syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0 syz-executor.5 cpuset=syz5 mems_allowed=0-1 CPU: 1 PID: 25911 Comm: syz-executor.5 Not tainted 4.14.174-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 INFO: trying to register non-static key. Call Trace: the code is fine but needs lockdep annotation. turning off the locking correctness validator. __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x13e/0x194 lib/dump_stack.c:58 warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248 __alloc_pages_slowpath+0x2114/0x26c0 mm/page_alloc.c:4095 __alloc_pages_nodemask+0x5d3/0x700 mm/page_alloc.c:4198 alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113 alloc_pages include/linux/gfp.h:520 [inline] ion_page_pool_alloc_pages drivers/staging/android/ion/ion_page_pool.c:30 [inline] ion_page_pool_alloc+0x118/0x1b0 drivers/staging/android/ion/ion_page_pool.c:89 alloc_buffer_page drivers/staging/android/ion/ion_system_heap.c:75 [inline] alloc_largest_available drivers/staging/android/ion/ion_system_heap.c:115 [inline] ion_system_heap_allocate+0x134/0x8d0 drivers/staging/android/ion/ion_system_heap.c:146 ion_buffer_create drivers/staging/android/ion/ion.c:94 [inline] ion_alloc+0x1e9/0x7d0 drivers/staging/android/ion/ion.c:425 ion_ioctl+0xef/0x1f8 drivers/staging/android/ion/ion-ioctl.c:87 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45c849 RSP: 002b:00007faa4c9a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007faa4c9a46d4 RCX: 000000000045c849 RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000008 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000364 R14: 00000000004c5d48 R15: 000000000076bf0c CPU: 0 PID: 25933 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 Mem-Info: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: active_anon:275657 inactive_anon:15939 isolated_anon:12 active_file:3743 inactive_file:7079 isolated_file:0 unevictable:2807 dirty:128 writeback:0 unstable:0 slab_reclaimable:12315 slab_unreclaimable:124414 mapped:58089 shmem:252 pagetables:5883 bounce:0 free:992801 free_pcp:91 free_cma:0 __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x13e/0x194 lib/dump_stack.c:58 register_lock_class+0x2fe/0x1600 kernel/locking/lockdep.c:768 Node 0 active_anon:1085952kB inactive_anon:63752kB active_file:8880kB inactive_file:8800kB unevictable:10428kB isolated(anon):48kB isolated(file):0kB mapped:211504kB dirty:204kB writeback:0kB shmem:1004kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 706560kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no __lock_acquire+0x147/0x4620 kernel/locking/lockdep.c:3374 Node 0 DMA free:10448kB min:220kB low:272kB high:324kB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3994 lowmem_reserve[]: flush_work+0xae/0x780 kernel/workqueue.c:2889 0 2557 2557 2557 __cancel_work_timer+0x2d0/0x460 kernel/workqueue.c:2964 2557 smc_close_active+0x684/0xb90 net/smc/smc_close.c:206 Node 0 smc_release+0x40c/0x610 net/smc/af_smc.c:131 DMA32 free:232068kB min:36272kB low:45340kB high:54408kB active_anon:1086024kB inactive_anon:63752kB active_file:8880kB inactive_file:8900kB unevictable:10428kB writepending:204kB present:3129332kB managed:2621272kB mlocked:10344kB kernel_stack:12704kB pagetables:21864kB bounce:0kB free_pcp:364kB local_pcp:0kB free_cma:0kB __sock_release+0xcd/0x2b0 net/socket.c:602 lowmem_reserve[]: 0 sock_close+0x15/0x20 net/socket.c:1139 0 __fput+0x25f/0x790 fs/file_table.c:210 task_work_run+0x113/0x190 kernel/task_work.c:113 0 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1d6/0x220 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45c849 RSP: 002b:00007f4b8caf6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 0 RAX: 0000000000000000 RBX: 00007f4b8caf76d4 RCX: 000000000045c849 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000076 R14: 00000000005042f2 R15: 000000000076bf0c 0 Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:348kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 8*4kB (UMEH) 16*8kB (UMEH) 15*16kB (UMEH) 16*32kB (UEH) 11*64kB (UMEH) 9*128kB (UMEH) 6*256kB (UMEH) 4*512kB (UMEH) 2*1024kB (ME) 1*2048kB (M) 0*4096kB = 10448kB Node 0 DMA32: 7056*4kB (UME) 5883*8kB (UME) 5273*16kB (UME) 2116*32kB (UME) 1*64kB (U) 0*128kB 3*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 228712kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11295 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 339049 pages reserved 0 pages cma reserved audit: type=1400 audit(1585563915.404:281): avc: denied { block_suspend } for pid=26025 comm="syz-executor.5" capability=36 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 audit: type=1400 audit(1585563915.594:282): avc: denied { wake_alarm } for pid=26036 comm="syz-executor.2" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 overlayfs: filesystem on './file0' not supported as upperdir audit: type=1400 audit(1585563917.214:283): avc: denied { map } for pid=26132 comm="syz-executor.4" path="/root/syzkaller-testdir814505356/syzkaller.O0d5fE/671/cgroup.controllers" dev="sda1" ino=16690 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 audit: type=1400 audit(1585563917.304:284): avc: denied { map } for pid=26132 comm="syz-executor.4" path="socket:[101478]" dev="sockfs" ino=101478 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1 x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING audit: type=1800 audit(1585563917.854:285): pid=26191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16557 res=0 x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING ip6_tables: ip6tables: counters copy to user failed while replacing table x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING audit: type=1800 audit(1585563918.574:286): pid=26190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16557 res=0 audit: type=1800 audit(1585563918.934:287): pid=26257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16881 res=0 audit: type=1800 audit(1585563919.204:288): pid=26268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16897 res=0 NOHZ: local_softirq_pending 08 audit: type=1800 audit(1585563919.824:289): pid=26308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16881 res=0 audit: type=1800 audit(1585563919.974:290): pid=26316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16897 res=0 device gretap0 entered promiscuous mode kauditd_printk_skb: 1 callbacks suppressed device macvlan2 entered promiscuous mode audit: type=1800 audit(1585563920.774:292): pid=26361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16866 res=0 audit: type=1800 audit(1585563920.934:293): pid=26360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16881 res=0 device lo entered promiscuous mode audit: type=1800 audit(1585563921.294:294): pid=26389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=16553 res=0 device macvlan2 entered promiscuous mode device lo entered promiscuous mode audit: type=1800 audit(1585563921.714:295): pid=26400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="loop3" ino=52 res=0 device macvlan2 entered promiscuous mode EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue audit: type=1400 audit(1585563921.954:296): avc: denied { map } for pid=26425 comm="syz-executor.3" path="/dev/ashmem" dev="devtmpfs" ino=862 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 audit: type=1800 audit(1585563922.284:297): pid=26463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=16977 res=0 EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended device macvlan2 entered promiscuous mode EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue