preallocate+0x210/0x210 [ 1233.224036][T22346] ? __fget+0x381/0x550 [ 1233.224058][T22346] ? ksys_dup3+0x3e0/0x3e0 [ 1233.229324][T22353] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1233.256014][T22346] ? nsecs_to_jiffies+0x30/0x30 [ 1233.256035][T22346] ? tomoyo_file_ioctl+0x23/0x30 [ 1233.256049][T22346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.256062][T22346] ? security_file_ioctl+0x93/0xc0 [ 1233.256080][T22346] ksys_ioctl+0xab/0xd0 [ 1233.261534][T22353] lowmem_reserve[]: 0 0 0 0 [ 1233.266515][T22346] __x64_sys_ioctl+0x73/0xb0 [ 1233.266536][T22346] do_syscall_64+0x103/0x670 [ 1233.266554][T22346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1233.266569][T22346] RIP: 0033:0x458c29 [ 1233.271321][T22353] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 09:17:20 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1233.276223][T22346] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1233.276231][T22346] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1233.276245][T22346] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1233.276253][T22346] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1233.276261][T22346] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1233.276269][T22346] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1233.276277][T22346] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1233.287262][T22350] CPU: 0 PID: 22350 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1233.298149][T22353] Node 0 DMA32: 467*4kB (E) 57*8kB (UE) 29*16kB (UM) 220*32kB (UME) 379*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 105*4096kB (UM) = 478884kB [ 1233.302536][T22350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1233.302542][T22350] Call Trace: [ 1233.302562][T22350] dump_stack+0x172/0x1f0 [ 1233.302583][T22350] warn_alloc.cold+0x87/0x17f [ 1233.302599][T22350] ? zone_watermark_ok_safe+0x260/0x260 [ 1233.309772][T22353] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1233.313743][T22350] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1233.313779][T22350] __vmalloc_node_range+0x48a/0x790 09:17:20 executing program 0: r0 = socket$inet(0x2, 0x400000000000002, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r1 = add_key(&(0x7f0000000200)='big_key\x00', &(0x7f0000000240)={'syz', 0x3}, &(0x7f0000000280), 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f00000002c0)='ceph\x00', &(0x7f0000000300)=@secondary='builtin_and_secondary_trusted\x00') getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:17:20 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={r0, 0x0, 0x2, 0xfffffffffffffffd, 0x10000}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) [ 1233.313798][T22350] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1233.320481][T22353] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1233.324329][T22350] ? kmem_cache_alloc_trace+0x354/0x760 [ 1233.324345][T22350] ? vb2_vmalloc_alloc+0xca/0x280 [ 1233.324360][T22350] vmalloc_user+0x6b/0x90 [ 1233.324377][T22350] ? vb2_vmalloc_alloc+0xca/0x280 [ 1233.374960][T22353] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1233.380860][T22350] vb2_vmalloc_alloc+0xca/0x280 [ 1233.380872][T22350] ? __vb2_queue_alloc+0xf5/0xf40 [ 1233.380889][T22350] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1233.391260][T22353] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1233.394942][T22350] __vb2_queue_alloc+0x5a6/0xf40 [ 1233.394973][T22350] vb2_core_create_bufs+0x2bc/0x790 [ 1233.394992][T22350] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1233.401622][T22353] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1233.403856][T22350] ? __vb2_queue_alloc+0xf40/0xf40 [ 1233.403872][T22350] ? lock_acquire+0x16f/0x3f0 [ 1233.403892][T22350] ? __video_do_ioctl+0x398/0xce0 [ 1233.411260][T22353] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1233.415718][T22350] ? __lock_acquire+0x548/0x3fb0 [ 1233.415739][T22350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.415755][T22350] vb2_create_bufs+0x472/0x7d0 [ 1233.415771][T22350] ? vb2_request_queue+0x120/0x120 [ 1233.456734][T22353] 49757 total pagecache pages [ 1233.457524][T22350] ? __lock_acquire+0x548/0x3fb0 [ 1233.464140][T22353] 0 pages in swap cache [ 1233.466328][T22350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.466344][T22350] ? debug_smp_processor_id+0x3c/0x280 [ 1233.466367][T22350] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1233.472081][T22353] Swap cache stats: add 0, delete 0, find 0/0 [ 1233.475503][T22350] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1233.475522][T22350] v4l_create_bufs+0xc0/0x180 [ 1233.475542][T22350] __video_do_ioctl+0x7f1/0xce0 [ 1233.491562][T22353] Free swap = 0kB [ 1233.519039][T22350] ? v4l_s_fmt+0xab0/0xab0 [ 1233.519059][T22350] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1233.519074][T22350] ? _copy_from_user+0xdd/0x150 [ 1233.519090][T22350] video_usercopy+0x4c5/0x10d0 [ 1233.519102][T22350] ? v4l_s_fmt+0xab0/0xab0 [ 1233.519121][T22350] ? v4l_enumstd+0x70/0x70 [ 1233.530678][T22353] Total swap = 0kB [ 1233.535190][T22350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.535210][T22350] ? tomoyo_path_number_perm+0x263/0x520 [ 1233.535229][T22350] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1233.535259][T22350] ? video_usercopy+0x10d0/0x10d0 [ 1233.542642][T22353] 1965979 pages RAM [ 1233.544491][T22350] video_ioctl2+0x2d/0x35 [ 1233.544509][T22350] v4l2_ioctl+0x156/0x1b0 [ 1233.544525][T22350] ? video_devdata+0xa0/0xa0 [ 1233.549089][T22353] 0 pages HighMem/MovableOnly [ 1233.553666][T22350] do_vfs_ioctl+0xd6e/0x1390 [ 1233.553689][T22350] ? ioctl_preallocate+0x210/0x210 [ 1233.553704][T22350] ? __fget+0x381/0x550 [ 1233.553726][T22350] ? ksys_dup3+0x3e0/0x3e0 [ 1233.561546][T22353] 339405 pages reserved [ 1233.564161][T22350] ? nsecs_to_jiffies+0x30/0x30 [ 1233.564183][T22350] ? tomoyo_file_ioctl+0x23/0x30 [ 1233.564202][T22350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.571525][T22353] 0 pages cma reserved [ 1233.582649][T22350] ? security_file_ioctl+0x93/0xc0 [ 1233.582670][T22350] ksys_ioctl+0xab/0xd0 [ 1233.582690][T22350] __x64_sys_ioctl+0x73/0xb0 [ 1233.626944][T22350] do_syscall_64+0x103/0x670 [ 1233.626966][T22350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1233.650853][T22350] RIP: 0033:0x458c29 [ 1233.650869][T22350] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1233.650877][T22350] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1233.670113][T22371] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1233.679572][T22350] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1233.679582][T22350] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1233.679590][T22350] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1233.679599][T22350] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1233.679608][T22350] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1233.731051][T22351] CPU: 1 PID: 22351 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1233.755207][T22351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1233.755214][T22351] Call Trace: [ 1233.755236][T22351] dump_stack+0x172/0x1f0 [ 1233.755256][T22351] warn_alloc.cold+0x87/0x17f [ 1233.755270][T22351] ? zone_watermark_ok_safe+0x260/0x260 [ 1233.755285][T22351] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1233.755328][T22351] __vmalloc_node_range+0x48a/0x790 [ 1233.765883][T22351] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1233.765900][T22351] ? kmem_cache_alloc_trace+0x354/0x760 [ 1233.765914][T22351] ? vb2_vmalloc_alloc+0xca/0x280 [ 1233.765930][T22351] vmalloc_user+0x6b/0x90 [ 1233.765945][T22351] ? vb2_vmalloc_alloc+0xca/0x280 [ 1233.765962][T22351] vb2_vmalloc_alloc+0xca/0x280 [ 1233.775377][T22351] ? __vb2_queue_alloc+0xf5/0xf40 [ 1233.775396][T22351] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1233.775409][T22351] __vb2_queue_alloc+0x5a6/0xf40 [ 1233.775437][T22351] vb2_core_create_bufs+0x2bc/0x790 [ 1233.800600][T22351] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1233.800618][T22351] ? __vb2_queue_alloc+0xf40/0xf40 [ 1233.814991][T22351] ? lock_acquire+0x16f/0x3f0 [ 1233.825554][T22351] ? __video_do_ioctl+0x398/0xce0 [ 1233.825567][T22351] ? __lock_acquire+0x548/0x3fb0 [ 1233.825591][T22351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.825609][T22351] vb2_create_bufs+0x472/0x7d0 [ 1233.825627][T22351] ? vb2_request_queue+0x120/0x120 [ 1233.825645][T22351] ? __lock_acquire+0x548/0x3fb0 [ 1233.840256][T22351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1233.840272][T22351] ? debug_smp_processor_id+0x3c/0x280 [ 1233.840292][T22351] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1233.840309][T22351] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1233.904803][T22372] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1233.905659][T22351] v4l_create_bufs+0xc0/0x180 [ 1233.905681][T22351] __video_do_ioctl+0x7f1/0xce0 [ 1233.905704][T22351] ? v4l_s_fmt+0xab0/0xab0 [ 1233.905726][T22351] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1234.061140][T22350] warn_alloc_show_mem: 1 callbacks suppressed [ 1234.061146][T22350] Mem-Info: [ 1234.064378][T22351] ? _copy_from_user+0xdd/0x150 [ 1234.064400][T22351] video_usercopy+0x4c5/0x10d0 09:17:20 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1234.064417][T22351] ? v4l_s_fmt+0xab0/0xab0 [ 1234.064438][T22351] ? v4l_enumstd+0x70/0x70 [ 1234.064452][T22351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.064467][T22351] ? tomoyo_path_number_perm+0x263/0x520 [ 1234.064480][T22351] ? debug_smp_processor_id+0x3c/0x280 [ 1234.064494][T22351] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1234.064523][T22351] ? video_usercopy+0x10d0/0x10d0 [ 1234.064541][T22351] video_ioctl2+0x2d/0x35 [ 1234.084893][T22350] active_anon:263849 inactive_anon:201 isolated_anon:0 [ 1234.084893][T22350] active_file:8250 inactive_file:41278 isolated_file:0 [ 1234.084893][T22350] unevictable:0 dirty:155 writeback:0 unstable:0 [ 1234.084893][T22350] slab_reclaimable:13957 slab_unreclaimable:116522 [ 1234.084893][T22350] mapped:58824 shmem:248 pagetables:7873 bounce:0 [ 1234.084893][T22350] free:1071679 free_pcp:281 free_cma:0 [ 1234.103469][T22351] v4l2_ioctl+0x156/0x1b0 [ 1234.103483][T22351] ? video_devdata+0xa0/0xa0 [ 1234.103500][T22351] do_vfs_ioctl+0xd6e/0x1390 [ 1234.103520][T22351] ? ioctl_preallocate+0x210/0x210 [ 1234.103534][T22351] ? kasan_check_read+0x11/0x20 [ 1234.103549][T22351] ? _copy_to_user+0xc9/0x120 [ 1234.103567][T22351] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1234.103581][T22351] ? put_timespec64+0xda/0x140 [ 1234.103596][T22351] ? nsecs_to_jiffies+0x30/0x30 [ 1234.103618][T22351] ? tomoyo_file_ioctl+0x23/0x30 [ 1234.103633][T22351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.103653][T22351] ? security_file_ioctl+0x93/0xc0 [ 1234.180717][T22350] Node 0 active_anon:1055396kB inactive_anon:804kB active_file:32864kB inactive_file:165112kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:620kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 630784kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1234.185169][T22351] ksys_ioctl+0xab/0xd0 [ 1234.185190][T22351] __x64_sys_ioctl+0x73/0xb0 [ 1234.185210][T22351] do_syscall_64+0x103/0x670 [ 1234.185230][T22351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1234.185243][T22351] RIP: 0033:0x458c29 09:17:21 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1234.185256][T22351] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1234.185269][T22351] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1234.206700][T22350] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1234.208660][T22351] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1234.208670][T22351] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1234.208679][T22351] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1234.208688][T22351] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1234.208697][T22351] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1234.228989][T22371] CPU: 1 PID: 22371 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1234.234187][T22371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.244020][T22371] Call Trace: [ 1234.244041][T22371] dump_stack+0x172/0x1f0 [ 1234.244060][T22371] warn_alloc.cold+0x87/0x17f [ 1234.244073][T22371] ? zone_watermark_ok_safe+0x260/0x260 [ 1234.244087][T22371] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1234.244125][T22371] __vmalloc_node_range+0x48a/0x790 [ 1234.298482][T22350] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1234.301311][T22371] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1234.301341][T22371] ? kmem_cache_alloc_trace+0x354/0x760 [ 1234.301358][T22371] ? vb2_vmalloc_alloc+0xca/0x280 [ 1234.321584][T22350] lowmem_reserve[]: 0 2553 2555 2555 [ 1234.323075][T22371] vmalloc_user+0x6b/0x90 [ 1234.323097][T22371] ? vb2_vmalloc_alloc+0xca/0x280 [ 1234.323111][T22371] vb2_vmalloc_alloc+0xca/0x280 [ 1234.323127][T22371] ? __vb2_queue_alloc+0xf5/0xf40 [ 1234.330394][T22350] Node 0 DMA32 free:478680kB min:36232kB low:45288kB high:54344kB active_anon:1057456kB inactive_anon:804kB active_file:32864kB inactive_file:165112kB unevictable:0kB writepending:620kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:16064kB pagetables:31492kB bounce:0kB free_pcp:1352kB local_pcp:404kB free_cma:0kB [ 1234.333663][T22371] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1234.333675][T22371] __vb2_queue_alloc+0x5a6/0xf40 [ 1234.333707][T22371] vb2_core_create_bufs+0x2bc/0x790 [ 1234.333727][T22371] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1234.333740][T22371] ? __vb2_queue_alloc+0xf40/0xf40 [ 1234.333756][T22371] ? lock_acquire+0x16f/0x3f0 [ 1234.333774][T22371] ? __video_do_ioctl+0x398/0xce0 [ 1234.333788][T22371] ? __lock_acquire+0x548/0x3fb0 [ 1234.333805][T22371] ? kmem_cache_alloc_node_trace+0x5a3/0x720 [ 1234.333827][T22371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.333845][T22371] vb2_create_bufs+0x472/0x7d0 [ 1234.333863][T22371] ? vb2_request_queue+0x120/0x120 [ 1234.384913][T22350] lowmem_reserve[]: 0 0 2 2 [ 1234.386577][T22371] ? __lock_acquire+0x548/0x3fb0 [ 1234.386597][T22371] ? kmem_cache_alloc_node_trace+0x5a3/0x720 [ 1234.386616][T22371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.386629][T22371] ? debug_smp_processor_id+0x3c/0x280 [ 1234.386651][T22371] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1234.429850][T22350] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1234.466031][T22371] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1234.466052][T22371] v4l_create_bufs+0xc0/0x180 [ 1234.466072][T22371] __video_do_ioctl+0x7f1/0xce0 [ 1234.466094][T22371] ? v4l_s_fmt+0xab0/0xab0 [ 1234.466115][T22371] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1234.466130][T22371] ? _copy_from_user+0xdd/0x150 [ 1234.466149][T22371] video_usercopy+0x4c5/0x10d0 [ 1234.466163][T22371] ? v4l_s_fmt+0xab0/0xab0 [ 1234.466183][T22371] ? v4l_enumstd+0x70/0x70 [ 1234.466197][T22371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.466213][T22371] ? tomoyo_path_number_perm+0x263/0x520 [ 1234.466232][T22371] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1234.466261][T22371] ? video_usercopy+0x10d0/0x10d0 [ 1234.466280][T22371] video_ioctl2+0x2d/0x35 [ 1234.466294][T22371] v4l2_ioctl+0x156/0x1b0 [ 1234.466307][T22371] ? video_devdata+0xa0/0xa0 [ 1234.466334][T22371] do_vfs_ioctl+0xd6e/0x1390 [ 1234.466356][T22371] ? ioctl_preallocate+0x210/0x210 [ 1234.555771][T22371] ? __fget+0x381/0x550 [ 1234.555794][T22371] ? ksys_dup3+0x3e0/0x3e0 [ 1234.555811][T22371] ? nsecs_to_jiffies+0x30/0x30 [ 1234.555832][T22371] ? tomoyo_file_ioctl+0x23/0x30 [ 1234.555847][T22371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.555861][T22371] ? security_file_ioctl+0x93/0xc0 [ 1234.555879][T22371] ksys_ioctl+0xab/0xd0 [ 1234.555897][T22371] __x64_sys_ioctl+0x73/0xb0 [ 1234.555917][T22371] do_syscall_64+0x103/0x670 [ 1234.555936][T22371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1234.555948][T22371] RIP: 0033:0x458c29 [ 1234.555963][T22371] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1234.555971][T22371] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1234.555983][T22371] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1234.555998][T22371] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1234.575304][T22371] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1234.575319][T22371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1234.575327][T22371] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1234.591985][T22350] lowmem_reserve[]: 0 0 0 0 [ 1234.660381][T22390] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1234.667170][T22372] CPU: 1 PID: 22372 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1234.711438][T22395] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1234.717628][T22372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.717635][T22372] Call Trace: [ 1234.717665][T22372] dump_stack+0x172/0x1f0 [ 1234.723127][T22350] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1234.749742][T22372] warn_alloc.cold+0x87/0x17f [ 1234.749758][T22372] ? zone_watermark_ok_safe+0x260/0x260 [ 1234.749773][T22372] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1234.749809][T22372] __vmalloc_node_range+0x48a/0x790 [ 1234.749823][T22372] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1234.749841][T22372] ? kmem_cache_alloc_trace+0x354/0x760 [ 1234.749854][T22372] ? vb2_vmalloc_alloc+0xca/0x280 [ 1234.749871][T22372] vmalloc_user+0x6b/0x90 [ 1234.749886][T22372] ? vb2_vmalloc_alloc+0xca/0x280 [ 1234.749900][T22372] vb2_vmalloc_alloc+0xca/0x280 [ 1234.749911][T22372] ? __vb2_queue_alloc+0xf5/0xf40 [ 1234.749928][T22372] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1234.749938][T22372] __vb2_queue_alloc+0x5a6/0xf40 [ 1234.749966][T22372] vb2_core_create_bufs+0x2bc/0x790 [ 1234.785036][T22372] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1234.847018][T22350] lowmem_reserve[]: 0 0 0 0 [ 1234.847136][T22372] ? __vb2_queue_alloc+0xf40/0xf40 [ 1234.867717][T22372] ? lock_acquire+0x16f/0x3f0 [ 1234.867741][T22372] ? __video_do_ioctl+0x398/0xce0 [ 1234.888705][T22350] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1234.893256][T22372] ? __lock_acquire+0x548/0x3fb0 [ 1234.893278][T22372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.893304][T22372] vb2_create_bufs+0x472/0x7d0 [ 1234.893320][T22372] ? vb2_request_queue+0x120/0x120 [ 1234.893333][T22372] ? __lock_acquire+0x548/0x3fb0 [ 1234.893348][T22372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.893362][T22372] ? debug_smp_processor_id+0x3c/0x280 [ 1234.893384][T22372] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1234.893400][T22372] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1234.893419][T22372] v4l_create_bufs+0xc0/0x180 [ 1234.893437][T22372] __video_do_ioctl+0x7f1/0xce0 [ 1234.893459][T22372] ? v4l_s_fmt+0xab0/0xab0 [ 1234.942791][T22372] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1234.942806][T22372] ? _copy_from_user+0xdd/0x150 [ 1234.942827][T22372] video_usercopy+0x4c5/0x10d0 [ 1234.942841][T22372] ? v4l_s_fmt+0xab0/0xab0 [ 1234.942860][T22372] ? v4l_enumstd+0x70/0x70 [ 1234.942872][T22372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.942887][T22372] ? tomoyo_path_number_perm+0x263/0x520 [ 1234.942902][T22372] ? debug_smp_processor_id+0x3c/0x280 [ 1234.942918][T22372] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1234.942947][T22372] ? video_usercopy+0x10d0/0x10d0 [ 1234.942961][T22372] video_ioctl2+0x2d/0x35 [ 1234.942976][T22372] v4l2_ioctl+0x156/0x1b0 [ 1234.942987][T22372] ? video_devdata+0xa0/0xa0 [ 1234.943003][T22372] do_vfs_ioctl+0xd6e/0x1390 [ 1234.943021][T22372] ? ioctl_preallocate+0x210/0x210 [ 1234.943036][T22372] ? kasan_check_read+0x11/0x20 [ 1234.943054][T22372] ? _copy_to_user+0xc9/0x120 [ 1234.954057][T22350] Node 0 DMA32: 468*4kB (UE) 57*8kB (ME) 2*16kB (UM) 188*32kB (UME) 380*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 4*2048kB (UME) 104*4096kB (UM) = 475448kB [ 1234.958123][T22372] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1234.958139][T22372] ? put_timespec64+0xda/0x140 [ 1234.958160][T22372] ? nsecs_to_jiffies+0x30/0x30 [ 1234.989561][T22350] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1234.993439][T22372] ? tomoyo_file_ioctl+0x23/0x30 [ 1234.993456][T22372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1234.993472][T22372] ? security_file_ioctl+0x93/0xc0 [ 1234.993496][T22372] ksys_ioctl+0xab/0xd0 [ 1234.993528][T22372] __x64_sys_ioctl+0x73/0xb0 [ 1234.993546][T22372] do_syscall_64+0x103/0x670 [ 1234.993566][T22372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1235.015003][T22350] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1235.018792][T22372] RIP: 0033:0x458c29 [ 1235.018807][T22372] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1235.018815][T22372] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1235.018830][T22372] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1235.018843][T22372] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1235.041752][T22350] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1235.046528][T22372] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1235.046537][T22372] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1235.046546][T22372] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1235.046952][T21445] Bluetooth: hci0: command 0x1003 tx timeout [ 1235.052099][T22395] CPU: 0 PID: 22395 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1235.059574][T17400] Bluetooth: hci0: sending frame failed (-49) [ 1235.062957][T22395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1235.062963][T22395] Call Trace: [ 1235.062984][T22395] dump_stack+0x172/0x1f0 [ 1235.063007][T22395] warn_alloc.cold+0x87/0x17f [ 1235.063023][T22395] ? zone_watermark_ok_safe+0x260/0x260 [ 1235.063038][T22395] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1235.063079][T22395] __vmalloc_node_range+0x48a/0x790 [ 1235.072046][T22395] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1235.072065][T22395] ? kmem_cache_alloc_trace+0x354/0x760 [ 1235.072080][T22395] ? vb2_vmalloc_alloc+0xca/0x280 [ 1235.072098][T22395] vmalloc_user+0x6b/0x90 [ 1235.762138][T22395] ? vb2_vmalloc_alloc+0xca/0x280 [ 1235.767159][T22395] vb2_vmalloc_alloc+0xca/0x280 [ 1235.772039][T22395] ? __vb2_queue_alloc+0xf5/0xf40 [ 1235.777063][T22395] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1235.782876][T22395] __vb2_queue_alloc+0x5a6/0xf40 [ 1235.787830][T22395] vb2_core_create_bufs+0x2bc/0x790 [ 1235.793028][T22395] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1235.798393][T22395] ? __vb2_queue_alloc+0xf40/0xf40 [ 1235.803504][T22395] ? lock_acquire+0x16f/0x3f0 [ 1235.808182][T22395] ? __video_do_ioctl+0x398/0xce0 [ 1235.813201][T22395] ? __lock_acquire+0x548/0x3fb0 [ 1235.818147][T22395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1235.824384][T22395] vb2_create_bufs+0x472/0x7d0 [ 1235.829146][T22395] ? vb2_request_queue+0x120/0x120 [ 1235.834255][T22395] ? __lock_acquire+0x548/0x3fb0 [ 1235.839189][T22395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1235.845430][T22395] ? debug_smp_processor_id+0x3c/0x280 [ 1235.850896][T22395] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1235.855957][T22395] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1235.861529][T22395] v4l_create_bufs+0xc0/0x180 [ 1235.866215][T22395] __video_do_ioctl+0x7f1/0xce0 [ 1235.871078][T22395] ? v4l_s_fmt+0xab0/0xab0 [ 1235.875498][T22395] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1235.881733][T22395] ? _copy_from_user+0xdd/0x150 [ 1235.886585][T22395] video_usercopy+0x4c5/0x10d0 [ 1235.891344][T22395] ? v4l_s_fmt+0xab0/0xab0 [ 1235.895767][T22395] ? v4l_enumstd+0x70/0x70 [ 1235.900183][T22395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1235.906420][T22395] ? tomoyo_path_number_perm+0x263/0x520 [ 1235.912077][T22395] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1235.917899][T22395] ? video_usercopy+0x10d0/0x10d0 [ 1235.922920][T22395] video_ioctl2+0x2d/0x35 [ 1235.927256][T22395] v4l2_ioctl+0x156/0x1b0 [ 1235.931578][T22395] ? video_devdata+0xa0/0xa0 [ 1235.936173][T22395] do_vfs_ioctl+0xd6e/0x1390 [ 1235.940762][T22395] ? ioctl_preallocate+0x210/0x210 [ 1235.945869][T22395] ? __fget+0x381/0x550 [ 1235.950026][T22395] ? ksys_dup3+0x3e0/0x3e0 [ 1235.954439][T22395] ? nsecs_to_jiffies+0x30/0x30 [ 1235.959321][T22395] ? tomoyo_file_ioctl+0x23/0x30 [ 1235.964265][T22395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1235.970502][T22395] ? security_file_ioctl+0x93/0xc0 [ 1235.975635][T22395] ksys_ioctl+0xab/0xd0 [ 1235.979815][T22395] __x64_sys_ioctl+0x73/0xb0 [ 1235.984404][T22395] do_syscall_64+0x103/0x670 [ 1235.988998][T22395] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1235.994881][T22395] RIP: 0033:0x458c29 [ 1235.998774][T22395] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1236.018371][T22395] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1236.026840][T22395] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1236.034806][T22395] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1236.042774][T22395] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1236.050740][T22395] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1236.058705][T22395] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1236.066701][T22390] CPU: 1 PID: 22390 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1236.070081][T21835] Bluetooth: hci1: command 0x1003 tx timeout [ 1236.076005][T22390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1236.076011][T22390] Call Trace: [ 1236.076034][T22390] dump_stack+0x172/0x1f0 [ 1236.076055][T22390] warn_alloc.cold+0x87/0x17f [ 1236.076074][T22390] ? zone_watermark_ok_safe+0x260/0x260 [ 1236.109891][T22390] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1236.115532][T22390] __vmalloc_node_range+0x48a/0x790 [ 1236.120719][T22390] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1236.125734][T22390] ? kmem_cache_alloc_trace+0x354/0x760 [ 1236.131265][T22390] ? vb2_vmalloc_alloc+0xca/0x280 [ 1236.136275][T22390] vmalloc_user+0x6b/0x90 [ 1236.140592][T22390] ? vb2_vmalloc_alloc+0xca/0x280 [ 1236.145600][T22390] vb2_vmalloc_alloc+0xca/0x280 [ 1236.150436][T22390] ? __vb2_queue_alloc+0xf5/0xf40 [ 1236.155447][T22390] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1236.161409][T22390] __vb2_queue_alloc+0x5a6/0xf40 [ 1236.166342][T22390] vb2_core_create_bufs+0x2bc/0x790 [ 1236.171624][T22390] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1236.176984][T22390] ? __vb2_queue_alloc+0xf40/0xf40 [ 1236.182169][T22390] ? lock_acquire+0x16f/0x3f0 [ 1236.186831][T22390] ? __video_do_ioctl+0x398/0xce0 [ 1236.191838][T22390] ? __lock_acquire+0x548/0x3fb0 [ 1236.196773][T22390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.202999][T22390] vb2_create_bufs+0x472/0x7d0 [ 1236.207753][T22390] ? vb2_request_queue+0x120/0x120 [ 1236.212859][T22390] ? __lock_acquire+0x548/0x3fb0 [ 1236.217781][T22390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.224005][T22390] ? debug_smp_processor_id+0x3c/0x280 [ 1236.229545][T22390] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1236.234643][T22390] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1236.240181][T22390] v4l_create_bufs+0xc0/0x180 [ 1236.244874][T22390] __video_do_ioctl+0x7f1/0xce0 [ 1236.249718][T22390] ? v4l_s_fmt+0xab0/0xab0 [ 1236.254123][T22390] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1236.260346][T22390] ? _copy_from_user+0xdd/0x150 [ 1236.265191][T22390] video_usercopy+0x4c5/0x10d0 [ 1236.269945][T22390] ? v4l_s_fmt+0xab0/0xab0 [ 1236.274348][T22390] ? v4l_enumstd+0x70/0x70 [ 1236.278747][T22390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.284972][T22390] ? tomoyo_path_number_perm+0x263/0x520 [ 1236.290781][T22390] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1236.296585][T22390] ? video_usercopy+0x10d0/0x10d0 [ 1236.301609][T22390] video_ioctl2+0x2d/0x35 [ 1236.305945][T22390] v4l2_ioctl+0x156/0x1b0 [ 1236.310357][T22390] ? video_devdata+0xa0/0xa0 [ 1236.314942][T22390] do_vfs_ioctl+0xd6e/0x1390 [ 1236.319532][T22390] ? ioctl_preallocate+0x210/0x210 [ 1236.324628][T22390] ? __fget+0x381/0x550 [ 1236.328871][T22390] ? ksys_dup3+0x3e0/0x3e0 [ 1236.333284][T22390] ? nsecs_to_jiffies+0x30/0x30 [ 1236.338127][T22390] ? tomoyo_file_ioctl+0x23/0x30 [ 1236.343052][T22390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.349301][T22390] ? security_file_ioctl+0x93/0xc0 [ 1236.354402][T22390] ksys_ioctl+0xab/0xd0 [ 1236.358556][T22390] __x64_sys_ioctl+0x73/0xb0 [ 1236.363140][T22390] do_syscall_64+0x103/0x670 [ 1236.367739][T22390] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1236.373626][T22390] RIP: 0033:0x458c29 [ 1236.377511][T22390] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1236.397544][T22390] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1236.405936][T22390] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1236.413909][T22390] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1236.421861][T22390] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1236.429818][T22390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1236.437886][T22390] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1236.448540][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1236.454521][T22401] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1236.456502][T22395] warn_alloc_show_mem: 3 callbacks suppressed [ 1236.456507][T22395] Mem-Info: [ 1236.471407][T22401] CPU: 0 PID: 22401 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1236.475247][T22350] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1236.478296][T22401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1236.478306][T22401] Call Trace: [ 1236.500777][T22350] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1236.506731][T22401] dump_stack+0x172/0x1f0 [ 1236.506753][T22401] warn_alloc.cold+0x87/0x17f [ 1236.506771][T22401] ? zone_watermark_ok_safe+0x260/0x260 [ 1236.510110][T22395] active_anon:264907 inactive_anon:199 isolated_anon:0 [ 1236.510110][T22395] active_file:8251 inactive_file:41309 isolated_file:0 [ 1236.510110][T22395] unevictable:0 dirty:193 writeback:0 unstable:0 [ 1236.510110][T22395] slab_reclaimable:13969 slab_unreclaimable:116488 [ 1236.510110][T22395] mapped:58824 shmem:248 pagetables:7874 bounce:0 [ 1236.510110][T22395] free:1070544 free_pcp:364 free_cma:0 [ 1236.519561][T22401] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1236.519605][T22401] __vmalloc_node_range+0x48a/0x790 [ 1236.523968][T22350] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1236.528566][T22401] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1236.528591][T22401] ? kmem_cache_alloc_trace+0x354/0x760 [ 1236.534166][T22350] 49810 total pagecache pages [ 1236.572102][T22401] ? vb2_vmalloc_alloc+0xca/0x280 [ 1236.572118][T22401] vmalloc_user+0x6b/0x90 [ 1236.572134][T22401] ? vb2_vmalloc_alloc+0xca/0x280 [ 1236.572148][T22401] vb2_vmalloc_alloc+0xca/0x280 [ 1236.572164][T22401] ? __vb2_queue_alloc+0xf5/0xf40 [ 1236.577855][T22395] Node 0 active_anon:1059628kB inactive_anon:796kB active_file:32868kB inactive_file:165236kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:772kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 634880kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1236.582960][T22401] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1236.582973][T22401] __vb2_queue_alloc+0x5a6/0xf40 [ 1236.583005][T22401] vb2_core_create_bufs+0x2bc/0x790 [ 1236.593719][T22395] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1236.598652][T22401] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1236.598669][T22401] ? __vb2_queue_alloc+0xf40/0xf40 [ 1236.604251][T22395] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1236.608853][T22401] ? lock_acquire+0x16f/0x3f0 [ 1236.608868][T22401] ? __video_do_ioctl+0x398/0xce0 [ 1236.608884][T22401] ? __lock_acquire+0x548/0x3fb0 [ 1236.613945][T22350] 0 pages in swap cache [ 1236.618206][T22401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.618225][T22401] vb2_create_bufs+0x472/0x7d0 [ 1236.623289][T22395] lowmem_reserve[]: 0 2553 2555 2555 [ 1236.628069][T22401] ? vb2_request_queue+0x120/0x120 [ 1236.628087][T22401] ? __lock_acquire+0x548/0x3fb0 [ 1236.633145][T22350] Swap cache stats: add 0, delete 0, find 0/0 [ 1236.662048][T22401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.662064][T22401] ? debug_smp_processor_id+0x3c/0x280 [ 1236.662090][T22401] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1236.668391][T22395] Node 0 DMA32 free:476184kB min:36232kB low:45288kB high:54344kB active_anon:1059628kB inactive_anon:796kB active_file:32868kB inactive_file:165236kB unevictable:0kB writepending:772kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15872kB pagetables:31496kB bounce:0kB free_pcp:1456kB local_pcp:908kB free_cma:0kB [ 1236.673274][T22401] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1236.673293][T22401] v4l_create_bufs+0xc0/0x180 [ 1236.673314][T22401] __video_do_ioctl+0x7f1/0xce0 [ 1236.678527][T22395] lowmem_reserve[]: 0 0 2 2 [ 1236.704965][T22401] ? v4l_s_fmt+0xab0/0xab0 [ 1236.704986][T22401] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1236.704999][T22401] ? _copy_from_user+0xdd/0x150 [ 1236.705016][T22401] video_usercopy+0x4c5/0x10d0 [ 1236.710401][T22350] Free swap = 0kB [ 1236.715445][T22401] ? v4l_s_fmt+0xab0/0xab0 [ 1236.715467][T22401] ? v4l_enumstd+0x70/0x70 [ 1236.715478][T22401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.715497][T22401] ? tomoyo_path_number_perm+0x263/0x520 [ 1236.742396][T22395] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1236.746953][T22401] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1236.746984][T22401] ? video_usercopy+0x10d0/0x10d0 [ 1236.752036][T22395] lowmem_reserve[]: 0 0 0 0 09:17:23 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x3f00000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:23 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x3ff, 0x200800) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x30, r2, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffffff7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x89}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffffffff}]}, 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x40080) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:17:23 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1236.756897][T22401] video_ioctl2+0x2d/0x35 [ 1236.756912][T22401] v4l2_ioctl+0x156/0x1b0 [ 1236.756925][T22401] ? video_devdata+0xa0/0xa0 [ 1236.756952][T22401] do_vfs_ioctl+0xd6e/0x1390 [ 1236.761107][T22395] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1236.767390][T22401] ? ioctl_preallocate+0x210/0x210 [ 1236.767405][T22401] ? __fget+0x381/0x550 [ 1236.767428][T22401] ? ksys_dup3+0x3e0/0x3e0 [ 1236.772219][T22350] Total swap = 0kB [ 1236.777441][T22401] ? nsecs_to_jiffies+0x30/0x30 [ 1236.777467][T22401] ? tomoyo_file_ioctl+0x23/0x30 [ 1236.782600][T22350] 1965979 pages RAM [ 1236.787462][T22401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1236.787476][T22401] ? security_file_ioctl+0x93/0xc0 [ 1236.787495][T22401] ksys_ioctl+0xab/0xd0 [ 1236.793582][T22395] lowmem_reserve[]: 0 0 0 0 [ 1236.799758][T22401] __x64_sys_ioctl+0x73/0xb0 [ 1236.799779][T22401] do_syscall_64+0x103/0x670 [ 1236.805256][T22350] 0 pages HighMem/MovableOnly [ 1236.810218][T22401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1236.810235][T22401] RIP: 0033:0x458c29 [ 1236.840993][T22395] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1236.846469][T22401] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1236.846478][T22401] RSP: 002b:00007f92fa7a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1236.846492][T22401] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1236.846506][T22401] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1236.851196][T22395] Node 0 DMA32: 468*4kB (UE) 103*8kB (UME) 37*16kB (UM) 182*32kB (UME) 380*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 4*2048kB (UME) 104*4096kB (UM) = 476184kB [ 1236.855986][T22401] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1236.855996][T22401] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7a26d4 [ 1236.856005][T22401] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1236.860589][T22350] 339405 pages reserved [ 1236.872780][T22395] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1236.877052][T22350] 0 pages cma reserved [ 1236.881114][T22395] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1236.912090][T22395] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1236.949440][T22395] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1236.972635][T22406] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1237.006675][T22395] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1237.040501][T22395] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1237.086539][T21445] Bluetooth: hci2: command 0x1003 tx timeout [ 1237.112029][T22406] CPU: 0 PID: 22406 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1237.120226][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1237.121842][T22406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1237.121849][T22406] Call Trace: [ 1237.121872][T22406] dump_stack+0x172/0x1f0 [ 1237.121893][T22406] warn_alloc.cold+0x87/0x17f [ 1237.121909][T22406] ? zone_watermark_ok_safe+0x260/0x260 [ 1237.121924][T22406] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1237.121962][T22406] __vmalloc_node_range+0x48a/0x790 [ 1237.121983][T22406] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1237.122003][T22406] ? kmem_cache_alloc_trace+0x354/0x760 [ 1237.130388][T21445] Bluetooth: hci0: command 0x1001 tx timeout [ 1237.148264][T22406] ? vb2_vmalloc_alloc+0xca/0x280 [ 1237.148284][T22406] vmalloc_user+0x6b/0x90 [ 1237.148299][T22406] ? vb2_vmalloc_alloc+0xca/0x280 [ 1237.148313][T22406] vb2_vmalloc_alloc+0xca/0x280 [ 1237.148332][T22406] ? __vb2_queue_alloc+0xf5/0xf40 [ 1237.156484][T22395] 49810 total pagecache pages [ 1237.164250][T22406] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1237.164264][T22406] __vb2_queue_alloc+0x5a6/0xf40 [ 1237.164297][T22406] vb2_core_create_bufs+0x2bc/0x790 [ 1237.164316][T22406] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1237.172446][T20067] Bluetooth: hci0: sending frame failed (-49) [ 1237.176405][T22406] ? __vb2_queue_alloc+0xf40/0xf40 [ 1237.176422][T22406] ? lock_acquire+0x16f/0x3f0 [ 1237.176438][T22406] ? __video_do_ioctl+0x398/0xce0 [ 1237.176455][T22406] ? __lock_acquire+0x548/0x3fb0 [ 1237.189608][T22395] 0 pages in swap cache [ 1237.192677][T22406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1237.192698][T22406] vb2_create_bufs+0x472/0x7d0 [ 1237.192718][T22406] ? vb2_request_queue+0x120/0x120 [ 1237.192738][T22406] ? __lock_acquire+0x548/0x3fb0 [ 1237.210076][T22395] Swap cache stats: add 0, delete 0, find 0/0 [ 1237.219513][T22406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1237.219530][T22406] ? debug_smp_processor_id+0x3c/0x280 [ 1237.219553][T22406] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1237.219574][T22406] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1237.228984][T22395] Free swap = 0kB [ 1237.242711][T22406] v4l_create_bufs+0xc0/0x180 [ 1237.242732][T22406] __video_do_ioctl+0x7f1/0xce0 [ 1237.242757][T22406] ? v4l_s_fmt+0xab0/0xab0 [ 1237.242779][T22406] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1237.252440][T22395] Total swap = 0kB [ 1237.261561][T22406] ? _copy_from_user+0xdd/0x150 [ 1237.261584][T22406] video_usercopy+0x4c5/0x10d0 [ 1237.261606][T22406] ? v4l_s_fmt+0xab0/0xab0 [ 1237.261628][T22406] ? v4l_enumstd+0x70/0x70 [ 1237.267736][T22395] 1965979 pages RAM [ 1237.276680][T22406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1237.276699][T22406] ? tomoyo_path_number_perm+0x263/0x520 [ 1237.276719][T22406] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1237.276749][T22406] ? video_usercopy+0x10d0/0x10d0 [ 1237.282923][T22395] 0 pages HighMem/MovableOnly [ 1237.292827][T22406] video_ioctl2+0x2d/0x35 [ 1237.292846][T22406] v4l2_ioctl+0x156/0x1b0 [ 1237.292860][T22406] ? video_devdata+0xa0/0xa0 [ 1237.292880][T22406] do_vfs_ioctl+0xd6e/0x1390 [ 1237.292901][T22406] ? ioctl_preallocate+0x210/0x210 [ 1237.296286][T22395] 339405 pages reserved [ 1237.300476][T22406] ? __fget+0x381/0x550 [ 1237.300500][T22406] ? ksys_dup3+0x3e0/0x3e0 [ 1237.300514][T22406] ? nsecs_to_jiffies+0x30/0x30 [ 1237.300537][T22406] ? tomoyo_file_ioctl+0x23/0x30 [ 1237.305306][T22395] 0 pages cma reserved [ 1237.310708][T22406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1237.310725][T22406] ? security_file_ioctl+0x93/0xc0 [ 1237.310743][T22406] ksys_ioctl+0xab/0xd0 [ 1237.310763][T22406] __x64_sys_ioctl+0x73/0xb0 [ 1237.332126][T22406] do_syscall_64+0x103/0x670 [ 1237.332157][T22406] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1237.332169][T22406] RIP: 0033:0x458c29 [ 1237.332186][T22406] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1237.343173][T22406] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1237.343188][T22406] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1237.343203][T22406] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1237.394527][T22406] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1237.404277][T22406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1237.404286][T22406] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1238.522012][T21445] Bluetooth: hci1: command 0x1001 tx timeout [ 1238.528161][T20067] Bluetooth: hci1: sending frame failed (-49) [ 1239.161661][T21445] Bluetooth: hci0: command 0x1009 tx timeout [ 1239.167715][T21445] Bluetooth: hci2: command 0x1001 tx timeout [ 1239.173835][T20067] Bluetooth: hci2: sending frame failed (-49) [ 1240.601849][T21445] Bluetooth: hci1: command 0x1009 tx timeout [ 1241.241692][T19050] Bluetooth: hci2: command 0x1009 tx timeout 09:17:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000080)=0xfdfdffff00000000) 09:17:29 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000200)={&(0x7f0000000240)=@in={0x2, 0x4e20, @loopback}, 0xffb8, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1, 0x0, 0xfffffffffffffe7c}, 0x0) r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video37\x00', 0x2, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x80000001040, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x124, r3, 0x21, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0xc8, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc79}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x48000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x48, 0x5, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x14a2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x40}, 0x4) setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000000)=0x7f, 0x4) fchmodat(r2, &(0x7f0000000040)='./file0\x00', 0x2) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/hwrng\x00', 0x4040, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(r1, 0x4038564f, &(0x7f0000000140)={{0x3, @name="7ae85ef579bc124b4bed9ff87f0136d90faa4a168f81f062ad654785da6cd43e"}, 0x8, 0x4, 0xb949}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000540)={0x0, 0x80000000, 0x5, &(0x7f0000000500)=0x7}) 09:17:29 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:29 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x4000000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:29 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1242.808150][T22425] warn_alloc: 2 callbacks suppressed [ 1242.808167][T22425] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1242.809970][T22430] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1242.825279][T22425] CPU: 1 PID: 22425 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1242.850520][T22425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1242.860573][T22425] Call Trace: [ 1242.863912][T22425] dump_stack+0x172/0x1f0 [ 1242.868259][T22425] warn_alloc.cold+0x87/0x17f [ 1242.872930][T22425] ? zone_watermark_ok_safe+0x260/0x260 [ 1242.875728][T22437] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1242.878471][T22425] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1242.878513][T22425] __vmalloc_node_range+0x48a/0x790 [ 1242.903410][T22425] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1242.908430][T22425] ? kmem_cache_alloc_trace+0x354/0x760 [ 1242.913969][T22425] ? vb2_vmalloc_alloc+0xca/0x280 [ 1242.918998][T22425] vmalloc_user+0x6b/0x90 [ 1242.923346][T22425] ? vb2_vmalloc_alloc+0xca/0x280 [ 1242.928364][T22425] vb2_vmalloc_alloc+0xca/0x280 [ 1242.933205][T22425] ? __vb2_queue_alloc+0xf5/0xf40 [ 1242.938235][T22425] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1242.944027][T22425] __vb2_queue_alloc+0x5a6/0xf40 [ 1242.948974][T22425] vb2_core_create_bufs+0x2bc/0x790 [ 1242.954167][T22425] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1242.959532][T22425] ? __vb2_queue_alloc+0xf40/0xf40 [ 1242.964672][T22425] ? __lock_acquire+0x548/0x3fb0 [ 1242.969607][T22425] ? vb2_create_bufs+0x196/0x7d0 [ 1242.974546][T22425] vb2_create_bufs+0x472/0x7d0 [ 1242.979316][T22425] ? vb2_request_queue+0x120/0x120 [ 1242.984699][T22425] ? __lock_acquire+0x548/0x3fb0 [ 1242.989725][T22425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1242.995962][T22425] ? debug_smp_processor_id+0x3c/0x280 [ 1243.001425][T22425] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1243.006440][T22425] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1243.011985][T22425] v4l_create_bufs+0xc0/0x180 [ 1243.016674][T22425] __video_do_ioctl+0x7f1/0xce0 [ 1243.021616][T22425] ? v4l_s_fmt+0xab0/0xab0 [ 1243.026032][T22425] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1243.032262][T22425] ? _copy_from_user+0xdd/0x150 [ 1243.037113][T22425] video_usercopy+0x4c5/0x10d0 [ 1243.041864][T22425] ? v4l_s_fmt+0xab0/0xab0 [ 1243.046281][T22425] ? v4l_enumstd+0x70/0x70 [ 1243.050689][T22425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.056919][T22425] ? tomoyo_path_number_perm+0x263/0x520 [ 1243.063091][T22425] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1243.068907][T22425] ? video_usercopy+0x10d0/0x10d0 [ 1243.073931][T22425] video_ioctl2+0x2d/0x35 [ 1243.078276][T22425] v4l2_ioctl+0x156/0x1b0 [ 1243.082601][T22425] ? video_devdata+0xa0/0xa0 [ 1243.087188][T22425] do_vfs_ioctl+0xd6e/0x1390 [ 1243.091786][T22425] ? ioctl_preallocate+0x210/0x210 [ 1243.096892][T22425] ? __fget+0x381/0x550 [ 1243.101046][T22425] ? ksys_dup3+0x3e0/0x3e0 [ 1243.105458][T22425] ? nsecs_to_jiffies+0x30/0x30 [ 1243.110331][T22425] ? tomoyo_file_ioctl+0x23/0x30 [ 1243.115262][T22425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.121506][T22425] ? security_file_ioctl+0x93/0xc0 [ 1243.126613][T22425] ksys_ioctl+0xab/0xd0 [ 1243.130764][T22425] __x64_sys_ioctl+0x73/0xb0 [ 1243.135364][T22425] do_syscall_64+0x103/0x670 [ 1243.139954][T22425] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1243.145837][T22425] RIP: 0033:0x458c29 [ 1243.149774][T22425] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1243.169372][T22425] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1243.177780][T22425] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1243.185741][T22425] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1243.193708][T22425] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1243.201677][T22425] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 09:17:29 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) r1 = accept$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x14) setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000000280)={@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, r2}, 0xc) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) r3 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0x0) poll(&(0x7f0000000340)=[{r1, 0x4000}, {r3, 0x204}, {r3, 0x8000}, {r0, 0x1000}, {r0, 0x4000}, {r3, 0x240}, {r1, 0x1000}], 0x7, 0x7ff) ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000002c0)=0x0) write$FUSE_LK(r3, &(0x7f0000000300)={0x28, 0x0, 0x1, {{0x888c, 0x6, 0x0, r4}}}, 0x28) [ 1243.209641][T22425] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1243.217632][T22437] CPU: 0 PID: 22437 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1243.226741][T22437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1243.232534][T22425] warn_alloc_show_mem: 3 callbacks suppressed [ 1243.232539][T22425] Mem-Info: [ 1243.236798][T22437] Call Trace: [ 1243.236823][T22437] dump_stack+0x172/0x1f0 [ 1243.236845][T22437] warn_alloc.cold+0x87/0x17f [ 1243.236863][T22437] ? zone_watermark_ok_safe+0x260/0x260 [ 1243.253475][T22425] active_anon:266512 inactive_anon:201 isolated_anon:0 [ 1243.253475][T22425] active_file:8254 inactive_file:41329 isolated_file:0 [ 1243.253475][T22425] unevictable:0 dirty:135 writeback:0 unstable:0 [ 1243.253475][T22425] slab_reclaimable:13948 slab_unreclaimable:116456 [ 1243.253475][T22425] mapped:58824 shmem:248 pagetables:7984 bounce:0 [ 1243.253475][T22425] free:1068848 free_pcp:279 free_cma:0 [ 1243.258302][T22437] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1243.258342][T22437] __vmalloc_node_range+0x48a/0x790 [ 1243.274113][T22425] Node 0 active_anon:1066148kB inactive_anon:804kB active_file:32880kB inactive_file:165316kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:540kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 634880kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1243.301889][T22437] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1243.301911][T22437] ? kmem_cache_alloc_trace+0x354/0x760 [ 1243.301925][T22437] ? vb2_vmalloc_alloc+0xca/0x280 [ 1243.301941][T22437] vmalloc_user+0x6b/0x90 [ 1243.301956][T22437] ? vb2_vmalloc_alloc+0xca/0x280 [ 1243.301970][T22437] vb2_vmalloc_alloc+0xca/0x280 [ 1243.301982][T22437] ? __vb2_queue_alloc+0xf5/0xf40 [ 1243.301998][T22437] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1243.302009][T22437] __vb2_queue_alloc+0x5a6/0xf40 [ 1243.302038][T22437] vb2_core_create_bufs+0x2bc/0x790 [ 1243.328938][T22425] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1243.342090][T22437] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1243.342108][T22437] ? __vb2_queue_alloc+0xf40/0xf40 [ 1243.342123][T22437] ? lock_acquire+0x16f/0x3f0 [ 1243.342138][T22437] ? __video_do_ioctl+0x398/0xce0 [ 1243.342150][T22437] ? __lock_acquire+0x548/0x3fb0 [ 1243.342172][T22437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.342189][T22437] vb2_create_bufs+0x472/0x7d0 [ 1243.342205][T22437] ? vb2_request_queue+0x120/0x120 [ 1243.342227][T22437] ? __lock_acquire+0x548/0x3fb0 [ 1243.342241][T22437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.342253][T22437] ? debug_smp_processor_id+0x3c/0x280 [ 1243.342272][T22437] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1243.342288][T22437] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1243.342302][T22437] v4l_create_bufs+0xc0/0x180 [ 1243.342323][T22437] __video_do_ioctl+0x7f1/0xce0 [ 1243.348890][T22425] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1243.352876][T22437] ? v4l_s_fmt+0xab0/0xab0 [ 1243.352901][T22437] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1243.352918][T22437] ? _copy_from_user+0xdd/0x150 [ 1243.352937][T22437] video_usercopy+0x4c5/0x10d0 [ 1243.352951][T22437] ? v4l_s_fmt+0xab0/0xab0 [ 1243.352971][T22437] ? v4l_enumstd+0x70/0x70 [ 1243.358232][T22425] lowmem_reserve[]: 0 2553 2555 2555 [ 1243.362303][T22437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.362321][T22437] ? tomoyo_path_number_perm+0x263/0x520 [ 1243.362341][T22437] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1243.362371][T22437] ? video_usercopy+0x10d0/0x10d0 [ 1243.362385][T22437] video_ioctl2+0x2d/0x35 [ 1243.362400][T22437] v4l2_ioctl+0x156/0x1b0 [ 1243.362412][T22437] ? video_devdata+0xa0/0xa0 [ 1243.362432][T22437] do_vfs_ioctl+0xd6e/0x1390 [ 1243.367605][T22425] Node 0 DMA32 free:469192kB min:36232kB low:45288kB high:54344kB active_anon:1066108kB inactive_anon:804kB active_file:32880kB inactive_file:165316kB unevictable:0kB writepending:540kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:16128kB pagetables:31936kB bounce:0kB free_pcp:1120kB local_pcp:820kB free_cma:0kB [ 1243.372268][T22437] ? ioctl_preallocate+0x210/0x210 [ 1243.372285][T22437] ? __fget+0x381/0x550 [ 1243.372308][T22437] ? ksys_dup3+0x3e0/0x3e0 [ 1243.372324][T22437] ? nsecs_to_jiffies+0x30/0x30 [ 1243.372344][T22437] ? tomoyo_file_ioctl+0x23/0x30 [ 1243.372362][T22437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.377514][T22425] lowmem_reserve[]: 0 0 2 2 [ 1243.383173][T22437] ? security_file_ioctl+0x93/0xc0 [ 1243.383194][T22437] ksys_ioctl+0xab/0xd0 [ 1243.383218][T22437] __x64_sys_ioctl+0x73/0xb0 [ 1243.383238][T22437] do_syscall_64+0x103/0x670 [ 1243.383257][T22437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1243.383268][T22437] RIP: 0033:0x458c29 [ 1243.383282][T22437] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1243.383290][T22437] RSP: 002b:00007f53a9456c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1243.389139][T22425] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1243.393389][T22437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1243.393398][T22437] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1243.393407][T22437] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.393416][T22437] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94576d4 [ 1243.393425][T22437] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1243.400505][T22430] CPU: 0 PID: 22430 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1243.436553][T22425] lowmem_reserve[]: 0 0 0 0 [ 1243.440358][T22430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1243.440364][T22430] Call Trace: [ 1243.440386][T22430] dump_stack+0x172/0x1f0 [ 1243.440407][T22430] warn_alloc.cold+0x87/0x17f [ 1243.451230][T22425] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1243.451599][T22430] ? zone_watermark_ok_safe+0x260/0x260 [ 1243.451618][T22430] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1243.451656][T22430] __vmalloc_node_range+0x48a/0x790 [ 1243.456631][T22425] lowmem_reserve[]: 0 0 0 0 [ 1243.461560][T22430] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1243.461581][T22430] ? kmem_cache_alloc_trace+0x354/0x760 [ 1243.461596][T22430] ? vb2_vmalloc_alloc+0xca/0x280 [ 1243.461613][T22430] vmalloc_user+0x6b/0x90 [ 1243.461628][T22430] ? vb2_vmalloc_alloc+0xca/0x280 [ 1243.461644][T22430] vb2_vmalloc_alloc+0xca/0x280 [ 1243.461657][T22430] ? __vb2_queue_alloc+0xf5/0xf40 [ 1243.461674][T22430] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1243.461687][T22430] __vb2_queue_alloc+0x5a6/0xf40 [ 1243.461717][T22430] vb2_core_create_bufs+0x2bc/0x790 [ 1243.472378][T22425] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1243.472847][T22430] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1243.472864][T22430] ? __vb2_queue_alloc+0xf40/0xf40 [ 1243.478532][T22425] Node 0 DMA32: 468*4kB (ME) 58*8kB (UME) 12*16kB (UM) 175*32kB (UME) 380*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 103*4096kB (UM) = 469056kB [ 1243.483472][T22430] ? lock_acquire+0x16f/0x3f0 [ 1243.483489][T22430] ? __video_do_ioctl+0x398/0xce0 [ 1243.483503][T22430] ? __lock_acquire+0x548/0x3fb0 [ 1243.483525][T22430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.483544][T22430] vb2_create_bufs+0x472/0x7d0 [ 1243.483560][T22430] ? vb2_request_queue+0x120/0x120 [ 1243.483572][T22430] ? __lock_acquire+0x548/0x3fb0 [ 1243.483587][T22430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.483602][T22430] ? debug_smp_processor_id+0x3c/0x280 [ 1243.483621][T22430] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1243.483636][T22430] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1243.483652][T22430] v4l_create_bufs+0xc0/0x180 [ 1243.483671][T22430] __video_do_ioctl+0x7f1/0xce0 [ 1243.483695][T22430] ? v4l_s_fmt+0xab0/0xab0 [ 1243.483715][T22430] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1243.483731][T22430] ? _copy_from_user+0xdd/0x150 [ 1243.483758][T22430] video_usercopy+0x4c5/0x10d0 [ 1243.483773][T22430] ? v4l_s_fmt+0xab0/0xab0 [ 1243.483794][T22430] ? v4l_enumstd+0x70/0x70 [ 1243.496339][T22425] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1243.500326][T22430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.500344][T22430] ? tomoyo_path_number_perm+0x263/0x520 [ 1243.500362][T22430] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1243.500393][T22430] ? video_usercopy+0x10d0/0x10d0 [ 1243.534220][T22425] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1243.538149][T22430] video_ioctl2+0x2d/0x35 [ 1243.538166][T22430] v4l2_ioctl+0x156/0x1b0 [ 1243.538176][T22430] ? video_devdata+0xa0/0xa0 [ 1243.538194][T22430] do_vfs_ioctl+0xd6e/0x1390 [ 1243.545876][T22425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1243.547776][T22430] ? ioctl_preallocate+0x210/0x210 [ 1243.547793][T22430] ? __fget+0x381/0x550 [ 1243.547816][T22430] ? ksys_dup3+0x3e0/0x3e0 [ 1243.555167][T22425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1243.556619][T22430] ? nsecs_to_jiffies+0x30/0x30 [ 1243.556643][T22430] ? tomoyo_file_ioctl+0x23/0x30 [ 1243.556663][T22430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1243.565721][T22425] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1243.568162][T22430] ? security_file_ioctl+0x93/0xc0 [ 1243.568184][T22430] ksys_ioctl+0xab/0xd0 [ 1243.568208][T22430] __x64_sys_ioctl+0x73/0xb0 [ 1243.576561][T22425] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1243.579606][T22430] do_syscall_64+0x103/0x670 [ 1243.579627][T22430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1243.579644][T22430] RIP: 0033:0x458c29 [ 1243.587446][T22425] 49828 total pagecache pages [ 1243.588958][T22430] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1243.588966][T22430] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1243.588980][T22430] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1243.588987][T22430] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1243.588999][T22430] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1243.596033][T22425] 0 pages in swap cache [ 1243.597858][T22430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1243.597868][T22430] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1243.648066][T22445] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1243.672576][T22447] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1243.679504][T22447] CPU: 1 PID: 22447 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1243.688583][T22447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1243.688591][T22447] Call Trace: [ 1243.688616][T22447] dump_stack+0x172/0x1f0 [ 1243.688639][T22447] warn_alloc.cold+0x87/0x17f [ 1243.698394][T22447] ? zone_watermark_ok_safe+0x260/0x260 [ 1243.698409][T22447] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1243.698441][T22447] __vmalloc_node_range+0x48a/0x790 [ 1243.753192][T22447] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1243.753209][T22447] ? kmem_cache_alloc_trace+0x354/0x760 [ 1243.753220][T22447] ? vb2_vmalloc_alloc+0xca/0x280 [ 1243.753236][T22447] vmalloc_user+0x6b/0x90 [ 1243.753248][T22447] ? vb2_vmalloc_alloc+0xca/0x280 [ 1243.753262][T22447] vb2_vmalloc_alloc+0xca/0x280 [ 1243.753273][T22447] ? __vb2_queue_alloc+0xf5/0xf40 [ 1243.753288][T22447] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1244.425875][T22447] __vb2_queue_alloc+0x5a6/0xf40 [ 1244.430832][T22447] vb2_core_create_bufs+0x2bc/0x790 [ 1244.436031][T22447] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1244.441397][T22447] ? __vb2_queue_alloc+0xf40/0xf40 [ 1244.446509][T22447] ? lock_acquire+0x16f/0x3f0 [ 1244.451189][T22447] ? __video_do_ioctl+0x398/0xce0 [ 1244.456213][T22447] ? __lock_acquire+0x548/0x3fb0 [ 1244.461159][T22447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1244.467400][T22447] vb2_create_bufs+0x472/0x7d0 [ 1244.472165][T22447] ? vb2_request_queue+0x120/0x120 [ 1244.477295][T22447] ? __lock_acquire+0x548/0x3fb0 [ 1244.482320][T22447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1244.488564][T22447] ? debug_smp_processor_id+0x3c/0x280 [ 1244.494033][T22447] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1244.499061][T22447] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1244.504607][T22447] v4l_create_bufs+0xc0/0x180 [ 1244.509304][T22447] __video_do_ioctl+0x7f1/0xce0 [ 1244.514160][T22447] ? v4l_s_fmt+0xab0/0xab0 [ 1244.518580][T22447] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1244.524821][T22447] ? _copy_from_user+0xdd/0x150 [ 1244.529687][T22447] video_usercopy+0x4c5/0x10d0 [ 1244.534449][T22447] ? v4l_s_fmt+0xab0/0xab0 [ 1244.538872][T22447] ? v4l_enumstd+0x70/0x70 [ 1244.543287][T22447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1244.549525][T22447] ? tomoyo_path_number_perm+0x263/0x520 [ 1244.555248][T22447] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1244.561067][T22447] ? video_usercopy+0x10d0/0x10d0 [ 1244.566217][T22447] video_ioctl2+0x2d/0x35 [ 1244.570550][T22447] v4l2_ioctl+0x156/0x1b0 [ 1244.574891][T22447] ? video_devdata+0xa0/0xa0 [ 1244.579482][T22447] do_vfs_ioctl+0xd6e/0x1390 [ 1244.584100][T22447] ? ioctl_preallocate+0x210/0x210 [ 1244.589218][T22447] ? __fget+0x381/0x550 [ 1244.593380][T22447] ? ksys_dup3+0x3e0/0x3e0 [ 1244.597795][T22447] ? nsecs_to_jiffies+0x30/0x30 [ 1244.602653][T22447] ? tomoyo_file_ioctl+0x23/0x30 [ 1244.607592][T22447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1244.613921][T22447] ? security_file_ioctl+0x93/0xc0 [ 1244.619033][T22447] ksys_ioctl+0xab/0xd0 [ 1244.623190][T22447] __x64_sys_ioctl+0x73/0xb0 [ 1244.627784][T22447] do_syscall_64+0x103/0x670 [ 1244.632379][T22447] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1244.638282][T22447] RIP: 0033:0x458c29 [ 1244.642173][T22447] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1244.661771][T22447] RSP: 002b:00007fa60ca30c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1244.670636][T22447] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1244.678611][T22447] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1244.686582][T22447] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1244.694549][T22447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca316d4 [ 1244.702530][T22447] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1244.710521][T22445] CPU: 0 PID: 22445 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1244.719642][T22445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1244.729709][T22445] Call Trace: [ 1244.733015][T22445] dump_stack+0x172/0x1f0 [ 1244.737363][T22445] warn_alloc.cold+0x87/0x17f [ 1244.742054][T22445] ? zone_watermark_ok_safe+0x260/0x260 [ 1244.747604][T22445] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1244.754148][T22445] __vmalloc_node_range+0x48a/0x790 [ 1244.757366][T22425] Swap cache stats: add 0, delete 0, find 0/0 [ 1244.759350][T22445] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1244.759369][T22445] ? kmem_cache_alloc_trace+0x354/0x760 [ 1244.759386][T22445] ? vb2_vmalloc_alloc+0xca/0x280 [ 1244.768886][T22425] Free swap = 0kB [ 1244.770444][T22445] vmalloc_user+0x6b/0x90 [ 1244.770459][T22445] ? vb2_vmalloc_alloc+0xca/0x280 [ 1244.770477][T22445] vb2_vmalloc_alloc+0xca/0x280 [ 1244.778877][T22425] Total swap = 0kB [ 1244.781017][T22445] ? __vb2_queue_alloc+0xf5/0xf40 [ 1244.781035][T22445] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1244.781050][T22445] __vb2_queue_alloc+0x5a6/0xf40 [ 1244.787580][T22425] 1965979 pages RAM [ 1244.789069][T22445] vb2_core_create_bufs+0x2bc/0x790 [ 1244.789088][T22445] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1244.796932][T22425] 0 pages HighMem/MovableOnly [ 1244.798917][T22445] ? __vb2_queue_alloc+0xf40/0xf40 [ 1244.798931][T22445] ? lock_acquire+0x16f/0x3f0 [ 1244.798952][T22445] ? __video_do_ioctl+0x398/0xce0 [ 1244.805499][T22425] 339405 pages reserved [ 1244.807655][T22445] ? __lock_acquire+0x548/0x3fb0 [ 1244.807688][T22445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1244.817180][T22425] 0 pages cma reserved [ 1244.818389][T22445] vb2_create_bufs+0x472/0x7d0 [ 1244.818410][T22445] ? vb2_request_queue+0x120/0x120 [ 1244.825686][T22447] warn_alloc_show_mem: 2 callbacks suppressed [ 1244.825690][T22447] Mem-Info: [ 1244.827400][T22445] ? __lock_acquire+0x548/0x3fb0 [ 1244.827417][T22445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1244.827435][T22445] ? debug_smp_processor_id+0x3c/0x280 [ 1244.836732][T22447] active_anon:266029 inactive_anon:201 isolated_anon:0 [ 1244.836732][T22447] active_file:8254 inactive_file:41341 isolated_file:0 [ 1244.836732][T22447] unevictable:0 dirty:133 writeback:0 unstable:0 [ 1244.836732][T22447] slab_reclaimable:13964 slab_unreclaimable:116222 [ 1244.836732][T22447] mapped:58824 shmem:248 pagetables:7951 bounce:0 [ 1244.836732][T22447] free:1069618 free_pcp:284 free_cma:0 [ 1244.837446][T22445] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1244.857672][T22447] Node 0 active_anon:1064016kB inactive_anon:804kB active_file:32880kB inactive_file:165364kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235296kB dirty:532kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 638976kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1244.861268][T22445] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1244.861292][T22445] v4l_create_bufs+0xc0/0x180 [ 1244.877135][T22447] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1244.881432][T22445] __video_do_ioctl+0x7f1/0xce0 [ 1244.881459][T22445] ? v4l_s_fmt+0xab0/0xab0 [ 1244.891279][T22447] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1244.895530][T22445] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1244.895550][T22445] ? _copy_from_user+0xdd/0x150 [ 1244.895573][T22445] video_usercopy+0x4c5/0x10d0 [ 1244.895590][T22445] ? v4l_s_fmt+0xab0/0xab0 [ 1244.895611][T22445] ? v4l_enumstd+0x70/0x70 [ 1244.895622][T22445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1244.895641][T22445] ? tomoyo_path_number_perm+0x263/0x520 [ 1244.907368][T22447] lowmem_reserve[]: 0 2553 2555 2555 [ 1244.945416][T22445] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1244.945446][T22445] ? video_usercopy+0x10d0/0x10d0 [ 1244.945461][T22445] video_ioctl2+0x2d/0x35 [ 1244.945477][T22445] v4l2_ioctl+0x156/0x1b0 [ 1244.945490][T22445] ? video_devdata+0xa0/0xa0 [ 1244.945510][T22445] do_vfs_ioctl+0xd6e/0x1390 [ 1244.945531][T22445] ? ioctl_preallocate+0x210/0x210 [ 1244.945547][T22445] ? __fget+0x381/0x550 [ 1244.945567][T22445] ? ksys_dup3+0x3e0/0x3e0 [ 1244.945583][T22445] ? nsecs_to_jiffies+0x30/0x30 [ 1244.945604][T22445] ? tomoyo_file_ioctl+0x23/0x30 [ 1244.957456][T22447] Node 0 DMA32 free:472272kB min:36232kB low:45288kB high:54344kB active_anon:1064016kB inactive_anon:804kB active_file:32880kB inactive_file:165364kB unevictable:0kB writepending:584kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:15872kB pagetables:31656kB bounce:0kB free_pcp:1260kB local_pcp:1036kB free_cma:0kB [ 1244.979772][T22445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1244.979788][T22445] ? security_file_ioctl+0x93/0xc0 [ 1244.979807][T22445] ksys_ioctl+0xab/0xd0 [ 1244.979827][T22445] __x64_sys_ioctl+0x73/0xb0 [ 1244.979846][T22445] do_syscall_64+0x103/0x670 [ 1244.979865][T22445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1244.979878][T22445] RIP: 0033:0x458c29 [ 1244.979894][T22445] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1244.979902][T22445] RSP: 002b:00007f53a9435c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1244.979914][T22445] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1244.979921][T22445] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1244.979928][T22445] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1244.979936][T22445] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94366d4 [ 1244.979951][T22445] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1244.993499][T22447] lowmem_reserve[]: 0 0 2 2 [ 1245.038356][T22447] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1245.074198][T22447] lowmem_reserve[]: 0 0 0 0 [ 1245.097963][T22447] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1245.111064][T22447] lowmem_reserve[]: 0 0 0 0 [ 1245.131122][T22447] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1245.149239][T22447] Node 0 DMA32: 467*4kB (E) 150*8kB (UE) 16*16kB (U) 174*32kB (UME) 380*64kB (UME) 19*128kB (ME) 4*256kB (ME) 4*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 104*4096kB (UM) = 473916kB [ 1245.201389][T22447] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1245.219025][T22447] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1245.248584][T22447] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1245.425159][T22447] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1245.434547][T22447] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1245.434560][T22447] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1245.434566][T22447] 49862 total pagecache pages [ 1245.434587][T22447] 0 pages in swap cache [ 1245.434596][T22447] Swap cache stats: add 0, delete 0, find 0/0 09:17:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xfffffffffffffff9, 0x200000) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000040)={0x3, [0x78f4ed2c, 0x8, 0x80]}, 0xa) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 09:17:32 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) socket$inet(0x2, 0x80000, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:17:32 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:32 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x5) ioctl$KDADDIO(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000080)) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) 09:17:32 executing program 3: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x400c000000000000, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:32 executing program 4: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1245.434601][T22447] Free swap = 0kB [ 1245.434607][T22447] Total swap = 0kB [ 1245.434614][T22447] 1965979 pages RAM [ 1245.434628][T22447] 0 pages HighMem/MovableOnly [ 1245.434634][T22447] 339405 pages reserved [ 1245.434639][T22447] 0 pages cma reserved [ 1245.528712][T22455] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1245.553001][T22461] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1245.575296][T22462] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1245.603810][T22455] CPU: 0 PID: 22455 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1245.612977][T22455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1245.612985][T22455] Call Trace: [ 1245.613013][T22455] dump_stack+0x172/0x1f0 [ 1245.613037][T22455] warn_alloc.cold+0x87/0x17f [ 1245.613056][T22455] ? zone_watermark_ok_safe+0x260/0x260 [ 1245.613080][T22455] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1245.613123][T22455] __vmalloc_node_range+0x48a/0x790 [ 1245.613141][T22455] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1245.613163][T22455] ? kmem_cache_alloc_trace+0x354/0x760 [ 1245.613179][T22455] ? vb2_vmalloc_alloc+0xca/0x280 [ 1245.613197][T22455] vmalloc_user+0x6b/0x90 [ 1245.613211][T22455] ? vb2_vmalloc_alloc+0xca/0x280 [ 1245.613226][T22455] vb2_vmalloc_alloc+0xca/0x280 [ 1245.613238][T22455] ? __vb2_queue_alloc+0xf5/0xf40 [ 1245.613256][T22455] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1245.613274][T22455] __vb2_queue_alloc+0x5a6/0xf40 [ 1245.651982][T22455] vb2_core_create_bufs+0x2bc/0x790 [ 1245.652000][T22455] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1245.652013][T22455] ? __vb2_queue_alloc+0xf40/0xf40 [ 1245.652028][T22455] ? lock_acquire+0x16f/0x3f0 [ 1245.652044][T22455] ? __video_do_ioctl+0x398/0xce0 [ 1245.652057][T22455] ? __lock_acquire+0x548/0x3fb0 [ 1245.652082][T22455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1245.652099][T22455] vb2_create_bufs+0x472/0x7d0 [ 1245.652120][T22455] ? vb2_request_queue+0x120/0x120 [ 1245.652132][T22455] ? __lock_acquire+0x548/0x3fb0 [ 1245.652145][T22455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1245.652158][T22455] ? debug_smp_processor_id+0x3c/0x280 [ 1245.652175][T22455] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1245.652189][T22455] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1245.652203][T22455] v4l_create_bufs+0xc0/0x180 09:17:32 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1245.663009][T22455] __video_do_ioctl+0x7f1/0xce0 [ 1245.663034][T22455] ? v4l_s_fmt+0xab0/0xab0 [ 1245.663057][T22455] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1245.663078][T22455] ? _copy_from_user+0xdd/0x150 [ 1245.663097][T22455] video_usercopy+0x4c5/0x10d0 [ 1245.663111][T22455] ? v4l_s_fmt+0xab0/0xab0 [ 1245.663132][T22455] ? v4l_enumstd+0x70/0x70 [ 1245.674924][T22455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1245.674941][T22455] ? tomoyo_path_number_perm+0x263/0x520 [ 1245.674961][T22455] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1245.684808][T22455] ? video_usercopy+0x10d0/0x10d0 [ 1245.684821][T22455] video_ioctl2+0x2d/0x35 [ 1245.684836][T22455] v4l2_ioctl+0x156/0x1b0 [ 1245.684849][T22455] ? video_devdata+0xa0/0xa0 [ 1245.684867][T22455] do_vfs_ioctl+0xd6e/0x1390 [ 1245.684889][T22455] ? ioctl_preallocate+0x210/0x210 [ 1245.695681][T22455] ? __fget+0x381/0x550 [ 1245.705797][T22455] ? ksys_dup3+0x3e0/0x3e0 [ 1245.705813][T22455] ? nsecs_to_jiffies+0x30/0x30 [ 1245.705834][T22455] ? tomoyo_file_ioctl+0x23/0x30 [ 1245.716292][T22455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1245.716306][T22455] ? security_file_ioctl+0x93/0xc0 [ 1245.716325][T22455] ksys_ioctl+0xab/0xd0 [ 1245.716343][T22455] __x64_sys_ioctl+0x73/0xb0 [ 1245.716362][T22455] do_syscall_64+0x103/0x670 [ 1245.716381][T22455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1245.716391][T22455] RIP: 0033:0x458c29 [ 1245.716408][T22455] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1245.730990][T22455] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1245.731004][T22455] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1245.731014][T22455] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1245.731023][T22455] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1245.731031][T22455] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1245.731039][T22455] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1245.739151][T22461] CPU: 0 PID: 22461 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1245.799292][T22461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1245.799298][T22461] Call Trace: [ 1245.799320][T22461] dump_stack+0x172/0x1f0 [ 1245.799341][T22461] warn_alloc.cold+0x87/0x17f [ 1245.844367][T22461] ? zone_watermark_ok_safe+0x260/0x260 [ 1245.844387][T22461] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1245.844423][T22461] __vmalloc_node_range+0x48a/0x790 [ 1245.844440][T22461] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1245.844459][T22461] ? kmem_cache_alloc_trace+0x354/0x760 [ 1245.844472][T22461] ? vb2_vmalloc_alloc+0xca/0x280 [ 1245.844486][T22461] vmalloc_user+0x6b/0x90 [ 1245.844500][T22461] ? vb2_vmalloc_alloc+0xca/0x280 [ 1245.844514][T22461] vb2_vmalloc_alloc+0xca/0x280 [ 1245.844531][T22461] ? __vb2_queue_alloc+0xf5/0xf40 [ 1245.857141][T22483] syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1245.858797][T22461] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1245.858812][T22461] __vb2_queue_alloc+0x5a6/0xf40 [ 1245.858841][T22461] vb2_core_create_bufs+0x2bc/0x790 [ 1245.872213][T22461] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1245.872227][T22461] ? __vb2_queue_alloc+0xf40/0xf40 [ 1245.872245][T22461] ? lock_acquire+0x16f/0x3f0 [ 1245.901984][T22461] ? __video_do_ioctl+0x398/0xce0 [ 1245.902002][T22461] ? __lock_acquire+0x548/0x3fb0 [ 1245.902021][T22461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1245.902040][T22461] vb2_create_bufs+0x472/0x7d0 [ 1245.902062][T22461] ? vb2_request_queue+0x120/0x120 [ 1245.902077][T22461] ? __lock_acquire+0x548/0x3fb0 [ 1245.902093][T22461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1245.902107][T22461] ? debug_smp_processor_id+0x3c/0x280 [ 1245.902129][T22461] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1245.931513][T22461] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1245.931534][T22461] v4l_create_bufs+0xc0/0x180 [ 1245.931552][T22461] __video_do_ioctl+0x7f1/0xce0 [ 1245.931576][T22461] ? v4l_s_fmt+0xab0/0xab0 [ 1245.931606][T22461] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1245.931622][T22461] ? _copy_from_user+0xdd/0x150 [ 1245.931643][T22461] video_usercopy+0x4c5/0x10d0 [ 1246.000672][T22460] mkiss: ax0: crc mode is auto. [ 1246.002260][T22461] ? v4l_s_fmt+0xab0/0xab0 [ 1246.002283][T22461] ? v4l_enumstd+0x70/0x70 [ 1246.002298][T22461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.002315][T22461] ? tomoyo_path_number_perm+0x263/0x520 [ 1246.002332][T22461] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1246.002361][T22461] ? video_usercopy+0x10d0/0x10d0 [ 1246.002376][T22461] video_ioctl2+0x2d/0x35 [ 1246.002392][T22461] v4l2_ioctl+0x156/0x1b0 [ 1246.002409][T22461] ? video_devdata+0xa0/0xa0 [ 1246.239685][T22461] do_vfs_ioctl+0xd6e/0x1390 [ 1246.244300][T22461] ? ioctl_preallocate+0x210/0x210 [ 1246.249418][T22461] ? __fget+0x381/0x550 [ 1246.253593][T22461] ? ksys_dup3+0x3e0/0x3e0 [ 1246.258020][T22461] ? nsecs_to_jiffies+0x30/0x30 [ 1246.262992][T22461] ? tomoyo_file_ioctl+0x23/0x30 [ 1246.267940][T22461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.274201][T22461] ? security_file_ioctl+0x93/0xc0 [ 1246.279323][T22461] ksys_ioctl+0xab/0xd0 [ 1246.283669][T22461] __x64_sys_ioctl+0x73/0xb0 [ 1246.288276][T22461] do_syscall_64+0x103/0x670 [ 1246.292878][T22461] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1246.298773][T22461] RIP: 0033:0x458c29 [ 1246.302673][T22461] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1246.322286][T22461] RSP: 002b:00007f53a9477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1246.330708][T22461] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1246.338775][T22461] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1246.346757][T22461] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1246.354738][T22461] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94786d4 [ 1246.362750][T22461] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1246.371193][T22483] CPU: 1 PID: 22483 Comm: syz-executor.1 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1246.380320][T22483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1246.380327][T22483] Call Trace: [ 1246.380349][T22483] dump_stack+0x172/0x1f0 [ 1246.380370][T22483] warn_alloc.cold+0x87/0x17f [ 1246.380389][T22483] ? zone_watermark_ok_safe+0x260/0x260 [ 1246.398035][T22483] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1246.398078][T22483] __vmalloc_node_range+0x48a/0x790 [ 1246.398095][T22483] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1246.398117][T22483] ? kmem_cache_alloc_trace+0x354/0x760 [ 1246.429682][T22483] ? vb2_vmalloc_alloc+0xca/0x280 [ 1246.429876][T22461] warn_alloc_show_mem: 2 callbacks suppressed [ 1246.429881][T22461] Mem-Info: [ 1246.434720][T22483] vmalloc_user+0x6b/0x90 [ 1246.434738][T22483] ? vb2_vmalloc_alloc+0xca/0x280 [ 1246.434755][T22483] vb2_vmalloc_alloc+0xca/0x280 [ 1246.434767][T22483] ? __vb2_queue_alloc+0xf5/0xf40 [ 1246.434784][T22483] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1246.434797][T22483] __vb2_queue_alloc+0x5a6/0xf40 [ 1246.434828][T22483] vb2_core_create_bufs+0x2bc/0x790 [ 1246.434847][T22483] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1246.441306][T22461] active_anon:268298 inactive_anon:201 isolated_anon:0 [ 1246.441306][T22461] active_file:8256 inactive_file:41366 isolated_file:0 [ 1246.441306][T22461] unevictable:0 dirty:165 writeback:0 unstable:0 [ 1246.441306][T22461] slab_reclaimable:13985 slab_unreclaimable:116717 [ 1246.441306][T22461] mapped:58938 shmem:248 pagetables:8075 bounce:0 [ 1246.441306][T22461] free:1066591 free_pcp:243 free_cma:0 [ 1246.444024][T22483] ? __vb2_queue_alloc+0xf40/0xf40 [ 1246.444040][T22483] ? lock_acquire+0x16f/0x3f0 [ 1246.444058][T22483] ? __video_do_ioctl+0x398/0xce0 [ 1246.444072][T22483] ? __lock_acquire+0x548/0x3fb0 [ 1246.444096][T22483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.444115][T22483] vb2_create_bufs+0x472/0x7d0 [ 1246.444132][T22483] ? vb2_request_queue+0x120/0x120 [ 1246.444148][T22483] ? __lock_acquire+0x548/0x3fb0 [ 1246.448791][T22461] Node 0 active_anon:1073192kB inactive_anon:804kB active_file:32888kB inactive_file:165464kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235752kB dirty:660kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 638976kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1246.453652][T22483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.453670][T22483] ? debug_smp_processor_id+0x3c/0x280 [ 1246.453693][T22483] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1246.453710][T22483] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1246.453728][T22483] v4l_create_bufs+0xc0/0x180 [ 1246.453749][T22483] __video_do_ioctl+0x7f1/0xce0 [ 1246.453772][T22483] ? v4l_s_fmt+0xab0/0xab0 09:17:33 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) 09:17:33 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) r1 = syz_open_dev$sndpcmc(&(0x7f0000000340)='/dev/snd/pcmC#D#c\x00', 0x8, 0x1) ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000240)={0x0, @bt={0x49148ec9, 0x99, 0x1, 0x1, 0x3, 0xfffffffffffffc00, 0x4, 0x101, 0x879a, 0xd3d, 0x5, 0x2, 0x5, 0x3, 0x1f, 0x4}}) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) [ 1246.458915][T22461] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1246.463628][T22483] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1246.463646][T22483] ? _copy_from_user+0xdd/0x150 [ 1246.463669][T22483] video_usercopy+0x4c5/0x10d0 [ 1246.463684][T22483] ? v4l_s_fmt+0xab0/0xab0 [ 1246.463706][T22483] ? v4l_enumstd+0x70/0x70 [ 1246.463720][T22483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.463735][T22483] ? tomoyo_path_number_perm+0x263/0x520 [ 1246.463754][T22483] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1246.469937][T22461] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1246.474487][T22483] ? video_usercopy+0x10d0/0x10d0 [ 1246.474503][T22483] video_ioctl2+0x2d/0x35 [ 1246.474570][T22483] v4l2_ioctl+0x156/0x1b0 [ 1246.474587][T22483] ? video_devdata+0xa0/0xa0 [ 1246.480019][T22461] lowmem_reserve[]: 0 2553 2555 2555 [ 1246.485121][T22483] do_vfs_ioctl+0xd6e/0x1390 [ 1246.485145][T22483] ? ioctl_preallocate+0x210/0x210 [ 1246.485160][T22483] ? __fget+0x381/0x550 [ 1246.485184][T22483] ? ksys_dup3+0x3e0/0x3e0 [ 1246.485201][T22483] ? nsecs_to_jiffies+0x30/0x30 [ 1246.485232][T22483] ? tomoyo_file_ioctl+0x23/0x30 [ 1246.523587][T22461] Node 0 DMA32 free:460372kB min:36232kB low:45288kB high:54344kB active_anon:1073192kB inactive_anon:804kB active_file:32888kB inactive_file:165464kB unevictable:0kB writepending:660kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:16384kB pagetables:32300kB bounce:0kB free_pcp:972kB local_pcp:672kB free_cma:0kB [ 1246.528329][T22483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.528347][T22483] ? security_file_ioctl+0x93/0xc0 [ 1246.528368][T22483] ksys_ioctl+0xab/0xd0 [ 1246.528389][T22483] __x64_sys_ioctl+0x73/0xb0 [ 1246.528407][T22483] do_syscall_64+0x103/0x670 [ 1246.528428][T22483] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1246.536996][T22461] lowmem_reserve[]: 0 0 2 2 [ 1246.538093][T22483] RIP: 0033:0x458c29 [ 1246.538109][T22483] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1246.538118][T22483] RSP: 002b:00007f92fa7c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1246.538132][T22483] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1246.538141][T22483] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1246.538148][T22483] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1246.538161][T22483] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92fa7c36d4 [ 1246.543535][T22494] syz-executor.3: vmalloc: allocation failure: 0 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1246.549300][T22483] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1246.611856][T22461] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1246.638250][T22461] lowmem_reserve[]: 0 0 0 0 [ 1246.658238][T22462] CPU: 0 PID: 22462 Comm: syz-executor.4 Not tainted 5.1.0-rc5-next-20190417 #27 09:17:33 executing program 0: r0 = syz_open_dev$vbi(&(0x7f0000000200)='/dev/vbi#\x00', 0x0, 0x2) ioctl$RNDZAPENTCNT(r0, 0x5204, &(0x7f0000000000)=0x3) connect$ax25(r0, &(0x7f0000000240)={{0x3, @null}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}, 0x48) r1 = socket$inet(0x2, 0x1, 0x84) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) r2 = getpid() getpgid(r2) sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000340)={[{0x2, 0x4, 0x8, 0x3, 0x81, 0x3ecb, 0x3, 0x413891fb, 0x5548a16f, 0x6, 0x7ff, 0x66fc, 0x1}, {0xffffffff, 0xfffffffffffffffe, 0x9d24, 0xfffffffffffffffc, 0x1, 0x382, 0x5b8b7ac, 0x8, 0xf468, 0x3, 0xef, 0x80, 0x2}, {0x6, 0x5, 0x100, 0x959, 0x2, 0xfffffffffffffb5c, 0x0, 0x7, 0x8, 0x1f, 0x1, 0x400}], 0x623d}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0xffffffffffffffff, 0x3, 0x9, 0x3, 0xfff}, 0x200, 0x1, 0x1f}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x0) 09:17:33 executing program 1: clone(0x100000100000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x1ff, 0x1, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffff7]}}}) [ 1246.668657][T22461] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1246.672612][T22462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1246.672617][T22462] Call Trace: [ 1246.672642][T22462] dump_stack+0x172/0x1f0 [ 1246.672662][T22462] warn_alloc.cold+0x87/0x17f [ 1246.672677][T22462] ? zone_watermark_ok_safe+0x260/0x260 [ 1246.672691][T22462] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1246.672727][T22462] __vmalloc_node_range+0x48a/0x790 [ 1246.677887][T22461] lowmem_reserve[]: 0 0 0 0 [ 1246.681510][T22462] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1246.681531][T22462] ? kmem_cache_alloc_trace+0x354/0x760 [ 1246.681553][T22462] ? vb2_vmalloc_alloc+0xca/0x280 [ 1246.681570][T22462] vmalloc_user+0x6b/0x90 [ 1246.681586][T22462] ? vb2_vmalloc_alloc+0xca/0x280 [ 1246.681602][T22462] vb2_vmalloc_alloc+0xca/0x280 [ 1246.681613][T22462] ? __vb2_queue_alloc+0xf5/0xf40 [ 1246.681632][T22462] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1246.699288][T22462] __vb2_queue_alloc+0x5a6/0xf40 [ 1246.731872][T22461] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1246.735534][T22462] vb2_core_create_bufs+0x2bc/0x790 [ 1246.739827][T22461] Node 0 DMA32: 417*4kB (E) 62*8kB (UME) 0*16kB 109*32kB (UME) 377*64kB (ME) 19*128kB (ME) 5*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 3*2048kB (UME) 102*4096kB (UM) = 461012kB [ 1246.744402][T22462] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1246.744415][T22462] ? __vb2_queue_alloc+0xf40/0xf40 [ 1246.744430][T22462] ? lock_acquire+0x16f/0x3f0 [ 1246.744446][T22462] ? __video_do_ioctl+0x398/0xce0 [ 1246.744459][T22462] ? __lock_acquire+0x548/0x3fb0 [ 1246.744482][T22462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.744500][T22462] vb2_create_bufs+0x472/0x7d0 [ 1246.744523][T22462] ? vb2_request_queue+0x120/0x120 [ 1246.759466][T22462] ? __lock_acquire+0x548/0x3fb0 [ 1246.808496][T22462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.808511][T22462] ? debug_smp_processor_id+0x3c/0x280 [ 1246.808531][T22462] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1246.808555][T22462] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1246.808573][T22462] v4l_create_bufs+0xc0/0x180 [ 1246.808593][T22462] __video_do_ioctl+0x7f1/0xce0 [ 1246.808617][T22462] ? v4l_s_fmt+0xab0/0xab0 [ 1246.808638][T22462] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1246.808653][T22462] ? _copy_from_user+0xdd/0x150 [ 1246.808671][T22462] video_usercopy+0x4c5/0x10d0 [ 1246.808690][T22462] ? v4l_s_fmt+0xab0/0xab0 [ 1246.842889][T22461] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1246.843779][T22462] ? v4l_enumstd+0x70/0x70 [ 1246.843797][T22462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.843811][T22462] ? tomoyo_path_number_perm+0x263/0x520 [ 1246.843830][T22462] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1246.851222][T22461] Node 1 Normal: 72*4kB (UME) 213*8kB (UE) 253*16kB (U) 61*32kB (UM) 23*64kB (UME) 12*128kB (UE) 8*256kB (UME) 5*512kB (UME) 2*1024kB (M) 0*2048kB 921*4096kB (M) = 3790072kB [ 1246.867336][T22462] ? video_usercopy+0x10d0/0x10d0 [ 1246.867351][T22462] video_ioctl2+0x2d/0x35 [ 1246.867368][T22462] v4l2_ioctl+0x156/0x1b0 [ 1246.867382][T22462] ? video_devdata+0xa0/0xa0 [ 1246.867402][T22462] do_vfs_ioctl+0xd6e/0x1390 [ 1246.867421][T22462] ? ioctl_preallocate+0x210/0x210 [ 1246.867436][T22462] ? __fget+0x381/0x550 [ 1246.867456][T22462] ? ksys_dup3+0x3e0/0x3e0 [ 1246.867477][T22462] ? nsecs_to_jiffies+0x30/0x30 [ 1246.921268][ T3878] kobject: 'loop1' (00000000883afb79): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1246.921648][T22462] ? tomoyo_file_ioctl+0x23/0x30 [ 1246.921666][T22462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1246.921681][T22462] ? security_file_ioctl+0x93/0xc0 [ 1246.921701][T22462] ksys_ioctl+0xab/0xd0 [ 1246.921721][T22462] __x64_sys_ioctl+0x73/0xb0 [ 1246.921739][T22462] do_syscall_64+0x103/0x670 [ 1246.921759][T22462] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1246.943556][T22461] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1246.956281][T22462] RIP: 0033:0x458c29 [ 1246.956298][T22462] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1246.956307][T22462] RSP: 002b:00007fa60ca72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1246.956321][T22462] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1246.956329][T22462] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1246.956336][T22462] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1246.956344][T22462] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa60ca736d4 [ 1246.956352][T22462] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1246.992763][T22494] CPU: 0 PID: 22494 Comm: syz-executor.3 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1247.009335][T22457] kobject: 'rx-0' (00000000d9d8d1ea): kobject_cleanup, parent 00000000fcbb3b79 [ 1247.012046][T22494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1247.012053][T22494] Call Trace: [ 1247.012074][T22494] dump_stack+0x172/0x1f0 [ 1247.012094][T22494] warn_alloc.cold+0x87/0x17f [ 1247.012109][T22494] ? zone_watermark_ok_safe+0x260/0x260 [ 1247.012125][T22494] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1247.012163][T22494] __vmalloc_node_range+0x48a/0x790 [ 1247.012179][T22494] ? vb2_vmalloc_alloc+0x8c/0x280 [ 1247.012200][T22494] ? kmem_cache_alloc_trace+0x354/0x760 [ 1247.028869][T22457] kobject: 'rx-0' (00000000d9d8d1ea): auto cleanup 'remove' event [ 1247.032561][T22494] ? vb2_vmalloc_alloc+0xca/0x280 [ 1247.032582][T22494] vmalloc_user+0x6b/0x90 [ 1247.032597][T22494] ? vb2_vmalloc_alloc+0xca/0x280 [ 1247.032611][T22494] vb2_vmalloc_alloc+0xca/0x280 [ 1247.032623][T22494] ? __vb2_queue_alloc+0xf5/0xf40 [ 1247.032641][T22494] ? vb2_vmalloc_attach_dmabuf+0x160/0x160 [ 1247.032653][T22494] __vb2_queue_alloc+0x5a6/0xf40 [ 1247.032683][T22494] vb2_core_create_bufs+0x2bc/0x790 [ 1247.032702][T22494] ? vim2m_buf_out_validate+0xc0/0xc0 [ 1247.051667][T22457] kobject: 'rx-0' (00000000d9d8d1ea): kobject_uevent_env [ 1247.052903][T22494] ? __vb2_queue_alloc+0xf40/0xf40 [ 1247.052918][T22494] ? lock_acquire+0x16f/0x3f0 [ 1247.052938][T22494] ? __video_do_ioctl+0x398/0xce0 [ 1247.073874][ T3878] kobject: 'loop1' (00000000883afb79): kobject_uevent_env [ 1247.077109][T22494] ? __lock_acquire+0x548/0x3fb0 [ 1247.091602][T22457] kobject: 'rx-0' (00000000d9d8d1ea): fill_kobj_path: path = '/devices/virtual/net/ax0/queues/rx-0' [ 1247.102055][T22494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1247.102074][T22494] vb2_create_bufs+0x472/0x7d0 [ 1247.102096][T22494] ? vb2_request_queue+0x120/0x120 [ 1247.125170][T22498] kobject: 'rfkill143' (000000005de0f725): kobject_add_internal: parent: 'hci1', set: 'devices' [ 1247.129783][T22494] ? __lock_acquire+0x548/0x3fb0 [ 1247.129800][T22494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1247.129813][T22494] ? debug_smp_processor_id+0x3c/0x280 [ 1247.129831][T22494] v4l2_m2m_create_bufs+0x7c/0xe0 [ 1247.135455][ T3878] kobject: 'loop1' (00000000883afb79): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1247.139594][T22494] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 1247.139612][T22494] v4l_create_bufs+0xc0/0x180 [ 1247.139630][T22494] __video_do_ioctl+0x7f1/0xce0 [ 1247.147095][T22457] kobject: 'rx-0' (00000000d9d8d1ea): auto cleanup kobject_del [ 1247.149653][T22494] ? v4l_s_fmt+0xab0/0xab0 [ 1247.149674][T22494] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1247.149692][T22494] ? _copy_from_user+0xdd/0x150 [ 1247.167476][T22498] kobject: 'rfkill143' (000000005de0f725): kobject_uevent_env [ 1247.170684][T22494] video_usercopy+0x4c5/0x10d0 [ 1247.170699][T22494] ? v4l_s_fmt+0xab0/0xab0 [ 1247.170718][T22494] ? v4l_enumstd+0x70/0x70 [ 1247.185046][T22457] kobject: 'rx-0' (00000000d9d8d1ea): calling ktype release [ 1247.187381][T22494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1247.187399][T22494] ? tomoyo_path_number_perm+0x263/0x520 [ 