Node 0 Normal free:0kB min:12kB low:12kB high:12kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:1140kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB syz-executor.1: page allocation failure: order:4, mode:0x62c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access syz-executor.1 cpuset=syz1 mems_allowed=0-1 general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 5278 Comm: udevd Not tainted 4.19.100-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:do_last fs/namei.c:3262 [inline] RIP: 0010:path_openat+0x293/0x4500 fs/namei.c:3537 Code: 80 3c 02 00 0f 85 fa 34 00 00 48 8b 85 28 ff ff ff 48 8b 58 58 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 b7 lowmem_reserve[]: 0 0 0 0 0 RSP: 0018:ffff88804da37790 EFLAGS: 00010247 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81b0246e RDX: 0000000000000000 RSI: ffffffff81b0247c RDI: 0000000000000004 RBP: ffff88804da37910 R08: ffff8880489b0480 R09: 0000000000000002 R10: ffffed1015d04732 R11: ffff8880ae823993 R12: 0000000000000000 R13: ffff88804da37b38 R14: ffff88804da37b38 R15: ffff88804da37950 FS: 00007efc9503f7a0(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b33522000 CR3: 000000007bda3000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Node 0 DMA: 27*4kB (UME) 7*8kB (ME) 6*16kB (UME) 14*32kB (UM) 8*64kB (UME) 4*128kB (UME) 2*256kB (ME) 2*512kB (UE) 3*1024kB (UME) 2*2048kB (ME) 0*4096kB = 10436kB DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Node 0 DMA32: 3023*4kB (UMEH) 3207*8kB (UEH) 2167*16kB (UEH) 1181*32kB (UEH) 3*64kB (H) 2*128kB (H) 0*256kB 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 111172kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB do_filp_open+0x1a1/0x280 fs/namei.c:3567 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB do_open_execat+0x140/0x660 fs/exec.c:853 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB open_exec+0x47/0x80 fs/exec.c:885 load_elf_binary+0x879/0x53a0 fs/binfmt_elf.c:780 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB search_binary_handler fs/exec.c:1653 [inline] search_binary_handler+0x179/0x570 fs/exec.c:1631 exec_binprm fs/exec.c:1695 [inline] __do_execve_file.isra.0+0x1227/0x2150 fs/exec.c:1819 do_execveat_common fs/exec.c:1866 [inline] do_execve fs/exec.c:1883 [inline] __do_sys_execve fs/exec.c:1964 [inline] __se_sys_execve fs/exec.c:1959 [inline] __x64_sys_execve+0x8f/0xc0 fs/exec.c:1959 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7efc94723207 Code: 77 19 f4 48 89 d7 44 89 c0 0f 05 48 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 f7 d8 64 41 89 01 eb df b8 3b 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 00 8c 2d 00 f7 d8 64 89 02 RSP: 002b:00007ffe8db34068 EFLAGS: 00000202 ORIG_RAX: 000000000000003b RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007efc94723207 RDX: 0000000001138bf0 RSI: 00007ffe8db34160 RDI: 00007ffe8db35170 RBP: 0000000000625500 R08: 0000000000003009 R09: 0000000000003009 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000001138bf0 R13: 0000000000000007 R14: 0000000000fa7030 R15: 0000000000000005 Modules linked in: 11710 total pagecache pages syz-executor.3: page allocation failure: order:4, mode:0x62c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 CPU: 0 PID: 5277 Comm: syz-executor.1 Tainted: G D 4.19.100-syzkaller #0 0 pages in swap cache Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 warn_alloc.cold+0x7b/0x173 mm/page_alloc.c:3455 syz-executor.3 cpuset=syz3 mems_allowed=0-1 __alloc_pages_slowpath+0x2214/0x2870 mm/page_alloc.c:4315 Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM __alloc_pages_nodemask+0x617/0x750 mm/page_alloc.c:4417 0 pages HighMem/MovableOnly 341741 pages reserved alloc_pages_current+0x107/0x210 mm/mempolicy.c:2197 alloc_pages include/linux/gfp.h:532 [inline] ion_page_pool_alloc_pages drivers/staging/android/ion/ion_page_pool.c:19 [inline] ion_page_pool_alloc+0x17f/0x270 drivers/staging/android/ion/ion_page_pool.c:78 0 pages cma reserved alloc_buffer_page drivers/staging/android/ion/ion_system_heap.c:53 [inline] alloc_largest_available drivers/staging/android/ion/ion_system_heap.c:87 [inline] ion_system_heap_allocate+0x154/0xa90 drivers/staging/android/ion/ion_system_heap.c:118 ion_buffer_create drivers/staging/android/ion/ion.c:80 [inline] ion_alloc+0x29b/0x900 drivers/staging/android/ion/ion.c:409 ion_ioctl+0x17b/0x329 drivers/staging/android/ion/ion-ioctl.c:76 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688 ksys_ioctl+0xab/0xd0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b349 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f17cfa73c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f17cfa746d4 RCX: 000000000045b349 RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000360 R14: 00000000004c4806 R15: 000000000075bf2c CPU: 1 PID: 5285 Comm: syz-executor.3 Tainted: G D 4.19.100-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 warn_alloc.cold+0x7b/0x173 mm/page_alloc.c:3455 __alloc_pages_slowpath+0x2214/0x2870 mm/page_alloc.c:4315 __alloc_pages_nodemask+0x617/0x750 mm/page_alloc.c:4417 alloc_pages_current+0x107/0x210 mm/mempolicy.c:2197 alloc_pages include/linux/gfp.h:532 [inline] ion_page_pool_alloc_pages drivers/staging/android/ion/ion_page_pool.c:19 [inline] ion_page_pool_alloc+0x17f/0x270 drivers/staging/android/ion/ion_page_pool.c:78 alloc_buffer_page drivers/staging/android/ion/ion_system_heap.c:53 [inline] alloc_largest_available drivers/staging/android/ion/ion_system_heap.c:87 [inline] ion_system_heap_allocate+0x154/0xa90 drivers/staging/android/ion/ion_system_heap.c:118 ion_buffer_create drivers/staging/android/ion/ion.c:80 [inline] ion_alloc+0x29b/0x900 drivers/staging/android/ion/ion.c:409 ion_ioctl+0x17b/0x329 drivers/staging/android/ion/ion-ioctl.c:76 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688 ksys_ioctl+0xab/0xd0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b349 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f9fa7530c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f9fa75316d4 RCX: 000000000045b349 RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000360 R14: 00000000004c4806 R15: 000000000075bf2c warn_alloc_show_mem: 2 callbacks suppressed Mem-Info: active_anon:276802 inactive_anon:201 isolated_anon:0 active_file:4235 inactive_file:7223 isolated_file:0 unevictable:0 dirty:27 writeback:0 unstable:0 slab_reclaimable:17106 slab_unreclaimable:128775 mapped:58874 shmem:255 pagetables:26231 bounce:0 free:846076 free_pcp:204 free_cma:0 Node 0 active_anon:1058748kB inactive_anon:804kB active_file:80kB inactive_file:216kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209108kB dirty:0kB writeback:0kB shmem:1020kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 339968kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:10436kB min:220kB low:272kB high:324kB active_anon:2448kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:384kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2545 2546 2546 2546 Node 0 DMA32 free:112148kB min:36168kB low:45208kB high:54248kB active_anon:1056300kB inactive_anon:804kB active_file:80kB inactive_file:204kB unevictable:0kB writepending:100kB present:3129332kB managed:2609736kB mlocked:0kB kernel_stack:28288kB pagetables:70900kB bounce:0kB free_pcp:816kB local_pcp:364kB free_cma:0kB lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:0kB min:12kB low:12kB high:12kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:1140kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 27*4kB (UME) 7*8kB (ME) 6*16kB (UME) 14*32kB (UM) 8*64kB (UME) 4*128kB (UME) 2*256kB (ME) 2*512kB (UE) 3*1024kB (UME) 2*2048kB (ME) 0*4096kB = 10436kB Node 0 DMA32: 3135*4kB (UEH) 3204*8kB (UEH) 2196*16kB (UEH) 1176*32kB (UEH) 6*64kB (UH) 2*128kB (H) 0*256kB 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 112092kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11699 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 341741 pages reserved 0 pages cma reserved xt_check_match: 9 callbacks suppressed x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING syz-executor.5: page allocation failure: order:4, mode:0x62c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 syz-executor.5 cpuset=syz5 mems_allowed=0-1 CPU: 0 PID: 5294 Comm: syz-executor.5 Tainted: G D 4.19.100-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 warn_alloc.cold+0x7b/0x173 mm/page_alloc.c:3455 __alloc_pages_slowpath+0x2214/0x2870 mm/page_alloc.c:4315 __alloc_pages_nodemask+0x617/0x750 mm/page_alloc.c:4417 alloc_pages_current+0x107/0x210 mm/mempolicy.c:2197 alloc_pages include/linux/gfp.h:532 [inline] ion_page_pool_alloc_pages drivers/staging/android/ion/ion_page_pool.c:19 [inline] ion_page_pool_alloc+0x17f/0x270 drivers/staging/android/ion/ion_page_pool.c:78 alloc_buffer_page drivers/staging/android/ion/ion_system_heap.c:53 [inline] alloc_largest_available drivers/staging/android/ion/ion_system_heap.c:87 [inline] ion_system_heap_allocate+0x154/0xa90 drivers/staging/android/ion/ion_system_heap.c:118 ion_buffer_create drivers/staging/android/ion/ion.c:80 [inline] ion_alloc+0x29b/0x900 drivers/staging/android/ion/ion.c:409 ion_ioctl+0x17b/0x329 drivers/staging/android/ion/ion-ioctl.c:76 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688 ksys_ioctl+0xab/0xd0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b349 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f6e444f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f6e444f86d4 RCX: 000000000045b349 RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000360 R14: 00000000004c4806 R15: 000000000075bf2c ---[ end trace 8361ea4a96a97958 ]--- RIP: 0010:do_last fs/namei.c:3262 [inline] RIP: 0010:path_openat+0x293/0x4500 fs/namei.c:3537 Code: 80 3c 02 00 0f 85 fa 34 00 00 48 8b 85 28 ff ff ff 48 8b 58 58 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 b7 RSP: 0018:ffff88804da37790 EFLAGS: 00010247 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81b0246e RDX: 0000000000000000 RSI: ffffffff81b0247c RDI: 0000000000000004 RBP: ffff88804da37910 R08: ffff8880489b0480 R09: 0000000000000002 R10: ffffed1015d04732 R11: ffff8880ae823993 R12: 0000000000000000 R13: ffff88804da37b38 R14: ffff88804da37b38 R15: ffff88804da37950 FS: 00007efc9503f7a0(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff151cdcf0 CR3: 000000007bda3000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400