1247.187415][T22494] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1247.187442][T22494] ? video_usercopy+0x10d0/0x10d0 [ 1247.206903][T22498] kobject: 'rfkill143' (000000005de0f725): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1/rfkill143' [ 1247.207017][T22494] video_ioctl2+0x2d/0x35 [ 1247.217913][T22457] kobject: 'rx-0': free name [ 1247.218058][T22494] v4l2_ioctl+0x156/0x1b0 [ 1247.229780][T22457] kobject: 'tx-0' (000000005fd28cf6): kobject_cleanup, parent 00000000fcbb3b79 [ 1247.239322][T22494] ? video_devdata+0xa0/0xa0 [ 1247.239343][T22494] do_vfs_ioctl+0xd6e/0x1390 [ 1247.239362][T22494] ? ioctl_preallocate+0x210/0x210 [ 1247.239376][T22494] ? __fget+0x381/0x550 [ 1247.239397][T22494] ? ksys_dup3+0x3e0/0x3e0 [ 1247.239413][T22494] ? nsecs_to_jiffies+0x30/0x30 [ 1247.239434][T22494] ? tomoyo_file_ioctl+0x23/0x30 [ 1247.239448][T22494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1247.239467][T22494] ? security_file_ioctl+0x93/0xc0 [ 1247.252859][ T1285] INFO: trying to register non-static key. [ 1247.255723][T22494] ksys_ioctl+0xab/0xd0 [ 1247.261501][ T1285] the code is fine but needs lockdep annotation. [ 1247.278660][T22494] __x64_sys_ioctl+0x73/0xb0 [ 1247.283641][ T1285] turning off the locking correctness validator. [ 1247.287947][T22494] do_syscall_64+0x103/0x670 [ 1247.885665][T22494] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1247.891556][T22494] RIP: 0033:0x458c29 [ 1247.895443][T22494] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1247.915125][T22494] RSP: 002b:00007f53a9435c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1247.923523][T22494] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 1247.931487][T22494] RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003 [ 1247.939447][T22494] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1247.947422][T22494] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53a94366d4 [ 1247.955473][T22494] R13: 00000000004c37cc R14: 00000000004d6cc8 R15: 00000000ffffffff [ 1247.963453][ T1285] CPU: 1 PID: 1285 Comm: kworker/u5:0 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1247.972310][ T1285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1247.972792][T22457] kobject: 'tx-0' (000000005fd28cf6): auto cleanup 'remove' event [ 1247.982379][ T1285] Workqueue: hci1 hci_cmd_work [ 1247.982386][ T1285] Call Trace: [ 1247.982400][ T1285] dump_stack+0x172/0x1f0 [ 1247.982423][ T1285] register_lock_class+0x167e/0x1860 [ 1248.007842][ T1285] ? kasan_check_write+0x14/0x20 [ 1248.012784][ T1285] ? graph_lock+0x7b/0x200 [ 1248.017210][ T1285] ? is_dynamic_key+0x1c0/0x1c0 [ 1248.017768][T22457] kobject: 'tx-0' (000000005fd28cf6): kobject_uevent_env [ 1248.022062][ T1285] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1248.022075][ T1285] __lock_acquire+0xf9/0x3fb0 [ 1248.022088][ T1285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1248.022102][ T1285] ? debug_smp_processor_id+0x3c/0x280 [ 1248.022117][ T1285] ? perf_trace_lock_acquire+0xf5/0x580 [ 1248.057219][ T1285] ? hci_send_frame+0x21/0x2d0 [ 1248.058208][T22457] kobject: 'tx-0' (000000005fd28cf6): fill_kobj_path: path = '/devices/virtual/net/ax0/queues/tx-0' [ 1248.062067][ T1285] ? mark_held_locks+0xf0/0xf0 [ 1248.062078][ T1285] ? perf_trace_lock+0x510/0x510 [ 1248.062092][ T1285] lock_acquire+0x16f/0x3f0 [ 1248.062104][ T1285] ? hci_send_frame+0x1b8/0x2d0 [ 1248.062141][ T1285] hci_uart_send_frame+0x85/0x470 [ 1248.062156][ T1285] ? hci_send_frame+0x1b8/0x2d0 [ 1248.101914][ T1285] ? hci_send_to_monitor+0x272/0x3a0 [ 1248.103489][T22457] kobject: 'tx-0' (000000005fd28cf6): auto cleanup kobject_del [ 1248.107198][ T1285] hci_send_frame+0x1b8/0x2d0 [ 1248.107211][ T1285] hci_cmd_work+0x137/0x270 [ 1248.107226][ T1285] process_one_work+0x98e/0x1790 [ 1248.107243][ T1285] ? pwq_dec_nr_in_flight+0x320/0x320 [ 1248.130741][T22457] kobject: 'tx-0' (000000005fd28cf6): calling ktype release 09:17:34 executing program 0: r0 = socket$inet(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)="de", 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e20, @local}}}, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x400000, 0x0) ioctl$PPPIOCGDEBUG(r1, 0x80047441, &(0x7f0000000080)) [ 1248.134731][ T1285] ? lock_acquire+0x16f/0x3f0 [ 1248.134751][ T1285] worker_thread+0x98/0xe40 [ 1248.134768][ T1285] kthread+0x357/0x430 [ 1248.134785][ T1285] ? process_one_work+0x1790/0x1790 [ 1248.154167][T22457] kobject: 'tx-0': free name [ 1248.155274][ T1285] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 1248.155289][ T1285] ret_from_fork+0x3a/0x50 [ 1248.165965][ T3878] kobject: 'loop1' (00000000883afb79): kobject_uevent_env [ 1248.171931][T21835] Bluetooth: hci0: command 0x1003 tx timeout [ 1248.177700][ T3878] kobject: 'loop1' (00000000883afb79): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1248.183366][T22498] kasan: CONFIG_KASAN_INLINE enabled [ 1248.191077][T22462] warn_alloc_show_mem: 1 callbacks suppressed [ 1248.191081][T22462] Mem-Info: [ 1248.199441][T22498] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 1248.199464][T22498] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 1248.199478][T22498] CPU: 0 PID: 22498 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190417 #27 [ 1248.199486][T22498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1248.199549][T22498] RIP: 0010:__wake_up_common+0xdf/0x620 [ 1248.199566][T22498] Code: 05 00 00 4c 8b 43 38 49 83 e8 18 49 8d 78 18 48 39 7d d0 0f 84 69 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 12 05 00 00 49 8b 40 18 89 55 b0 31 db 49 bc 00 [ 1248.206096][T22462] active_anon:267761 inactive_anon:201 isolated_anon:0 [ 1248.206096][T22462] active_file:8256 inactive_file:41392 isolated_file:0 [ 1248.206096][T22462] unevictable:0 dirty:204 writeback:0 unstable:0 [ 1248.206096][T22462] slab_reclaimable:13994 slab_unreclaimable:118132 [ 1248.206096][T22462] mapped:58930 shmem:248 pagetables:8063 bounce:0 [ 1248.206096][T22462] free:1065548 free_pcp:403 free_cma:0 [ 1248.210870][T22498] RSP: 0018:ffff88803f5a7768 EFLAGS: 00010046 [ 1248.214296][T22462] Node 0 active_anon:1071044kB inactive_anon:804kB active_file:32888kB inactive_file:165568kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235720kB dirty:816kB writeback:0kB shmem:992kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 647168kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1248.222011][T22498] RAX: dffffc0000000000 RBX: ffff8880920dd8f8 RCX: 0000000000000000 [ 1248.222018][T22498] RDX: 0000000000000000 RSI: 1ffffffff12bfd3e RDI: 0000000000000000 [ 1248.222027][T22498] RBP: ffff88803f5a77c0 R08: ffffffffffffffe8 R09: ffff88803f5a7818 [ 1248.222035][T22498] R10: ffffed1007eb4ee6 R11: 0000000000000003 R12: 0000000000000000 [ 1248.222041][T22498] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 [ 1248.222051][T22498] FS: 00007f08a7a36700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 1248.222058][T22498] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1248.222064][T22498] CR2: 0000000000000000 CR3: 0000000056548000 CR4: 00000000001406f0 [ 1248.222072][T22498] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1248.222079][T22498] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1248.222083][T22498] Call Trace: [ 1248.222107][T22498] __wake_up_common_lock+0xe9/0x190 [ 1248.222119][T22498] ? __wake_up_common+0x620/0x620 [ 1248.222177][T22498] ? do_raw_spin_lock+0x12a/0x2e0 [ 1248.222215][T22498] ? rcu_sync_enter+0x87/0x310 [ 1248.233320][T22457] kobject: 'queues' (00000000fcbb3b79): kobject_cleanup, parent (null) [ 1248.238221][T22498] ? trace_hardirqs_on+0x67/0x230 [ 1248.238238][T22498] ? kasan_check_read+0x11/0x20 [ 1248.248408][T22461] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1248.253797][T22498] __wake_up+0xe/0x10 [ 1248.253811][T22498] rcu_sync_enter+0x193/0x310 [ 1248.253824][T22498] ? rcu_sync_enter_start+0x70/0x70 [ 1248.253842][T22498] ? mark_held_locks+0xf0/0xf0 [ 1248.281985][T22462] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1248.311434][T22498] ? perf_trace_lock+0x510/0x510 [ 1248.311457][T22498] ? wait_for_completion+0x440/0x440 [ 1248.311475][T22498] percpu_down_write+0x61/0x440 [ 1248.311487][T22498] ? lock_downgrade+0x880/0x880 [ 1248.311499][T22498] ? hci_uart_tty_close+0x8e/0x260 [ 1248.311512][T22498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1248.311530][T22498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1248.331586][T22457] kobject: 'queues' (00000000fcbb3b79): calling ktype release [ 1248.346731][T22498] ? percpu_free_rwsem+0xa0/0xa0 [ 1248.346748][T22498] ? hci_uart_flush+0x31b/0x3f0 [ 1248.346762][T22498] hci_uart_tty_close+0x13a/0x260 [ 1248.346778][T22498] ? hci_uart_close+0x50/0x50 [ 1248.361994][T22461] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1248.362787][T22498] tty_ldisc_close.isra.0+0x100/0x180 [ 1248.362804][T22498] tty_ldisc_kill+0x9c/0x160 [ 1248.381495][T22461] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1248.386700][T22498] tty_ldisc_release+0xc6/0x280 [ 1248.396027][T22462] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1248.402221][T22498] tty_release_struct+0x1b/0x50 [ 1248.402239][T22498] tty_release+0xbce/0xe90 [ 1248.410312][T22457] kobject: 'queues' (00000000fcbb3b79): kset_release [ 1248.418239][T22498] ? put_tty_driver+0x20/0x20 [ 1248.418282][T22498] __fput+0x2e5/0x8d0 [ 1248.418297][T22498] ____fput+0x16/0x20 [ 1248.432358][T22462] lowmem_reserve[]: 0 2553 2555 2555 [ 1248.434696][T22498] task_work_run+0x14a/0x1c0 [ 1248.434755][T22498] get_signal+0x1961/0x1d50 [ 1248.451569][T22461] 49896 total pagecache pages [ 1248.458760][T22498] ? __sched_text_start+0x8/0x8 [ 1248.458775][T22498] ? tty_register_device+0x40/0x40 [ 1248.464086][T22462] Node 0 DMA32 free:452084kB min:36232kB low:45288kB high:54344kB active_anon:1071044kB inactive_anon:804kB active_file:32888kB inactive_file:165568kB unevictable:0kB writepending:816kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:16288kB pagetables:32252kB bounce:0kB free_pcp:1540kB local_pcp:528kB free_cma:0kB [ 1248.468667][T22498] do_signal+0x87/0x1900 [ 1248.468687][T22498] ? preempt_schedule+0x4b/0x60 [ 1248.478206][T22457] kobject: 'queues': free name [ 1248.481910][T22498] ? ___preempt_schedule+0x16/0x18 [ 1248.481926][T22498] ? setup_sigcontext+0x7d0/0x7d0 [ 1248.481937][T22498] ? debug_smp_processor_id+0x3c/0x280 [ 1248.481953][T22498] ? kick_process+0x134/0x180 [ 1248.491801][T22457] kobject: 'ax0' (00000000a388721c): kobject_uevent_env [ 1248.496523][T22498] ? task_work_add+0x9c/0x110 [ 1248.496542][T22498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1248.531566][T22461] 0 pages in swap cache [ 1248.533355][T22498] ? fput_many+0x12c/0x1a0 [ 1248.533372][T22498] ? trace_hardirqs_on+0x67/0x230 [ 1248.538571][T22462] lowmem_reserve[]: 0 0 2 2 [ 1248.543023][T22498] exit_to_usermode_loop+0x244/0x2c0 [ 1248.543038][T22498] do_syscall_64+0x57e/0x670 [ 1248.543053][T22498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1248.543061][T22498] RIP: 0033:0x458c29 [ 1248.543072][T22498] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1248.543082][T22498] RSP: 002b:00007f08a7a35c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1248.549415][T22461] Swap cache stats: add 0, delete 0, find 0/0 [ 1248.554398][T22498] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000458c29 [ 1248.554405][T22498] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1248.554412][T22498] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 1248.554419][T22498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f08a7a366d4 [ 1248.554433][T22498] R13: 00000000004c1506 R14: 00000000004d3c08 R15: 00000000ffffffff [ 1248.554444][T22498] Modules linked in: [ 1248.554461][T22498] ---[ end trace a88c266eec48072a ]--- [ 1248.562142][T22462] Node 0 Normal free:12kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1248.568111][T22498] RIP: 0010:__wake_up_common+0xdf/0x620 [ 1248.568128][T22498] Code: 05 00 00 4c 8b 43 38 49 83 e8 18 49 8d 78 18 48 39 7d d0 0f 84 69 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 12 05 00 00 49 8b 40 18 89 55 b0 31 db 49 bc 00 [ 1248.590060][T22461] Free swap = 0kB [ 1248.597222][T22498] RSP: 0018:ffff88803f5a7768 EFLAGS: 00010046 [ 1248.597233][T22498] RAX: dffffc0000000000 RBX: ffff8880920dd8f8 RCX: 0000000000000000 [ 1248.597239][T22498] RDX: 0000000000000000 RSI: 1ffffffff12bfd3e RDI: 0000000000000000 [ 1248.597245][T22498] RBP: ffff88803f5a77c0 R08: ffffffffffffffe8 R09: ffff88803f5a7818 [ 1248.597251][T22498] R10: ffffed1007eb4ee6 R11: 0000000000000003 R12: 0000000000000000 [ 1248.597258][T22498] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 [ 1248.597266][T22498] FS: 00007f08a7a36700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 1248.597277][T22498] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1248.615811][T22462] lowmem_reserve[]: 0 0 0 0 [ 1248.616454][T22498] CR2: 0000000000000000 CR3: 0000000056548000 CR4: 00000000001406f0 [ 1248.633432][T22462] Node 1 Normal free:3790072kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1248.648082][T22498] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1248.648091][T22498] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1248.648099][T22498] Kernel panic - not syncing: Fatal exception [ 1248.649200][T22498] Kernel Offset: disabled [ 1249.093824][T22498] Rebooting in 86400 seconds..